-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnvd.go
408 lines (335 loc) · 9.13 KB
/
nvd.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
package cpe
import (
"compress/gzip"
"encoding/json"
"fmt"
"io"
"io/ioutil"
"net/http"
"os"
"path/filepath"
"strings"
"sync"
"time"
)
// NVDFeedOptions NVD Feed下载选项
type NVDFeedOptions struct {
// 缓存目录
CacheDir string
// 缓存最大有效期(小时)
CacheMaxAge int
// 最大并发下载数
MaxConcurrentDownloads int
// 是否显示进度信息
ShowProgress bool
// 用户自定义的HTTP客户端
HTTPClient *http.Client
}
// 默认NVD CPE Feed URL
const (
NVDCPEMatch = "https://nvd.nist.gov/feeds/json/cpematch/1.0/nvdcpematch-1.0.json.gz"
NVDCPEFeedURL = "https://nvd.nist.gov/feeds/json/cpe/1.0/nvdcpe-1.0.json.gz"
NVDCPEDict = "https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz"
NVDCVERecentURL = "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-recent.json.gz"
)
// DefaultNVDFeedOptions 返回默认的NVD Feed下载选项
func DefaultNVDFeedOptions() *NVDFeedOptions {
return &NVDFeedOptions{
CacheDir: filepath.Join(os.TempDir(), "cpe-cache"),
CacheMaxAge: 24,
MaxConcurrentDownloads: 3,
ShowProgress: true,
HTTPClient: &http.Client{Timeout: 60 * time.Second},
}
}
// NVDCPEData NVD CPE数据
type NVDCPEData struct {
// CPE字典
CPEDictionary *CPEDictionary
// CPE与CVE的映射关系
CPEMatchData *CPEMatchData
// 下载时间
DownloadTime time.Time
}
// CPEMatchData CPE与CVE的映射关系
type CPEMatchData struct {
// CVE到影响的CPE映射
CVEToCPEs map[string][]string
// CPE到相关CVE的映射
CPEToCVEs map[string][]string
}
// DownloadAndParseCPEDict 下载并解析NVD CPE字典
func DownloadAndParseCPEDict(options *NVDFeedOptions) (*CPEDictionary, error) {
if options == nil {
options = DefaultNVDFeedOptions()
}
// 创建缓存目录
err := os.MkdirAll(options.CacheDir, 0755)
if err != nil {
return nil, fmt.Errorf("failed to create cache directory: %w", err)
}
// 缓存文件路径
cacheFile := filepath.Join(options.CacheDir, "nvdcpe-dictionary.xml")
// 检查缓存是否有效
useCache := false
if fileInfo, err := os.Stat(cacheFile); err == nil {
// 检查缓存是否过期
if time.Since(fileInfo.ModTime()).Hours() < float64(options.CacheMaxAge) {
useCache = true
}
}
var dictFile io.Reader
if useCache {
// 使用缓存
f, err := os.Open(cacheFile)
if err != nil {
return nil, fmt.Errorf("failed to open cache file: %w", err)
}
defer f.Close()
dictFile = f
if options.ShowProgress {
fmt.Println("Using cached CPE dictionary.")
}
} else {
// 下载新的数据
if options.ShowProgress {
fmt.Println("Downloading CPE dictionary from NVD...")
}
resp, err := options.HTTPClient.Get(NVDCPEDict)
if err != nil {
return nil, fmt.Errorf("failed to download CPE dictionary: %w", err)
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("failed to download CPE dictionary, status code: %d", resp.StatusCode)
}
// 解压gzip
gzipReader, err := gzip.NewReader(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to decompress CPE dictionary: %w", err)
}
defer gzipReader.Close()
// 保存到缓存
cacheContent, err := ioutil.ReadAll(gzipReader)
if err != nil {
return nil, fmt.Errorf("failed to read CPE dictionary: %w", err)
}
err = ioutil.WriteFile(cacheFile, cacheContent, 0644)
if err != nil {
return nil, fmt.Errorf("failed to save CPE dictionary to cache: %w", err)
}
dictFile = strings.NewReader(string(cacheContent))
}
// 解析字典
dict, err := ParseDictionary(dictFile)
if err != nil {
return nil, fmt.Errorf("failed to parse CPE dictionary: %w", err)
}
return dict, nil
}
// DownloadAndParseCPEMatch 下载并解析NVD CPE Match数据
func DownloadAndParseCPEMatch(options *NVDFeedOptions) (*CPEMatchData, error) {
if options == nil {
options = DefaultNVDFeedOptions()
}
// 创建缓存目录
err := os.MkdirAll(options.CacheDir, 0755)
if err != nil {
return nil, fmt.Errorf("failed to create cache directory: %w", err)
}
// 缓存文件路径
cacheFile := filepath.Join(options.CacheDir, "nvdcpematch.json")
// 检查缓存是否有效
useCache := false
if fileInfo, err := os.Stat(cacheFile); err == nil {
// 检查缓存是否过期
if time.Since(fileInfo.ModTime()).Hours() < float64(options.CacheMaxAge) {
useCache = true
}
}
var matchFile []byte
if useCache {
// 使用缓存
var err error
matchFile, err = ioutil.ReadFile(cacheFile)
if err != nil {
return nil, fmt.Errorf("failed to read cache file: %w", err)
}
if options.ShowProgress {
fmt.Println("Using cached CPE match data.")
