cmd/update.go


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

package cmd

import (
  // "encoding/json"
  "context"
  "github.com/pablotron/cvez/cisa"
  "github.com/pablotron/cvez/nvdmirror"
  "github.com/rs/zerolog/log"
  "github.com/spf13/cobra"
  nvd_feed "github.com/pablotron/cvez/feed"
  "os"
  "path/filepath"
)

var updateCmd = &cobra.Command{
  Use:   "update",
  Aliases: []string { "up" },
  Short: "Update mirror.",
  Long: `Update local NVD mirror.`,

  Run: func(cmd *cobra.Command, args []string) {
    // custom sync config
    config := nvdmirror.SyncConfig {
      Cve11BaseUrl: "https://pmdn.org/cvez-test/20220318/nvd/cve",
      CpeMatch10BaseUrl: "https://pmdn.org/cvez-test/20220318/nvd/cpematch",
      Cpe23DictUrl: "https://pmdn.org/cvez-test/20220318/nvd/cpedict/official-cpe-dictionary_v2.3.xml.gz",
      CisaKevcUrl: "https://pmdn.org/cvez-test/20220318/cisa/known_exploited_vulnerabilities.json",
      CweListUrl: "https://pmdn.org/cvez-test/20220318/cwe/cwec_latest.xml.zip",
    }

    // get cache and cache dir
    cache, cacheDir := getCache()
    defer cache.Close()

    // sync data, get updates
    updates := nvdmirror.Sync(config, &cache, cacheDir)
    if len(updates) > 0 {
      // connect to db
      ctx := context.Background()
      db := getDb()

      // build list of feeds to add
      log.Info().Msg("load feeds")
      var feeds []nvd_feed.Feed
      for _, row := range(updates) {
        if row.Type == nvdmirror.UpdateCveYear {
          feeds = append(feeds, getFeed(filepath.Join(cacheDir, row.Path)))
        }
      }

      if len(feeds) > 0 {
        log.Info().Msg("AddCveFeeds")
        if _, err := db.AddCveFeeds(ctx, feeds); err != nil {
          // FIXME: failing like this leaves an invalid cache
          log.Error().Err(err).Msg("AddCveFeeds")
          os.Exit(-1)
        }
      }

      // process cpe dictionary before cpe matches to prevent FK
      // constraint violations
      for _, row := range(updates) {
        if row.Type == nvdmirror.UpdateCpeDict {
          log.Info().Msg("AddCpeDictionary")
          dict := getCpeDict(filepath.Join(cacheDir, row.Path))
          if err := db.AddCpeDictionary(ctx, dict); err != nil {
            log.Error().Err(err).Msg("AddCpeDictionary")
            os.Exit(-1)
          }
        }
      }

      for _, row := range(updates) {
        switch row.Type {
        case nvdmirror.UpdateCpeMatch:
          log.Info().Msg("AddCpeMatches")
          matches := getCpeMatches(filepath.Join(cacheDir, row.Path))
          if err := db.AddCpeMatches(ctx, matches); err != nil {
            log.Error().Err(err).Msg("AddCpeMatches")
            os.Exit(-1)
          }
        case nvdmirror.UpdateCisaKevc:
          log.Info().Msg("AddCisaCatalogs")
          cat := getCisaCatalog(filepath.Join(cacheDir, row.Path))
          if _, err := db.AddCisaCatalogs(ctx, []cisa.Catalog { cat }); err != nil {
            log.Error().Err(err).Msg("AddCisaCatalogs")
            os.Exit(-1)
          }
        }
      }
    }
  },
}