cveresources

package
v1.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 12, 2024 License: AGPL-3.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var CommonFix map[string]ProductId = map[string]ProductId{
	"httpd": {
		ProductName: "http_server",
		Vendor:      "apache",
	},
	"iis": {
		ProductName: "internet_information_server",
	},
}

Functions

func AbbrCheck 

func AbbrCheck(name string, info ProductsTable, symbol string) bool

AbbrCheck 简写检查

func AccessComplexityVerbose 

func AccessComplexityVerbose(i string) string

func CreateOrUpdateCVE 

func CreateOrUpdateCVE(db *gorm.DB, id string, cve *CVE) error

func CreateOrUpdateCWE 

func CreateOrUpdateCWE(db *gorm.DB, id string, i interface{}) error

func FilterCVE 

func FilterCVE(db *gorm.DB, req *ypb.QueryCVERequest) *gorm.DB

func FixProductName 

func FixProductName(ProductName string, db *gorm.DB) ([]string, error)

func FuzzCheck added in v1.2.3 

func FuzzCheck(input []string, data []string) bool

FuzzCheck 模糊检查

func IsNum 

func IsNum(s string) bool

IsNum 判断是否是数字

func MarshalCheck 

func MarshalCheck(v any) []byte

func RegisterDesc 

func RegisterDesc(d map[string]CVEDesc)

func Set 

func Set(s []string) []string

func SeverityVerbose 

func SeverityVerbose(i string) string

func StatusVerbose 

func StatusVerbose(i string) string

func ToReg 

func ToReg(start, end string, startFlag, endFlag bool) []string

func VersionCompare 

func VersionCompare(v1, v2 string) (int, float64)

func YieldCVEs 

func YieldCVEs(db *gorm.DB, ctx context.Context) chan *CVE

func YieldCWEs 

func YieldCWEs(db *gorm.DB, ctx context.Context) chan *CWE

Types

type BaseMetricV2 

type BaseMetricV2 struct {
	CvssV2                  CvssV2  `json:"cvssV2"`
	Severity                string  `json:"severity"`
	ExploitabilityScore     float64 `json:"exploitabilityScore"`
	ImpactScore             float64 `json:"impactScore"`
	ObtainAllPrivilege      bool    `json:"obtainAllPrivilege"`
	ObtainUserPrivilege     bool    `json:"obtainUserPrivilege"`
	ObtainOtherPrivilege    bool    `json:"obtainOtherPrivilege"`
	UserInteractionRequired bool    `json:"userInteractionRequired"`
}

type BaseMetricV3 

type BaseMetricV3 struct {
	CvssV3                  CvssV3  `json:"cvssV3"`
	ExploitabilityScore     float64 `json:"exploitabilityScore"`
	ImpactScore             float64 `json:"impactScore"`
	ObtainAllPrivilege      bool    `json:"obtainAllPrivilege"`
	ObtainUserPrivilege     bool    `json:"obtainUserPrivilege"`
	ObtainOtherPrivilege    bool    `json:"obtainOtherPrivilege"`
	UserInteractionRequired bool    `json:"userInteractionRequired"`
}

type CPE 

type CPE struct {
	//cpe:2.3:o:freebsd:freebsd:2.2.5:*:*:*:*:*:*:*
	Part, Vendor, Product, Version, Edition string
}

func ParseToCPE 

func ParseToCPE(cpeStr string) (*CPE, error)

ParseToCPE 将字符串解析成CPE结构体

type CVE 

type CVE struct {
	gorm.Model

	CVE               string `gorm:"uniqueIndex"`
	CWE               string
	ProblemType       []byte
	References        []byte
	TitleZh           string
	Solution          string
	DescriptionMain   string
	DescriptionMainZh string
	Descriptions      []byte
	Vendor            string
	Product           string

	CPEConfigurations []byte

	CVSSVersion      string
	CVSSVectorString string

	// 攻击路径
	AccessVector string
	// 攻击复杂度
	AccessComplexity string
	// 需要认证
	Authentication string
	// 机密性影响(泄密)
	ConfidentialityImpact string
	// 完整性影响(破坏程度)
	IntegrityImpact string
	// 可用性影响(导致服务不可用)
	AvailabilityImpact string
	// 基础评分
	BaseCVSSv2Score float64

	// 严重等级
	Severity string
	// 漏洞利用评分
	ExploitabilityScore float64
	// 漏洞影响评分
	ImpactScore float64

