README
¶
nvd 
Fast, simple library in Go to fetch CVEs from the NVD (U.S. National Vulnerability Database) feeds.
Install
go get github.com/daehee/nvd
Usage
The nvd package provides a Client for fetching CVEs from the official NVD feeds:
// nvd client with ./tmp working dir
client, err := NewClient("tmp")
// Fetch single CVE
cve, err := client.FetchCVE("CVE-2020-14882")
// Fetch all recently published and modified CVES
cves, err := client.FetchUpdatedCVEs()
License
Documentation
¶
Index ¶
- Variables
- func FixCVEID(cveID string) string
- func IsCVEID(cveID string) bool
- func IsCVEIDLoose(cveID string) bool
- func IsCVEIDStrict(cveID string) bool
- func PadCVESequence(seq int) string
- func ParseCVEID(cveID string) (cveYear int, cveSequence int)
- type CPEMatch
- type CPEMatchFeed
- type CVEItem
- type Client
- type NVDFeed
- type NVDMeta
- type Product
- type Vendor
- type Weakness
- type WeaknessCatalog
- type WeaknessCategory
Constants ¶
This section is empty.
Variables ¶
var CVERx = regexp.MustCompile(`^CVE-([0-9]{4})-[0-9]{4,}$`) // Implied Strict
https://cve.mitre.org/cve/identifiers/tech-guidance.html#extraction_or_parsing
var CVERxLoose = regexp.MustCompile(`CVE[^\w]*\d{4}[^\w]+\d{4,}`) // Loose
var CVERxStrict = regexp.MustCompile(`^CVE-\d{4}-(0\d{3}|[1-9]\d{3,})$`) // Strict
var ErrNotFound = errors.New("CVE not found")
ErrNotFound occurs when CVE is expected but no result is returned from fetch operations
Functions ¶
func IsCVEID ¶
IsCVEID matched on "Implied Strict" specification from MITRE, which is the simplest regular expression that does not mark any valid IDs as invalid; however, it removes the check for the leading 0 when there are 5 or more digits in the sequence number.
func IsCVEIDLoose ¶
IsCVEIDLoose matches on "Loose" specification from MITRE, and ensures that 1. there is a CVE prefix, 2. followed by zero or more non-alphanumeric characters (whether spaces, hyphens, etc.), 3. with a 4-digit year, followed by at least one non-alphanumeric character, and at least 4 digits. This would accept IDs such as "CVE: 2014-1234", "CVE_2014_1234", etc. Usage: scraping CVEs
func IsCVEIDStrict ¶
IsCVEIDStrict matches on "Strict" specification from MITRE, and ensures that 1. the year is 4 digits 2. a sequence number cannot have a leading zero if it is 5 digits or more 3. that every sequence number must have at least 4 digits. 4. year is 2002 or greater, and not in a future year Usage: data operations against NVD database or pre-validated data entries
func PadCVESequence ¶
func ParseCVEID ¶
Types ¶
type CPEMatchFeed ¶
type CPEMatchFeed struct {
CPEMatches []CPEMatch `json:"matches"`
}
type CVEItem ¶
type CVEItem struct {
CVE struct {
DataType string `json:"data_type"`
DataFormat string `json:"data_format"`
DataVersion string `json:"data_version"`
CVEDataMeta struct {
ID string `json:"ID"`
ASSIGNER string `json:"ASSIGNER"`
} `json:"CVE_data_meta"`
Problemtype struct {
ProblemtypeData []struct {
Description []struct {
Lang string `json:"lang"`
Value string `json:"value"`
} `json:"description"`
} `json:"problemtype_data"`
} `json:"problemtype"`
References struct {
ReferenceData []struct {
URL string `json:"url"`
Name string `json:"name"`
Refsource string `json:"refsource"`
Tags []string `json:"tags"`
} `json:"reference_data"`
} `json:"references"`
Description struct {
DescriptionData []struct {
Lang string `json:"lang"`
Value string `json:"value"`
} `json:"description_data"`
