From c5919b1eb3624bc8dee8b0580969dc780fd9375d Mon Sep 17 00:00:00 2001 From: Paul Duncan Date: Sat, 19 Feb 2022 12:04:37 -0500 Subject: dbstore/dbstore.go: add impact, add TODO for item configuration, add disabled cve count check --- dbstore/dbstore.go | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 77 insertions(+), 1 deletion(-) diff --git a/dbstore/dbstore.go b/dbstore/dbstore.go index b6ba122..2946d8f 100644 --- a/dbstore/dbstore.go +++ b/dbstore/dbstore.go @@ -492,6 +492,69 @@ func (me DbStore) addCve(ctx context.Context, tx Tx, itemId int64, cve nvd_feed. return nil } +// add feed item CVSSv2 impact. +func (me DbStore) addItemCvssV2(ctx context.Context, tx Tx, itemId int64, metric nvd_feed.BaseMetricV2) error { + // check version + if metric.CvssV2.Version != nvd_feed.V20 { + return fmt.Errorf("unknown CVSSv2 version: %s", metric.CvssV2.Version) + } + + // add metric + _, err := tx.Exec(ctx, "feed/insert-item-cvss-v2", + itemId, + metric.CvssV2.Vector.Vector.String(), + int64(metric.CvssV2.BaseScore), + metric.Severity, + int64(metric.ExploitabilityScore), + int64(metric.ImpactScore), + metric.InsufficientInfo, + metric.ObtainAllPrivilege, + metric.ObtainUserPrivilege, + metric.ObtainOtherPrivilege, + metric.UserInteractionRequired, + ) + + // return result + return err +} + +// add feed item CVSSv3 impact. +func (me DbStore) addItemCvssV3(ctx context.Context, tx Tx, itemId int64, metric nvd_feed.BaseMetricV3) error { + // check version + if metric.CvssV3.Version != nvd_feed.V31 { + return fmt.Errorf("unknown CVSSv3 version: %s", metric.CvssV3.Version) + } + + // add metric + _, err := tx.Exec(ctx, "feed/insert-item-cvss-v3", + itemId, + metric.CvssV3.Vector.Vector.String(), + int64(metric.CvssV3.BaseScore), + metric.CvssV3.BaseSeverity, + int64(metric.ExploitabilityScore), + int64(metric.ImpactScore), + ) + + // return result + return err +} + +// add feed item impact. +func (me DbStore) addImpact(ctx context.Context, tx Tx, itemId int64, impact nvd_feed.Impact) error { + // add cvss v2 impact + if err := me.addItemCvssV2(ctx, tx, itemId, impact.BaseMetricV2); err != nil { + return err + } + + // add cvss v3 impact + if err := me.addItemCvssV3(ctx, tx, itemId, impact.BaseMetricV3); err != nil { + return err + } + + // return success + return nil +} + // Add feed item and return item ID. func (me DbStore) addItem(ctx context.Context, tx Tx, feedId int64, item nvd_feed.Item) error { // item ID @@ -521,12 +584,21 @@ func (me DbStore) addItem(ctx context.Context, tx Tx, feedId int64, item nvd_fee return err } + // TODO: add item configuration + // if err := me.addConfigs(ctx, tx, itemId, item.Configurations); err != nil { + // return err + // } + + // add item cve if err := me.addCve(ctx, tx, itemId, item.Cve); err != nil { return err } - // TODO: add impact, etc + // add item impact + if err := me.addImpact(ctx, tx, itemId, item.Impact); err != nil { + return err + } // return success return nil @@ -542,6 +614,10 @@ func (me DbStore) addFeed(ctx context.Context, tx Tx, feed nvd_feed.Feed) (int64 return feedId, err } + // FIXME: check cve count? + // if feed.NumCVEs != len(feed.Items) { + // } + // serialize feed timestamp ts, err := feed.Timestamp.MarshalText() if err != nil { -- cgit v1.2.3