Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/pkg/cveimport/update.go
blob: 8dcf4547bbcdfd9411586670a82c46ad8ce8cb05 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

package cveimport

import (
	"glsamaker/pkg/database"
	"glsamaker/pkg/database/connection"
	"glsamaker/pkg/logger"
	"glsamaker/pkg/models"
	"glsamaker/pkg/models/cve"
	"compress/gzip"
	"encoding/json"
	"io"
	"io/ioutil"
	"net/http"
	"strconv"
)

func Update() {
	database.Connect()
	defer connection.DB.Close()

	logger.Info.Println("Start update...")
	IncrementalCVEImport()
	logger.Info.Println("Finished update...")
}

func FullUpdate() {
	database.Connect()
	defer connection.DB.Close()

	logger.Info.Println("Start full update...")
	FullCVEImport()
	logger.Info.Println("Finished full update...")
}

func IncrementalCVEImport() {
	logger.Info.Println("Start importing recent CVEs")
	importCVEs("recent")
	logger.Info.Println("Finished importing recent CVEs")
}

func FullCVEImport() {
	for i := 2002; i <= 2020; i++ {
		year := strconv.Itoa(i)
		logger.Info.Println("Import CVEs from " + year)
		importCVEs(year)
		logger.Info.Println("Finished importing recent CVEs")
	}
}

func importCVEs(year string) {
	resp, err := http.Get("https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-" + year + ".json.gz")
	if err != nil {
		logger.Error.Println("err")
		logger.Error.Println(err)
		return
	}
	defer resp.Body.Close()

	var reader io.ReadCloser
	reader, err = gzip.NewReader(resp.Body)
	defer reader.Close()

	s, _ := ioutil.ReadAll(reader)

	var data cve.NVDFeed

	err = json.Unmarshal([]byte(s), &data)

	if err != nil {
		logger.Info.Println("ERROR during unmarshal:")
		logger.Info.Println(err)
	}

	for _, cveitem := range data.CVEItems {
		cveitem.Id = cveitem.Cve.CVEDataMeta.ID
		cveitem.State = "New"

		description := ""
		for _, langstring := range cveitem.Cve.Description.DescriptionData {
			if langstring.Lang == "en" {
				description = langstring.Value
			}
		}
		cveitem.Description = description
		cveitem.ManuallyCreated = false

		_, err := connection.DB.Model(cveitem).OnConflict("(id) DO UPDATE").Insert()
		if err != nil {
			logger.Error.Println("Err during CVE insert")
			logger.Error.Println(err)
		}
	}

	// update the time of the last bug update
	models.SetApplicationValue("LastCVEUpdate", "")

}