vulnerability.go

// Copyright 2020 Joakim Kennedy. All rights reserved. Use of
// this source code is governed by the included BSD license.

package stix2

// Vulnerability is "a mistake in software that can be directly used by a
// hacker to gain access to a system or network". For example, if a piece of
// malware exploits CVE-2015-12345, a Malware object could be linked to a
// Vulnerability object that references CVE-2015-12345. CVE is a list of
// information security vulnerabilities and exposures that provides common
// names for publicly known problems.
//
// The Vulnerability SDO is primarily used to link to external definitions of
// vulnerabilities or to describe 0-day vulnerabilities that do not yet have an
// external definition. Typically, other SDOs assert relationships to
// Vulnerability objects when a specific vulnerability is targeted and
// exploited as part of malicious cyber activity. As such, Vulnerability
// objects can be used as a linkage to the asset management and compliance
// process.
type Vulnerability struct {
	STIXDomainObject
	// Name is used to identify the Vulnerability.
	Name string `json:"name"`
	// Description provides more details and context about the Vulnerability,
	// potentially including its purpose and its key characteristics.
	Description string `json:"description,omitempty"`
}

func (o *Vulnerability) MarshalJSON() ([]byte, error) {
	return marshalToJSONHelper(o)
}

// NewVulnerability creates a new Vulnerability object.
func NewVulnerability(name string, opts ...STIXOption) (*Vulnerability, error) {
	if name == "" {
		return nil, ErrPropertyMissing
	}
	base := newSTIXDomainObject(TypeVulnerability)
	obj := &Vulnerability{
		STIXDomainObject: base,
		Name:             name,
	}

	err := applyOptions(obj, opts)
	return obj, err
}