} `json:"description"`
} `json:"cve"`
Configurations struct {
CVEDataVersion string `json:"CVE_data_version"`
Nodes []struct {
Operator string `json:"operator"`
CPEMatch []struct {
Vulnerable bool `json:"vulnerable"`
CPE23URI string `json:"cpe23Uri"`
} `json:"cpe_match"`
} `json:"nodes"`
} `json:"configurations"`
Impact struct {
BaseMetricV3 struct {
CvssV3 struct {
Version string `json:"version"`
VectorString string `json:"vectorString"`
AttackVector string `json:"attackVector"`
AttackComplexity string `json:"attackComplexity"`
PrivilegesRequired string `json:"privilegesRequired"`
UserInteraction string `json:"userInteraction"`
Scope string `json:"scope"`
ConfidentialityImpact string `json:"confidentialityImpact"`
IntegrityImpact string `json:"integrityImpact"`
AvailabilityImpact string `json:"availabilityImpact"`
BaseScore float64 `json:"baseScore"`
BaseSeverity string `json:"baseSeverity"`
} `json:"cvssV3"`
ExploitabilityScore float64 `json:"exploitabilityScore"`
ImpactScore float64 `json:"impactScore"`
} `json:"baseMetricV3"`
BaseMetricV2 struct {
CvssV2 struct {
Version string `json:"version"`
VectorString string `json:"vectorString"`
AccessVector string `json:"accessVector"`
AccessComplexity string `json:"accessComplexity"`
Authentication string `json:"authentication"`
ConfidentialityImpact string `json:"confidentialityImpact"`
IntegrityImpact string `json:"integrityImpact"`
AvailabilityImpact string `json:"availabilityImpact"`
BaseScore float64 `json:"baseScore"`
} `json:"cvssV2"`
Severity string `json:"severity"`
ExploitabilityScore float64 `json:"exploitabilityScore"`
ImpactScore float64 `json:"impactScore"`
AcInsufInfo bool `json:"acInsufInfo"`
ObtainAllPrivilege bool `json:"obtainAllPrivilege"`
ObtainUserPrivilege bool `json:"obtainUserPrivilege"`
ObtainOtherPrivilege bool `json:"obtainOtherPrivilege"`
UserInteractionRequired bool `json:"userInteractionRequired"`
} `json:"baseMetricV2"`
} `json:"impact"`
PublishedDate string `json:"publishedDate"`
LastModifiedDate string `json:"lastModifiedDate"`
Reserved bool `json:"reserved,omitempty"`
}
func (*CVEItem) VendorsProducts ¶
VendorsProducts parse CPEs and returns slice of Vendors containing Products
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func (*Client) FetchCVE ¶
FetchCVE extracts the year of a CVE ID, and returns a CVEItem data struct from the most up-to-date NVD data feed for that year
func (*Client) FetchCWE ¶
func (c *Client) FetchCWE() (cwes WeaknessCatalog, err error)
FetchCWE fetches CWE archive
func (*Client) FetchUpdatedCVEs ¶
FetchUpdatedCVEs returns a slice of most recently published and modified CVES from the previous eight days. This feed is updated approximately every two hours by NVD. NVD recommends that the "modified" feed should be used to keep up-to-date.
type NVDFeed ¶
type NVDFeed struct {
CVEDataType string `json:"CVE_data_type"`
CVEDataFormat string `json:"CVE_data_format"`
CVEDataVersion string `json:"CVE_data_version"`
CVEDataNumberOfCVEs string `json:"CVE_data_numberOfCVEs"`
CVEDataTimestamp string `json:"CVE_data_timestamp"`
CVEItems []CVEItem `json:"CVE_Items"`
}
NVD CVE Feed JSON Schema: https://csrc.nist.gov/schema/nvd/feed/1.1/nvd_cve_feed_json_1.1.schema
type WeaknessCatalog ¶
type WeaknessCatalog struct {
Weaknesses []Weakness `xml:"Weaknesses>Weakness"`
Categories []WeaknessCategory `xml:"Categories>Category"`
}
WeaknessCatalog has CWE items
Source Files