feat!(models): add vulncheck kev (#2014)

README.md

@@ -90,8 +90,9 @@ Vuls is a tool created to solve the problems listed above. It has the following
  - [US-CERT](https://www.us-cert.gov/ncas/alerts)
  - [JPCERT](http://www.jpcert.or.jp/at/2019.html)
 
-- CISA(Cybersecurity & Infrastructure Security Agency)
- - [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
+- KEV
+ - CISA(Cybersecurity & Infrastructure Security Agency): [Known Exploited Vulnerabilities Catalog](https://www.cisa.gov/known-exploited-vulnerabilities-catalog)
+ - VulnCheck: [VulnCheck KEV](https://vulncheck.com/kev)
 
 - Cyber Threat Intelligence(MITRE ATT&CK and CAPEC)
  - [mitre/cti](https://github.com/mitre/cti)

detector/kevuln.go

@@ -17,7 +17,6 @@ import (
  "github.com/future-architect/vuls/models"
  "github.com/future-architect/vuls/util"
  kevulndb "github.com/vulsio/go-kev/db"
- kevulnmodels "github.com/vulsio/go-kev/models"
  kevulnlog "github.com/vulsio/go-kev/utils"
 )
 
@@ -74,23 +73,78 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging
  return err
  }
  for _, res := range responses {
- kevulns := []kevulnmodels.KEVuln{}
- if err := json.Unmarshal([]byte(res.json), &kevulns); err != nil {
+ var kev kevulndb.Response
+ if err := json.Unmarshal([]byte(res.json), &kev); err != nil {
  return err
  }
 
- alerts := []models.Alert{}
- if len(kevulns) > 0 {
- alerts = append(alerts, models.Alert{
- Title: "Known Exploited Vulnerabilities Catalog",
- URL: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
- Team: "cisa",
- })
- }
+ kevs := func() []models.KEV {
+ ks := make([]models.KEV, 0, len(kev.CISA)+len(kev.VulnCheck))
+ for _, k := range kev.CISA {
+ ks = append(ks, models.KEV{
+ Type: models.CISAKEVType,
+ VendorProject: k.VendorProject,
+ Product: k.Product,
+ VulnerabilityName: k.VulnerabilityName,
+ ShortDescription: k.ShortDescription,
+ RequiredAction: k.RequiredAction,
+ KnownRansomwareCampaignUse: k.KnownRansomwareCampaignUse,
+ DateAdded: k.DateAdded,
+ DueDate: func() *time.Time {
+ if k.DueDate == time.Date(1000, time.January, 1, 0, 0, 0, 0, time.UTC) {
+ return nil
+ }
+ return &k.DueDate
+ }(),
+ CISA: &models.CISAKEV{
+ Note: k.Notes,
+ },
+ })
+ }
+ for _, k := range kev.VulnCheck {
+ ks = append(ks, models.KEV{
+ Type: models.VulnCheckKEVType,
+ VendorProject: k.VendorProject,
+ Product: k.Product,
+ VulnerabilityName: k.Name,
+ ShortDescription: k.Description,
+ RequiredAction: k.RequiredAction,
+ KnownRansomwareCampaignUse: k.KnownRansomwareCampaignUse,
+ DateAdded: k.DateAdded,
+ DueDate: k.DueDate,
+ VulnCheck: &models.VulnCheckKEV{
+ XDB: func() []models.VulnCheckXDB {
+ xdb := make([]models.VulnCheckXDB, 0, len(k.VulnCheckXDB))
+ for _, x := range k.VulnCheckXDB {
+ xdb = append(xdb, models.VulnCheckXDB{
+ XDBID: x.XDBID,
+ XDBURL: x.XDBURL,
+ DateAdded: x.DateAdded,
+ ExploitType: x.ExploitType,
+ CloneSSHURL: x.CloneSSHURL,
+ })
+ }
+ return xdb
+ }(),
+ ReportedExploitation: func() []models.VulnCheckReportedExploitation {
+ es := make([]models.VulnCheckReportedExploitation, 0, len(k.VulnCheckReportedExploitation))
+ for _, e := range k.VulnCheckReportedExploitation {
+ es = append(es, models.VulnCheckReportedExploitation{
+ URL: e.URL,
+ DateAdded: e.DateAdded,
+ })
+ }
+ return es
+ }(),
+ },
+ })
+ }
+ return ks
+ }()
 
