package nvdmirror import ( "fmt" "time" ) // Sync() configuration. type SyncConfig struct { // CVE 1.1 Base URL. The full meta and JSON URLs are constructed by // appending the file name to this base. Cve11BaseUrl string // CPE Match 1.0 base URL. The full meta and JSON URLs are // constructed by appending the file name to this base. CpeMatch10BaseUrl string // CPE 2.3 dictionary URL. Cpe23DictUrl string // CISA known exploited vulnerabilities catalog (KEVC) URL. CisaKevcUrl string // Common Weakness Enumeration list URL. CweListUrl string // User agent string. Set to "" for default user agent string. UserAgent string // Maximum number of idle connections. MaxIdleConns int // Idle connection timeout. IdleConnTimeout time.Duration } // Default configuration (NVD and CISA URLs). var DefaultConfig = SyncConfig { Cve11BaseUrl: "https://nvd.nist.gov/feeds/json/cve/1.1", CpeMatch10BaseUrl: "https://nvd.nist.gov/feeds/json/cpematch/1.0", Cpe23DictUrl: "https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz", CisaKevcUrl: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json", CweListUrl: "https://cwe.mitre.org/data/xml/cwec_latest.xml.zip", UserAgent: "cvez/0.1.0", } // Initial (first) CVE year. const baseYear = 2002 // Additional non-year CVE feeds. var cveExtraFiles = []string { "modified", "recent", } // Get user agent string. func (me SyncConfig) GetUserAgent() string { if len(me.UserAgent) > 0 { return me.UserAgent } else { return DefaultConfig.UserAgent } } // Get URL for CVE feed file. func (me SyncConfig) GetCveUrl(id, ext string) string { return fmt.Sprintf("%s/nvdcve-1.1-%s.%s", me.Cve11BaseUrl, id, ext) } // Get URL for CVE feed file for given year. func (me SyncConfig) GetCveYearUrl(year int, ext string) string { return me.GetCveUrl(fmt.Sprintf("%04d", year), ext) } // Get URL for CPE match file. func (me SyncConfig) GetCpeMatchUrl(ext string) string { return fmt.Sprintf("%s/nvdcpematch-1.0.%s", me.CpeMatch10BaseUrl, ext) } // Get CPE dictionary URL. func (me SyncConfig) GetCpeDictUrl() string { if len(me.Cpe23DictUrl) > 0 { return me.Cpe23DictUrl } else { return DefaultConfig.Cpe23DictUrl } } // Get CISA KEVC URL. func (me SyncConfig) GetCisaKevcUrl() string { if len(me.CisaKevcUrl) > 0 { return me.CisaKevcUrl } else { return DefaultConfig.CisaKevcUrl } } // Get CWE list URL. func (me SyncConfig) GetCweListUrl() string { if len(me.CweListUrl) > 0 { return me.CweListUrl } else { return DefaultConfig.CweListUrl } } // get map of meta URLs to possible meta updates. func (me SyncConfig) getMetas() map[string]Update { // calculate total number of years numYears := time.Now().Year() - baseYear + 1 r := make(map[string]Update) // fetch cve feed metas for i := 0; i < numYears; i++ { year := baseYear + i metaUrl := me.GetCveYearUrl(year, "meta") feedUrl := me.GetCveYearUrl(year, "json.gz") r[metaUrl] = Update { Type: UpdateCveYear, Year: baseYear + i, Url: feedUrl, } } // fetch cve extra file metas for _, s := range(cveExtraFiles) { metaUrl := me.GetCveUrl(s, "meta") feedUrl := me.GetCveUrl(s, "json.gz") r[metaUrl] = Update { Type: UpdateCveYear, Meta: s, Url: feedUrl } } { // add cpe match metaUrl := me.GetCpeMatchUrl("meta") feedUrl := me.GetCpeMatchUrl("json.gz") r[metaUrl] = Update { Type: UpdateCpeMatch, Url: feedUrl } } // return map return r }