	// 可获取所有权限
	ObtainAllPrivilege bool
	// 可获取用户权限
	ObtainUserPrivilege bool
	// 可获取其他权限
	ObtainOtherPrivilege bool

	// 是否需要用户交互
	UserInteractionRequired bool

	PublishedDate    time.Time
	LastModifiedData time.Time
}

func GetCVE 

func GetCVE(db *gorm.DB, id string) (*CVE, error)

func QueryCVE 

func QueryCVE(db *gorm.DB, req *ypb.QueryCVERequest) (*bizhelper.Paginator, []*CVE, error)

func (*CVE) ToGPRCModel 

func (c *CVE) ToGPRCModel() *ypb.CVEDetail

func (*CVE) Year 

func (c *CVE) Year() int

type CVEDataMeta 

type CVEDataMeta struct {
	ID       string `json:"ID"`
	ASSIGNER string `json:"ASSIGNER"`
}

type CVEDesc 

type CVEDesc struct {
	TitleZh           string
	Solution          string
	DescriptionMainZh string
}

type CVERecord 

type CVERecord struct {
	Cve              Cve            `json:"cve"`
	Configurations   Configurations `json:"configurations"`
	Impact           Impact         `json:"impact"`
	PublishedDate    string         `json:"publishedDate"`
	LastModifiedDate string         `json:"lastModifiedDate"`
}

func (*CVERecord) CVEId 

func (r *CVERecord) CVEId() string

func (*CVERecord) CWE 

func (r *CVERecord) CWE() string

func (*CVERecord) DescriptionMain 

func (r *CVERecord) DescriptionMain() string

func (*CVERecord) GetLastModifiedDate 

func (r *CVERecord) GetLastModifiedDate() time.Time

func (*CVERecord) GetPublishedDate 

func (r *CVERecord) GetPublishedDate() time.Time

func (*CVERecord) ToCVE 

func (record *CVERecord) ToCVE(db *gorm.DB) (*CVE, error)

type CVERes 

type CVERes struct {
	CVE
	ConfidenceLevel float64
}

func (CVERes) CWE 

func (c CVERes) CWE(rule string) bool

func (CVERes) Year 

func (c CVERes) Year() int

type CVEYearFile 

type CVEYearFile struct {
	CVEDataType         string      `json:"CVE_data_type"`
	CVEDataFormat       string      `json:"CVE_data_format"`
	CVEDataVersion      string      `json:"CVE_data_version"`
	CVEDataNumberOfCVEs string      `json:"CVE_data_numberOfCVEs"`
	CVEDataTimestamp    string      `json:"CVE_data_timestamp"`
	CVERecords          []CVERecord `json:"CVE_Items"`
}

type CWE 

type CWE struct {
	Id     int    `json:"id" gorm:"primary_key"`
	IdStr  string `json:"id_str" gorm:"uniqueIndex"`
	Name   string
	NameZh string

	// 描述 CWE 之间的关系
	Parent   string `json:"parent"`   // 父子关系
	Siblings string `json:"siblings"` // 兄弟关系
	InferTo  string `json:"infer_to"` // 推导关系(有上一个问题,多半也会有这个问题)
	Requires string `json:"requires"` // 依赖关系

	Status                string // CWE 发布状态 draft / incomplete / stable
	Stable                bool
	Incomplete            bool
	Description           string
	DescriptionZh         string
	ExtendedDescription   string
	ExtendedDescriptionZh string
	Abstraction           string // base / varint
	RelativeLanguage      string // 可能出现的语言
	CWESolution           string // 修复方案
	CVEExamples           string // 典型 CVE 案例
	CAPECVectors          string
}

func GetCWE 

func GetCWE(db *gorm.DB, id string) (*CWE, error)

func GetCWEById added in v1.2.6 

func GetCWEById(db *gorm.DB, id int) (*CWE, error)

func (*CWE) BeforeSave 

func (c *CWE) BeforeSave() error

func (*CWE) CWEString 

func (c *CWE) CWEString() string

func (*CWE) ToGRPCModel 

func (c *CWE) ToGRPCModel() *ypb.CWEDetail

type Configurations 

type Configurations struct {
	CVEDataVersion string  `json:"CVE_data_version"`
	Nodes          []Nodes `json:"nodes"`
}

