breaking-change(db): separate Nvd and Jvn #192

MaineK00n · 2021-07-12T17:41:39Z

What did you implement:

Since Insert and Search are difficult to use, NVD and JVN are separated and managed separately.
It seems that Nvd used to have XML and JSON, but XML was removed by #147.
Therefore, NvdJSON has been changed to Nvd.

And, when obtaining CVE information from CpeURI, the source of CVE information from either NVD or JVN CPE is shown in CveDetail.CveIDSource.

In addition, the following bugs have been fixed by reviewing the DB design.
Fixes #116

This needs to be fixed in Vuls as well.
fix PR: future-architect/vuls#1277

NOTE

In this PR, we are changing the architecture of Redis. Specifically, we have changed Hash to Set. The keys will not be the same, so errors are unlikely to occur, but it is safe to rebuild the DB.
In particular, if you get the following error message, you will need to rebuild the DB.

WRONGTYPE Operation against a key holding the wrong kind of value"

// delete all old hash key
$ redis-cli keys "CVE#*" | xargs redis-cli del

This PR will change the schema of the RDB.
Therefore, if you try to open the old DB with the new go-cve-dictionary binary, you will get the following error message. In this case, please fetch the new DB with the new go-cve-dictionary.

INFO[07-15|09:43:14] Initialize Database
EROR[07-15|09:43:14] Failed to NewDB. Since SchemaVersion is incompatible, delete Database and fetch again
Failed to NewDB. Since SchemaVersion is incompatible, delete Database and fetch again.

Type of change

Bug fix (non-breaking change which fixes an issue)
Breaking change (fix or feature that would cause existing functionality to not work as expected)

How Has This Been Tested?

Verify that the output between RDB and Redis using server mode in the new binary is equal.

$ make clean-integration && make build-integration
$ make fetch-rdb && make fetch-redis
$ make diff-server-rdb-redis

Fixed a bug where CVE-IDs were conflicting and data was missing.
In upstream/master: RDB, only the one with "JvnID": "JVNDB-2020-004959" is displayed, and in upstream/master: Redis, only the one with "JvnID": "JVNDB-2020-004960" is displayed. These are conflicting with CVE-2020-11539, so up to now only the first Insert data was saved in RDB, and only the last Set data was saved in Redis.
If PR is looked at, it can be seen that both "JvnID": "JVNDB-2020-004959" and "JvnID": "JVNDB-2020-004960" can be obtained.

// common
$ go-cve-dictionary fetchnvd -last2y
$ go-cve-dictionary fetchjvn -last2y

