diff options
Diffstat (limited to 'feed/feed.go')
| -rw-r--r-- | feed/feed.go | 255 |
1 files changed, 255 insertions, 0 deletions
diff --git a/feed/feed.go b/feed/feed.go new file mode 100644 index 0000000..bdf260c --- /dev/null +++ b/feed/feed.go @@ -0,0 +1,255 @@ +// NVD JSON feed parser. +package feed + +// import "nvd/internal/cvss" + +// TODO: parse cpe + +// CVE metadata +type CveMetadata struct { + // CVE ID + Id CveId `json:"ID"` + + // CVE assigner email address + Assigner string `json:"ASSIGNER"` +} + +// CVE description string. +type Description struct { + // Language code + Lang string `json:"lang"` + + // String value + Value string `json:"value"` +} + +// CVE problem type +type CveProblemType struct { + // problem type descriptions + Descriptions []Description `json:"description"` +} + +// Slice of CVE problem types. +type CveProblemTypes struct { + // problem types + ProblemTypes []CveProblemType `json:"problemtype_data"` +} + +// CVE reference +type CveReference struct { + // reference URL + Url string `json:"url"` + + // reference name + Name string `json:"name"` + + // reference source + RefSource string `json:"refsource"` + + // tags + Tags []string `json:"tags"` +} + +// Slice of CVE references +type CveReferences struct { + References []CveReference `json:"reference_data"` +} + +// CVE item descriptions +type CveDescription struct { + // slice of descriptions + Descriptions []Description `json:"description_data"` +} + +// CVE data +type Cve struct { + // feed data type + DataType DataType `json:"CVE_data_type"` + + // feed data format + DataFormat DataFormat `json:"CVE_data_format"` + + // feed data format version + DataVersion DataVersion `json:"CVE_data_version"` + + // CVE metadata + Metadata CveMetadata `json:"CVE_data_meta"` + + // CVE problem types + ProblemTypes CveProblemTypes `json:"problemtype"` + + // CVE references + References CveReferences `json:"references"` + + // CVE description + Description CveDescription `json:"description"` +} + +// CPE match +type CpeMatch struct { + // Vulnerable? + Vulnerable bool `json:"vulnerable"` + + VersionEndExcluding string `json:"versionEndExcluding"` + + // CPE URI (FIXME: decode this) + Cpe23Uri string `json:"cpe23Uri"` + + // CPE names (not sure if this is correct) + Names []string `json:"cpe_name"` +} + +// CVE item configuration node +type ConfigurationNode struct { + // node operator + Operator NodeOp `json:"operator"` + + // node children + Children []ConfigurationNode `json:"children"` + + CpeMatches []CpeMatch `json:"cpe_match"` +} + +// CVE item configurations +type ItemConfigurations struct { + // data version + DataVersion DataVersion `json:"CVE_data_version"` + + // slice of configuration nodes + Nodes []ConfigurationNode `json:"nodes"` +} + +// CVSS V3 +type CvssV3 struct { + // CVSS V3 version + Version V3Version `json:"version"` + + // CVSS V3 vector string + // VectorString string `json:"vectorString"` + + // CVSS vector + Vector Vector `json:"vectorString"` + + // attack vector + AttackVector V3AttackVector `json:"attackVector"` + + // attack complexity + AttackComplexity V3AttackComplexity `json:"attackComplexity"` + + // privileges required + PrivilegesRequired V3PrivilegesRequired `json:"privilegesRequired"` + + // user interaction + UserInteraction V3UserInteraction `json:"userInteraction"` + + // scope + Scope V3Scope `json:"scope"` + + // integrity impact + IntegrityImpact V3Impact `json:"integrityImpact"` + + // availability impact + AvailabilityImpact V3Impact `json:"availabilityImpact"` + + // base score + BaseScore Score `json:"baseScore"` + + // base severity + BaseSeverity Severity `json:"baseSeverity"` +} + +// CVSS V3 base metrics +type BaseMetricV3 struct { + CvssV3 CvssV3 `json:"cvssV3"` + ExploitabilityScore Score `json:"exploitabilityScore"` + ImpactScore Score `json:"impactScore"` +} + +// CVSS V2 +type CvssV2 struct { + // CVSS V2 version + Version V2Version `json:"version"` + + // CVSS vector string + // VectorString string `json:"vectorString"` + + // CVSS vector + Vector Vector `json:"vectorString"` + + // attack vector + AccessVector V2AccessVector `json:"accessVector"` + + // attack complexity + AccessComplexity V2AccessComplexity `json:"accessComplexity"` + + // authentication + Authentication V2Authentication `json:"authentication"` + + ConfidentialityImpact V2Impact `json:"confidentialityImpact"` + IntegrityImpact V2Impact `json:"integrityImpact"` + AvailabilityImpact V2Impact `json:"availabilityImpact"` + + // base score + BaseScore Score `json:"baseScore"` +} + +// CVSS V2 base metrics +type BaseMetricV2 struct { + CvssV2 CvssV2 `json:"cvssV2"` + Severity Severity `json:"severity"` + ExploitabilityScore Score `json:"exploitabilityScore"` + ImpactScore Score `json:"impactScore"` + InsufficientInfo bool `json:"acInsufInfo"` + ObtainAllPrivilege bool `json:"obtainAllPrivilege"` + ObtainUserPrivilege bool `json:"obtainUserPrivilege"` + ObtainOtherPrivilege bool `json:"obtainOtherPrivilege"` + UserInteractionRequired bool `json:"userInteractionRequired"` +} + +// Item impact +type Impact struct { + // CVSS V3 base metrics + BaseMetricV3 BaseMetricV3 `json:"baseMetricV3"` + + // CVSS V2 base metrics + BaseMetricV2 BaseMetricV2 `json:"baseMetricV2"` +} + +// CVE feed item +type Item struct { + // item CVE data + Cve Cve `json:"cve"` + + // item configuration + Configurations ItemConfigurations `json:"configurations"` + + // item impact + Impact Impact `json:"impact"` + + // item published date + PublishedDate Time `json:"publishedDate"` + + // last modification date + LastModifiedDate Time `json:"lastModifiedDate"` +} + +// NVD feed +type Feed struct { + // feed data type + DataType DataType `json:"CVE_data_type"` + + // feed data format + DataFormat DataFormat `json:"CVE_data_format"` + + // feed data format version + DataVersion DataVersion `json:"CVE_data_version"` + + // number of CVEs in feed + NumCVEs uint64 `json:"CVE_data_numberOfCVEs,string"` + + // data timestamp + Timestamp Time `json:"CVE_data_timestamp"` + + // CVE items + Items []Item `json:"CVE_Items"` +} |