  v, ok := r.ScannedCves[res.request.cveID]
  if ok {
- v.AlertDict.CISA = alerts
+ v.KEVs = kevs
  nKEV++
  }
  r.ScannedCves[res.request.cveID] = v
@@ -100,24 +154,78 @@ func FillWithKEVuln(r *models.ScanResult, cnf config.KEVulnConf, logOpts logging
  if cveID == "" {
  continue
  }
- kevulns, err := client.driver.GetKEVulnByCveID(cveID)
+ kev, err := client.driver.GetKEVByCveID(cveID)
  if err != nil {
- return err
+ return xerrors.Errorf("Failed to get kev by %s", cveID)
  }
- if len(kevulns) == 0 {
+ if len(kev.CISA) == 0 && len(kev.VulnCheck) == 0 {
  continue
  }
 
- alerts := []models.Alert{}
- if len(kevulns) > 0 {
- alerts = append(alerts, models.Alert{
- Title: "Known Exploited Vulnerabilities Catalog",
- URL: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
- Team: "cisa",
- })
- }
+ vuln.KEVs = func() []models.KEV {
+ ks := make([]models.KEV, 0, len(kev.CISA)+len(kev.VulnCheck))
+ for _, k := range kev.CISA {
+ ks = append(ks, models.KEV{
+ Type: models.CISAKEVType,
+ VendorProject: k.VendorProject,
+ Product: k.Product,
+ VulnerabilityName: k.VulnerabilityName,
+ ShortDescription: k.ShortDescription,
+ RequiredAction: k.RequiredAction,
+ KnownRansomwareCampaignUse: k.KnownRansomwareCampaignUse,
+ DateAdded: k.DateAdded,
+ DueDate: func() *time.Time {
+ if k.DueDate == time.Date(1000, time.January, 1, 0, 0, 0, 0, time.UTC) {
+ return nil
+ }
+ return &k.DueDate
+ }(),
+ CISA: &models.CISAKEV{
+ Note: k.Notes,
+ },
+ })
+ }
+ for _, k := range kev.VulnCheck {
+ ks = append(ks, models.KEV{
+ Type: models.VulnCheckKEVType,
+ VendorProject: k.VendorProject,
+ Product: k.Product,
+ VulnerabilityName: k.Name,
+ ShortDescription: k.Description,
+ RequiredAction: k.RequiredAction,
+ KnownRansomwareCampaignUse: k.KnownRansomwareCampaignUse,
+ DateAdded: k.DateAdded,
+ DueDate: k.DueDate,
+ VulnCheck: &models.VulnCheckKEV{
+ XDB: func() []models.VulnCheckXDB {
+ xdb := make([]models.VulnCheckXDB, 0, len(k.VulnCheckXDB))
+ for _, x := range k.VulnCheckXDB {
+ xdb = append(xdb, models.VulnCheckXDB{
+ XDBID: x.XDBID,
+ XDBURL: x.XDBURL,
+ DateAdded: x.DateAdded,
+ ExploitType: x.ExploitType,
+ CloneSSHURL: x.CloneSSHURL,
+ })
+ }
+ return xdb
+ }(),
+ ReportedExploitation: func() []models.VulnCheckReportedExploitation {
+ es := make([]models.VulnCheckReportedExploitation, 0, len(k.VulnCheckReportedExploitation))
+ for _, e := range k.VulnCheckReportedExploitation {
+ es = append(es, models.VulnCheckReportedExploitation{
+ URL: e.URL,
+ DateAdded: e.DateAdded,
+ })
+ }
+ return es
+ }(),
+ },
+ })
+ }
+ return ks
+ }()
 
- vuln.AlertDict.CISA = alerts
  nKEV++
  r.ScannedCves[cveID] = vuln
  }

go.mod

@@ -53,16 +53,16 @@ require (
  github.com/vulsio/go-cti v0.0.5-0.20240318121747-822b3ef289cb
  github.com/vulsio/go-cve-dictionary v0.10.2-0.20240703055211-dbc168152e90
  github.com/vulsio/go-exploitdb v0.4.7-0.20240318122115-ccb3abc151a1
- github.com/vulsio/go-kev v0.1.4-0.20240318121733-b3386e67d3fb
+ github.com/vulsio/go-kev v0.1.4-0.20240830055848-169d68089b5c
  github.com/vulsio/go-msfdb v0.2.4-0.20240318121704-8bfc812656dc
  github.com/vulsio/gost v0.4.6-0.20240501065222-d47d2e716bfa
  github.com/vulsio/goval-dictionary v0.9.6-0.20240625074017-1da5dfb8b28a
  go.etcd.io/bbolt v1.3.11
- golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8
+ golang.org/x/exp v0.0.0-20240823005443-9b4947da3948
  golang.org/x/oauth2 v0.22.0
  golang.org/x/sync v0.8.0
  golang.org/x/text v0.17.0
- golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
+ golang.org/x/xerrors v0.0.0-20240716161551-93cc26a95ae9
 )
 
 require (
@@ -259,7 +259,7 @@ require (
  github.com/masahiro331/go-xfs-filesystem v0.0.0-20230608043311-a335f4599b70 // indirect
  github.com/mattn/go-colorable v0.1.13 // indirect
  github.com/mattn/go-isatty v0.0.20 // indirect
- github.com/mattn/go-runewidth v0.0.15 // indirect
+ github.com/mattn/go-runewidth v0.0.16 // indirect
  github.com/mattn/go-shellwords v1.0.12 // indirect
  github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
  github.com/microsoft/go-rustaudit v0.0.0-20220808201409-204dfee52032 // indirect
@@ -291,7 +291,7 @@ require (
  github.com/openvex/discovery v0.1.0 // indirect
  github.com/openvex/go-vex v0.2.5 // indirect
  github.com/owenrumney/squealer v1.2.3 // indirect
- github.com/pelletier/go-toml/v2 v2.2.2 // indirect
+ github.com/pelletier/go-toml/v2 v2.2.3 // indirect
  github.com/peterbourgon/diskv v2.0.1+incompatible // indirect
  github.com/pjbgf/sha1cd v0.3.0 // indirect
  github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
@@ -322,7 +322,7 @@ require (
  github.com/sourcegraph/conc v0.3.0 // indirect
  github.com/spdx/tools-golang v0.5.5 // indirect
  github.com/spf13/afero v1.11.0 // indirect
- github.com/spf13/cast v1.6.0 // indirect
+ github.com/spf13/cast v1.7.0 // indirect
  github.com/spf13/pflag v1.0.5 // indirect
  github.com/spf13/viper v1.19.0 // indirect
  github.com/stretchr/objx v0.5.2 // indirect
@@ -357,13 +357,13 @@ require (
  go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
  go.uber.org/multierr v1.11.0 // indirect
  go.uber.org/zap v1.27.0 // indirect
- golang.org/x/crypto v0.25.0 // indirect
- golang.org/x/mod v0.19.0 // indirect
- golang.org/x/net v0.27.0 // indirect
- golang.org/x/sys v0.22.0 // indirect
- golang.org/x/term v0.22.0 // indirect
- golang.org/x/time v0.5.0 // indirect
- golang.org/x/tools v0.23.0 // indirect
+ golang.org/x/crypto v0.26.0 // indirect
+ golang.org/x/mod v0.20.0 // indirect
+ golang.org/x/net v0.28.0 // indirect
+ golang.org/x/sys v0.24.0 // indirect
+ golang.org/x/term v0.23.0 // indirect
+ golang.org/x/time v0.6.0 // indirect
+ golang.org/x/tools v0.24.0 // indirect
  google.golang.org/api v0.172.0 // indirect
  google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 // indirect
  google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5 // indirect
@@ -378,7 +378,7 @@ require (
  gopkg.in/yaml.v3 v3.0.1 // indirect
  gorm.io/driver/mysql v1.5.7 // indirect
  gorm.io/driver/postgres v1.5.9 // indirect
- gorm.io/gorm v1.25.10 // indirect
+ gorm.io/gorm v1.25.11 // indirect
  gotest.tools/v3 v3.5.0 // indirect
  helm.sh/helm/v3 v3.15.3 // indirect
  k8s.io/api v0.30.3 // indirect
@@ -392,10 +392,10 @@ require (
  k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
  k8s.io/kubectl v0.30.1 // indirect
  k8s.io/utils v0.0.0-20231127182322-b307cd553661 // indirect
- modernc.org/libc v1.55.3 // indirect
+ modernc.org/libc v1.60.0 // indirect
  modernc.org/mathutil v1.6.0 // indirect
  modernc.org/memory v1.8.0 // indirect
- modernc.org/sqlite v1.31.1 // indirect
+ modernc.org/sqlite v1.32.0 // indirect
  mvdan.cc/sh/v3 v3.8.0 // indirect
  oras.land/oras-go v1.2.5 // indirect
  sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect