aboutsummaryrefslogtreecommitdiff
path: root/nvdmirror/nvdmirror.go
blob: 7b092b1ff147c90c8090b4035a819fd48f0f5c69 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184

// mirror files from upstream NVD source
package nvdmirror

import (
  "fmt"
  "github.com/rs/zerolog/log"
  "io"
  "net/http"
  "net/url"
  "os"
  "path/filepath"
  "time"
)

// URLs
type Urls struct {
  // CVE 1.1 Base URL.  The full meta and JSON URLs are constructed from
  // this appended to this base..
  Cve11Base string

  // CPE 1.0 match meta URL
  Cpe10MatchMeta string

  // CPE 1.0 match URL
  Cpe10MatchJson string

  // CPE 2.3 dictionary URL
  Cpe23Dict string
}

// NVD URLs
var DefaultUrls = Urls {
  Cve11Base: "https://nvd.nist.gov/feeds/json/cve/1.1",
  Cpe10MatchMeta: "https://nvd.nist.gov/feeds/json/cpematch/1.0/nvdcpematch-1.0.meta",
  Cpe10MatchJson: "https://nvd.nist.gov/feeds/json/cpematch/1.0/nvdcpematch-1.0.gz",
  Cpe23Dict: "https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz",
}

var extraFiles = []string {
  "nvdcve-1.1-modified",
  "nvdcve-1.1-recent",
}

// fetch result
type fetchResult struct {
  src string // source URL
  err error // fetch result
  notModified bool // was the result unmodified?
  lastModified string // last modified response header
  etag string // etag response header
}

// base CVE year
const baseYear = 2002

// default user agent (FIXME: make configurable)
var userAgent = "cvez/0.1.0"

func fetch(ch chan fetchResult, client *http.Client, cache Cache, srcUrl string, dstDir string) {
  // parse source url
  src, err := url.Parse(srcUrl)
  if err != nil {
    ch <- fetchResult { src: srcUrl, err: err }
    return
  }

  // build destination path
  path := filepath.Join(dstDir, filepath.Base(src.Path))
  log.Debug().Str("url", srcUrl).Str("path", path).Send()

  // create temporary output file
  f, err := os.CreateTemp(filepath.Dir(path), "")
  if err != nil {
    ch <- fetchResult { src: srcUrl, err: err }
    return
  }
  defer os.Remove(f.Name())

  // create request
  req, err := http.NewRequest("GET", srcUrl, nil)
  if err != nil {
    ch <- fetchResult { src: srcUrl, err: err }
    return
  }

  // add request headers
  req.Header.Add("user-agent", userAgent)
  if headers, ok := cache.Get(srcUrl); ok {
    for k, v := range(headers) {
      req.Header.Add(k, v)
    }
  }

  // send request
  resp, err := client.Do(req)
  if err != nil {
    ch <- fetchResult { src: srcUrl, err: err }
    return
  }
  defer resp.Body.Close()

  switch resp.StatusCode {
  case 200:
    // copy body to result
    if size, err := io.Copy(f, resp.Body); err != nil {
      // copy failed
      ch <- fetchResult { src: srcUrl, err: err }
    } else if err = os.Rename(f.Name(), path); err != nil {
      // rename failed
      ch <- fetchResult { src: srcUrl, err: err }
    } else {
      log.Debug().Str("url", srcUrl).Int64("size", size).Send()
      ch <- fetchResult {
        src: srcUrl,
        lastModified: resp.Header.Get("last-modified"),
        etag: resp.Header.Get("etag"),
      }
    }
  case 304:
    ch <- fetchResult { src: srcUrl, notModified: true }
  default:
    code := resp.StatusCode
    err := fmt.Errorf("%d: %s", code, http.StatusText(code))
    ch <- fetchResult { src: srcUrl, err: err }
  }
}

func Sync(urls Urls, cache Cache, dstDir string) error {
  log.Debug().Str("dstDir", dstDir).Msg("Sync")

  // create fetch result channel
  ch := make(chan fetchResult)

  // create shared transport and client
  tr := &http.Transport{
    // FIXME: make configurable
	  MaxIdleConns:     10,
	  IdleConnTimeout:  30 * time.Second,
  }
  client := &http.Client{Transport: tr}

  // calculate total number of years
  numYears := time.Now().Year() - 2002 + 1

  // fetch metas
  for year := baseYear; year < baseYear + numYears; year++ {
    // build url
    url := fmt.Sprintf("%s/nvdcve-1.1-%04d.meta", urls.Cve11Base, year)
    log.Debug().Int("year", year).Str("url", url).Send()
    go fetch(ch, client, cache, url, dstDir)
  }

  for _, s := range(extraFiles) {
    url := fmt.Sprintf("%s/%s.meta", urls.Cve11Base, s)
    log.Debug().Str("file", s).Str("url", url).Send()
    go fetch(ch, client, cache, url, dstDir)
  }

  // read results
  for i := 0; i < numYears + len(extraFiles); i++ {
    if r := <-ch; r.err != nil {
      log.Error().Str("url", r.src).Err(r.err).Send()
      // FIXME: errs = append(errs, r)
    } else {
      log.Info().Str("url", r.src).Str("etag", r.etag).Msg("ok")

      if !r.notModified {
        // cache headers
        err := cache.Set(r.src, map[string]string {
          "if-none-match": r.etag,
          "if-modified-since": r.lastModified,
        })

        if err != nil {
          log.Error().Str("url", r.src).Err(r.err).Msg("Set")
          return err
        }
      }
    }
  }

  // return success
  return nil
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 16:29:41 +0000