From 55c07615c624e3b55bb659ce43d372b938361dad Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Fri, 18 Mar 2022 20:29:31 -0400 Subject: nvdmirror: add CweListUrl --- nvdmirror/sync.go | 1 + nvdmirror/syncconfig.go | 13 +++++++++++++ nvdmirror/syncconfig_test.go | 22 ++++++++++++++++++++++ 3 files changed, 36 insertions(+) diff --git a/nvdmirror/sync.go b/nvdmirror/sync.go index 430842f..afdc260 100644 --- a/nvdmirror/sync.go +++ b/nvdmirror/sync.go @@ -40,5 +40,6 @@ func Sync(config SyncConfig, cache Cache, dstDir string) []string { ctx.checkMetas(ctx.fetchMetas()), config.GetCpeDictUrl(), config.GetCisaKevcUrl(), + config.GetCweListUrl(), )) } diff --git a/nvdmirror/syncconfig.go b/nvdmirror/syncconfig.go index 9cb5397..e80e12e 100644 --- a/nvdmirror/syncconfig.go +++ b/nvdmirror/syncconfig.go @@ -21,6 +21,9 @@ type SyncConfig struct { // CISA known exploited vulnerabilities catalog (KEVC) URL. CisaKevcUrl string + // Common Weakness Enumeration list URL. + CweListUrl string + // User agent string. Set to "" for default user agent string. UserAgent string @@ -37,6 +40,7 @@ var DefaultConfig = SyncConfig { CpeMatch10BaseUrl: "https://nvd.nist.gov/feeds/json/cpematch/1.0", Cpe23DictUrl: "https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz", CisaKevcUrl: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", + CweListUrl: "https://cwe.mitre.org/data/xml/cwec_latest.xml.zip", UserAgent: "cvez/0.1.0", } @@ -91,6 +95,15 @@ func (me SyncConfig) GetCisaKevcUrl() string { } } +// Get CWE list URL. +func (me SyncConfig) GetCweListUrl() string { + if len(me.CweListUrl) > 0 { + return me.CweListUrl + } else { + return DefaultConfig.CweListUrl + } +} + // get meta URL map. func (me SyncConfig) getMetaUrls() map[string]string { // calculate total number of years diff --git a/nvdmirror/syncconfig_test.go b/nvdmirror/syncconfig_test.go index 5f57b2d..91c900d 100644 --- a/nvdmirror/syncconfig_test.go +++ b/nvdmirror/syncconfig_test.go @@ -141,6 +141,28 @@ func TestSyncConfigGetCisaKevcUrl(t *testing.T) { } } +func TestSyncConfigGetCweListUrl(t *testing.T) { + tests := []struct { + name string + val string + exp string + } { + { "custom", "https://example.com/", "https://example.com/" }, + { "default", "", DefaultConfig.CweListUrl }, + } + + for _, test := range(tests) { + t.Run(test.name, func(t *testing.T) { + config := SyncConfig { CweListUrl: test.val } + + got := config.GetCweListUrl() + if got != test.exp { + t.Errorf("got \"%s\", exp \"%s\"", got, test.exp) + } + }) + } +} + func TestSyncConfigGetMetaUrls(t *testing.T) { // declare expected result exp := make(map[string]string) -- cgit v1.2.3