Documentation
¶
Overview ¶
Package cvefeed provides an API to NVD CVE feeds parsing and matching.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Match ¶
func Match(inventory []*wfn.Attributes, rules []LogicalTest, requireVersion bool) ([]*wfn.Attributes, bool)
Match matches list of software in inventory to a number of rules; returns the CPE names that matched and the boolean result of the match. If requireVersion is true, the function ignores rules with no Version attribute.
Types ¶
type CVEItem ¶
CVEItem is an interface that provides access to CVE data from vulnerability feed
type CVEItem interface {
CVE() string
Configuration() []LogicalTest
}
type Cache ¶
type Cache struct {
Dict Dictionary
Idx Index
RequireVersion bool // ignore matching specifications that have Version == ANY
MaxSize int64 // maximum size of the cache, 0 -- unlimited, -1 -- no caching
// contains filtered or unexported fields
}
Cache caches CVEs for known CPEs
func NewCache ¶
func NewCache(dict Dictionary) *Cache
NewCache creates new Cache instance with dictionary dict.
func (*Cache) Get ¶
func (c *Cache) Get(cpes []*wfn.Attributes) []MatchResult
Get returns slice of CVEs for CPE names from cpes parameter; if CVEs aren't cached (and the feature is enabled) it finds them in cveDict and caches the results
func (*Cache) SetMaxSize ¶
SetMaxSize sets maximum size of the cache to some pre-defined value, size of 0 disables eviction (makes the cache grow indefinitely), negative size disables caching. Returns a pointer to the instance of Cache, for easy chaining.
func (*Cache) SetRequireVersion ¶
SetRequireVersion sets if the instance of cache fails matching the dictionary records without Version attribute of CPE name. Returns a pointer to the instance of Cache, for easy chaining.
type Dictionary ¶
Dictionary is a slice of entries
func LoadFeed ¶ added in v0.1.3
LoadFeed calls loadFunc for each file in paths and returns the combined outputs in a Dictionary.
func LoadJSONDictionary ¶
func LoadJSONDictionary(paths ...string) (Dictionary, error)
LoadJSONDictionary parses dictionary from multiple NVD vulenrability feed JSON files
func LoadXMLDictionary ¶
func LoadXMLDictionary(paths ...string) (Dictionary, error)
LoadXMLDictionary parses dictionary from multiple NVD vulenrability feed XML files
func (*Dictionary) Override ¶ added in v0.1.3
func (d *Dictionary) Override(d2 Dictionary)
Override amends entries in Dictionary with configurations from Dictionary d2; CVE will be matched if it matches the original config of d and does not match the config of d2.
type Index ¶
Index maps the CPEs to the entries in the NVD feed they mentioned in
func NewIndex ¶
func NewIndex(d Dictionary) Index
NewIndex creates new Index from a slice of CVE entries
type LogicalTest ¶
type LogicalTest = nvdcommon.LogicalTest
LogicalTest describes logical test performed during matching
type LogicalTest interface {
LogicalOperator() string // "and", "or", "eq"
NegateIfNeeded(bool) bool
InnerTests() []LogicalTest
MatchPlatform(platform *wfn.Attributes, requireVersion bool) bool
CPEs() []*wfn.Attributes
}
type MatchResult ¶
type MatchResult struct {
CVE CVEItem
CPEs []*wfn.Attributes
}
MatchResult stores CVE and a slice of CPEs that matched it
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package nvdcommon provides a common interface for NVD JSON and XML feeds.
|
Package nvdcommon provides a common interface for NVD JSON and XML feeds. |
|
Package nvdjson provides a parser for the NVD JSON feed format.
|
Package nvdjson provides a parser for the NVD JSON feed format. |
|
Package nvdxml provides a parser for the NVD XML feed format.
|
Package nvdxml provides a parser for the NVD XML feed format. |