Documentation ¶
Overview ¶
Package cveapi contains functionalty related to submtiting Xen Security Advisories to cve.org.
This consists *both* of a partial implementation of the cveapi protocol in Go, *and* of code to marshall parsed XSA structures from the parseadvisory packages and xsagit into the required cveapi structures. Arguably this should be two separate packages.
Index ¶
- Constants
- type Affected
- type CnaContainer
- type Connection
- func (conn Connection) HealthCheck() error
- func (conn Connection) PutCveCna(cveid string, cve CnaContainer) (PutCnaResponse, error)
- func (conn Connection) Reserve(year int, amount int, random bool) ([]string, error)
- func (conn Connection) ReserveRaw(year int, amount int, random bool) (ReserveResp, error)
- type Credit
- type Description
- type Impact
- type ProviderMetadata
- type PutCnaResponse
- type Reference
- type ReserveResp
- type RespWrapper
- type URL
- type Version
Constants ¶
const ( EnvUser = "CVE_USER" EnvOrg = "CVE_ORG" EnvAPIKey = "CVE_API_KEY" EnvAPIEnv = "CVE_ENVIRONMENT" EnvOrgUUID = "CVE_ORG_UUID" )
const ( URLProd = URL(`https://cveawg.mitre.org/api/`) URLDev = URL(`https://cveawg-dev.mitre.org/api/`) URLTest = URL(`https://cveawg-test.mitre.org/api/`) )
const ( CVEStateReserved = "RESERVED" CVEStatePublished = "PUBLISHED" CVEStateRejected = "REJECTED" )
const ( ErrRecordExists = "CVE_RECORD_EXISTS" ErrRecordDoesNotExist = "CVE_RECORD_DNE" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CnaContainer ¶
type CnaContainer struct { Title string `json:"title"` DatePublic time.Time `json:"datePublic"` Descriptions []Description `json:"descriptions"` Impacts []Impact `json:"impacts"` Affected []Affected `json:"affected,omitempty"` Configurations []Description `json:"configurations,omitempty"` Workarounds []Description `json:"workarounds,omitempty"` Credits []Credit `json:"credits,omitempty"` References []Reference `json:"references"` }
func NewCnaContainer ¶
func NewCnaContainer(Xsa xsagit.XsaInfo) (CnaContainer, []error)
NewCnaContainer takes an XsaInfo and fills out a CnaContainer struct, suitable to being submitted to cve.org. If State is not XsaStatePublic, nothing will be filled out and an error will be returned in the array of errors. Otherwise, errors will be propagated from the advisory errors.
type Connection ¶
func NewConnectionFromEnv ¶
func NewConnectionFromEnv() (*Connection, error)
NewConnectionFromEnv attempts to get connection information from the environment variables EnvUser, EnvOrg, EnvAPIKey, and EnvAPIEnv. If any of the first three are empty, it will return an error. If the last one is `test` or `prod`, the appropriate URL value will be set; otherwise, an error will be returned.
func (Connection) HealthCheck ¶
func (conn Connection) HealthCheck() error
HealthCheck GETs the `health-check` path; it's a "ping" to ensure that the API is up and your credentials are sane
func (Connection) PutCveCna ¶
func (conn Connection) PutCveCna(cveid string, cve CnaContainer) (PutCnaResponse, error)
PutCveCna will submit the given CnaContianer as content for the given cveid. Only transport errors will result in the error value being non-nil; protocol errors will result in the Error value being non-nil.
func (Connection) Reserve ¶
Reserve makes a reservation request using ReserveRaw, but then marshals the results in a more friendly-to-use manner, collecting the cve-ids into a single array, and putting protocol errors into the error structrue. Callers needing further information from the response (such as CveYear, OwningCna, and so on) should use ReserveResp instead.
func (Connection) ReserveRaw ¶
func (conn Connection) ReserveRaw(year int, amount int, random bool) (ReserveResp, error)
ReserveRaw makes a reservation request (POST-ing to `cve-id`) with the listed parameters, and returns a strure with the full response. Only transport errors will result in the error value being non-nil; protocol errors will result in the Error value being non-nil.
Most callers should probably use Reserve instead.
type Credit ¶
type Credit struct { Lang string `json:"lang"` Type string `json:"type"` Value string `json:"value"` }
func CreditFromLines ¶
CreditFromLines generates a Credit structure from the content of the CREDITS section, by setting the language to `en` and the type to `finder`.
type Description ¶
func CveDescription ¶
func CveDescription(a parseadvisory.Advisory) Description
CveDescription returns a suitable description for the entire Cve. In this an optional explanatory note in addition to the ISSUE DESCRIPTION section
func DescriptionFromLines ¶
func DescriptionFromLines(ls []string) Description
type Impact ¶
type Impact struct {
Descriptions []Description `json:"descriptions"`
}
type ProviderMetadata ¶
type ProviderMetadata struct {
OrgID string `json:"orgId"`
}
type PutCnaResponse ¶
type ReserveResp ¶
type ReserveResp struct { CveIds []struct { CveID string `json:"cve_id"` CveYear string `json:"cve_year"` OwningCna string `json:"owning_cna"` State string `json:"state"` RequestedBy struct { Cna string User string } `json:"requested_by"` Reserved string } `json:"cve_ids"` Meta *struct { RemainingQuota int `json:"remaining_quota"` } RespWrapper }
type RespWrapper ¶
type RespWrapper struct { Error *string Message *string Details []struct { Msg string Param string Location string } }
RespWrapper is a structure which contains common elements of many api responses; rather than duplicating, this structure can be included without a fieldname to collect these elemetns.