// upstream/master: RDB
$ curl http://127.0.0.1:1323/cves/CVE-2020-11539 | jq
{
  "CveID": "CVE-2020-11539",
  "NvdJSON": {
    "CveID": "CVE-2020-11539",
    "Descriptions": [
      {
        "Lang": "en",
        "Value": "An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device."
      }
    ],
    "Cvss2": {
      "VectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
      "AccessVector": "ADJACENT_NETWORK",
      "AccessComplexity": "LOW",
      "Authentication": "NONE",
      "ConfidentialityImpact": "PARTIAL",
      "IntegrityImpact": "PARTIAL",
      "AvailabilityImpact": "NONE",
      "BaseScore": 4.8,
      "Severity": "MEDIUM",
      "ExploitabilityScore": 6.5,
      "ImpactScore": 4.9,
      "ObtainAllPrivilege": false,
      "ObtainUserPrivilege": false,
      "ObtainOtherPrivilege": false,
      "UserInteractionRequired": false
    },
    "Cvss3": {
      "VectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "AttackVector": "ADJACENT_NETWORK",
      "AttackComplexity": "LOW",
      "PrivilegesRequired": "NONE",
      "UserInteraction": "NONE",
      "Scope": "UNCHANGED",
      "ConfidentialityImpact": "HIGH",
      "IntegrityImpact": "HIGH",
      "AvailabilityImpact": "NONE",
      "BaseScore": 8.1,
      "BaseSeverity": "HIGH",
      "ExploitabilityScore": 2.8,
      "ImpactScore": 5.2
    },
    "Cwes": [
      {
        "CweID": "CWE-347"
      },
      {
        "CweID": "CWE-306"
      },
      {
        "CweID": "CWE-319"
      }
    ],
    "Cpes": [
      {
        "URI": "cpe:/o:titan:sf_rush_smart_band_firmware:1.12",
        "FormattedString": "cpe:2.3:o:titan:sf_rush_smart_band_firmware:1.12:*:*:*:*:*:*:*",
        "WellFormedName": "wfn:[part=\"o\", vendor=\"titan\", product=\"sf_rush_smart_band_firmware\", version=\"1\\.12\", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
        "Part": "o",
        "Vendor": "titan",
        "Product": "sf_rush_smart_band_firmware",
        "Version": "1\\.12",
        "Update": "ANY",
        "Edition": "ANY",
        "Language": "ANY",
        "SoftwareEdition": "ANY",
        "TargetSW": "ANY",
        "TargetHW": "ANY",
        "Other": "ANY",
        "VersionStartExcluding": "",
        "VersionStartIncluding": "",
        "VersionEndExcluding": "",
        "VersionEndIncluding": "",
        "EnvCpes": []
      }
    ],
    "Affects": [],
    "References": [
      {
        "Link": "https://medium.com/@sayliambure/hacking-a-5-smartband-824763ab6e8f",
        "Source": "MISC",
        "Tags": "Exploit,Third Party Advisory",
        "Name": "https://medium.com/@sayliambure/hacking-a-5-smartband-824763ab6e8f"
      },
      {
        "Link": "https://github.com/the-girl-who-lived/CVE-2020-11539/",
        "Source": "MISC",
        "Tags": "Exploit,Third Party Advisory",
        "Name": "https://github.com/the-girl-who-lived/CVE-2020-11539/"
      }
    ],
    "Certs": [],
    "PublishedDate": "2020-04-22T14:15:00Z",
    "LastModifiedDate": "2021-07-21T11:39:00Z"
  },
  "Jvn": {
    "CveID": "CVE-2020-11539",
    "Title": "D-Link DIR-615 T1 デバイスにおける過度な認証試行の不適切な制限に関する脆弱性",
    "Summary": "D-Link DIR-615 T1 デバイスには、過度な認証試行の不適切な制限に関する脆弱性が存在します。\n",
    "JvnLink": "https://jvndb.jvn.jp/ja/contents/2020/JVNDB-2020-004959.html",
    "JvnID": "JVNDB-2020-004959",
    "Cvss2": {
      "VectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
      "AccessVector": "NETWORK",
      "AccessComplexity": "LOW",
      "Authentication": "SINGLE",
      "ConfidentialityImpact": "PARTIAL",
      "IntegrityImpact": "NONE",
      "AvailabilityImpact": "NONE",
      "BaseScore": 4,
      "Severity": "Medium"
    },
    "Cvss3": {
      "VectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "AttackVector": "NETWORK",
      "AttackComplexity": "LOW",
      "PrivilegesRequired": "LOW",
      "UserInteraction": "NONE",
      "Scope": "UNCHANGED",
      "ConfidentialityImpact": "HIGH",
      "IntegrityImpact": "HIGH",
      "AvailabilityImpact": "HIGH",
      "BaseScore": 8.8,
      "BaseSeverity": "High",
      "ExploitabilityScore": 0,
      "ImpactScore": 0
    },
    "Cpes": [
      {
        "URI": "cpe:/o:d-link:dir-615_firmware",
        "FormattedString": "cpe:2.3:o:d-link:dir-615_firmware:*:*:*:*:*:*:*:*",
        "WellFormedName": "wfn:[part=\"o\", vendor=\"d\\-link\", product=\"dir\\-615_firmware\", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
        "Part": "o",
        "Vendor": "d\\-link",
        "Product": "dir\\-615_firmware",
        "Version": "ANY",
        "Update": "ANY",
        "Edition": "ANY",
        "Language": "ANY",
        "SoftwareEdition": "ANY",
        "TargetSW": "ANY",
        "TargetHW": "ANY",
        "Other": "ANY",
        "VersionStartExcluding": "",
        "VersionStartIncluding": "",
        "VersionEndExcluding": "",
        "VersionEndIncluding": "",
        "EnvCpes": []
      }
    ],
    "References": [
      {
        "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17525",
        "Source": "CVE",
        "Tags": "",
        "Name": ""
      },
      {
        "Link": "https://nvd.nist.gov/vuln/detail/CVE-2019-17525",
        "Source": "NVD",
        "Tags": "",
        "Name": ""
      },
      {
        "Link": "https://github.com/huzaifahussain98/CVE-2019-17525/",
        "Source": "関連文書",
        "Tags": "",
        "Name": ""
      },
      {
        "Link": "https://cwe.mitre.org/data/definitions/307.html",
        "Source": "",
        "Tags": "",
        "Name": "過度な認証試行の不適切な制限(CWE-307)"
      }
    ],
    "Certs": [],
    "PublishedDate": "2020-06-03T16:30:00+09:00",
    "LastModifiedDate": "2020-06-03T16:30:00+09:00"
  }
}

