-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmetrics-struts.go
143 lines (126 loc) · 5.68 KB
/
metrics-struts.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
// metrics-structs.go
// data structuctures for metrics from the ThreadFix REST API
package main
import (
"net/http"
"time"
)
// Data structures to handle metrics from ThreadFix API as documented at
// https://github.com/denimgroup/threadfix/wiki/Threadfix-REST-Interface
// These will gather metrics by month for quarter and yearly roll-ups
///////////////////////////////////////////////////////////////////
// Struct for metrics gathered per month from the Vul Search API //
///////////////////////////////////////////////////////////////////
type tfMonth struct {
tStamp time.Time // Time stored as Go's time.Time stored as first day of the month
mpartial bool // if we're part way through the month
quarter string // what quarter we're in - e.g. 2015-Q1
qpartial bool // if we're part way through the quarter
totVulns int // total vuls - includes all but info
vulnByLob map[string]VulnCount // map of [LoB/Team name][vuln int] number of findings
assessByLob map[string]int // map of [LoB/Team name] number of apps assessed for the month
totAssess int // total number of apps with findings for the month
critApps map[string]int // map of [app name] count of crits
percntCrit float64 // apps with crits / total apps * 100 e.g. 8.03%
highApps map[string]int // map of [app name] count of highs
percntHigh float64 // apps with highs / total apps * 100 e.g. 23.72%
// maps of [app name] vuln score for the next 2
bestApps map[string]int // top 10 apps with least vuln score
bAppsCnt map[string]VulnCount //For each best app, the Vuln counts for that app
worstApps map[string]int // top 10 apps with the greatest vuln score
wAppsCnt map[string]VulnCount //For each worst app, the Vuln counts for that app
toolUsage map[string]int // map of [tool name] / count of usage
topCWE map[string]int // top 10 CWEs in this month's findings
trackerCount map[string]int // map of [app name] issue tracker count
percntTracker float64 // apps with issue tracker / total apps
}
type VulnCount struct {
crit int
high int
med int
low int
}
/////////////////////////////////////////////////////////////////////
// Struct for metrics gathered per quarter from the Vul Search API //
/////////////////////////////////////////////////////////////////////
type tfQuarter struct {
qLabel string // what quarter we're in - e.g. 2015-Q1
qTStamps [3]time.Time // array of Time from Go's time pacakge
months [3]*tfMonth // pointers to the three months that make up the quarter
totVulns int // total vulns - includes all but info for the quarter
critApps map[string]int // map of [app name] count of crits
percntCrit float64 // apps with crits / total apps * 100 e.g. 8.03%
highApps map[string]int // map of [app name] count of highs
percntHigh float64 // apps with highs / total apps * 100 e.g. 23.72%
// maps of [app name] vuln score for the next 2
bestApps map[string]int // top 10 apps with least vuln score
worstApps map[string]int // top 10 apps with the greatest vuln score
toolUsage map[string]int // map of [tool name] / count of usage
topCWE map[string]int // top 10 CWEs in this month's findings
trackerCount map[string]int // map of [app name] issue tracker count
percntTracker float64 // apps with issue tracker / total apps
}
//////////////////////////////////////////////////////////////////
// Struct for metrics gathered per year from the Vul Search API //
//////////////////////////////////////////////////////////////////
type tfYear struct {
year int // Current year
yearEnds string // quarter in which the year ends - year = 4 quarters not calendar year
qLabels [4]string // array of quarter lables e.g. 2015-Q1
quarters [4]*tfQuarter // pointers to the 4 quarters that make up the past year
critApps map[string]int // map of [app name] count of crits
percntCrit float64 // apps with crits / total apps * 100 e.g. 8.03%
highApps map[string]int // map of [app name] count of highs
percntHigh float64 // apps with highs / total apps * 100 e.g. 23.72%
// maps of [app name] vuln score for the next 2
bestApps map[string]int // top 10 apps with least vuln score
worstApps map[string]int // top 10 apps with the greatest vuln score
toolUsage map[string]int // map of [tool name] / count of usage
topCWE map[string]int // top 10 CWEs in this month's findings
trackerCount map[string]int // map of [app name] issue tracker count
percntTracker float64 // apps with issue tracker / total apps
}
////////////////////////////////////////
// Helper data structures for metrics //
////////////////////////////////////////
// TF Client
var tfc *http.Client = nil
// Summary data structures
var appCount int = 0 // overall count of apps
var teamCounts = make(map[string]int) // Number of apps under each team/LoB
var critsByLob = make(map[string]int) // Number of criticals by team/LoB
type quarter struct {
label string
month [3]time.Month
year int
}
// Define how we want to do quarters of a year
var qtrDefs = map[int]string{
1: "Q1",
2: "Q1",
3: "Q1",
4: "Q2",
5: "Q2",
6: "Q2",
7: "Q3",
8: "Q3",
9: "Q3",
10: "Q4",
11: "Q4",
12: "Q4",
}
// And the months the quarters end on
var quarterEnd = map[int]int{
1: 3,
2: 6,
3: 9,
4: 12,
}
var vulnWeight = map[int]int{
5: 16, // Critical weight
4: 8, // High weight
3: 4, // Medium weight
2: 2, // Low weight
1: 1, // Info weight
}
const monthCutoff = 15