README
¶
NVD API
The NVD API is an unofficial Go wrapper around the NVD API.
Supports:
How to use
The following shows how to basically use the wrapper to get all the CVEs for a given keyword.
package main
import (
"fmt"
"log"
"net/http"
"github.com/Pandatix/nvdapi"
)
func main() {
// Configure and issue the request
params := nvdapi.GetCVEsParams{
Keyword: str("gitea"),
}
resp, err := nvdapi.GetCVEs(&http.Client{}, params)
if err != nil {
log.Fatal(err)
}
// Make sure there are CVE items
if resp.Result.CVEItems == nil {
return
}
for _, item := range *resp.Result.CVEItems {
fmt.Println(item.CVE.CVEDataMeta.ID)
}
}
func str(str string) *string {
return &str
}
How to contribute
Please read first the code of conduct.
To contribute, please refers to the contribution guide.
Contact
To provide feedbacks or submitting an issue, please file and issue. In case it's regarding a security issue, refers to the Security guide.
Documentation
¶
Index ¶
- Variables
- type Affects
- type BaseMetricV2
- type BaseMetricV3
- type CPEMatch
- type CPEName
- type CVE
- type CVEDataMeta
- type CVEItem
- type CVEResponse
- type CVSSV2
- type CVSSV3
- type Configurations
- type Description
- type ErrUnexpectedStatus
- type GetCVEParams
- type GetCVEsParams
- type HTTPClient
- type Impact
- type LangString
- type Node
- type ProblemType
- type ProblemTypeData
- type Product
- type Reference
- type References
- type Result
- type Vendor
- type VendorData
- type VendorProduct
- type Version
- type VersionData
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrNilClient is an error returned when a given HTTPClient is nil. ErrNilClient = errors.New("given client is nil") )
Functions ¶
This section is empty.
Types ¶
type BaseMetricV2 ¶
type BaseMetricV2 struct {
CVSSV2 *CVSSV2 `json:"cvssV2,omitempty"`
Severity *string `json:"severity,omitempty"`
ExploitabilityScore *float64 `json:"exploitabilityScore,omitempty"`
ImpactScore *float64 `json:"impactScore,omitempty"`
AcInsufInfo *bool `json:"acInsufInfo,omitempty"`
ObtainAllPrivilege *bool `json:"obtainAllPrivilege,omitempty"`
ObtainUserPrivilege *bool `json:"obtainUserPrivilege,omitempty"`
ObtainOtherPrivilege *bool `json:"obtainOtherPrivilege,omitempty"`
UserInteractionRequired *bool `json:"userInteractionRequired,omitempty"`
}
BaseMetricV2 is the CVSS V2.0 score as defined in the NIST API schema.
type BaseMetricV3 ¶
type BaseMetricV3 struct {
CVSSV3 *CVSSV3 `json:"cvssV3,omitempty"`
ExploitabilityScore *float64 `json:"exploitabilityScore,omitempty"`
ImpactScore *float64 `json:"impactScore,omitempty"`
}
BaseMetricV3 is the CVSS V3.x score as defined in the NIST API schema.
type CPEMatch ¶
type CPEMatch struct {
Vulnerable bool `json:"vulnerable"`
CPE22URI *string `json:"cpe22Uri,omitempty"`
CPE23URI string `json:"cpe23Uri"`
VersionStartExcluding *string `json:"versionStartExcluding,omitempty"`
VersionStartIncluding *string `json:"versionStartIncluding,omitempty"`
VersionEndExcluding *string `json:"versionEndExcluding,omitempty"`
VersionEndIncluding *string `json:"versionEndIncluding,omitempty"`
CPEName *[]CPEName `json:"cpe_name,omitempty"`
}
CPEMatch is the CPE Match string or range as defined in the NIST API schema.
type CPEName ¶
type CPEName struct {
CPE22URI *string `json:"cpe22Uri,omitempty"`
CPE23URI string `json:"cpe23Uri"`
LastModifiedDate *string `json:"lastModifiedDate,omitempty"`
}
CPEName is the CPE name as defined in the NIST API schema.
type CVE ¶
type CVE struct {
DataType string `json:"data_type"`
DataFormat string `json:"data_format"`
DataVersion string `json:"data_version"`
CVEDataMeta CVEDataMeta `json:"CVE_data_meta"`
Affects *Affects `json:"affects,omitempty"`
ProblemType ProblemType `json:"problemtype"`
References References `json:"references"`
Description Description `json:"description"`
}
CVE as defined in the NIST API schema.
