Documentation ¶
Overview ¶
Package vulndb provides an API to the vulnerability database.
Index ¶
- Constants
- func InitSchemaSQL(ctx context.Context, db *sql.DB) error
- func ParseTime(s string) (time.Time, error)
- func SchemaSQL() []string
- type CustomDataDeleter
- type CustomDataExporter
- type CustomDataImporter
- type CustomDataRecord
- type DataExporter
- type SnoozeCreator
- type SnoozeDeleter
- type SnoozeGetter
- type SnoozeRecord
- type SummaryExporter
- type SummaryRecord
- type VendorDataExporter
- type VendorDataImporter
- type VendorDataRecord
- type VendorDataTrimmer
- type VendorRecord
Constants ¶
const TimeLayout = "2006-01-02T15:04Z"
TimeLayout is the layout of NVD CVE JSON timestamps.
Variables ¶
This section is empty.
Functions ¶
func InitSchemaSQL ¶
InitSchemaSQL is auto-generated. Executes each SQL statement from schema.sql.
Types ¶
type CustomDataDeleter ¶
CustomDataDeleter is a helper for deleting custom data.
type CustomDataExporter ¶
CustomDataExporter is a helper for exporting custom data.
type CustomDataImporter ¶
CustomDataImporter is a helper for importing custom data.
func (CustomDataImporter) ImportFile ¶
func (o CustomDataImporter) ImportFile(ctx context.Context, name string) error
ImportFile imports NVD CVE JSON 1.0 optionally gzipped from file.
func (CustomDataImporter) ImportJSON ¶
ImportJSON imports NVD CVE JSON 1.0 optionally gzipped.
type CustomDataRecord ¶
type CustomDataRecord struct { Owner string `sql:"owner"` Provider string `sql:"provider"` CVE string `sql:"cve_id"` Published time.Time `sql:"published"` Modified time.Time `sql:"modified"` BaseScore float64 `sql:"base_score"` Summary string `sql:"summary"` JSON []byte `sql:"cve_json"` }
CustomDataRecord represents a db record of the `custom_data` table.
type DataExporter ¶
DataExporter is a helper for exporting vulnerability records from the db.
type SnoozeCreator ¶
type SnoozeCreator struct { DB *sql.DB Owner string Collector string Provider string Deadline time.Time Metadata []byte }
SnoozeCreator is a helper for creating snoozes.
type SnoozeDeleter ¶
SnoozeDeleter deletes snoozes from the database.
type SnoozeGetter ¶
SnoozeGetter gets data from the database.
type SnoozeRecord ¶
type SnoozeRecord struct { Owner string `sql:"owner"` Collector string `sql:"collector"` Provider string `sql:"provider"` CVE string `sql:"cve_id"` Deadline sqlutil.NullTime `sql:"deadline"` Metadata []byte `sql:"metadata"` }
SnoozeRecord represents a database record of the `snooze` table.
type SummaryExporter ¶
SummaryExporter is a helper for exporting database summary.
func (SummaryExporter) SummaryRecords ¶
func (exp SummaryExporter) SummaryRecords(ctx context.Context) ([]SummaryRecord, error)
SummaryRecords retrieves the summary from the DB and returns it as a list of records
type SummaryRecord ¶
type SummaryRecord struct { DataType string `sql:"data_type"` Provider string `sql:"provider"` Version string `sql:"version"` CVEs int64 `sql:"cves"` }
SummaryRecord represents a record of the `summary` query
type VendorDataExporter ¶
VendorDataExporter is a helper for exporting vendor data.
type VendorDataImporter ¶
type VendorDataImporter struct { DB *sql.DB Owner string Provider string OnFile func(filename string) }
VendorDataImporter is a helper for importing an entire dataset from multiple files.
func (VendorDataImporter) ImportFiles ¶
func (v VendorDataImporter) ImportFiles(ctx context.Context, files ...string) (*VendorRecord, error)
ImportFiles creates a new dataset version and imports all files into it Files must be formatted as NVD CVE JSON 1.0 optionally gzipped.
type VendorDataRecord ¶
type VendorDataRecord struct { Version int64 `sql:"version"` CVE string `sql:"cve_id"` Published time.Time `sql:"published"` Modified time.Time `sql:"modified"` BaseScore float64 `sql:"base_score"` Summary string `sql:"summary"` JSON []byte `sql:"cve_json"` }
VendorDataRecord represents a db record of the `vendor_data` table.
func VendorDataFromFile ¶
func VendorDataFromFile(vendor *VendorRecord, name string) ([]VendorDataRecord, error)
VendorDataFromFile loads vendor data from NVD CVE JSON files.
type VendorDataTrimmer ¶
type VendorDataTrimmer struct { DB *sql.DB FilterProviders []string DeleteLatestVersion bool // TODO: support keeping up to N versions }
VendorDataTrimmer is a helper for trimming vendor data.
It deletes all versions but the latest.
Deleting would be easier in common scenarions, but we have some hard constraints:
- Vendor data is versioned
- No foreign key between vendor_data and vendor tables
- MySQL in safe mode forbids deleting from SELECT queries, wants values
- Must keep the binlog smaller than 500M, not enough for the NVD database
Therefore, deletion works as follows:
- Select versions from the vendor table based on the provided settings
- Operate on vendor records with ready=true or older versions
- By default, delete all versions but the latest, for each provider
- Delete from vendor table first, effectively making data records orphans
- Delete any orphan records from vendor_data, effectively crowd sourcing deletions
- Delete data in chunks, keeping binlog small
Deletion operations are expensive.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package debug provides debugging utilities.
|
Package debug provides debugging utilities. |
Package jsonschema was auto-generated.
|
Package jsonschema was auto-generated. |
Package mysql provides a connector to vulndb via MySQL.
|
Package mysql provides a connector to vulndb via MySQL. |
Package sqlutil provides utilities for database/sql for dealing with SQL queries and database records.
|
Package sqlutil provides utilities for database/sql for dealing with SQL queries and database records. |
b64schema
b64schema converts a SQL schema file into base64 encoded strings as Go code.
|
b64schema converts a SQL schema file into base64 encoded strings as Go code. |