diff options
author | Paul Duncan <pabs@pablotron.org> | 2022-02-19 16:48:34 -0500 |
---|---|---|
committer | Paul Duncan <pabs@pablotron.org> | 2022-02-19 16:48:34 -0500 |
commit | 0e7e9a471f3f6ea7c2e9873ac8d1397d010c6355 (patch) | |
tree | 7517130f2b8d9e5cd074c97ad67fc8ffd8b8d6f3 | |
parent | a558815292d83f21097b190bf5a8baae6c6997c7 (diff) | |
download | cvez-0e7e9a471f3f6ea7c2e9873ac8d1397d010c6355.tar.bz2 cvez-0e7e9a471f3f6ea7c2e9873ac8d1397d010c6355.zip |
dbstore/dbstore.go: fix query parameters, make v2 impact and v3 impact optional
-rw-r--r-- | dbstore/dbstore.go | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/dbstore/dbstore.go b/dbstore/dbstore.go index 6c4fb14..b8cf990 100644 --- a/dbstore/dbstore.go +++ b/dbstore/dbstore.go @@ -408,7 +408,7 @@ func (me DbStore) addCve(ctx context.Context, tx Tx, itemId int64, cve nvd_feed. } // add cve - rs, err := tx.Exec(ctx, "feed/insert-cve", itemId, cve.Metadata.Id, cve.Metadata.Assigner) + rs, err := tx.Exec(ctx, "feed/insert-cve", itemId, cve.Metadata.Id.String(), cve.Metadata.Assigner) if err != nil { return err } @@ -493,7 +493,12 @@ func (me DbStore) addCve(ctx context.Context, tx Tx, itemId int64, cve nvd_feed. } // add feed item CVSSv2 impact. -func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric nvd_feed.BaseMetricV2) error { +func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric *nvd_feed.BaseMetricV2) error { + if metric == nil { + // no v2 vector to add + return nil + } + // check version if metric.CvssV2.Version != nvd_feed.V20 { return fmt.Errorf("unknown CVSSv2 version: %s", metric.CvssV2.Version) @@ -502,9 +507,9 @@ func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric // add metric _, err := tx.Exec(ctx, "feed/insert-item-cvss-v2", itemId, - metric.CvssV2.Vector.Vector.String(), + metric.CvssV2.Vector.String(), int64(metric.CvssV2.BaseScore), - metric.Severity, + metric.Severity.String(), int64(metric.ExploitabilityScore), int64(metric.ImpactScore), metric.InsufficientInfo, @@ -519,20 +524,25 @@ func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric } // add feed item CVSSv3 impact. -func (me DbStore) addItemCvssV3(ctx context.Context, tx Tx, itemId int64, metric nvd_feed.BaseMetricV3) error { +func (me DbStore) addItemCvssV3(ctx context.Context, tx Tx, itemId int64, metric *nvd_feed.BaseMetricV3) error { + if metric == nil { + // no cvssv3 vector to add + return nil + } + // check version - if metric.CvssV3.Version != nvd_feed.V31 { + if metric.CvssV3.Version != nvd_feed.V30 && metric.CvssV3.Version != nvd_feed.V31 { return fmt.Errorf("unknown CVSSv3 version: %s", metric.CvssV3.Version) } // add metric _, err := tx.Exec(ctx, "feed/insert-item-cvss-v3", itemId, - metric.CvssV3.Vector.Vector.String(), - int64(metric.CvssV3.BaseScore), - metric.CvssV3.BaseSeverity, - int64(metric.ExploitabilityScore), - int64(metric.ImpactScore), + metric.CvssV3.Vector.String(), + int64(uint8(metric.CvssV3.BaseScore)), + metric.CvssV3.BaseSeverity.String(), + int64(uint8(metric.ExploitabilityScore)), + int64(uint8(metric.ImpactScore)), ) // return result |