1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
package cve
import (
"glsamaker/pkg/models/bugzilla"
"glsamaker/pkg/models/gpackage"
"glsamaker/pkg/models/users"
"time"
)
// NVDFeed
type NVDFeed struct {
CVEDataFormat string `json:"CVE_data_format"`
// NVD adds number of CVE in this feed
CVEDataNumberOfCVEs string `json:"CVE_data_numberOfCVEs,omitempty"`
// NVD adds feed date timestamp
CVEDataTimestamp string `json:"CVE_data_timestamp,omitempty"`
CVEDataType string `json:"CVE_data_type"`
CVEDataVersion string `json:"CVE_data_version"`
// NVD feed array of CVE
CVEItems []*DefCveItem `json:"CVE_Items"`
}
// DefConfigurations Defines the set of product configurations for a NVD applicability statement.
type DefConfigurations struct {
CVEDataVersion string `json:"CVE_data_version"`
Nodes []*DefNode `json:"nodes,omitempty"`
}
// DefCpeMatch CPE match string or range
type DefCpeMatch struct {
Cpe22Uri string `json:"cpe22Uri,omitempty"`
Cpe23Uri string `json:"cpe23Uri"`
CpeName []*DefCpeName `json:"cpe_name,omitempty"`
VersionEndExcluding string `json:"versionEndExcluding,omitempty"`
VersionEndIncluding string `json:"versionEndIncluding,omitempty"`
VersionStartExcluding string `json:"versionStartExcluding,omitempty"`
VersionStartIncluding string `json:"versionStartIncluding,omitempty"`
Vulnerable bool `json:"vulnerable"`
}
// DefCpeName CPE name
type DefCpeName struct {
Cpe22Uri string `json:"cpe22Uri,omitempty"`
Cpe23Uri string `json:"cpe23Uri"`
LastModifiedDate string `json:"lastModifiedDate,omitempty"`
}
// DefCveItem Defines a vulnerability in the NVD data feed.
type DefCveItem struct {
Id string `pg:",pk"`
State string `pg:"state"`
Configurations *DefConfigurations `json:"configurations,omitempty"`
Cve CVE `json:"cve"`
Description string
Impact *DefImpact `json:"impact,omitempty"`
LastModifiedDate string `json:"lastModifiedDate,omitempty"`
PublishedDate string `json:"publishedDate,omitempty"`
Comments []Comment `pg:",fk:cve_id"`
Packages []gpackage.Package
Bugs []bugzilla.Bug `pg:"many2many:def_cve_item_to_bugs,joinFK:bug_id"`
}
type DefCveItemToBug struct {
DefCveItemId string `pg:",unique:cve_to_bug"`
BugId int64 `pg:",unique:cve_to_bug"`
}
type Comment struct {
Id int64 `pg:",pk,unique"`
GlsaId int64
CVEId string
User int64
UserBadge users.Badge
Type string
Message string
// Date time.Time `pg:"-"`
Date time.Time
}
// DefNode Defines a node or sub-node in an NVD applicability statement.
type DefNode struct {
Children []*DefNode `json:"children,omitempty"`
CpeMatch []*DefCpeMatch `json:"cpe_match,omitempty"`
Negate bool `json:"negate,omitempty"`
Operator string `json:"operator,omitempty"`
}
// DefImpact Impact scores for a vulnerability as found on NVD.
type DefImpact struct {
BaseMetricV3 BaseMetricV3 `json:"baseMetricV3"`
BaseMetricV2 BaseMetricV2 `json:"baseMetricV2"`
}
// BaseMetricV2 CVSS V2.0 score.
type BaseMetricV2 struct {
CvssV2 CvssV2 `json:"cvssV2"`
Severity string `json:"severity"`
ExploitabilityScore float32 `json:"exploitabilityScore"`
ImpactScore float32 `json:"impactScore"`
AcInsufInfo bool `json:"acInsufInfo"`
ObtainAllPrivilege bool `json:"obtainAllPrivilege"`
ObtainUserPrivilege bool `json:"obtainUserPrivilege"`
ObtainOtherPrivilege bool `json:"obtainOtherPrivilege"`
UserInteractionRequired bool `json:"userInteractionRequired"`
}
// BaseMetricV3 CVSS V3.x score.
type BaseMetricV3 struct {
CvssV3 CvssV3 `json:"cvssV3"`
ExploitabilityScore float32 `json:"exploitabilityScore"`
ImpactScore float32 `json:"impactScore"`
}
|