// upstream/master: Redis
$ curl http://127.0.0.1:1323/cves/CVE-2020-11539 | jq
{
  "CveID": "CVE-2020-11539",
  "NvdJSON": {
    "CveID": "CVE-2020-11539",
    "Descriptions": [
      {
        "Lang": "en",
        "Value": "An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device."
      }
    ],
    "Cvss2": {
      "VectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
      "AccessVector": "ADJACENT_NETWORK",
      "AccessComplexity": "LOW",
      "Authentication": "NONE",
      "ConfidentialityImpact": "PARTIAL",
      "IntegrityImpact": "PARTIAL",
      "AvailabilityImpact": "NONE",
      "BaseScore": 4.8,
      "Severity": "MEDIUM",
      "ExploitabilityScore": 6.5,
      "ImpactScore": 4.9,
      "ObtainAllPrivilege": false,
      "ObtainUserPrivilege": false,
      "ObtainOtherPrivilege": false,
      "UserInteractionRequired": false
    },
    "Cvss3": {
      "VectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "AttackVector": "ADJACENT_NETWORK",
      "AttackComplexity": "LOW",
      "PrivilegesRequired": "NONE",
      "UserInteraction": "NONE",
      "Scope": "UNCHANGED",
      "ConfidentialityImpact": "HIGH",
      "IntegrityImpact": "HIGH",
      "AvailabilityImpact": "NONE",
      "BaseScore": 8.1,
      "BaseSeverity": "HIGH",
      "ExploitabilityScore": 2.8,
      "ImpactScore": 5.2
    },
    "Cwes": [
      {
        "CweID": "CWE-347"
      },
      {
        "CweID": "CWE-306"
      },
      {
        "CweID": "CWE-319"
      }
    ],
    "Cpes": [
      {
        "URI": "cpe:/o:titan:sf_rush_smart_band_firmware:1.12",
        "FormattedString": "cpe:2.3:o:titan:sf_rush_smart_band_firmware:1.12:*:*:*:*:*:*:*",
        "WellFormedName": "wfn:[part=\"o\", vendor=\"titan\", product=\"sf_rush_smart_band_firmware\", version=\"1\\.12\", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
        "Part": "o",
        "Vendor": "titan",
        "Product": "sf_rush_smart_band_firmware",
        "Version": "1\\.12",
        "Update": "ANY",
        "Edition": "ANY",
        "Language": "ANY",
        "SoftwareEdition": "ANY",
        "TargetSW": "ANY",
        "TargetHW": "ANY",
        "Other": "ANY",
        "VersionStartExcluding": "",
        "VersionStartIncluding": "",
        "VersionEndExcluding": "",
        "VersionEndIncluding": "",
        "EnvCpes": []
      }
    ],
    "Affects": [],
    "References": [
      {
        "Link": "https://medium.com/@sayliambure/hacking-a-5-smartband-824763ab6e8f",
        "Source": "MISC",
        "Tags": "Exploit,Third Party Advisory",
        "Name": "https://medium.com/@sayliambure/hacking-a-5-smartband-824763ab6e8f"
      },
      {
        "Link": "https://github.com/the-girl-who-lived/CVE-2020-11539/",
        "Source": "MISC",
        "Tags": "Exploit,Third Party Advisory",
        "Name": "https://github.com/the-girl-who-lived/CVE-2020-11539/"
      }
    ],
    "Certs": [],
    "PublishedDate": "2020-04-22T14:15:00Z",
    "LastModifiedDate": "2021-07-21T11:39:00Z"
  },
  "Jvn": {
    "CveID": "CVE-2020-11539",
    "Title": "Tata Sonata Smart SF Rush デバイスにおけるデータの信頼性についての不十分な検証に関する脆弱性",
    "Summary": "Tata Sonata Smart SF Rush デバイスには、データの信頼性についての不十分な検証に関する脆弱性が存在します。\n",
    "JvnLink": "https://jvndb.jvn.jp/ja/contents/2020/JVNDB-2020-004960.html",
    "JvnID": "JVNDB-2020-004960",
    "Cvss2": {
      "VectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
      "AccessVector": "ADJACENT_NETWORK",
      "AccessComplexity": "LOW",
      "Authentication": "NONE",
      "ConfidentialityImpact": "PARTIAL",
      "IntegrityImpact": "PARTIAL",
      "AvailabilityImpact": "NONE",
      "BaseScore": 4.8,
      "Severity": "Medium"
    },
    "Cvss3": {
      "VectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "AttackVector": "ADJACENT_NETWORK",
      "AttackComplexity": "LOW",
      "PrivilegesRequired": "NONE",
      "UserInteraction": "NONE",
      "Scope": "UNCHANGED",
      "ConfidentialityImpact": "HIGH",
      "IntegrityImpact": "HIGH",
      "AvailabilityImpact": "NONE",
      "BaseScore": 8.1,
      "BaseSeverity": "High",
      "ExploitabilityScore": 0,
      "ImpactScore": 0
    },
    "Cpes": [
      {
        "URI": "cpe:/o:titan:sf_rush_smart_band_firmware",
        "FormattedString": "cpe:2.3:o:titan:sf_rush_smart_band_firmware:*:*:*:*:*:*:*:*",
        "WellFormedName": "wfn:[part=\"o\", vendor=\"titan\", product=\"sf_rush_smart_band_firmware\", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
        "Part": "o",
        "Vendor": "titan",
        "Product": "sf_rush_smart_band_firmware",
        "Version": "ANY",
        "Update": "ANY",
        "Edition": "ANY",
        "Language": "ANY",
        "SoftwareEdition": "ANY",
        "TargetSW": "ANY",
        "TargetHW": "ANY",
        "Other": "ANY",
        "VersionStartExcluding": "",
        "VersionStartIncluding": "",
        "VersionEndExcluding": "",
        "VersionEndIncluding": "",
        "EnvCpes": []
      }
    ],
    "References": [
      {
        "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11539",
        "Source": "CVE",
        "Tags": "",
        "Name": ""
      },
      {
        "Link": "https://nvd.nist.gov/vuln/detail/CVE-2020-11539",
        "Source": "NVD",
        "Tags": "",
        "Name": ""
      },
      {
        "Link": "https://github.com/the-girl-who-lived/CVE-2020-11539/",
        "Source": "関連文書",
        "Tags": "",
        "Name": ""
      },
      {
        "Link": "https://cwe.mitre.org/data/definitions/345.html",
        "Source": "",
        "Tags": "",
        "Name": "データの信頼性についての不十分な検証(CWE-345)"
      }
    ],
    "Certs": [],
    "PublishedDate": "2020-06-03T16:30:00+09:00",
    "LastModifiedDate": "2020-06-03T16:30:00+09:00"
  }
}

