cveresources

package
v1.2.8-sp4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 21, 2023 License: AGPL-3.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var CommonFix map[string]ProductId = map[string]ProductId{
	"httpd": {
		ProductName: "http_server",
		Vendor:      "apache",
	},
	"iis": {
		ProductName: "internet_information_server",
	},
}

Functions

func AbbrCheck

func AbbrCheck(name string, info ProductsTable, symbol string) bool

AbbrCheck 简写检查

func AccessComplexityVerbose

func AccessComplexityVerbose(i string) string

func CreateOrUpdateCVE

func CreateOrUpdateCVE(db *gorm.DB, id string, cve *CVE) error

func CreateOrUpdateCWE

func CreateOrUpdateCWE(db *gorm.DB, id string, i interface{}) error

func FilterCVE

func FilterCVE(db *gorm.DB, req *ypb.QueryCVERequest) *gorm.DB

func FixProductName

func FixProductName(ProductName string, db *gorm.DB) ([]string, error)

func FuzzCheck added in v1.2.3

func FuzzCheck(input []string, data []string) bool

FuzzCheck 模糊检查

func IsNum

func IsNum(s string) bool

IsNum 判断是否是数字

func MarshalCheck

func MarshalCheck(v any) []byte

func RegisterDesc

func RegisterDesc(d map[string]CVEDesc)

func Set

func Set(s []string) []string

func SeverityVerbose

func SeverityVerbose(i string) string

func StatusVerbose

func StatusVerbose(i string) string

func ToReg

func ToReg(start, end string, startFlag, endFlag bool) []string

func VersionCompare

func VersionCompare(v1, v2 string) (int, float64)

func YieldCVEs

func YieldCVEs(db *gorm.DB, ctx context.Context) chan *CVE

func YieldCWEs

func YieldCWEs(db *gorm.DB, ctx context.Context) chan *CWE

Types

type BaseMetricV2

type BaseMetricV2 struct {
	CvssV2                  CvssV2  `json:"cvssV2"`
	Severity                string  `json:"severity"`
	ExploitabilityScore     float64 `json:"exploitabilityScore"`
	ImpactScore             float64 `json:"impactScore"`
	ObtainAllPrivilege      bool    `json:"obtainAllPrivilege"`
	ObtainUserPrivilege     bool    `json:"obtainUserPrivilege"`
	ObtainOtherPrivilege    bool    `json:"obtainOtherPrivilege"`
	UserInteractionRequired bool    `json:"userInteractionRequired"`
}

type BaseMetricV3

type BaseMetricV3 struct {
	CvssV3                  CvssV3  `json:"cvssV3"`
	ExploitabilityScore     float64 `json:"exploitabilityScore"`
	ImpactScore             float64 `json:"impactScore"`
	ObtainAllPrivilege      bool    `json:"obtainAllPrivilege"`
	ObtainUserPrivilege     bool    `json:"obtainUserPrivilege"`
	ObtainOtherPrivilege    bool    `json:"obtainOtherPrivilege"`
	UserInteractionRequired bool    `json:"userInteractionRequired"`
}

type CPE

type CPE struct {
	//cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*
	Part, Vendor, Product, Version, Edition string
}

func ParseToCPE

func ParseToCPE(cpeStr string) (*CPE, error)

ParseToCPE 将字符串解析成CPE结构体

type CVE

type CVE struct {
	gorm.Model

	CVE               string `gorm:"uniqueIndex"`
	CWE               string
	ProblemType       []byte
	References        []byte
	TitleZh           string
	Solution          string
	DescriptionMain   string
	DescriptionMainZh string
	Descriptions      []byte
	Vendor            string
	Product           string

	CPEConfigurations []byte

	CVSSVersion      string
	CVSSVectorString string

	// 攻击路径
	AccessVector string
	// 攻击复杂度
	AccessComplexity string
	// 需要认证
	Authentication string
	// 机密性影响(泄密)
	ConfidentialityImpact string
	// 完整性影响(破坏程度)
	IntegrityImpact string
	// 可用性影响(导致服务不可用)
	AvailabilityImpact string
	// 基础评分
	BaseCVSSv2Score float64

	// 严重等级
	Severity string
	// 漏洞利用评分
	ExploitabilityScore float64
	// 漏洞影响评分
	ImpactScore float64