}
} else {
// 下载新的数据
if options.ShowProgress {
fmt.Println("Downloading CPE match data from NVD...")
}
resp, err := options.HTTPClient.Get(NVDCPEMatch)
if err != nil {
return nil, fmt.Errorf("failed to download CPE match data: %w", err)
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("failed to download CPE match data, status code: %d", resp.StatusCode)
}
// 解压gzip
gzipReader, err := gzip.NewReader(resp.Body)
if err != nil {
return nil, fmt.Errorf("failed to decompress CPE match data: %w", err)
}
defer gzipReader.Close()
// 读取内容
matchFile, err = ioutil.ReadAll(gzipReader)
if err != nil {
return nil, fmt.Errorf("failed to read CPE match data: %w", err)
}
// 保存到缓存
err = ioutil.WriteFile(cacheFile, matchFile, 0644)
if err != nil {
return nil, fmt.Errorf("failed to save CPE match data to cache: %w", err)
}
}
// 解析CPE Match数据
type CPEMatch struct {
CPEName string `json:"cpe23Uri"`
CVEs []string `json:"cveNames"`
}
type CPEMatchRoot struct {
Matches []CPEMatch `json:"matches"`
}
var root CPEMatchRoot
err = json.Unmarshal(matchFile, &root)
if err != nil {
return nil, fmt.Errorf("failed to parse CPE match data: %w", err)
}
// 构建映射关系
result := &CPEMatchData{
CVEToCPEs: make(map[string][]string),
CPEToCVEs: make(map[string][]string),
}
for _, match := range root.Matches {
// CPE到CVE的映射
result.CPEToCVEs[match.CPEName] = match.CVEs
// CVE到CPE的映射
for _, cve := range match.CVEs {
if _, ok := result.CVEToCPEs[cve]; !ok {
result.CVEToCPEs[cve] = make([]string, 0)
}
result.CVEToCPEs[cve] = append(result.CVEToCPEs[cve], match.CPEName)
}
}
return result, nil
}
// DownloadAllNVDData 下载所有NVD数据
func DownloadAllNVDData(options *NVDFeedOptions) (*NVDCPEData, error) {
if options == nil {
options = DefaultNVDFeedOptions()
}
// 并发下载字典和匹配数据
var wg sync.WaitGroup
var dict *CPEDictionary
var match *CPEMatchData
var dictErr, matchErr error
wg.Add(2)
// 下载字典
go func() {
defer wg.Done()
dict, dictErr = DownloadAndParseCPEDict(options)
}()
// 下载匹配数据
go func() {
defer wg.Done()
match, matchErr = DownloadAndParseCPEMatch(options)
}()
wg.Wait()
// 检查错误
if dictErr != nil {
return nil, fmt.Errorf("failed to download CPE dictionary: %w", dictErr)
}
if matchErr != nil {
return nil, fmt.Errorf("failed to download CPE match data: %w", matchErr)
}
return &NVDCPEData{
CPEDictionary: dict,
CPEMatchData: match,
DownloadTime: time.Now(),
}, nil
}
// FindCVEsForCPE 查找与特定CPE相关的所有CVE
func (data *NVDCPEData) FindCVEsForCPE(cpe *CPE) []string {
if data == nil || data.CPEMatchData == nil {
return nil
}
// 获取CPE字符串
cpeStr := cpe.Cpe23
// 查找精确匹配
if cves, ok := data.CPEMatchData.CPEToCVEs[cpeStr]; ok {
return cves
}
// 查找宽松匹配
var results []string
for cpeName, cves := range data.CPEMatchData.CPEToCVEs {
// 解析CPE字符串
otherCpe, err := ParseCpe23(cpeName)
if err != nil {
continue
}
// 使用宽松匹配
options := NewAdvancedMatchOptions()
options.MatchMode = "distance"
options.ScoreThreshold = 0.8 // 要求80%匹配度
if AdvancedMatchCPE(cpe, otherCpe, options) {
// 添加匹配的CVE
for _, cve := range cves {
// 检查是否已存在
found := false
for _, existingCVE := range results {
if existingCVE == cve {
found = true
break
}
}
if !found {
results = append(results, cve)
}
}
}
}
return results
}
// FindCPEsForCVE 查找与特定CVE相关的所有CPE
func (data *NVDCPEData) FindCPEsForCVE(cveID string) []*CPE {
if data == nil || data.CPEMatchData == nil {
return nil
}
// 标准化CVE ID
cveID = standardizeCVEID(cveID)
// 获取CPE字符串列表
cpeStrs, ok := data.CPEMatchData.CVEToCPEs[cveID]
if !ok {
return nil
}
// 解析CPE字符串
var results []*CPE
for _, cpeStr := range cpeStrs {
cpe, err := ParseCpe23(cpeStr)
if err != nil {
continue
}
// 设置CVE ID
cpe.Cve = cveID
results = append(results, cpe)
}
return results
}
// EnrichCPEWithVulnerabilityData 使用NVD数据丰富CPE信息
func (data *NVDCPEData) EnrichCPEWithVulnerabilityData(cpe *CPE) {
if data == nil || cpe == nil {
return
}
// 查找相关的CVE
cves := data.FindCVEsForCPE(cpe)
if len(cves) > 0 {
// 设置第一个CVE
cpe.Cve = cves[0]
}
}