// PR: RDB
$ curl http://127.0.0.1:1323/cves/CVE-2020-11539 | jq
{
  "CveID": "CVE-2020-11539",
  "CveIDSource": "",
  "Nvd": [
    {
      "CveID": "CVE-2020-11539",
      "Descriptions": [
        {
          "Lang": "en",
          "Value": "An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device."
        }
      ],
      "Cvss2": {
        "VectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
        "AccessVector": "ADJACENT_NETWORK",
        "AccessComplexity": "LOW",
        "Authentication": "NONE",
        "ConfidentialityImpact": "PARTIAL",
        "IntegrityImpact": "PARTIAL",
        "AvailabilityImpact": "NONE",
        "BaseScore": 4.8,
        "Severity": "MEDIUM",
        "ExploitabilityScore": 6.5,
        "ImpactScore": 4.9,
        "ObtainAllPrivilege": false,
        "ObtainUserPrivilege": false,
        "ObtainOtherPrivilege": false,
        "UserInteractionRequired": false
      },
      "Cvss3": {
        "VectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "AttackVector": "ADJACENT_NETWORK",
        "AttackComplexity": "LOW",
        "PrivilegesRequired": "NONE",
        "UserInteraction": "NONE",
        "Scope": "UNCHANGED",
        "ConfidentialityImpact": "HIGH",
        "IntegrityImpact": "HIGH",
        "AvailabilityImpact": "NONE",
        "BaseScore": 8.1,
        "BaseSeverity": "HIGH",
        "ExploitabilityScore": 2.8,
        "ImpactScore": 5.2
      },
      "Cwes": [
        {
          "CweID": "CWE-347"
        },
        {
          "CweID": "CWE-306"
        },
        {
          "CweID": "CWE-319"
        }
      ],
      "Cpes": [
        {
          "URI": "cpe:/o:titan:sf_rush_smart_band_firmware:1.12",
          "FormattedString": "cpe:2.3:o:titan:sf_rush_smart_band_firmware:1.12:*:*:*:*:*:*:*",
          "WellFormedName": "wfn:[part=\"o\", vendor=\"titan\", product=\"sf_rush_smart_band_firmware\", version=\"1\\.12\", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
          "Part": "o",
          "Vendor": "titan",
          "Product": "sf_rush_smart_band_firmware",
          "Version": "1\\.12",
          "Update": "ANY",
          "Edition": "ANY",
          "Language": "ANY",
          "SoftwareEdition": "ANY",
          "TargetSW": "ANY",
          "TargetHW": "ANY",
          "Other": "ANY",
          "VersionStartExcluding": "",
          "VersionStartIncluding": "",
          "VersionEndExcluding": "",
          "VersionEndIncluding": "",
          "EnvCpes": []
        }
      ],
      "Affects": [],
      "References": [
        {
          "Link": "https://medium.com/@sayliambure/hacking-a-5-smartband-824763ab6e8f",
          "Source": "MISC",
          "Tags": "Exploit,Third Party Advisory",
          "Name": "https://medium.com/@sayliambure/hacking-a-5-smartband-824763ab6e8f"
        },
        {
          "Link": "https://github.com/the-girl-who-lived/CVE-2020-11539/",
          "Source": "MISC",
          "Tags": "Exploit,Third Party Advisory",
          "Name": "https://github.com/the-girl-who-lived/CVE-2020-11539/"
        }
      ],
      "Certs": [],
      "PublishedDate": "2020-04-22T14:15:00Z",
      "LastModifiedDate": "2021-07-21T11:39:00Z"
    }
  ],
  "Jvn": [
    {
      "CveID": "CVE-2020-11539",
      "Title": "D-Link DIR-615 T1 デバイスにおける過度な認証試行の不適切な制限に関する脆弱性",
      "Summary": "D-Link DIR-615 T1 デバイスには、過度な認証試行の不適切な制限に関する脆弱性が存在します。\n",
      "JvnLink": "https://jvndb.jvn.jp/ja/contents/2020/JVNDB-2020-004959.html",
      "JvnID": "JVNDB-2020-004959",
      "Cvss2": {
        "VectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
        "AccessVector": "NETWORK",
        "AccessComplexity": "LOW",
        "Authentication": "SINGLE",
        "ConfidentialityImpact": "PARTIAL",
        "IntegrityImpact": "NONE",
        "AvailabilityImpact": "NONE",
        "BaseScore": 4,
        "Severity": "Medium"
      },
      "Cvss3": {
        "VectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "AttackVector": "NETWORK",
        "AttackComplexity": "LOW",
        "PrivilegesRequired": "LOW",
        "UserInteraction": "NONE",
        "Scope": "UNCHANGED",
        "ConfidentialityImpact": "HIGH",
        "IntegrityImpact": "HIGH",
        "AvailabilityImpact": "HIGH",
        "BaseScore": 8.8,
        "BaseSeverity": "High",
        "ExploitabilityScore": 0,
        "ImpactScore": 0
      },
      "Cpes": [
        {
          "URI": "cpe:/o:d-link:dir-615_firmware",
          "FormattedString": "cpe:2.3:o:d-link:dir-615_firmware:*:*:*:*:*:*:*:*",
          "WellFormedName": "wfn:[part=\"o\", vendor=\"d\\-link\", product=\"dir\\-615_firmware\", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
          "Part": "o",
          "Vendor": "d\\-link",
          "Product": "dir\\-615_firmware",
          "Version": "ANY",
          "Update": "ANY",
          "Edition": "ANY",
          "Language": "ANY",
          "SoftwareEdition": "ANY",
          "TargetSW": "ANY",
          "TargetHW": "ANY",
          "Other": "ANY",
          "VersionStartExcluding": "",
          "VersionStartIncluding": "",
          "VersionEndExcluding": "",
          "VersionEndIncluding": ""
        }
      ],
      "References": [
        {
          "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17525",
          "Source": "CVE",
          "Tags": "",
          "Name": ""
        },
        {
          "Link": "https://nvd.nist.gov/vuln/detail/CVE-2019-17525",
          "Source": "NVD",
          "Tags": "",
          "Name": ""
        },
        {
          "Link": "https://github.com/huzaifahussain98/CVE-2019-17525/",
          "Source": "関連文書",
          "Tags": "",
          "Name": ""
        },
        {
          "Link": "https://cwe.mitre.org/data/definitions/307.html",
          "Source": "",
          "Tags": "",
          "Name": "過度な認証試行の不適切な制限(CWE-307)"
        }
      ],
      "Certs": [],
      "PublishedDate": "2020-06-03T16:30:00+09:00",
      "LastModifiedDate": "2020-06-03T16:30:00+09:00"
    },
    {
      "CveID": "CVE-2020-11539",
      "Title": "Tata Sonata Smart SF Rush デバイスにおけるデータの信頼性についての不十分な検証に関する脆弱性",
      "Summary": "Tata Sonata Smart SF Rush デバイスには、データの信頼性についての不十分な検証に関する脆弱性が存在します。\n",
      "JvnLink": "https://jvndb.jvn.jp/ja/contents/2020/JVNDB-2020-004960.html",
      "JvnID": "JVNDB-2020-004960",
      "Cvss2": {
        "VectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
        "AccessVector": "ADJACENT_NETWORK",
        "AccessComplexity": "LOW",
        "Authentication": "NONE",
        "ConfidentialityImpact": "PARTIAL",
        "IntegrityImpact": "PARTIAL",
        "AvailabilityImpact": "NONE",
        "BaseScore": 4.8,
        "Severity": "Medium"
      },
      "Cvss3": {
        "VectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "AttackVector": "ADJACENT_NETWORK",
        "AttackComplexity": "LOW",
        "PrivilegesRequired": "NONE",
        "UserInteraction": "NONE",
        "Scope": "UNCHANGED",
        "ConfidentialityImpact": "HIGH",
        "IntegrityImpact": "HIGH",
        "AvailabilityImpact": "NONE",
        "BaseScore": 8.1,
        "BaseSeverity": "High",
        "ExploitabilityScore": 0,
        "ImpactScore": 0
      },
      "Cpes": [
        {
          "URI": "cpe:/o:titan:sf_rush_smart_band_firmware",
          "FormattedString": "cpe:2.3:o:titan:sf_rush_smart_band_firmware:*:*:*:*:*:*:*:*",
          "WellFormedName": "wfn:[part=\"o\", vendor=\"titan\", product=\"sf_rush_smart_band_firmware\", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
          "Part": "o",
          "Vendor": "titan",
          "Product": "sf_rush_smart_band_firmware",
          "Version": "ANY",
          "Update": "ANY",
          "Edition": "ANY",
          "Language": "ANY",
          "SoftwareEdition": "ANY",
          "TargetSW": "ANY",
          "TargetHW": "ANY",
          "Other": "ANY",
          "VersionStartExcluding": "",
          "VersionStartIncluding": "",
          "VersionEndExcluding": "",
          "VersionEndIncluding": ""
        }
      ],
      "References": [
        {
          "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11539",
          "Source": "CVE",
          "Tags": "",
          "Name": ""
        },
        {
          "Link": "https://nvd.nist.gov/vuln/detail/CVE-2020-11539",
          "Source": "NVD",
          "Tags": "",
          "Name": ""
        },
        {
          "Link": "https://github.com/the-girl-who-lived/CVE-2020-11539/",
          "Source": "関連文書",
          "Tags": "",
          "Name": ""
        },
        {
          "Link": "https://cwe.mitre.org/data/definitions/345.html",
          "Source": "",
          "Tags": "",
          "Name": "データの信頼性についての不十分な検証(CWE-345)"
        }
      ],
      "Certs": [],
      "PublishedDate": "2020-06-03T16:30:00+09:00",
      "LastModifiedDate": "2020-06-03T16:30:00+09:00"
    }
  ]
}

