Documentation
¶
Overview ¶
Package cvefeed provides an API to NVD CVE feeds parsing and matching.
Index ¶
- type Cache
- type ChunkKind
- type Dictionary
- type DiffStats
- func (s *DiffStats) MarshalJSON() ([]byte, error)
- func (s *DiffStats) NumChunk(chunk ChunkKind) int
- func (s *DiffStats) NumDiffVulns() int
- func (s *DiffStats) NumVulnsA() int
- func (s *DiffStats) NumVulnsANotB() int
- func (s *DiffStats) NumVulnsB() int
- func (s *DiffStats) NumVulnsBNotA() int
- func (s *DiffStats) PercentChunk(chunk ChunkKind) float64
- func (s *DiffStats) VulnsANotB() []string
- func (s *DiffStats) VulnsBNotA() []string
- type Index
- type MatchResult
- type Stats
- type Vuln
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Cache ¶
type Cache struct {
Dict Dictionary
Idx Index
MaxSize int64 // maximum size of the cache, 0 -- unlimited, -1 -- no caching
RequireVersion bool // ignore matching specifications that have Version == ANY
// contains filtered or unexported fields
}
Cache caches CVEs for known CPEs
func NewCache ¶
func NewCache(dict Dictionary) *Cache
NewCache creates new Cache instance with dictionary dict.
func (*Cache) Get ¶
func (c *Cache) Get(cpes []*wfn.Attributes) []MatchResult
Get returns slice of CVEs for CPE names from cpes parameter; if CVEs aren't cached (and the feature is enabled) it finds them in cveDict and caches the results
func (*Cache) HitRatio ¶
HitRatio returns the cache hit ratio, the number of cache hits to the number of lookups, as a percentage.
func (*Cache) SetMaxSize ¶
SetMaxSize sets maximum size of the cache to some pre-defined value, size of 0 disables eviction (makes the cache grow indefinitely), negative size disables caching. Returns a pointer to the instance of Cache, for easy chaining.
func (*Cache) SetRequireVersion ¶
SetRequireVersion sets if the instance of cache fails matching the dictionary records without Version attribute of CPE name. Returns a pointer to the instance of Cache, for easy chaining.
type ChunkKind ¶
type ChunkKind string
ChunkKind is the type of chunks produced by a diff.
const ( // ChunkDescription indicates a difference in the description of a // vulnerability. ChunkDescription ChunkKind = "description" // ChunkScore indicates a difference in the score of a vulnerability. ChunkScore = "score" )
type Dictionary ¶
Dictionary is a slice of entries
func LoadFeed ¶
LoadFeed calls loadFunc for each file in paths and returns the combined outputs in a Dictionary.
func LoadJSONDictionary ¶
func LoadJSONDictionary(paths ...string) (Dictionary, error)
LoadJSONDictionary parses dictionary from multiple NVD vulnerability feed JSON files
func (*Dictionary) Override ¶
func (d *Dictionary) Override(d2 Dictionary)
Override amends entries in Dictionary with configurations from Dictionary d2; CVE will be matched if it matches the original config of d and does not match the config of d2.
type DiffStats ¶
type DiffStats struct {
// contains filtered or unexported fields
}
DiffStats is the result of a diff.
func Diff ¶
func Diff(aName string, aDict Dictionary, bName string, bDict Dictionary) *DiffStats
Diff performs a diff between two Dictionaries.
func (*DiffStats) MarshalJSON ¶
MarshalJSON implements a custom JSON marshaller.
func (*DiffStats) NumChunk ¶
NumChunk returns the number of different vulnerabilities that have a specific chunk.
func (*DiffStats) NumDiffVulns ¶
NumDiffVulns returns the number of vulnerability that are in both A and B but are different (eg. different description, score, ...).
func (*DiffStats) NumVulnsANotB ¶
NumVulnsANotB returns the numbers of vulnerabilities that are A (the first input to Diff) but are not in B (the second input to Diff).
func (*DiffStats) NumVulnsBNotA ¶
NumVulnsBNotA returns the numbers of vulnerabilities that are B (the second input to Diff) but are not in A (the first input to Diff).
func (*DiffStats) PercentChunk ¶
PercentChunk returns the percentage of different vulnerabilities that have a specific chunk.
func (*DiffStats) VulnsANotB ¶
VulnsANotB returns the vulnerabilities that are A (the first input to Diff) but are not in B (the second input to Diff).
func (*DiffStats) VulnsBNotA ¶
VulnsBNotA returns the vulnerabilities that are A (the first input to Diff) but are not in B (the second input to Diff).
type Index ¶
Index maps the CPEs to the entries in the NVD feed they mentioned in
func NewIndex ¶
func NewIndex(d Dictionary) Index
NewIndex creates new Index from a slice of CVE entries
type MatchResult ¶
type MatchResult struct {
CVE Vuln
CPEs []*wfn.Attributes
}
MatchResult stores CVE and a slice of CPEs that matched it
type Stats ¶
type Stats struct {
// contains filtered or unexported fields
}
Stats contains the stats information of a NVD JSON feed
func (*Stats) Gather ¶
func (s *Stats) Gather(dict Dictionary)
Gather feeds a Stats object by gathering stats from a NVD JSON feed dictionary
func (*Stats) ReportOperatorAND ¶
func (s *Stats) ReportOperatorAND()
ReportOperatorAND prints the stats of operator AND
type Vuln ¶
type Vuln interface {
// vulnerability should also be able to match attributes
wfn.Matcher
// ID returns the vulnerability ID
ID() string
// CVEs returns all CVEs it includes/references
CVEs() []string
// CWEs returns all CWEs for this vulnerability
CWEs() []string
// CVSSv2BaseScore returns CVSS v2 base score
CVSSv2BaseScore() float64
// CVSSv2BaseScore returns CVSS v2 vector
CVSSv2Vector() string
// CVSSv2BaseScore returns CVSS v3 base score
CVSSv3BaseScore() float64
// CVSSv2BaseScore returns CVSS v3 vector
CVSSv3Vector() string
}
Vuln is a vulnerability interface
func OverrideVuln ¶
MergeVuln combines two Vulns: resulted Vuln inherits all mutually exclusive methods (e.g. ID()) from Vuln x; functions returning CVEs and CWEs return distinct(union(x,y)) the returned vuln matches attributes if x matches AND y doesn't
Source Files
Directories