1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
package nvdmirror
import (
"fmt"
"time"
)
// Sync() configuration.
type SyncConfig struct {
// CVE 1.1 Base URL. The full meta and JSON URLs are constructed by
// appending the file name to this base.
Cve11BaseUrl string
// CPE Match 1.0 base URL. The full meta and JSON URLs are
// constructed by appending the file name to this base.
CpeMatch10BaseUrl string
// CPE 2.3 dictionary URL.
Cpe23DictUrl string
// CISA known exploited vulnerabilities catalog (KEVC) URL.
CisaKevcUrl string
// User agent string. Set to "" for default user agent string.
UserAgent string
// Maximum number of idle connections.
MaxIdleConns int
// Idle connection timeout.
IdleConnTimeout time.Duration
}
// Default configuration (NVD and CISA URLs).
var DefaultConfig = SyncConfig {
Cve11BaseUrl: "https://nvd.nist.gov/feeds/json/cve/1.1",
CpeMatch10BaseUrl: "https://nvd.nist.gov/feeds/json/cpematch/1.0",
Cpe23DictUrl: "https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz",
CisaKevcUrl: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
UserAgent: "cvez/0.1.0",
}
// Initial (first) CVE year.
const baseYear = 2002
// Additional non-year CVE feeds.
var cveExtraFiles = []string {
"modified",
"recent",
}
// Get user agent string.
func (me SyncConfig) GetUserAgent() string {
if len(me.UserAgent) > 0 {
return me.UserAgent
} else {
return DefaultConfig.UserAgent
}
}
// Get URL for CVE feed file.
func (me SyncConfig) GetCveUrl(id, ext string) string {
return fmt.Sprintf("%s/nvdcve-1.1-%s.%s", me.Cve11BaseUrl, id, ext)
}
// Get URL for CVE feed file for given year.
func (me SyncConfig) GetCveYearUrl(year int, ext string) string {
return me.GetCveUrl(fmt.Sprintf("%04d", year), ext)
}
// Get URL for CPE match file.
func (me SyncConfig) GetCpeMatchUrl(ext string) string {
return fmt.Sprintf("%s/nvdcpematch-1.0.%s", me.CpeMatch10BaseUrl, ext)
}
// Get CPE dictionary URL.
func (me SyncConfig) GetCpeDictUrl() string {
if len(me.Cpe23DictUrl) > 0 {
return me.Cpe23DictUrl
} else {
return DefaultConfig.Cpe23DictUrl
}
}
// Get CISA KEVC URL.
func (me SyncConfig) GetCisaKevcUrl() string {
if len(me.CisaKevcUrl) > 0 {
return me.CisaKevcUrl
} else {
return DefaultConfig.CisaKevcUrl
}
}
// get meta URL map.
func (me SyncConfig) getMetaUrls() map[string]string {
// calculate total number of years
numYears := time.Now().Year() - baseYear + 1
r := make(map[string]string)
// fetch cve feed metas
for i := 0; i < numYears; i++ {
metaUrl := me.GetCveYearUrl(baseYear + i, "meta")
feedUrl := me.GetCveYearUrl(baseYear + i, "json.gz")
r[metaUrl] = feedUrl
}
// fetch cve extra file metas
for _, s := range(cveExtraFiles) {
metaUrl := me.GetCveUrl(s, "meta")
feedUrl := me.GetCveUrl(s, "json.gz")
r[metaUrl] = feedUrl
}
{
// add cpe match
metaUrl := me.GetCpeMatchUrl("meta")
feedUrl := me.GetCpeMatchUrl("json.gz")
r[metaUrl] = feedUrl
}
// return map
return r
}
|