type CVEDataMeta ¶
type CVEItem ¶
type CVEItem struct {
CVE CVE `json:"cve"`
Configurations *Configurations `json:"configurations,omitempty"`
Impact *Impact `json:"impact,omitempty"`
PublishedDate *string `json:"publishedDate,omitempty"`
LastModifiedDate *string `json:"lastModifiedDate,omitempty"`
}
CVEITEM defines a vulnerability in the NVD data feed as defined in the NIST API schema.
type CVEResponse ¶
type CVEResponse struct {
ResultsPerPage int `json:"resultsPerPage"`
StartIndex int `json:"startIndex"`
TotalResults int `json:"totalResults"`
Result Result `json:"result"`
}
func GetCVE ¶
func GetCVE(client HTTPClient, params GetCVEParams) (*CVEResponse, error)
GetCVE fetches and returns the CVE given the parameters.
func GetCVEs ¶
func GetCVEs(client HTTPClient, params GetCVEsParams) (*CVEResponse, error)
GetCVEs fetches and returns the CVEs given the parameters.
type CVSSV2 ¶
type CVSSV2 struct {
Version string `json:"version"`
VectorString string `json:"vectorString"`
AccessVector *string `json:"accessVector,omitempty"`
AccessComplexity *string `json:"accessComplexity,omitempty"`
Authentication *string `json:"authentication,omitempty"`
ConfidentialityImpact *string `json:"confidentialityImpact,omitempty"`
IntegrityImpact *string `json:"integrityImpact,omitempty"`
AvailabilityImpact *string `json:"availabilityImpact,omitempty"`
BaseScore float64 `json:"baseScore"`
Exploitability *string `json:"exploitability,omitempty"`
RemediationLevel *string `json:"remediationLevel,omitempty"`
ReportConfidence *string `json:"reportConfidence,omitempty"`
TemporalScore *float64 `json:"temporalScore,omitempty"`
CollateralDamagePotential *string `json:"collateralDamagePotential,omitempty"`
TargetDistribution *string `json:"targetDistribution,omitempty"`
ConfidentialityRequirement *string `json:"confidentialityRequirement,omitempty"`
IntegrityRequirement *string `json:"integrityRequirement,omitempty"`
AvailabilityRequirement *string `json:"availabilityRequirement,omitempty"`
EnvironmentalScore *float64 `json:"environmentalScore,omitempty"`
}
type CVSSV3 ¶
type CVSSV3 struct {
// Version should be implemented using an enum
Version string `json:"version"`
VectorString string `json:"vectorString"`
AttackVector *string `json:"attackVector,omitempty"`
AttackComplexity *string `json:"attackComplexity,omitempty"`
PrivilegesRequired *string `json:"privilegesRequired,omitempty"`
UserInteraction *string `json:"userInteraction,omitempty"`
Scope *string `json:"scope,omitempty"`
ConfidentialityImpact *string `json:"confidentialityImpact,omitempty"`
IntegrityImpact *string `json:"integrityImpact,omitempty"`
AvailabilityImpact *string `json:"availabilityImpact,omitempty"`
BaseScore float64 `json:"baseScore"`
BaseSeverity string `json:"baseSeverity"`
ExploitCodeMaturity *string `json:"exploitCodeMaturity,omitempty"`
RemediationLevel *string `json:"remediationLevel,omitempty"`
ReportConfidence *string `json:"reportConfidence,omitempty"`
TemporalScore *float64 `json:"temporalScore,omitempty"`
TemporalSeverity *string `json:"temporalSeverity,omitempty"`
ConfidentialityRequirement *string `json:"confidentialityRequirement,omitempty"`
IntegrityRequirement *string `json:"integrityRequirement,omitempty"`
AvailabilityRequirement *string `json:"availabilityRequirement,omitempty"`
ModifiedAttackVector *string `json:"modifiedAttackVector,omitempty"`
ModifiedAttackComplexity *string `json:"modifiedAttackComplexity,omitempty"`
ModifiedPrivilegesRequired *string `json:"modifiedPrivilegesRequired,omitempty"`
ModifiedUserInteraction *string `json:"modifiedUserInteraction,omitempty"`
ModifiedScope *string `json:"modifiedScope,omitempty"`
ModifiedConfidentialityImpact *string `json:"modifiedConfidentialityImpact,omitempty"`
ModifiedIntegrityImpact *string `json:"modifiedIntegrityImpact,omitempty"`
ModifiedAvailabilityImpact *string `json:"modifiedAvailabilityImpact,omitempty"`
EnvironmentalScore *float64 `json:"environmentalScore,omitempty"`
EnvironmentalSeverity *string `json:"environmentalSeverity,omitempty"`
}
type Configurations ¶
type Configurations struct {
CVEDataVersion string `json:"CVE_data_version"`
Nodes *[]Node `json:"nodes,omitempty"`
}
Configurations defines the set of product configurations for a NVD applicability statement as defined in the NIST API schema.
type Description ¶
type Description struct {
// DescriptionData has a minimum of 0 items according to
// the NIST API schema.
DescriptionData []LangString `json:"description_data"`
}
type ErrUnexpectedStatus ¶
ErrUnexpectedStatus is an error meaning the API call returned a response with an unexpected status. It may occurs when the server is down or the parameters/body is invalid.
func (ErrUnexpectedStatus) Error ¶
func (e ErrUnexpectedStatus) Error() string
type GetCVEParams ¶
GetCVEParams combines the parameters needed for GetCVE.
type GetCVEsParams ¶
type GetCVEsParams struct {
StartIndex *int `schema:"startIndex,omitempty"`
ResultsPerPage *int `schema:"resultsPerPage,omitempty"`
PubStartDate *string `schema:"pubStartDate,omitempty"`
PubEndDate *string `schema:"pubEndDate,omitempty"`
ModStartDate *string `schema:"modStartDate,omitempty"`
ModEndDate *string `schema:"modEndDate,omitempty"`
IncludeMatchStringChange *bool `schema:"includeMatchStringChange,omitempty"`
Keyword *string `schema:"keyword,omitempty"`
IsExactMatch *bool `schema:"isExactMatch,omitempty"`
CWEID *bool `schema:"cweId,omitempty"`
CVSSV2Severity *bool `schema:"cvssV2Severity,omitempty"`
CVSSV3Severity *bool `schema:"cvssV3Severity,omitempty"`
CVSSV2Metrics *bool `schema:"cvssV2Metrics,omitempty"`
CVSSV3Metrics *bool `schema:"cvssV3Metrics,omitempty"`
CPEMatchString *bool `schema:"cpeMatchString,omitempty"`
CPEName *string `schema:"cpeName,omitempty"`
AddOns *bool `schema:"addOns,omitempty"`
}
GetCVEsParams combines the parameters needed for GetCVEs.
type HTTPClient ¶
HTTPClient defines what is the basic implementation of an HTTP client. Used for interconnectability with various implementations of an HTTP client, and for mocking purposes.
type Impact ¶
type Impact struct {
BaseMetricV3 *BaseMetricV3 `json:"baseMetricV3,omitempty"`
BaseMetricV2 *BaseMetricV2 `json:"baseMetricV2,omitempty"`
}
Impact scores for a vulnerability as found on NVD as defined in the NIST API schema.
type LangString ¶
type Node ¶
type Node struct {
Operator *string `json:"operator,omitempty"`
Negate *bool `json:"negate,omitempty"`
Children *[]Node `json:"children,omitempty"`
CPEMatch *[]CPEMatch `json:"cpe_match,omitempty"`
}
Node is a node or sub-node in an NVD applicability statement as defined in the NIST API schema.
type ProblemType ¶
type ProblemType struct {
// ProblemTypeData has a minimum of 0 items according to the
// NIST API schema.
ProblemTypeData []ProblemTypeData `json:"problemtype_data"`
}
type ProblemTypeData ¶
type ProblemTypeData struct {
// Description has a minimum of 0 items according to the
// NIST API schema.
Description []LangString `json:"description"`
}
type References ¶
type References struct {
// ReferenceData has a minimum of 0 and a maximum of 500
// items according to the NIST API schema.
ReferenceData []Reference `json:"reference_data"`
}
type Result ¶
type Result struct {
CVEDataType string `json:"CVE_data_type"`
CVEDataFormat string `json:"CVE_data_format"`
CVEDataVersion string `json:"CVE_data_version"`
CVEDataNumberOfCVEs *string `json:"CVE_data_numberOfCVEs,omitempty"`
CVEDataTimestamp string `json:"CVE_data_timestamp"`
CVEItems *[]CVEItem `json:"CVE_Items,omitempty"`
}
type Vendor ¶
type Vendor struct {
// VendorData has a minimum of 0 items according to the
// NIST API schema.
VendorData []VendorData `json:""`
}
type VendorData ¶
type VendorData struct {
VendorName string `json:"vendor_name"`
Product VendorProduct `json:"product"`
}
type VendorProduct ¶
type VendorProduct struct {
// ProductData has a minimum of 1 item according to the
// NIST API schema.
ProductData []Product `json:"product_data"`
}
type Version ¶
type Version struct {
// VersionData has a minimum of 1 item according to the
// NIST API schema.
VersionData []VersionData `json:"version_data"`
}
type VersionData ¶
Source Files
Click to show internal directories.
Click to hide internal directories.