// NVD JSON feed parser. package feed // import "nvd/internal/cvss" // TODO: parse cpe // CVE metadata type CveMetadata struct { // CVE ID Id CveId `json:"ID"` // CVE assigner email address Assigner string `json:"ASSIGNER"` } // CVE description string. type Description struct { // Language code Lang string `json:"lang"` // String value Value string `json:"value"` } // CVE problem type type CveProblemType struct { // problem type descriptions Descriptions []Description `json:"description"` } // Slice of CVE problem types. type CveProblemTypes struct { // problem types ProblemTypes []CveProblemType `json:"problemtype_data"` } // CVE reference type CveReference struct { // reference URL Url string `json:"url"` // reference name Name string `json:"name"` // reference source RefSource string `json:"refsource"` // tags Tags []string `json:"tags"` } // Slice of CVE references type CveReferences struct { References []CveReference `json:"reference_data"` } // CVE item descriptions type CveDescription struct { // slice of descriptions Descriptions []Description `json:"description_data"` } // CVE data type Cve struct { // feed data type DataType DataType `json:"CVE_data_type"` // feed data format DataFormat DataFormat `json:"CVE_data_format"` // feed data format version DataVersion DataVersion `json:"CVE_data_version"` // CVE metadata Metadata CveMetadata `json:"CVE_data_meta"` // CVE problem types ProblemTypes CveProblemTypes `json:"problemtype"` // CVE references References CveReferences `json:"references"` // CVE description Description CveDescription `json:"description"` } // CPE match type CpeMatch struct { // Vulnerable? Vulnerable bool `json:"vulnerable"` VersionEndExcluding string `json:"versionEndExcluding"` // CPE URI (FIXME: decode this) Cpe23Uri string `json:"cpe23Uri"` // CPE names (not sure if this is correct) Names []string `json:"cpe_name"` } // CVE item configuration node type ConfigurationNode struct { // node operator Operator NodeOp `json:"operator"` // node children Children []ConfigurationNode `json:"children"` CpeMatches []CpeMatch `json:"cpe_match"` } // CVE item configurations type ItemConfigurations struct { // data version DataVersion DataVersion `json:"CVE_data_version"` // slice of configuration nodes Nodes []ConfigurationNode `json:"nodes"` } // CVSS V3 type CvssV3 struct { // CVSS V3 version Version V3Version `json:"version"` // CVSS V3 vector string // VectorString string `json:"vectorString"` // CVSS vector Vector Vector `json:"vectorString"` // attack vector AttackVector V3AttackVector `json:"attackVector"` // attack complexity AttackComplexity V3AttackComplexity `json:"attackComplexity"` // privileges required PrivilegesRequired V3PrivilegesRequired `json:"privilegesRequired"` // user interaction UserInteraction V3UserInteraction `json:"userInteraction"` // scope Scope V3Scope `json:"scope"` // integrity impact IntegrityImpact V3Impact `json:"integrityImpact"` // availability impact AvailabilityImpact V3Impact `json:"availabilityImpact"` // base score BaseScore Score `json:"baseScore"` // base severity BaseSeverity Severity `json:"baseSeverity"` } // CVSS V3 base metrics type BaseMetricV3 struct { CvssV3 CvssV3 `json:"cvssV3"` ExploitabilityScore Score `json:"exploitabilityScore"` ImpactScore Score `json:"impactScore"` } // CVSS V2 type CvssV2 struct { // CVSS V2 version Version V2Version `json:"version"` // CVSS vector string // VectorString string `json:"vectorString"` // CVSS vector Vector Vector `json:"vectorString"` // attack vector AccessVector V2AccessVector `json:"accessVector"` // attack complexity AccessComplexity V2AccessComplexity `json:"accessComplexity"` // authentication Authentication V2Authentication `json:"authentication"` ConfidentialityImpact V2Impact `json:"confidentialityImpact"` IntegrityImpact V2Impact `json:"integrityImpact"` AvailabilityImpact V2Impact `json:"availabilityImpact"` // base score BaseScore Score `json:"baseScore"` } // CVSS V2 base metrics type BaseMetricV2 struct { CvssV2 CvssV2 `json:"cvssV2"` Severity Severity `json:"severity"` ExploitabilityScore Score `json:"exploitabilityScore"` ImpactScore Score `json:"impactScore"` InsufficientInfo bool `json:"acInsufInfo"` ObtainAllPrivilege bool `json:"obtainAllPrivilege"` ObtainUserPrivilege bool `json:"obtainUserPrivilege"` ObtainOtherPrivilege bool `json:"obtainOtherPrivilege"` UserInteractionRequired bool `json:"userInteractionRequired"` } // Item impact type Impact struct { // CVSS V3 base metrics BaseMetricV3 *BaseMetricV3 `json:"baseMetricV3"` // CVSS V2 base metrics BaseMetricV2 *BaseMetricV2 `json:"baseMetricV2"` } // CVE feed item type Item struct { // item CVE data Cve Cve `json:"cve"` // item configuration Configurations ItemConfigurations `json:"configurations"` // item impact Impact Impact `json:"impact"` // item published date PublishedDate Time `json:"publishedDate"` // last modification date LastModifiedDate Time `json:"lastModifiedDate"` } // NVD feed type Feed struct { // feed data type DataType DataType `json:"CVE_data_type"` // feed data format DataFormat DataFormat `json:"CVE_data_format"` // feed data format version DataVersion DataVersion `json:"CVE_data_version"` // number of CVEs in feed NumCVEs uint64 `json:"CVE_data_numberOfCVEs,string"` // data timestamp Timestamp Time `json:"CVE_data_timestamp"` // CVE items Items []Item `json:"CVE_Items"` }