summaryrefslogtreecommitdiff
blob: 527f2335b4ccf55748152f86783e60c28aad3b19 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
package cve

import (
	"glsamaker/pkg/models/bugzilla"
	"glsamaker/pkg/models/gpackage"
	"glsamaker/pkg/models/users"
	"time"
)

// NVDFeed
type NVDFeed struct {
	CVEDataFormat string `json:"CVE_data_format"`

	// NVD adds number of CVE in this feed
	CVEDataNumberOfCVEs string `json:"CVE_data_numberOfCVEs,omitempty"`

	// NVD adds feed date timestamp
	CVEDataTimestamp string `json:"CVE_data_timestamp,omitempty"`
	CVEDataType      string `json:"CVE_data_type"`
	CVEDataVersion   string `json:"CVE_data_version"`

	// NVD feed array of CVE
	CVEItems []*DefCveItem `json:"CVE_Items"`
}

// DefConfigurations Defines the set of product configurations for a NVD applicability statement.
type DefConfigurations struct {
	CVEDataVersion string     `json:"CVE_data_version"`
	Nodes          []*DefNode `json:"nodes,omitempty"`
}

// DefCpeMatch CPE match string or range
type DefCpeMatch struct {
	Cpe22Uri              string        `json:"cpe22Uri,omitempty"`
	Cpe23Uri              string        `json:"cpe23Uri"`
	CpeName               []*DefCpeName `json:"cpe_name,omitempty"`
	VersionEndExcluding   string        `json:"versionEndExcluding,omitempty"`
	VersionEndIncluding   string        `json:"versionEndIncluding,omitempty"`
	VersionStartExcluding string        `json:"versionStartExcluding,omitempty"`
	VersionStartIncluding string        `json:"versionStartIncluding,omitempty"`
	Vulnerable            bool          `json:"vulnerable"`
}

// DefCpeName CPE name
type DefCpeName struct {
	Cpe22Uri         string `json:"cpe22Uri,omitempty"`
	Cpe23Uri         string `json:"cpe23Uri"`
	LastModifiedDate string `json:"lastModifiedDate,omitempty"`
}

// DefCveItem Defines a vulnerability in the NVD data feed.
type DefCveItem struct {
	Id               string             `pg:",pk"`
	State            string             `pg:"state"`
	Configurations   *DefConfigurations `json:"configurations,omitempty"`
	Cve              CVE                `json:"cve"`
	Description      string
	Impact           *DefImpact `json:"impact,omitempty"`
	LastModifiedDate string     `json:"lastModifiedDate,omitempty"`
	PublishedDate    string     `json:"publishedDate,omitempty"`

	Comments []Comment `pg:",fk:cve_id"`
	Packages []gpackage.Package
	Bugs     []bugzilla.Bug `pg:"many2many:def_cve_item_to_bugs,joinFK:bug_id"`
}

type DefCveItemToBug struct {
	DefCveItemId string `pg:",unique:cve_to_bug"`
	BugId        int64  `pg:",unique:cve_to_bug"`
}

type Comment struct {
	Id        int64 `pg:",pk,unique"`
	GlsaId    int64
	CVEId     string
	User      int64
	UserBadge users.Badge
	Type      string
	Message   string
	//	Date      time.Time `pg:"-"`
	Date time.Time
}

// DefNode Defines a node or sub-node in an NVD applicability statement.
type DefNode struct {
	Children []*DefNode     `json:"children,omitempty"`
	CpeMatch []*DefCpeMatch `json:"cpe_match,omitempty"`
	Negate   bool           `json:"negate,omitempty"`
	Operator string         `json:"operator,omitempty"`
}

// DefImpact Impact scores for a vulnerability as found on NVD.
type DefImpact struct {
	BaseMetricV3 BaseMetricV3 `json:"baseMetricV3"`
	BaseMetricV2 BaseMetricV2 `json:"baseMetricV2"`
}

// BaseMetricV2 CVSS V2.0 score.
type BaseMetricV2 struct {
	CvssV2                  CvssV2  `json:"cvssV2"`
	Severity                string  `json:"severity"`
	ExploitabilityScore     float32 `json:"exploitabilityScore"`
	ImpactScore             float32 `json:"impactScore"`
	AcInsufInfo             bool    `json:"acInsufInfo"`
	ObtainAllPrivilege      bool    `json:"obtainAllPrivilege"`
	ObtainUserPrivilege     bool    `json:"obtainUserPrivilege"`
	ObtainOtherPrivilege    bool    `json:"obtainOtherPrivilege"`
	UserInteractionRequired bool    `json:"userInteractionRequired"`
}

// BaseMetricV3 CVSS V3.x score.
type BaseMetricV3 struct {
	CvssV3              CvssV3  `json:"cvssV3"`
	ExploitabilityScore float32 `json:"exploitabilityScore"`
	ImpactScore         float32 `json:"impactScore"`
}