// PR: Redis
$ curl http://127.0.0.1:1323/cves/CVE-2020-11539 | jq
{
  "CveID": "CVE-2020-11539",
  "CveIDSource": "",
  "Nvd": [
    {
      "CveID": "CVE-2020-11539",
      "Descriptions": [
        {
          "Lang": "en",
          "Value": "An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device."
        }
      ],
      "Cvss2": {
        "VectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
        "AccessVector": "ADJACENT_NETWORK",
        "AccessComplexity": "LOW",
        "Authentication": "NONE",
        "ConfidentialityImpact": "PARTIAL",
        "IntegrityImpact": "PARTIAL",
        "AvailabilityImpact": "NONE",
        "BaseScore": 4.8,
        "Severity": "MEDIUM",
        "ExploitabilityScore": 6.5,
        "ImpactScore": 4.9,
        "ObtainAllPrivilege": false,
        "ObtainUserPrivilege": false,
        "ObtainOtherPrivilege": false,
        "UserInteractionRequired": false
      },
      "Cvss3": {
        "VectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "AttackVector": "ADJACENT_NETWORK",
        "AttackComplexity": "LOW",
        "PrivilegesRequired": "NONE",
        "UserInteraction": "NONE",
        "Scope": "UNCHANGED",
        "ConfidentialityImpact": "HIGH",
        "IntegrityImpact": "HIGH",
        "AvailabilityImpact": "NONE",
        "BaseScore": 8.1,
        "BaseSeverity": "HIGH",
        "ExploitabilityScore": 2.8,
        "ImpactScore": 5.2
      },
      "Cwes": [
        {
          "CweID": "CWE-347"
        },
        {
          "CweID": "CWE-306"
        },
        {
          "CweID": "CWE-319"
        }
      ],
      "Cpes": [
        {
          "URI": "cpe:/o:titan:sf_rush_smart_band_firmware:1.12",
          "FormattedString": "cpe:2.3:o:titan:sf_rush_smart_band_firmware:1.12:*:*:*:*:*:*:*",
          "WellFormedName": "wfn:[part=\"o\", vendor=\"titan\", product=\"sf_rush_smart_band_firmware\", version=\"1\\.12\", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
          "Part": "o",
          "Vendor": "titan",
          "Product": "sf_rush_smart_band_firmware",
          "Version": "1\\.12",
          "Update": "ANY",
          "Edition": "ANY",
          "Language": "ANY",
          "SoftwareEdition": "ANY",
          "TargetSW": "ANY",
          "TargetHW": "ANY",
          "Other": "ANY",
          "VersionStartExcluding": "",
          "VersionStartIncluding": "",
          "VersionEndExcluding": "",
          "VersionEndIncluding": "",
          "EnvCpes": []
        }
      ],
      "Affects": [],
      "References": [
        {
          "Link": "https://medium.com/@sayliambure/hacking-a-5-smartband-824763ab6e8f",
          "Source": "MISC",
          "Tags": "Exploit,Third Party Advisory",
          "Name": "https://medium.com/@sayliambure/hacking-a-5-smartband-824763ab6e8f"
        },
        {
          "Link": "https://github.com/the-girl-who-lived/CVE-2020-11539/",
          "Source": "MISC",
          "Tags": "Exploit,Third Party Advisory",
          "Name": "https://github.com/the-girl-who-lived/CVE-2020-11539/"
        }
      ],
      "Certs": [],
      "PublishedDate": "2020-04-22T14:15:00Z",
      "LastModifiedDate": "2021-07-21T11:39:00Z"
    }
  ],
  "Jvn": [
    {
      "CveID": "CVE-2020-11539",
      "Title": "Tata Sonata Smart SF Rush デバイスにおけるデータの信頼性についての不十分な検証に関する脆弱性",
      "Summary": "Tata Sonata Smart SF Rush デバイスには、データの信頼性についての不十分な検証に関する脆弱性が存在します。\n",
      "JvnLink": "https://jvndb.jvn.jp/ja/contents/2020/JVNDB-2020-004960.html",
      "JvnID": "JVNDB-2020-004960",
      "Cvss2": {
        "VectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:N",
        "AccessVector": "ADJACENT_NETWORK",
        "AccessComplexity": "LOW",
        "Authentication": "NONE",
        "ConfidentialityImpact": "PARTIAL",
        "IntegrityImpact": "PARTIAL",
        "AvailabilityImpact": "NONE",
        "BaseScore": 4.8,
        "Severity": "Medium"
      },
      "Cvss3": {
        "VectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "AttackVector": "ADJACENT_NETWORK",
        "AttackComplexity": "LOW",
        "PrivilegesRequired": "NONE",
        "UserInteraction": "NONE",
        "Scope": "UNCHANGED",
        "ConfidentialityImpact": "HIGH",
        "IntegrityImpact": "HIGH",
        "AvailabilityImpact": "NONE",
        "BaseScore": 8.1,
        "BaseSeverity": "High",
        "ExploitabilityScore": 0,
        "ImpactScore": 0
      },
      "Cpes": [
        {
