Merge pull request #571 from ErikThoreson/nvdupdates
adding publisher datetime and updating nvd feed download
This commit is contained in:
commit
b1cd092319
@ -1,33 +0,0 @@
|
||||
// Copyright 2017 clair authors
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package nvd
|
||||
|
||||
import "io"
|
||||
|
||||
// NestedReadCloser wraps an io.Reader and implements io.ReadCloser by closing every embed
|
||||
// io.ReadCloser.
|
||||
// It allows chaining io.ReadCloser together and still keep the ability to close them all in a
|
||||
// simple manner.
|
||||
type NestedReadCloser struct {
|
||||
io.Reader
|
||||
NestedReadClosers []io.ReadCloser
|
||||
}
|
||||
|
||||
// Close closes the gzip.Reader and the underlying io.ReadCloser.
|
||||
func (nrc *NestedReadCloser) Close() {
|
||||
for _, nestedReadCloser := range nrc.NestedReadClosers {
|
||||
nestedReadCloser.Close()
|
||||
}
|
||||
}
|
@ -39,8 +39,8 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
dataFeedURL string = "http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%s.xml.gz"
|
||||
dataFeedMetaURL string = "http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%s.meta"
|
||||
dataFeedURL string = "https://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%s.xml.gz"
|
||||
dataFeedMetaURL string = "https://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-%s.meta"
|
||||
|
||||
appenderName string = "NVD"
|
||||
|
||||
@ -58,6 +58,7 @@ type NVDMetadata struct {
|
||||
}
|
||||
|
||||
type NVDmetadataCVSSv2 struct {
|
||||
PublishedDateTime string
|
||||
Vectors string
|
||||
Score float64
|
||||
}
|
||||
@ -88,9 +89,16 @@ func (a *appender) BuildCache(datastore database.Datastore) error {
|
||||
a.dataFeedHashes = dataFeedHashes
|
||||
|
||||
// Parse data feeds.
|
||||
for dataFeedName, dataFeedReader := range dataFeedReaders {
|
||||
for dataFeedName, dataFileName := range dataFeedReaders {
|
||||
f, err := os.Open(dataFileName)
|
||||
if err != nil {
|
||||
log.WithError(err).WithField(logDataFeedName, dataFeedName).Error("could not open NVD data file")
|
||||
return commonerr.ErrCouldNotParse
|
||||
}
|
||||
var nvd nvd
|
||||
if err = xml.NewDecoder(dataFeedReader).Decode(&nvd); err != nil {
|
||||
r := bufio.NewReader(f)
|
||||
if err = xml.NewDecoder(r).Decode(&nvd); err != nil {
|
||||
f.Close()
|
||||
log.WithError(err).WithField(logDataFeedName, dataFeedName).Error("could not decode NVD data feed")
|
||||
return commonerr.ErrCouldNotParse
|
||||
}
|
||||
@ -102,8 +110,7 @@ func (a *appender) BuildCache(datastore database.Datastore) error {
|
||||
a.metadata[nvdEntry.Name] = *metadata
|
||||
}
|
||||
}
|
||||
|
||||
dataFeedReader.Close()
|
||||
f.Close()
|
||||
}
|
||||
|
||||
return nil
|
||||
@ -125,7 +132,7 @@ func (a *appender) Clean() {
|
||||
os.RemoveAll(a.localPath)
|
||||
}
|
||||
|
||||
func getDataFeeds(dataFeedHashes map[string]string, localPath string) (map[string]NestedReadCloser, map[string]string, error) {
|
||||
func getDataFeeds(dataFeedHashes map[string]string, localPath string) (map[string]string, map[string]string, error) {
|
||||
var dataFeedNames []string
|
||||
for y := 2002; y <= time.Now().Year(); y++ {
|
||||
dataFeedNames = append(dataFeedNames, strconv.Itoa(y))
|
||||
@ -144,19 +151,16 @@ func getDataFeeds(dataFeedHashes map[string]string, localPath string) (map[strin
|
||||
dataFeedHashes[dataFeedName] = hash
|
||||
}
|
||||
|
||||
// Create io.Reader for every data feed.
|
||||
dataFeedReaders := make(map[string]NestedReadCloser)
|
||||
// Create map containing the name and filename for every data feed.
|
||||
dataFeedReaders := make(map[string]string)
|
||||
for _, dataFeedName := range dataFeedNames {
|
||||
fileName := filepath.Join(localPath, fmt.Sprintf("%s.xml", dataFeedName))
|
||||
|
||||
if h, ok := dataFeedHashes[dataFeedName]; ok && h == dataFeedHashes[dataFeedName] {
|
||||
// The hash is known, the disk should contains the feed. Try to read from it.
|
||||
if localPath != "" {
|
||||
if f, err := os.Open(fileName); err == nil {
|
||||
dataFeedReaders[dataFeedName] = NestedReadCloser{
|
||||
Reader: f,
|
||||
NestedReadClosers: []io.ReadCloser{f},
|
||||
}
|
||||
f.Close()
|
||||
dataFeedReaders[dataFeedName] = fileName
|
||||
continue
|
||||
}
|
||||
}
|
||||
@ -177,20 +181,17 @@ func getDataFeeds(dataFeedHashes map[string]string, localPath string) (map[strin
|
||||
|
||||
// Store it to a file at the same time if possible.
|
||||
if f, err := os.Create(fileName); err == nil {
|
||||
nrc := NestedReadCloser{
|
||||
Reader: io.TeeReader(gr, f),
|
||||
NestedReadClosers: []io.ReadCloser{r.Body, gr, f},
|
||||
_, err = io.Copy(f, gr)
|
||||
if err != nil {
|
||||
log.WithError(err).Warning("could not stream NVD data feed to filesystem")
|
||||
}
|
||||
dataFeedReaders[dataFeedName] = nrc
|
||||
dataFeedReaders[dataFeedName] = fileName
|
||||
f.Close()
|
||||
} else {
|
||||
nrc := NestedReadCloser{
|
||||
Reader: gr,
|
||||
NestedReadClosers: []io.ReadCloser{gr, r.Body},
|
||||
}
|
||||
dataFeedReaders[dataFeedName] = nrc
|
||||
|
||||
log.WithError(err).Warning("could not store NVD data feed to filesystem")
|
||||
}
|
||||
|
||||
r.Body.Close()
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -28,6 +28,7 @@ type nvd struct {
|
||||
type nvdEntry struct {
|
||||
Name string `xml:"http://scap.nist.gov/schema/vulnerability/0.4 cve-id"`
|
||||
CVSS nvdCVSS `xml:"http://scap.nist.gov/schema/vulnerability/0.4 cvss"`
|
||||
PublishedDateTime string `xml:"http://scap.nist.gov/schema/vulnerability/0.4 published-datetime"`
|
||||
}
|
||||
|
||||
type nvdCVSS struct {
|
||||
@ -64,6 +65,7 @@ func init() {
|
||||
func (n nvdEntry) Metadata() *NVDMetadata {
|
||||
metadata := &NVDMetadata{
|
||||
CVSSv2: NVDmetadataCVSSv2{
|
||||
PublishedDateTime: n.PublishedDateTime,
|
||||
Vectors: n.CVSS.BaseMetrics.String(),
|
||||
Score: n.CVSS.BaseMetrics.Score,
|
||||
},
|
||||
|
Loading…
Reference in New Issue
Block a user