aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Duncan <pabs@pablotron.org>2022-02-19 16:48:34 -0500
committerPaul Duncan <pabs@pablotron.org>2022-02-19 16:48:34 -0500
commit0e7e9a471f3f6ea7c2e9873ac8d1397d010c6355 (patch)
tree7517130f2b8d9e5cd074c97ad67fc8ffd8b8d6f3
parenta558815292d83f21097b190bf5a8baae6c6997c7 (diff)
downloadcvez-0e7e9a471f3f6ea7c2e9873ac8d1397d010c6355.tar.bz2
cvez-0e7e9a471f3f6ea7c2e9873ac8d1397d010c6355.zip
dbstore/dbstore.go: fix query parameters, make v2 impact and v3 impact optional
-rw-r--r--dbstore/dbstore.go32
1 files changed, 21 insertions, 11 deletions
diff --git a/dbstore/dbstore.go b/dbstore/dbstore.go
index 6c4fb14..b8cf990 100644
--- a/dbstore/dbstore.go
+++ b/dbstore/dbstore.go
@@ -408,7 +408,7 @@ func (me DbStore) addCve(ctx context.Context, tx Tx, itemId int64, cve nvd_feed.
}
// add cve
- rs, err := tx.Exec(ctx, "feed/insert-cve", itemId, cve.Metadata.Id, cve.Metadata.Assigner)
+ rs, err := tx.Exec(ctx, "feed/insert-cve", itemId, cve.Metadata.Id.String(), cve.Metadata.Assigner)
if err != nil {
return err
}
@@ -493,7 +493,12 @@ func (me DbStore) addCve(ctx context.Context, tx Tx, itemId int64, cve nvd_feed.
}
// add feed item CVSSv2 impact.
-func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric nvd_feed.BaseMetricV2) error {
+func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric *nvd_feed.BaseMetricV2) error {
+ if metric == nil {
+ // no v2 vector to add
+ return nil
+ }
+
// check version
if metric.CvssV2.Version != nvd_feed.V20 {
return fmt.Errorf("unknown CVSSv2 version: %s", metric.CvssV2.Version)
@@ -502,9 +507,9 @@ func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric
// add metric
_, err := tx.Exec(ctx, "feed/insert-item-cvss-v2",
itemId,
- metric.CvssV2.Vector.Vector.String(),
+ metric.CvssV2.Vector.String(),
int64(metric.CvssV2.BaseScore),
- metric.Severity,
+ metric.Severity.String(),
int64(metric.ExploitabilityScore),
int64(metric.ImpactScore),
metric.InsufficientInfo,
@@ -519,20 +524,25 @@ func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric
}
// add feed item CVSSv3 impact.
-func (me DbStore) addItemCvssV3(ctx context.Context, tx Tx, itemId int64, metric nvd_feed.BaseMetricV3) error {
+func (me DbStore) addItemCvssV3(ctx context.Context, tx Tx, itemId int64, metric *nvd_feed.BaseMetricV3) error {
+ if metric == nil {
+ // no cvssv3 vector to add
+ return nil
+ }
+
// check version
- if metric.CvssV3.Version != nvd_feed.V31 {
+ if metric.CvssV3.Version != nvd_feed.V30 && metric.CvssV3.Version != nvd_feed.V31 {
return fmt.Errorf("unknown CVSSv3 version: %s", metric.CvssV3.Version)
}
// add metric
_, err := tx.Exec(ctx, "feed/insert-item-cvss-v3",
itemId,
- metric.CvssV3.Vector.Vector.String(),
- int64(metric.CvssV3.BaseScore),
- metric.CvssV3.BaseSeverity,
- int64(metric.ExploitabilityScore),
- int64(metric.ImpactScore),
+ metric.CvssV3.Vector.String(),
+ int64(uint8(metric.CvssV3.BaseScore)),
+ metric.CvssV3.BaseSeverity.String(),
+ int64(uint8(metric.ExploitabilityScore)),
+ int64(uint8(metric.ImpactScore)),
)
// return result