1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
package nvdmirror
import (
"fmt"
"time"
)
// Sync() configuration.
type SyncConfig struct {
// CVE 1.1 Base URL. The full meta and JSON URLs are constructed by
// appending the file name to this base.
Cve11BaseUrl string
// CPE Match 1.0 base URL. The full meta and JSON URLs are
// constructed by appending the file name to this base.
CpeMatch10BaseUrl string
// CPE 2.3 dictionary URL.
Cpe23DictUrl string
// CISA known exploited vulnerabilities catalog (KEVC) URL.
CisaKevcUrl string
// Common Weakness Enumeration list URL.
CweListUrl string
// User agent string. Set to "" for default user agent string.
UserAgent string
// Maximum number of idle connections.
MaxIdleConns int
// Idle connection timeout.
IdleConnTimeout time.Duration
}
// Default configuration (NVD and CISA URLs).
var DefaultConfig = SyncConfig {
Cve11BaseUrl: "https://nvd.nist.gov/feeds/json/cve/1.1",
CpeMatch10BaseUrl: "https://nvd.nist.gov/feeds/json/cpematch/1.0",
Cpe23DictUrl: "https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz",
CisaKevcUrl: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
CweListUrl: "https://cwe.mitre.org/data/xml/cwec_latest.xml.zip",
UserAgent: "cvez/0.1.0",
}
// Initial (first) CVE year.
const baseYear = 2002
// Additional non-year CVE feeds.
var cveExtraFiles = []string {
"modified",
"recent",
}
// Get user agent string.
func (me SyncConfig) GetUserAgent() string {
if len(me.UserAgent) > 0 {
return me.UserAgent
} else {
return DefaultConfig.UserAgent
}
}
// Get URL for CVE feed file.
func (me SyncConfig) GetCveUrl(id, ext string) string {
return fmt.Sprintf("%s/nvdcve-1.1-%s.%s", me.Cve11BaseUrl, id, ext)
}
// Get URL for CVE feed file for given year.
func (me SyncConfig) GetCveYearUrl(year int, ext string) string {
return me.GetCveUrl(fmt.Sprintf("%04d", year), ext)
}
// Get URL for CPE match file.
func (me SyncConfig) GetCpeMatchUrl(ext string) string {
return fmt.Sprintf("%s/nvdcpematch-1.0.%s", me.CpeMatch10BaseUrl, ext)
}
// Get CPE dictionary URL.
func (me SyncConfig) GetCpeDictUrl() string {
if len(me.Cpe23DictUrl) > 0 {
return me.Cpe23DictUrl
} else {
return DefaultConfig.Cpe23DictUrl
}
}
// Get CISA KEVC URL.
func (me SyncConfig) GetCisaKevcUrl() string {
if len(me.CisaKevcUrl) > 0 {
return me.CisaKevcUrl
} else {
return DefaultConfig.CisaKevcUrl
}
}
// Get CWE list URL.
func (me SyncConfig) GetCweListUrl() string {
if len(me.CweListUrl) > 0 {
return me.CweListUrl
} else {
return DefaultConfig.CweListUrl
}
}
// get map of meta URLs to possible meta updates.
func (me SyncConfig) getMetas() map[string]Update {
// calculate total number of years
numYears := time.Now().Year() - baseYear + 1
r := make(map[string]Update)
// fetch cve feed metas
for i := 0; i < numYears; i++ {
year := baseYear + i
metaUrl := me.GetCveYearUrl(year, "meta")
feedUrl := me.GetCveYearUrl(year, "json.gz")
r[metaUrl] = Update {
Type: UpdateCveYear,
Year: baseYear + i,
Url: feedUrl,
}
}
// fetch cve extra file metas
for _, s := range(cveExtraFiles) {
metaUrl := me.GetCveUrl(s, "meta")
feedUrl := me.GetCveUrl(s, "json.gz")
r[metaUrl] = Update { Type: UpdateCveYear, Meta: s, Url: feedUrl }
}
{
// add cpe match
metaUrl := me.GetCpeMatchUrl("meta")
feedUrl := me.GetCpeMatchUrl("json.gz")
r[metaUrl] = Update { Type: UpdateCpeMatch, Url: feedUrl }
}
// return map
return r
}
|