          "URI": "cpe:/o:titan:sf_rush_smart_band_firmware",
          "FormattedString": "cpe:2.3:o:titan:sf_rush_smart_band_firmware:*:*:*:*:*:*:*:*",
          "WellFormedName": "wfn:[part=\"o\", vendor=\"titan\", product=\"sf_rush_smart_band_firmware\", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
          "Part": "o",
          "Vendor": "titan",
          "Product": "sf_rush_smart_band_firmware",
          "Version": "ANY",
          "Update": "ANY",
          "Edition": "ANY",
          "Language": "ANY",
          "SoftwareEdition": "ANY",
          "TargetSW": "ANY",
          "TargetHW": "ANY",
          "Other": "ANY",
          "VersionStartExcluding": "",
          "VersionStartIncluding": "",
          "VersionEndExcluding": "",
          "VersionEndIncluding": ""
        }
      ],
      "References": [
        {
          "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11539",
          "Source": "CVE",
          "Tags": "",
          "Name": ""
        },
        {
          "Link": "https://nvd.nist.gov/vuln/detail/CVE-2020-11539",
          "Source": "NVD",
          "Tags": "",
          "Name": ""
        },
        {
          "Link": "https://github.com/the-girl-who-lived/CVE-2020-11539/",
          "Source": "関連文書",
          "Tags": "",
          "Name": ""
        },
        {
          "Link": "https://cwe.mitre.org/data/definitions/345.html",
          "Source": "",
          "Tags": "",
          "Name": "データの信頼性についての不十分な検証(CWE-345)"
        }
      ],
      "Certs": [],
      "PublishedDate": "2020-06-03T16:30:00+09:00",
      "LastModifiedDate": "2020-06-03T16:30:00+09:00"
    },
    {
      "CveID": "CVE-2020-11539",
      "Title": "D-Link DIR-615 T1 デバイスにおける過度な認証試行の不適切な制限に関する脆弱性",
      "Summary": "D-Link DIR-615 T1 デバイスには、過度な認証試行の不適切な制限に関する脆弱性が存在します。\n",
      "JvnLink": "https://jvndb.jvn.jp/ja/contents/2020/JVNDB-2020-004959.html",
      "JvnID": "JVNDB-2020-004959",
      "Cvss2": {
        "VectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
        "AccessVector": "NETWORK",
        "AccessComplexity": "LOW",
        "Authentication": "SINGLE",
        "ConfidentialityImpact": "PARTIAL",
        "IntegrityImpact": "NONE",
        "AvailabilityImpact": "NONE",
        "BaseScore": 4,
        "Severity": "Medium"
      },
      "Cvss3": {
        "VectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "AttackVector": "NETWORK",
        "AttackComplexity": "LOW",
        "PrivilegesRequired": "LOW",
        "UserInteraction": "NONE",
        "Scope": "UNCHANGED",
        "ConfidentialityImpact": "HIGH",
        "IntegrityImpact": "HIGH",
        "AvailabilityImpact": "HIGH",
        "BaseScore": 8.8,
        "BaseSeverity": "High",
        "ExploitabilityScore": 0,
        "ImpactScore": 0
      },
      "Cpes": [
        {
          "URI": "cpe:/o:d-link:dir-615_firmware",
          "FormattedString": "cpe:2.3:o:d-link:dir-615_firmware:*:*:*:*:*:*:*:*",
          "WellFormedName": "wfn:[part=\"o\", vendor=\"d\\-link\", product=\"dir\\-615_firmware\", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
          "Part": "o",
          "Vendor": "d\\-link",
          "Product": "dir\\-615_firmware",
          "Version": "ANY",
          "Update": "ANY",
          "Edition": "ANY",
          "Language": "ANY",
          "SoftwareEdition": "ANY",
          "TargetSW": "ANY",
          "TargetHW": "ANY",
          "Other": "ANY",
          "VersionStartExcluding": "",
          "VersionStartIncluding": "",
          "VersionEndExcluding": "",
          "VersionEndIncluding": ""
        }
      ],
      "References": [
        {
          "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17525",
          "Source": "CVE",
          "Tags": "",
          "Name": ""
        },
        {
          "Link": "https://nvd.nist.gov/vuln/detail/CVE-2019-17525",
          "Source": "NVD",
          "Tags": "",
          "Name": ""
        },
        {
          "Link": "https://github.com/huzaifahussain98/CVE-2019-17525/",
          "Source": "関連文書",
          "Tags": "",
          "Name": ""
        },
        {
          "Link": "https://cwe.mitre.org/data/definitions/307.html",
          "Source": "",
          "Tags": "",
          "Name": "過度な認証試行の不適切な制限(CWE-307)"
        }
      ],
      "Certs": [],
      "PublishedDate": "2020-06-03T16:30:00+09:00",
      "LastModifiedDate": "2020-06-03T16:30:00+09:00"
    }
  ]
}