type CpeMatch 

type CpeMatch struct {
	Vulnerable            bool   `json:"vulnerable"`
	Cpe23URI              string `json:"cpe23Uri"`
	VersionStartExcluding string `json:"versionStartExcluding"`
	VersionEndExcluding   string `json:"versionEndExcluding"`
	VersionStartIncluding string `json:"versionStartIncluding"`
	VersionEndIncluding   string `json:"versionEndIncluding"`
}

func (CpeMatch) Calculate 

func (m CpeMatch) Calculate(cpe CPE) float64

type Cve 

type Cve struct {
	DataType        string          `json:"data_type"`
	DataFormat      string          `json:"data_format"`
	DataVersion     string          `json:"data_version"`
	CVEDataMeta     CVEDataMeta     `json:"CVE_data_meta"`
	Problemtype     Problemtype     `json:"problemtype"`
	References      References      `json:"references"`
	DescriptionInfo DescriptionInfo `json:"description"`
}

type CvssV2 

type CvssV2 struct {
	Version               string  `json:"version"`
	VectorString          string  `json:"vectorString"`
	AccessVector          string  `json:"accessVector"`
	AccessComplexity      string  `json:"accessComplexity"`
	Authentication        string  `json:"authentication"`
	ConfidentialityImpact string  `json:"confidentialityImpact"`
	IntegrityImpact       string  `json:"integrityImpact"`
	AvailabilityImpact    string  `json:"availabilityImpact"`
	BaseScore             float64 `json:"baseScore"`
}

type CvssV3 

type CvssV3 struct {
	Version               string  `json:"version"`
	VectorString          string  `json:"vectorString"`
	AttackVector          string  `json:"attackVector"`
	AttackComplexity      string  `json:"attackComplexity"`
	PrivilegesRequired    string  `json:"privilegesRequired"`
	UserInteraction       string  `json:"userInteraction"`
	Scope                 string  `json:"scope"`
	ConfidentialityImpact string  `json:"confidentialityImpact"`
	IntegrityImpact       string  `json:"integrityImpact"`
	AvailabilityImpact    string  `json:"availabilityImpact"`
	BaseScore             float64 `json:"baseScore"`
	BaseSeverity          string  `json:"baseSeverity"`
}

type Description 

type Description struct {
	Lang  string `json:"lang"`
	Value string `json:"value"`
}

type DescriptionData 

type DescriptionData struct {
	Lang  string `json:"lang"`
	Value string `json:"value"`
}

type DescriptionInfo 

type DescriptionInfo struct {
	DescriptionData []DescriptionData `json:"description_data"`
}

type Impact 

type Impact struct {
	BaseMetricV2 BaseMetricV2 `json:"baseMetricV2"`
	BaseMetricV3 BaseMetricV3 `json:"baseMetricV3"`
}

type Nodes 

type Nodes struct {
	Operator string     `json:"operator"`
	CpeMatch []CpeMatch `json:"cpe_match"`
	Children []Nodes    `json:"children"`
}

func (Nodes) GetProduct 

func (n Nodes) GetProduct() []string

func (Nodes) GetProductVersion 

func (n Nodes) GetProductVersion(name string) []map[string]string

func (Nodes) GetVendor 

func (n Nodes) GetVendor() []string

func (Nodes) Result 

func (n Nodes) Result(CheckCpe []CPE) float64

func (Nodes) Version 

func (n Nodes) Version() []string

type Problemtype 

type Problemtype struct {
	ProblemtypeData []ProblemtypeData `json:"problemtype_data"`
}

type ProblemtypeData 

type ProblemtypeData struct {
	Description []Description `json:"description"`
}

type ProductId added in v1.2.3 

type ProductId struct {
	ProductName string
	Vendor      string
}

type ProductsTable 

type ProductsTable struct {
	Product string `gorm:"primary_key"`
	Vendor  string
}

type ReferenceData 

type ReferenceData struct {
	URL       string        `json:"url"`
	Name      string        `json:"name"`
	Refsource string        `json:"refsource"`
	Tags      []interface{} `json:"tags"`
}

type References 

type References struct {
	ReferenceData []ReferenceData `json:"reference_data"`
}

type SqliteManager 

type SqliteManager struct {
	*gorm.DB
}

func GetManager 

func GetManager(path string) *SqliteManager

func (*SqliteManager) SaveCVERecord 

func (m *SqliteManager) SaveCVERecord(record *CVERecord)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.