feat(cve/nvd): support CVSS v4.0 (#1979)

* feat(cve/nvd): support CVSS v4.0 * fix(ci/build/windows): use libc v1.52.1
2024-07-04 13:39:16 +09:00
parent d8173cdd42
commit a76302c111
5 changed files with 49 additions and 21 deletions
--- a/models/utils.go
+++ b/models/utils.go
@@ -119,19 +119,29 @@ func ConvertNvdToModel(cveID string, nvds []cvedict.Nvd) ([]CveContent, []Exploi
 			c.Cvss3Severity = cvss3.BaseSeverity
 			m[cvss3.Source] = c
 		}
+		for _, cvss40 := range nvd.Cvss40 {
+			c := m[cvss40.Source]
+			c.Cvss40Score = cvss40.BaseScore
+			c.Cvss40Vector = cvss40.VectorString
+			c.Cvss40Severity = cvss40.BaseSeverity
+			m[cvss40.Source] = c
+		}

 		for source, cont := range m {
 			cves = append(cves, CveContent{
-				Type:          Nvd,
-				CveID:         cveID,
-				Summary:       strings.Join(desc, "\n"),
-				Cvss2Score:    cont.Cvss2Score,
-				Cvss2Vector:   cont.Cvss2Vector,
-				Cvss2Severity: cont.Cvss2Severity,
-				Cvss3Score:    cont.Cvss3Score,
-				Cvss3Vector:   cont.Cvss3Vector,
-				Cvss3Severity: cont.Cvss3Severity,
-				SourceLink:    fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", cveID),
+				Type:           Nvd,
+				CveID:          cveID,
+				Summary:        strings.Join(desc, "\n"),
+				Cvss2Score:     cont.Cvss2Score,
+				Cvss2Vector:    cont.Cvss2Vector,
+				Cvss2Severity:  cont.Cvss2Severity,
+				Cvss3Score:     cont.Cvss3Score,
+				Cvss3Vector:    cont.Cvss3Vector,
+				Cvss3Severity:  cont.Cvss3Severity,
+				Cvss40Score:    cont.Cvss40Score,
+				Cvss40Vector:   cont.Cvss40Vector,
+				Cvss40Severity: cont.Cvss40Severity,
+				SourceLink:     fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", cveID),
 				// Cpes:          cpes,
 				CweIDs:       cont.CweIDs,
 				References:   refs,