schema

package
v0.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 11, 2022 License: Apache-2.0 Imports: 7 Imported by: 5

Documentation

Overview

Package schema implements parsing the vendor's data.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ProvidersConvertStrTime

func ProvidersConvertStrTime(layout, strTime string) (*time.Time, error)

ProvidersConvertStrTime takes a time layout and a string representing time in that layout and converts it to a Time type. If the string is empty nil is returned.

func ProvidersNewItem

func ProvidersNewItem(item *ProvidersItem) (*nvd.NVDCVEFeedJSON10DefCVEItem, error)

ProvidersNewItem creates a vendor item.

Types

type CVSS

type CVSS struct {
	CVSS2 *CVSS2 `json:"cvss2"`
	CVSS3 *CVSS3 `json:"cvss3"`
}

CVSS holds CVSS2 and CVSS3 data.

type CVSS2

type CVSS2 struct {
	Vector                string `json:"vector"`
	BaseScore             string `json:"base_score"`
	ImpactScore           string `json:"impact_score"`
	ExploitScore          string `json:"exploit_score"`
	AccessVector          string `json:"access_vector"`
	AccessComplexity      string `json:"access_complexity"`
	Authentication        string `json:"authentication"`
	ConfidentialityImpact string `json:"confidentiality_impack"`
	IntegrityImpact       string `json:"integrety_impact"`
	AvailabilityImpact    string `json:"availability_impact"`
}

CVSS2 information.

type CVSS3

type CVSS3 struct {
	Vector                string `json:"vector"`
	BaseScore             string `json:"base_score"`
	ImpactScore           string `json:"impact_score"`
	ExploitScore          string `json:"exploit_score"`
	AccessVector          string `json:"access_vector"`
	AccessComplexity      string `json:"access_complexity"`
	PrivilegesRequired    string `json:"privileges_required"`
	UserInteraction       string `json:"user_interaction"`
	Score                 string `json:"score"`
	ConfidentialityImpact string `json:"confidentiality_impack"`
	IntegrityImpact       string `json:"integrety_impact"`
	AvailabilityImpact    string `json:"availability_impact"`
}

CVSS3 information.

type Classification

type Classification struct {
	Targets    []*Target   `json:"targets"`
	Weaknesses []*Weakness `json:"weaknesses"`
}

Classification has CWE and CVSS data.

type DescParameter

type DescParameter struct {
	Published string `json:"published"`
	Modified  string `json:"modified"`
	Summary   string `json:"summary"`
}

DescParameter holds the CVE metadata.

type Description

type Description struct {
	ID         string         `json:"id"`
	Parameters *DescParameter `json:"parameters"`
}

Description has the CVE ID and metadata.

type Information

type Information struct {
	Descriptions []*Description `json:"description"`
	References   []*Reference   `json:"references"`
}

Information holds CVE data.

type Item

type Item struct {
	Information    *Information    `json:"information"`
	Classification *Classification `json:"classification"`
	Risk           *Risk           `json:"risk"`
}

Item defines the vendor's vulnerability schema.

func (*Item) Convert

func (item *Item) Convert() (*nvd.NVDCVEFeedJSON10DefCVEItem, error)

Convert reads a vendor item and outputs it in the NVD format.

func (*Item) ID

func (item *Item) ID() string

ID returns the identification of an Item.

type ProvidersCVSS

type ProvidersCVSS struct {
	BaseScore     float64
	TemporalScore float64
	Vector        string
}

ProvidersCVSS is used to store CVSS2 and CVSS3 data.

type ProvidersConfiguration

type ProvidersConfiguration struct {
	Nodes []*ProvidersNode
}

ProvidersConfiguration captures what specific software versions are vulnerable.

func ProvidersNewConfiguration

func ProvidersNewConfiguration() *ProvidersConfiguration

ProvidersNewConfiguration creates a ProvidersConfiguration.

func (*ProvidersConfiguration) NewNode

func (c *ProvidersConfiguration) NewNode() *ProvidersNode

NewNode creates a Node in the ProvidersConfiguration

type ProvidersItem

type ProvidersItem struct {
	Vendor           string
	ID               string
	Description      string
	CWEs             []string
	References       *ProvidersReferences
	Configuration    *ProvidersConfiguration
	CVSS2            *ProvidersCVSS
	CVSS3            *ProvidersCVSS
	LastModifiedDate *time.Time
	PublishedDate    *time.Time
}

ProvidersItem captures the top-level CVE information for a vendor.

type ProvidersMatch

type ProvidersMatch struct {
	CPE22URI              string
	CPE23URI              string
	VersionStartExcluding string
	VersionStartIncluding string
	VersionEndExcluding   string
	VersionEndIncluding   string
	Vulnerable            bool
}

ProvidersMatch represents software versions that match a CPE.

func ProvidersNewMatch

func ProvidersNewMatch(cpe22uri, cpe23uri string, vulnerable bool) *ProvidersMatch

ProvidersNewMatch creates a ProvidersMatch.

func (*ProvidersMatch) AddVersionEnd

func (m *ProvidersMatch) AddVersionEnd(version string, excluding bool)

AddVersionEnd adds the ending version to a Match, along with whether that version is included or excluded from the Match.

func (*ProvidersMatch) AddVersionStart

func (m *ProvidersMatch) AddVersionStart(version string, excluding bool)

AddVersionStart adds the starting version to a Match, along with whether that version is included or excluded from the Match.

type ProvidersNode

type ProvidersNode struct {
	// contains filtered or unexported fields
}

ProvidersNode holds a set of matches, any positive match being able to configure a CVE. If conditional matches are present as well, then at least one conditional match should also be positive to configure a CVE.

func (*ProvidersNode) AddConditionalMatch

func (node *ProvidersNode) AddConditionalMatch(m *ProvidersMatch)

AddConditionalMatch adds a ProvidersMatch to a ProvidersNode.

func (*ProvidersNode) AddMatch

func (node *ProvidersNode) AddMatch(m *ProvidersMatch)

AddMatch adds a ProvidersMatch to a ProvidersNode.

type ProvidersReferences

type ProvidersReferences struct {
	// contains filtered or unexported fields
}

ProvidersReferences hold data related to the thread.

func ProvidersNewReferences

func ProvidersNewReferences() *ProvidersReferences

ProvidersNewReferences creates a ProvidersReferences.

func (*ProvidersReferences) Add

func (r *ProvidersReferences) Add(name, url string)

Add adds a new reference to the references.

type Reference

type Reference struct {
	Vendor string `json:"vendor"`
	URL    string `json:"url"`
}

Reference holds related pointers to the CVE.

type Risk

type Risk struct {
	CVSS *CVSS `json:"cvss"`
}

Risk holds all the CVSS data.

type Target

type Target struct {
	ID         int32              `json:"id"`
	Parameters []*TargetParameter `json:"parameters"`
}

Target holds NVD Configuration information.

type TargetParameter

type TargetParameter struct {
	Title           string             `json:"title"`
	CPE22           string             `json:"cpe2.2"`
	CPE23           string             `json:"cpe2.3"`
	VersionAffected VersionAffected    `json:"version_affected"`
	RunningOn       []*TargetParameter `json:"running_on"`
}

TargetParameter holds Configuration Match data.

type VersionAffected

type VersionAffected struct {
	From string `json:"from"`
	To   string `json:"to"`
}

VersionAffected has the version data, as well as whether they are inclusive or exclusive.

type Weakness

type Weakness struct {
	ID string
}

Weakness holds CWE data.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL