Documentation
¶
Overview ¶
Package cvefeed provides an API to NVD CVE feeds parsing and matching.
Index ¶
- type Cache
- type ChunkKind
- type Dictionary
- type DiffStats
- func (s *DiffStats) MarshalJSON() ([]byte, error)
- func (s *DiffStats) NumChunk(chunk ChunkKind) int
- func (s *DiffStats) NumDiffVulns() int
- func (s *DiffStats) NumVulnsA() int
- func (s *DiffStats) NumVulnsANotB() int
- func (s *DiffStats) NumVulnsB() int
- func (s *DiffStats) NumVulnsBNotA() int
- func (s *DiffStats) PercentChunk(chunk ChunkKind) float64
- func (s *DiffStats) VulnsANotB() []string
- func (s *DiffStats) VulnsBNotA() []string
- type Index
- type MatchResult
- type Vuln
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Cache ¶
type Cache struct {
Dict Dictionary
Idx Index
RequireVersion bool // ignore matching specifications that have Version == ANY
MaxSize int64 // maximum size of the cache, 0 -- unlimited, -1 -- no caching
// contains filtered or unexported fields
}
Cache caches CVEs for known CPEs
func NewCache ¶
func NewCache(dict Dictionary) *Cache
NewCache creates new Cache instance with dictionary dict.
func (*Cache) Get ¶
func (c *Cache) Get(cpes []*wfn.Attributes) []MatchResult
Get returns slice of CVEs for CPE names from cpes parameter; if CVEs aren't cached (and the feature is enabled) it finds them in cveDict and caches the results
func (*Cache) HitRatio ¶ added in v0.1.4
HitRatio returns the cache hit ratio, the number of cache hits to the number of lookups, as a percentage.
func (*Cache) SetMaxSize ¶
SetMaxSize sets maximum size of the cache to some pre-defined value, size of 0 disables eviction (makes the cache grow indefinitely), negative size disables caching. Returns a pointer to the instance of Cache, for easy chaining.
func (*Cache) SetRequireVersion ¶
SetRequireVersion sets if the instance of cache fails matching the dictionary records without Version attribute of CPE name. Returns a pointer to the instance of Cache, for easy chaining.
type ChunkKind ¶ added in v0.1.4
type ChunkKind string
ChunkKind is the type of chunks produced by a diff.
const ( // ChunkDescription indicates a difference in the description of a // vulnerability. ChunkDescription ChunkKind = "description" // ChunkScore indicates a difference in the score of a vulnerability. ChunkScore = "score" )
type Dictionary ¶
Dictionary is a slice of entries
func LoadFeed ¶ added in v0.1.3
LoadFeed calls loadFunc for each file in paths and returns the combined outputs in a Dictionary.
func LoadJSONDictionary ¶
func LoadJSONDictionary(paths ...string) (Dictionary, error)
LoadJSONDictionary parses dictionary from multiple NVD vulnerability feed JSON files
func (*Dictionary) Override ¶ added in v0.1.3
func (d *Dictionary) Override(d2 Dictionary)
Override amends entries in Dictionary with configurations from Dictionary d2; CVE will be matched if it matches the original config of d and does not match the config of d2.
type DiffStats ¶ added in v0.1.4
type DiffStats struct {
// contains filtered or unexported fields
}
DiffStats is the result of a diff.
func Diff ¶ added in v0.1.4
func Diff(aName string, aDict Dictionary, bName string, bDict Dictionary) *DiffStats
Diff performs a diff between two Dictionaries.
func (*DiffStats) MarshalJSON ¶ added in v0.1.4
MarshalJSON implements a custom JSON marshaller.
func (*DiffStats) NumChunk ¶ added in v0.1.4
NumChunk returns the number of different vulnerabilities that have a specific chunk.
func (*DiffStats) NumDiffVulns ¶ added in v0.1.4
NumDiffVulns returns the number of vulnerability that are in both A and B but are different (eg. different description, score, ...).
func (*DiffStats) NumVulnsA ¶ added in v0.1.4
NumVulnsA returns the vulnerability in A (the first input to Diff).
func (*DiffStats) NumVulnsANotB ¶ added in v0.1.4
NumVulnsANotB returns the numbers of vulnerabilities that are A (the first input to Diff) but are not in B (the second input to Diff).
func (*DiffStats) NumVulnsB ¶ added in v0.1.4
NumVulnsB returns the vulnerability in A (the first input to Diff).
func (*DiffStats) NumVulnsBNotA ¶ added in v0.1.4
NumVulnsBNotA returns the numbers of vulnerabilities that are B (the second input to Diff) but are not in A (the first input to Diff).
func (*DiffStats) PercentChunk ¶ added in v0.1.4
PercentChunk returns the percentage of different vulnerabilities that have a specific chunk.
func (*DiffStats) VulnsANotB ¶ added in v0.1.4
VulnsANotB returns the vulnerabilities that are A (the first input to Diff) but are not in B (the second input to Diff).
func (*DiffStats) VulnsBNotA ¶ added in v0.1.4
VulnsBNotA returns the vulnerabilities that are A (the first input to Diff) but are not in B (the second input to Diff).
type Index ¶
Index maps the CPEs to the entries in the NVD feed they mentioned in
func NewIndex ¶
func NewIndex(d Dictionary) Index
NewIndex creates new Index from a slice of CVE entries
type MatchResult ¶
type MatchResult struct {
CVE Vuln
CPEs []*wfn.Attributes
}
MatchResult stores CVE and a slice of CPEs that matched it
type Vuln ¶ added in v0.1.4
type Vuln interface {
// vulnerability should also be able to match attributes
wfn.Matcher
// ID returns the vulnerability ID
ID() string
// CVEs returns all CVEs it includes/references
CVEs() []string
// CWEs returns all CWEs for this vulnerability
CWEs() []string
// CVSSv2BaseScore returns CVSS v2 base score
CVSSv2BaseScore() float64
// CVSSv2BaseScore returns CVSS v2 vector
CVSSv2Vector() string
// CVSSv2BaseScore returns CVSS v3 base score
CVSSv3BaseScore() float64
// CVSSv2BaseScore returns CVSS v3 vector
CVSSv3Vector() string
}
Vuln is a vulnerability interface
func OverrideVuln ¶ added in v0.1.4
MergeVuln combines two Vulns: resulted Vuln inherits all mutually exclusive methods (e.g. ID()) from Vuln x; functions returning CVEs and CWEs return distinct(union(x,y)) the returned vuln matches attributes if x matches AND y doesn't
Source Files
Directories