	// 可获取所有权限
	ObtainAllPrivilege bool
	// 可获取用户权限
	ObtainUserPrivilege bool
	// 可获取其他权限
	ObtainOtherPrivilege bool

	// 是否需要用户交互
	UserInteractionRequired bool

	PublishedDate    time.Time
	LastModifiedData time.Time
}

func GetCVE

func GetCVE(db *gorm.DB, id string) (*CVE, error)

func QueryCVE

func QueryCVE(db *gorm.DB, req *ypb.QueryCVERequest) (*bizhelper.Paginator, []*CVE, error)

func (*CVE) ToGPRCModel

func (c *CVE) ToGPRCModel() *ypb.CVEDetail

func (*CVE) Year

func (c *CVE) Year() int

type CVEDataMeta

type CVEDataMeta struct {
	ID       string `json:"ID"`
	ASSIGNER string `json:"ASSIGNER"`
}

type CVEDesc

type CVEDesc struct {
	TitleZh           string
	Solution          string
	DescriptionMainZh string
}

type CVERecord

type CVERecord struct {
	Cve              Cve            `json:"cve"`
	Configurations   Configurations `json:"configurations"`
	Impact           Impact         `json:"impact"`
	PublishedDate    string         `json:"publishedDate"`
	LastModifiedDate string         `json:"lastModifiedDate"`
}

func (*CVERecord) CVEId

func (r *CVERecord) CVEId() string

func (*CVERecord) CWE

func (r *CVERecord) CWE() string

func (*CVERecord) DescriptionMain

func (r *CVERecord) DescriptionMain() string

func (*CVERecord) GetLastModifiedDate

func (r *CVERecord) GetLastModifiedDate() time.Time

func (*CVERecord) GetPublishedDate

func (r *CVERecord) GetPublishedDate() time.Time

func (*CVERecord) ToCVE

func (record *CVERecord) ToCVE(db *gorm.DB) (*CVE, error)

type CVERes

type CVERes struct {
	CVE
	ConfidenceLevel float64
}

func (CVERes) CWE

func (c CVERes) CWE(rule string) bool

func (CVERes) Year

func (c CVERes) Year() int

type CVEYearFile

type CVEYearFile struct {
	CVEDataType         string      `json:"CVE_data_type"`
	CVEDataFormat       string      `json:"CVE_data_format"`
	CVEDataVersion      string      `json:"CVE_data_version"`
	CVEDataNumberOfCVEs string      `json:"CVE_data_numberOfCVEs"`
	CVEDataTimestamp    string      `json:"CVE_data_timestamp"`
	CVERecords          []CVERecord `json:"CVE_Items"`
}

type CWE

type CWE struct {
	Id     int    `json:"id" gorm:"primary_key"`
	IdStr  string `json:"id_str" gorm:"uniqueIndex"`
	Name   string
	NameZh string

	// 描述 CWE 之间的关系
	Parent   string `json:"parent"`   // 父子关系
	Siblings string `json:"siblings"` // 兄弟关系
	InferTo  string `json:"infer_to"` // 推导关系(有上一个问题,多半也会有这个问题)
	Requires string `json:"requires"` // 依赖关系

	Status                string // CWE 发布状态 draft / incomplete / stable
	Stable                bool
	Incomplete            bool
	Description           string
	DescriptionZh         string
	ExtendedDescription   string
	ExtendedDescriptionZh string
	Abstraction           string // base / varint
	RelativeLanguage      string // 可能出现的语言
	CWESolution           string // 修复方案
	CVEExamples           string // 典型 CVE 案例
	CAPECVectors          string
}

func GetCWE

func GetCWE(db *gorm.DB, id string) (*CWE, error)

func GetCWEById added in v1.2.6

func GetCWEById(db *gorm.DB, id int) (*CWE, error)

func (*CWE) BeforeSave

func (c *CWE) BeforeSave() error

func (*CWE) CWEString

func (c *CWE) CWEString() string

func (*CWE) ToGRPCModel

func (c *CWE) ToGRPCModel() *ypb.CWEDetail

type Configurations

type Configurations struct {
	CVEDataVersion string  `json:"CVE_data_version"`
	Nodes          []Nodes `json:"nodes"`
}

type CpeMatch

type CpeMatch struct {
	Vulnerable            bool   `json:"vulnerable"`
	Cpe23URI              string `json:"cpe23Uri"`
	VersionStartExcluding string `json:"versionStartExcluding"`
	VersionEndExcluding   string `json:"versionEndExcluding"`
	VersionStartIncluding string `json:"versionStartIncluding"`
	VersionEndIncluding   string `json:"versionEndIncluding"`
}

func (CpeMatch) Calculate

func (m CpeMatch) Calculate(cpe CPE) float64

type Cve

type Cve struct {
	DataType        string          `json:"data_type"`
	DataFormat      string          `json:"data_format"`
	DataVersion     string          `json:"data_version"`
	CVEDataMeta     CVEDataMeta     `json:"CVE_data_meta"`
	Problemtype     Problemtype     `json:"problemtype"`
	References      References      `json:"references"`
	DescriptionInfo DescriptionInfo `json:"description"`
}

type CvssV2

type CvssV2 struct {
	Version               string  `json:"version"`
	VectorString          string  `json:"vectorString"`
	AccessVector          string  `json:"accessVector"`
	AccessComplexity      string  `json:"accessComplexity"`
	Authentication        string  `json:"authentication"`
	ConfidentialityImpact string  `json:"confidentialityImpact"`
	IntegrityImpact       string  `json:"integrityImpact"`
	AvailabilityImpact    string  `json:"availabilityImpact"`
	BaseScore             float64 `json:"baseScore"`
}

type CvssV3

type CvssV3 struct {
	Version               string  `json:"version"`
	VectorString          string  `json:"vectorString"`
	AttackVector          string  `json:"attackVector"`
	AttackComplexity      string  `json:"attackComplexity"`
	PrivilegesRequired    string  `json:"privilegesRequired"`
	UserInteraction       string  `json:"userInteraction"`
	Scope                 string  `json:"scope"`
	ConfidentialityImpact string  `json:"confidentialityImpact"`
	IntegrityImpact       string  `json:"integrityImpact"`
	AvailabilityImpact    string  `json:"availabilityImpact"`
	BaseScore             float64 `json:"baseScore"`
	BaseSeverity          string  `json:"baseSeverity"`
}

type Description

type Description struct {
	Lang  string `json:"lang"`
	Value string `json:"value"`
}

type DescriptionData

type DescriptionData struct {
	Lang  string `json:"lang"`
	Value string `json:"value"`
}

type DescriptionInfo

type DescriptionInfo struct {
	DescriptionData []DescriptionData `json:"description_data"`
}

type Impact

type Impact struct {
	BaseMetricV2 BaseMetricV2 `json:"baseMetricV2"`
	BaseMetricV3 BaseMetricV3 `json:"baseMetricV3"`
}

type Nodes

type Nodes struct {
	Operator string     `json:"operator"`
	CpeMatch []CpeMatch `json:"cpe_match"`
	Children []Nodes    `json:"children"`
}

func (Nodes) GetProduct

func (n Nodes) GetProduct() []string

func (Nodes) GetProductVersion

func (n Nodes) GetProductVersion(name string) []map[string]string

func (Nodes) GetVendor

func (n Nodes) GetVendor() []string

func (Nodes) Result

func (n Nodes) Result(CheckCpe []CPE) float64

func (Nodes) Version

func (n Nodes) Version() []string

type Problemtype

type Problemtype struct {
	ProblemtypeData []ProblemtypeData `json:"problemtype_data"`
}

type ProblemtypeData

type ProblemtypeData struct {
	Description []Description `json:"description"`
}

type ProductId added in v1.2.3

type ProductId struct {
	ProductName string
	Vendor      string
}

type ProductsTable

type ProductsTable struct {
	Product string `gorm:"primary_key"`
	Vendor  string
}

type ReferenceData

type ReferenceData struct {
	URL       string        `json:"url"`
	Name      string        `json:"name"`
	Refsource string        `json:"refsource"`
	Tags      []interface{} `json:"tags"`
}

type References

type References struct {
	ReferenceData []ReferenceData `json:"reference_data"`
}

type SqliteManager

type SqliteManager struct {
	*gorm.DB
}

func GetManager

func GetManager(path string) *SqliteManager

func (*SqliteManager) SaveCVERecord

func (m *SqliteManager) SaveCVERecord(record *CVERecord)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL