cvefeed

package
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 6, 2021 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Package cvefeed provides an API to NVD CVE feeds parsing and matching.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Cache 

type Cache struct {
	Dict    Dictionary
	Idx     Index
	MaxSize int64 // maximum size of the cache, 0 -- unlimited, -1 -- no caching

	RequireVersion bool // ignore matching specifications that have Version == ANY
	// contains filtered or unexported fields
}

Cache caches CVEs for known CPEs

func NewCache 

func NewCache(dict Dictionary) *Cache

NewCache creates new Cache instance with dictionary dict.

func (*Cache) Get 

func (c *Cache) Get(cpes []*wfn.Attributes) []MatchResult

Get returns slice of CVEs for CPE names from cpes parameter; if CVEs aren't cached (and the feature is enabled) it finds them in cveDict and caches the results

func (*Cache) HitRatio added in v0.1.4 

func (c *Cache) HitRatio() float64

HitRatio returns the cache hit ratio, the number of cache hits to the number of lookups, as a percentage.

func (*Cache) SetMaxSize 

func (c *Cache) SetMaxSize(size int64) *Cache

SetMaxSize sets maximum size of the cache to some pre-defined value, size of 0 disables eviction (makes the cache grow indefinitely), negative size disables caching. Returns a pointer to the instance of Cache, for easy chaining.

func (*Cache) SetRequireVersion 

func (c *Cache) SetRequireVersion(requireVersion bool) *Cache

SetRequireVersion sets if the instance of cache fails matching the dictionary records without Version attribute of CPE name. Returns a pointer to the instance of Cache, for easy chaining.

type ChunkKind added in v0.1.4 

type ChunkKind string

ChunkKind is the type of chunks produced by a diff. 

const (
	// ChunkDescription indicates a difference in the description of a
	// vulnerability.
	ChunkDescription ChunkKind = "description"
	// ChunkScore indicates a difference in the score of a vulnerability.
	ChunkScore = "score"
)

type Dictionary 

type Dictionary map[string]Vuln

Dictionary is a slice of entries

func LoadFeed added in v0.1.3 

func LoadFeed(loadFunc func(string) ([]Vuln, error), paths ...string) (Dictionary, error)

LoadFeed calls loadFunc for each file in paths and returns the combined outputs in a Dictionary.

func LoadJSONDictionary 

func LoadJSONDictionary(paths ...string) (Dictionary, error)

LoadJSONDictionary parses dictionary from multiple NVD vulnerability feed JSON files

func (*Dictionary) Override added in v0.1.3 

func (d *Dictionary) Override(d2 Dictionary)

Override amends entries in Dictionary with configurations from Dictionary d2; CVE will be matched if it matches the original config of d and does not match the config of d2.

type DiffStats added in v0.1.4 

type DiffStats struct {
	// contains filtered or unexported fields
}

DiffStats is the result of a diff.

func Diff added in v0.1.4 

func Diff(aName string, aDict Dictionary, bName string, bDict Dictionary) *DiffStats

Diff performs a diff between two Dictionaries.

func (*DiffStats) MarshalJSON added in v0.1.4 

func (s *DiffStats) MarshalJSON() ([]byte, error)

MarshalJSON implements a custom JSON marshaller.

func (*DiffStats) NumChunk added in v0.1.4 

func (s *DiffStats) NumChunk(chunk ChunkKind) int

NumChunk returns the number of different vulnerabilities that have a specific chunk.

func (*DiffStats) NumDiffVulns added in v0.1.4 

func (s *DiffStats) NumDiffVulns() int

NumDiffVulns returns the number of vulnerability that are in both A and B but are different (eg. different description, score, ...).

func (*DiffStats) NumVulnsA added in v0.1.4 

func (s *DiffStats) NumVulnsA() int

NumVulnsA returns the vulnerability in A (the first input to Diff).

func (*DiffStats) NumVulnsANotB added in v0.1.4 

func (s *DiffStats) NumVulnsANotB() int

NumVulnsANotB returns the numbers of vulnerabilities that are A (the first input to Diff) but are not in B (the second input to Diff).

func (*DiffStats) NumVulnsB added in v0.1.4 

func (s *DiffStats) NumVulnsB() int

NumVulnsB returns the vulnerability in A (the first input to Diff).

func (*DiffStats) NumVulnsBNotA added in v0.1.4 

func (s *DiffStats) NumVulnsBNotA() int

NumVulnsBNotA returns the numbers of vulnerabilities that are B (the second input to Diff) but are not in A (the first input to Diff).

func (*DiffStats) PercentChunk added in v0.1.4 

func (s *DiffStats) PercentChunk(chunk ChunkKind) float64

PercentChunk returns the percentage of different vulnerabilities that have a specific chunk.

func (*DiffStats) VulnsANotB added in v0.1.4 

func (s *DiffStats) VulnsANotB() []string

VulnsANotB returns the vulnerabilities that are A (the first input to Diff) but are not in B (the second input to Diff).

func (*DiffStats) VulnsBNotA added in v0.1.4 

func (s *DiffStats) VulnsBNotA() []string

VulnsBNotA returns the vulnerabilities that are A (the first input to Diff) but are not in B (the second input to Diff).

type Index 

type Index map[string][]Vuln

Index maps the CPEs to the entries in the NVD feed they mentioned in

func NewIndex 

func NewIndex(d Dictionary) Index

NewIndex creates new Index from a slice of CVE entries

type MatchResult 

type MatchResult struct {
	CVE  Vuln
	CPEs []*wfn.Attributes
}

MatchResult stores CVE and a slice of CPEs that matched it

type Stats added in v0.1.5 

type Stats struct {
	// contains filtered or unexported fields
}

Stats contains the stats information of a NVD JSON feed

func NewStats added in v0.1.5 

func NewStats() *Stats

NewStats creates a new Stats object

func (*Stats) Gather added in v0.1.5 

func (s *Stats) Gather(dict Dictionary)

Gather feeds a Stats object by gathering stats from a NVD JSON feed dictionary

func (*Stats) ReportOperatorAND added in v0.1.5 

func (s *Stats) ReportOperatorAND()

ReportOperatorAND prints the stats of operator AND

func (*Stats) Reset added in v0.1.5 

func (s *Stats) Reset()

Reset clears out a Stats object

type Vuln added in v0.1.4 

type Vuln interface {
	// vulnerability should also be able to match attributes
	wfn.Matcher
	// ID returns the vulnerability ID
	ID() string
	// CVEs returns all CVEs it includes/references
	CVEs() []string
	// CWEs returns all CWEs for this vulnerability
	CWEs() []string
	// CVSSv2BaseScore returns CVSS v2 base score
	CVSSv2BaseScore() float64
	// CVSSv2BaseScore returns CVSS v2 vector
	CVSSv2Vector() string
	// CVSSv2BaseScore returns CVSS v3 base score
	CVSSv3BaseScore() float64
	// CVSSv2BaseScore returns CVSS v3 vector
	CVSSv3Vector() string
}

Vuln is a vulnerability interface

func OverrideVuln added in v0.1.4 

func OverrideVuln(v, override Vuln) Vuln

MergeVuln combines two Vulns: resulted Vuln inherits all mutually exclusive methods (e.g. ID()) from Vuln x; functions returning CVEs and CWEs return distinct(union(x,y)) the returned vuln matches attributes if x matches AND y doesn't

func ParseJSON 

func ParseJSON(in io.Reader) ([]Vuln, error)

ParseJSON parses JSON dictionary from NVD vulnerability feed

Source Files

View all Source files

Directories

Path Synopsis
nvd
schema

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.