diff --git a/go.mod b/go.mod index 2306a968..2e09ef5c 100644 --- a/go.mod +++ b/go.mod @@ -44,7 +44,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.8.0 github.com/vulsio/go-cti v0.0.5-0.20231017103759-59e022ddcd0e - github.com/vulsio/go-cve-dictionary v0.10.0 + github.com/vulsio/go-cve-dictionary v0.10.1-0.20231208101928-9dd0d2707ae5 github.com/vulsio/go-exploitdb v0.4.7-0.20231017104626-201191637c48 github.com/vulsio/go-kev v0.1.4-0.20231017105707-8a9a218d280a github.com/vulsio/go-msfdb v0.2.4-0.20231017104449-b705e6975831 diff --git a/go.sum b/go.sum index 058c06d6..e272f0f4 100644 --- a/go.sum +++ b/go.sum @@ -776,8 +776,8 @@ github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/X github.com/vbatts/tar-split v0.11.2 h1:Via6XqJr0hceW4wff3QRzD5gAk/tatMw/4ZA7cTlIME= github.com/vulsio/go-cti v0.0.5-0.20231017103759-59e022ddcd0e h1:UicE8zdH+TSTFeULX4jwYJgspK9ptMQX5zqdBsYsaPI= github.com/vulsio/go-cti v0.0.5-0.20231017103759-59e022ddcd0e/go.mod h1:A7G6SEdN1vChE56Auq8bw/XilEcumqxx2lb3cH8lCdQ= -github.com/vulsio/go-cve-dictionary v0.10.0 h1:1lE1qoVy7UmFInftMfLWL/hQoWIcs9rnx+zILN5AvR4= -github.com/vulsio/go-cve-dictionary v0.10.0/go.mod h1:ZY5Q+7ADz1RU0Wu7Q491+70+ZBuc4VN64xkvZFNPYuc= +github.com/vulsio/go-cve-dictionary v0.10.1-0.20231208101928-9dd0d2707ae5 h1:8iIJwVDVUTzkXW+7cVTjeLmtgQETYYIA4w4qsKS8WTs= +github.com/vulsio/go-cve-dictionary v0.10.1-0.20231208101928-9dd0d2707ae5/go.mod h1:ZY5Q+7ADz1RU0Wu7Q491+70+ZBuc4VN64xkvZFNPYuc= github.com/vulsio/go-exploitdb v0.4.7-0.20231017104626-201191637c48 h1:iT6/EfbOF0lEkCxKZEV9b0yAz1XIELTY1Y50gXyLVJ4= github.com/vulsio/go-exploitdb v0.4.7-0.20231017104626-201191637c48/go.mod h1:a8XVcfjrkHcbVCGxL6fo1KsgpShXNA5fxxjfpv+zGt8= github.com/vulsio/go-kev v0.1.4-0.20231017105707-8a9a218d280a h1:pdV8P4krLPt2xxbeDoUBDYjhA2OrPceNY1WVmc9Yz0E= diff --git a/models/utils.go b/models/utils.go index d62fc260..9a4eb105 100644 --- a/models/utils.go +++ b/models/utils.go @@ -93,46 +93,50 @@ func ConvertNvdToModel(cveID string, nvds []cvedict.Nvd) ([]CveContent, []Exploi } } - cweIDs := []string{} - for _, cid := range nvd.Cwes { - cweIDs = append(cweIDs, cid.CweID) - } - desc := []string{} for _, d := range nvd.Descriptions { desc = append(desc, d.Value) } + m := map[string]CveContent{} + for _, cwe := range nvd.Cwes { + c := m[cwe.Source] + c.CweIDs = append(c.CweIDs, cwe.CweID) + m[cwe.Source] = c + } for _, cvss2 := range nvd.Cvss2 { - cves = append(cves, CveContent{ - Type: Nvd, - CveID: cveID, - Summary: strings.Join(desc, "\n"), - Cvss2Score: cvss2.BaseScore, - Cvss2Vector: cvss2.VectorString, - Cvss2Severity: cvss2.Severity, - SourceLink: fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", cveID), - // Cpes: cpes, - CweIDs: cweIDs, - References: refs, - Published: nvd.PublishedDate, - LastModified: nvd.LastModifiedDate, - }) + c := m[cvss2.Source] + c.Cvss2Score = cvss2.BaseScore + c.Cvss2Vector = cvss2.VectorString + c.Cvss2Severity = cvss2.Severity + m[cvss2.Source] = c } for _, cvss3 := range nvd.Cvss3 { + c := m[cvss3.Source] + c.Cvss3Score = cvss3.BaseScore + c.Cvss3Vector = cvss3.VectorString + c.Cvss3Severity = cvss3.BaseSeverity + m[cvss3.Source] = c + } + + for source, cont := range m { cves = append(cves, CveContent{ Type: Nvd, CveID: cveID, Summary: strings.Join(desc, "\n"), - Cvss3Score: cvss3.BaseScore, - Cvss3Vector: cvss3.VectorString, - Cvss3Severity: cvss3.BaseSeverity, + Cvss2Score: cont.Cvss2Score, + Cvss2Vector: cont.Cvss2Vector, + Cvss2Severity: cont.Cvss2Severity, + Cvss3Score: cont.Cvss3Score, + Cvss3Vector: cont.Cvss3Vector, + Cvss3Severity: cont.Cvss3Severity, SourceLink: fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", cveID), // Cpes: cpes, - CweIDs: cweIDs, + CweIDs: cont.CweIDs, References: refs, Published: nvd.PublishedDate, LastModified: nvd.LastModifiedDate, + Optional: map[string]string{"source": source}, }) } }