cvefeed

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 23, 2019 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package cvefeed defines types and methods necessary to parse NVD vulnerability feed and match an inventory of CPE names against it.

Copyright (c) Facebook, Inc. and its affiliates.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Match 

func Match(inventory []*wfn.Attributes, rules []LogicalTest, requireVersion bool) ([]*wfn.Attributes, bool)

Match matches list of software in inventory to a number of rules; returns the CPE names that matched and the boolean result of the match. If requireVersion is true, the function ignores rules with no Version attribute.

Types

type CVEItem 

type CVEItem = iface.CVEItem

CVEItem is an interface that provides access to CVE data from vulnerability feed 

type CVEItem interface {
	CVE() string
	Configuration() []LogicalTest
}

func ParseJSON 

func ParseJSON(in io.Reader) ([]CVEItem, error)

ParseJSON loads CVE feed from JSON

func ParseXML 

func ParseXML(in io.Reader) ([]CVEItem, error)

ParseXML loads CVE feed from XML

type Cache 

type Cache struct {
	Dict           Dictionary
	Idx            Index
	RequireVersion bool // ignore matching specifications that have Version == ANY
	MaxSize        int  // maximum size of the cache, 0 -- unlimited, -1 -- no caching
	// contains filtered or unexported fields
}

Cache caches CVEs for known CPEs

func NewCache 

func NewCache(dict Dictionary) *Cache

NewCache creates new Cache instance with dictionary dict.

func (*Cache) Get 

func (c *Cache) Get(cpes []*wfn.Attributes) []MatchResult

Get returns slice of CVEs for CPE names from cpes parameter; if CVEs aren't cached (and the feature is enabled) it finds them in cveDict and caches the results

func (*Cache) SetMaxSize 

func (c *Cache) SetMaxSize(size int) *Cache

SetMaxSize sets maximum size of the cache to some pre-defined value, size of 0 disables eviction (makes the cache grow indefinitely), negative size disables caching. Returns a pointer to the instance of Cache, for easy chaining.

func (*Cache) SetRequireVersion 

func (c *Cache) SetRequireVersion(requireVersion bool) *Cache

SetRequireVersion sets if the instance of cache fails matching the dictionary records without Version attribute of CPE name. Returns a pointer to the instance of Cache, for easy chaining.

type Dictionary 

type Dictionary = []CVEItem

Dictionary is a slice of entries

func LoadJSONDictionary 

func LoadJSONDictionary(paths ...string) (Dictionary, error)

LoadJSONDictionary parses dictionary from multiple NVD vulenrability feed JSON files

func LoadXMLDictionary 

func LoadXMLDictionary(paths ...string) (Dictionary, error)

LoadXMLDictionary parses dictionary from multiple NVD vulenrability feed XML files

type Index 

type Index map[string][]CVEItem

Index maps the CPEs to the entries in the NVD feed they mentioned in

func NewIndex 

func NewIndex(d Dictionary) Index

NewIndex creates new Index from a slice of CVE entries

type LogicalTest 

type LogicalTest = iface.LogicalTest

LogicalTest describes logical test performed during matching 

type LogicalTest interface {
	LogicalOperator() string // "and", "or", "eq"
	NegateIfNeeded(bool) bool
	InnerTests() []LogicalTest
	MatchPlatform(platform *wfn.Attributes, requireVersion bool) bool
	CPEs() []*wfn.Attributes
}

type MatchResult 

type MatchResult struct {
	CVE  string
	CPEs []*wfn.Attributes
}

MatchResult stores CVE and a slice of CPEs that matched it

Source Files

View all Source files

Directories

Path Synopsis
internal
iface
Package iface defines interfaces CVE feed implements, no matter the format (XML, JSON...)
 Package iface defines interfaces CVE feed implements, no matter the format (XML, JSON...)
nvdjson
Package nvdjson defines the types and methods necessary to parse CVE Language specification as per https://csrc.nist.gov/schema/nvd/feed/0.1/nvd_cve_feed_json_0.1_beta.schema
 Package nvdjson defines the types and methods necessary to parse CVE Language specification as per https://csrc.nist.gov/schema/nvd/feed/0.1/nvd_cve_feed_json_0.1_beta.schema
nvdxml
Package nvdxml defines the types and methods necessary to parse CPE Language specification as per https://csrc.nist.gov/schema/cpe/2.3/cpe-language_2.3.xsd The implementation is not full, only parts required to parse NVD vulnerability feed are implemented
 Package nvdxml defines the types and methods necessary to parse CPE Language specification as per https://csrc.nist.gov/schema/cpe/2.3/cpe-language_2.3.xsd The implementation is not full, only parts required to parse NVD vulnerability feed are implemented

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.