From 0e7e9a471f3f6ea7c2e9873ac8d1397d010c6355 Mon Sep 17 00:00:00 2001
From: Paul Duncan <pabs@pablotron.org>
Date: Sat, 19 Feb 2022 16:48:34 -0500
Subject: dbstore/dbstore.go: fix query parameters, make v2 impact and v3
 impact optional

---
 dbstore/dbstore.go | 32 +++++++++++++++++++++-----------
 1 file changed, 21 insertions(+), 11 deletions(-)

diff --git a/dbstore/dbstore.go b/dbstore/dbstore.go
index 6c4fb14..b8cf990 100644
--- a/dbstore/dbstore.go
+++ b/dbstore/dbstore.go
@@ -408,7 +408,7 @@ func (me DbStore) addCve(ctx context.Context, tx Tx, itemId int64, cve nvd_feed.
   }
 
   // add cve
-  rs, err := tx.Exec(ctx, "feed/insert-cve", itemId, cve.Metadata.Id, cve.Metadata.Assigner)
+  rs, err := tx.Exec(ctx, "feed/insert-cve", itemId, cve.Metadata.Id.String(), cve.Metadata.Assigner)
   if  err != nil {
     return err
   }
@@ -493,7 +493,12 @@ func (me DbStore) addCve(ctx context.Context, tx Tx, itemId int64, cve nvd_feed.
 }
 
 // add feed item CVSSv2 impact.
-func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric nvd_feed.BaseMetricV2) error {
+func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric *nvd_feed.BaseMetricV2) error {
+  if metric == nil {
+    // no v2 vector to add
+    return nil
+  }
+
   // check version
   if metric.CvssV2.Version != nvd_feed.V20 {
     return fmt.Errorf("unknown CVSSv2 version: %s", metric.CvssV2.Version)
@@ -502,9 +507,9 @@ func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric
   // add metric
   _, err := tx.Exec(ctx, "feed/insert-item-cvss-v2",
     itemId,
-    metric.CvssV2.Vector.Vector.String(),
+    metric.CvssV2.Vector.String(),
     int64(metric.CvssV2.BaseScore),
-    metric.Severity,
+    metric.Severity.String(),
     int64(metric.ExploitabilityScore),
     int64(metric.ImpactScore),
     metric.InsufficientInfo,
@@ -519,20 +524,25 @@ func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric
 }
 
 // add feed item CVSSv3 impact.
-func (me DbStore) addItemCvssV3(ctx context.Context, tx Tx, itemId int64, metric nvd_feed.BaseMetricV3) error {
+func (me DbStore) addItemCvssV3(ctx context.Context, tx Tx, itemId int64, metric *nvd_feed.BaseMetricV3) error {
+  if metric == nil {
+    // no cvssv3 vector to add
+    return nil
+  }
+
   // check version
-  if metric.CvssV3.Version != nvd_feed.V31 {
+  if metric.CvssV3.Version != nvd_feed.V30 && metric.CvssV3.Version != nvd_feed.V31 {
     return fmt.Errorf("unknown CVSSv3 version: %s", metric.CvssV3.Version)
   }
 
   // add metric
   _, err := tx.Exec(ctx, "feed/insert-item-cvss-v3",
     itemId,
-    metric.CvssV3.Vector.Vector.String(),
-    int64(metric.CvssV3.BaseScore),
-    metric.CvssV3.BaseSeverity,
-    int64(metric.ExploitabilityScore),
-    int64(metric.ImpactScore),
+    metric.CvssV3.Vector.String(),
+    int64(uint8(metric.CvssV3.BaseScore)),
+    metric.CvssV3.BaseSeverity.String(),
+    int64(uint8(metric.ExploitabilityScore)),
+    int64(uint8(metric.ImpactScore)),
   )
 
   // return result
-- 
cgit v1.2.3