From 0e7e9a471f3f6ea7c2e9873ac8d1397d010c6355 Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Sat, 19 Feb 2022 16:48:34 -0500 Subject: dbstore/dbstore.go: fix query parameters, make v2 impact and v3 impact optional --- dbstore/dbstore.go | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/dbstore/dbstore.go b/dbstore/dbstore.go index 6c4fb14..b8cf990 100644 --- a/dbstore/dbstore.go +++ b/dbstore/dbstore.go @@ -408,7 +408,7 @@ func (me DbStore) addCve(ctx context.Context, tx Tx, itemId int64, cve nvd_feed. } // add cve - rs, err := tx.Exec(ctx, "feed/insert-cve", itemId, cve.Metadata.Id, cve.Metadata.Assigner) + rs, err := tx.Exec(ctx, "feed/insert-cve", itemId, cve.Metadata.Id.String(), cve.Metadata.Assigner) if err != nil { return err } @@ -493,7 +493,12 @@ func (me DbStore) addCve(ctx context.Context, tx Tx, itemId int64, cve nvd_feed. } // add feed item CVSSv2 impact. -func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric nvd_feed.BaseMetricV2) error { +func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric *nvd_feed.BaseMetricV2) error { + if metric == nil { + // no v2 vector to add + return nil + } + // check version if metric.CvssV2.Version != nvd_feed.V20 { return fmt.Errorf("unknown CVSSv2 version: %s", metric.CvssV2.Version) @@ -502,9 +507,9 @@ func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric // add metric _, err := tx.Exec(ctx, "feed/insert-item-cvss-v2", itemId, - metric.CvssV2.Vector.Vector.String(), + metric.CvssV2.Vector.String(), int64(metric.CvssV2.BaseScore), - metric.Severity, + metric.Severity.String(), int64(metric.ExploitabilityScore), int64(metric.ImpactScore), metric.InsufficientInfo, @@ -519,20 +524,25 @@ func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric } // add feed item CVSSv3 impact. -func (me DbStore) addItemCvssV3(ctx context.Context, tx Tx, itemId int64, metric nvd_feed.BaseMetricV3) error { +func (me DbStore) addItemCvssV3(ctx context.Context, tx Tx, itemId int64, metric *nvd_feed.BaseMetricV3) error { + if metric == nil { + // no cvssv3 vector to add + return nil + } + // check version - if metric.CvssV3.Version != nvd_feed.V31 { + if metric.CvssV3.Version != nvd_feed.V30 && metric.CvssV3.Version != nvd_feed.V31 { return fmt.Errorf("unknown CVSSv3 version: %s", metric.CvssV3.Version) } // add metric _, err := tx.Exec(ctx, "feed/insert-item-cvss-v3", itemId, - metric.CvssV3.Vector.Vector.String(), - int64(metric.CvssV3.BaseScore), - metric.CvssV3.BaseSeverity, - int64(metric.ExploitabilityScore), - int64(metric.ImpactScore), + metric.CvssV3.Vector.String(), + int64(uint8(metric.CvssV3.BaseScore)), + metric.CvssV3.BaseSeverity.String(), + int64(uint8(metric.ExploitabilityScore)), + int64(uint8(metric.ImpactScore)), ) // return result -- cgit v1.2.3