Documentation
¶
Overview ¶
Package vulndb provides an API to the vulnerability database.
Index ¶
- Constants
- func InitSchemaSQL(ctx context.Context, db *sql.DB) error
- func ParseTime(s string) (time.Time, error)
- func SchemaSQL() []string
- type CustomDataDeleter
- type CustomDataExporter
- type CustomDataImporter
- type CustomDataRecord
- type DataExporter
- type SnoozeCreator
- type SnoozeDeleter
- type SnoozeGetter
- type SnoozeRecord
- type SummaryExporter
- type SummaryRecord
- type VendorDataExporter
- type VendorDataImporter
- type VendorDataRecord
- type VendorDataTrimmer
- type VendorRecord
Constants ¶
const TimeLayout = nvd.TimeLayout
TimeLayout is the layout of NVD CVE JSON timestamps.
Variables ¶
This section is empty.
Functions ¶
func InitSchemaSQL ¶
InitSchemaSQL is auto-generated. Executes each SQL statement from schema.sql.
Types ¶
type CustomDataDeleter ¶
CustomDataDeleter is a helper for deleting custom data.
type CustomDataExporter ¶
CustomDataExporter is a helper for exporting custom data.
type CustomDataImporter ¶
CustomDataImporter is a helper for importing custom data.
func (CustomDataImporter) ImportFile ¶
func (o CustomDataImporter) ImportFile(ctx context.Context, name string) error
ImportFile imports NVD CVE JSON 1.0 optionally gzipped from file.
func (CustomDataImporter) ImportJSON ¶
ImportJSON imports NVD CVE JSON 1.0 optionally gzipped.
type CustomDataRecord ¶
type CustomDataRecord struct {
Owner string `sql:"owner"`
Provider string `sql:"provider"`
CVE string `sql:"cve_id"`
Published time.Time `sql:"published"`
Modified time.Time `sql:"modified"`
BaseScore float64 `sql:"base_score"`
Summary string `sql:"summary"`
JSON []byte `sql:"cve_json"`
}
CustomDataRecord represents a db record of the `custom_data` table.
type DataExporter ¶
DataExporter is a helper for exporting vulnerability records from the db.
type SnoozeCreator ¶
type SnoozeCreator struct {
DB *sql.DB
Owner string
Collector string
Provider string
Deadline time.Time
Metadata []byte
}
SnoozeCreator is a helper for creating snoozes.
type SnoozeDeleter ¶
SnoozeDeleter deletes snoozes from the database.
type SnoozeGetter ¶
SnoozeGetter gets data from the database.
type SnoozeRecord ¶
type SnoozeRecord struct {
Owner string `sql:"owner"`
Collector string `sql:"collector"`
Provider string `sql:"provider"`
CVE string `sql:"cve_id"`
Deadline sqlutil.NullTime `sql:"deadline"`
Metadata []byte `sql:"metadata"`
}
SnoozeRecord represents a database record of the `snooze` table.
type SummaryExporter ¶
SummaryExporter is a helper for exporting database summary.
func (SummaryExporter) SummaryRecords ¶
func (exp SummaryExporter) SummaryRecords(ctx context.Context) ([]SummaryRecord, error)
SummaryRecords retrieves the summary from the DB and returns it as a list of records
type SummaryRecord ¶
type SummaryRecord struct {
DataType string `sql:"data_type"`
Provider string `sql:"provider"`
Version string `sql:"version"`
CVEs int64 `sql:"cves"`
Published time.Time `sql:"published"`
Modified time.Time `sql:"modified"`
}
SummaryRecord represents a record of the `summary` query
type VendorDataExporter ¶
VendorDataExporter is a helper for exporting vendor data.
type VendorDataImporter ¶
type VendorDataImporter struct {
DB *sql.DB
Owner string
Provider string
OnFile func(filename string)
}
VendorDataImporter is a helper for importing an entire dataset from multiple files.
func (VendorDataImporter) ImportFiles ¶
func (v VendorDataImporter) ImportFiles(ctx context.Context, files ...string) (*VendorRecord, error)
ImportFiles creates a new dataset version and imports all files into it Files must be formatted as NVD CVE JSON 1.0 optionally gzipped.
type VendorDataRecord ¶
type VendorDataRecord struct {
Version int64 `sql:"version"`
CVE string `sql:"cve_id"`
Published time.Time `sql:"published"`
Modified time.Time `sql:"modified"`
BaseScore float64 `sql:"base_score"`
Summary string `sql:"summary"`
JSON []byte `sql:"cve_json"`
}
VendorDataRecord represents a db record of the `vendor_data` table.
func VendorDataFromFile ¶
func VendorDataFromFile(vendor *VendorRecord, name string) ([]VendorDataRecord, error)
VendorDataFromFile loads vendor data from NVD CVE JSON files.
type VendorDataTrimmer ¶
type VendorDataTrimmer struct {
DB *sql.DB
FilterProviders []string
DeleteLatestVersion bool // TODO: support keeping up to N versions
}
VendorDataTrimmer is a helper for trimming vendor data.
It deletes all versions but the latest.
Deleting would be easier in common scenarions, but we have some hard constraints:
- Vendor data is versioned
- No foreign key between vendor_data and vendor tables
- MySQL in safe mode forbids deleting from SELECT queries, wants values
- Must keep the binlog smaller than 500M, not enough for the NVD database
Therefore, deletion works as follows:
- Select versions from the vendor table based on the provided settings
- Operate on vendor records with ready=true or older versions
- By default, delete all versions but the latest, for each provider
- Delete from vendor table first, effectively making data records orphans
- Delete any orphan records from vendor_data, effectively crowd sourcing deletions
- Delete data in chunks, keeping binlog small
Deletion operations are expensive.
Source Files
¶
Directories
¶
| Path | Synopsis |
|---|---|
|
Package debug provides debugging utilities.
|
Package debug provides debugging utilities. |
|
Package mysql provides a connector to vulndb via MySQL.
|
Package mysql provides a connector to vulndb via MySQL. |
|
Package sqlutil provides utilities for database/sql for dealing with SQL queries and database records.
|
Package sqlutil provides utilities for database/sql for dealing with SQL queries and database records. |
|
b64schema
command
b64schema converts a SQL schema file into base64 encoded strings as Go code.
|
b64schema converts a SQL schema file into base64 encoded strings as Go code. |