In addition, when retrieving CVE information from CpeURI, we used to indicate which CPE the data was obtained from by setting either NVD or JVN to nil.
This PR enables to know which data is obtained from which source by filling Nvd and Jvn in CveDetail.CveIDSource.
Thus, it is no longer necessary to nil the JVN data when it is found in either NVD or JVN.

$ curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"name": "cpe:/a:abb:800xa_information_manager:5.1"}' http://127.0.0.1:1325/cpes | jq "."
[
  {
    "CveID": "CVE-2020-8477",
    "CveIDSource": "NVD",
    "Nvd": [
      {
        "CveID": "CVE-2020-8477",
        "Descriptions": [
          {
            "Lang": "en",
            "Value": "The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code."
          }
        ],
        "Cvss2": {
          "VectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "AccessVector": "NETWORK",
          "AccessComplexity": "MEDIUM",
          "Authentication": "NONE",
          "ConfidentialityImpact": "PARTIAL",
          "IntegrityImpact": "PARTIAL",
          "AvailabilityImpact": "PARTIAL",
          "BaseScore": 6.8,
          "Severity": "MEDIUM",
          "ExploitabilityScore": 8.6,
          "ImpactScore": 6.4,
          "ObtainAllPrivilege": false,
          "ObtainUserPrivilege": false,
          "ObtainOtherPrivilege": false,
          "UserInteractionRequired": true
        },
        "Cvss3": {
          "VectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "AttackVector": "NETWORK",
          "AttackComplexity": "LOW",
          "PrivilegesRequired": "NONE",
          "UserInteraction": "REQUIRED",
          "Scope": "UNCHANGED",
          "ConfidentialityImpact": "HIGH",
          "IntegrityImpact": "HIGH",
          "AvailabilityImpact": "HIGH",
          "BaseScore": 8.8,
          "BaseSeverity": "HIGH",
          "ExploitabilityScore": 2.8,
          "ImpactScore": 5.9
        },
        "Cwes": [
          {
            "CweID": "CWE-79"
          }
        ],
        "Cpes": [
          {
            "URI": "cpe:/a:abb:800xa_information_manager:5.1",
            "FormattedString": "cpe:2.3:a:abb:800xa_information_manager:5.1:*:*:*:*:*:*:*",
            "WellFormedName": "wfn:[part=\"a\", vendor=\"abb\", product=\"800xa_information_manager\", version=\"5\\.1\", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
            "Part": "a",
            "Vendor": "abb",
            "Product": "800xa_information_manager",
            "Version": "5\\.1",
            "Update": "ANY",
            "Edition": "ANY",
            "Language": "ANY",
            "SoftwareEdition": "ANY",
            "TargetSW": "ANY",
            "TargetHW": "ANY",
            "Other": "ANY",
            "VersionStartExcluding": "",
            "VersionStartIncluding": "",
            "VersionEndExcluding": "",
            "VersionEndIncluding": "",
            "EnvCpes": []
          },
          {
            "URI": "cpe:/a:abb:800xa_information_manager",
            "FormattedString": "cpe:2.3:a:abb:800xa_information_manager:*:*:*:*:*:*:*:*",
            "WellFormedName": "wfn:[part=\"a\", vendor=\"abb\", product=\"800xa_information_manager\", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
            "Part": "a",
            "Vendor": "abb",
            "Product": "800xa_information_manager",
            "Version": "ANY",
            "Update": "ANY",
            "Edition": "ANY",
            "Language": "ANY",
            "SoftwareEdition": "ANY",
            "TargetSW": "ANY",
            "TargetHW": "ANY",
            "Other": "ANY",
            "VersionStartExcluding": "",
            "VersionStartIncluding": "6.0.0",
            "VersionEndExcluding": "",
            "VersionEndIncluding": "6.0.3.2",
            "EnvCpes": []
          },
          {
            "URI": "cpe:/a:abb:800xa_information_manager:6.1",
            "FormattedString": "cpe:2.3:a:abb:800xa_information_manager:6.1:*:*:*:*:*:*:*",
            "WellFormedName": "wfn:[part=\"a\", vendor=\"abb\", product=\"800xa_information_manager\", version=\"6\\.1\", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
            "Part": "a",
            "Vendor": "abb",
            "Product": "800xa_information_manager",
            "Version": "6\\.1",
            "Update": "ANY",
            "Edition": "ANY",
            "Language": "ANY",
            "SoftwareEdition": "ANY",
            "TargetSW": "ANY",
            "TargetHW": "ANY",
            "Other": "ANY",
            "VersionStartExcluding": "",
            "VersionStartIncluding": "",
            "VersionEndExcluding": "",
            "VersionEndIncluding": "",
            "EnvCpes": []
          }
        ],
        "Affects": [],
        "References": [
          {
            "Link": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch",
            "Source": "MISC",
            "Tags": "Vendor Advisory",
            "Name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121232&LanguageCode=en&DocumentPartId=&Action=Launch"
          }
        ],
        "Certs": [],
        "PublishedDate": "2020-04-22T15:15:00Z",
        "LastModifiedDate": "2020-04-30T20:27:00Z"
      }
    ],
    "Jvn": [
      {
        "CveID": "CVE-2020-8477",
        "Title": "ABB System 800xA Information Manager におけるクロスサイトスクリプティングの脆弱性",
        "Summary": "ABB System 800xA Information Manager には、クロスサイトスクリプティングの脆弱性が存在します。",
        "JvnLink": "https://jvndb.jvn.jp/ja/contents/2020/JVNDB-2020-004735.html",
        "JvnID": "JVNDB-2020-004735",
        "Cvss2": {
          "VectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "AccessVector": "NETWORK",
          "AccessComplexity": "MEDIUM",
          "Authentication": "NONE",
          "ConfidentialityImpact": "PARTIAL",
          "IntegrityImpact": "PARTIAL",
          "AvailabilityImpact": "PARTIAL",
          "BaseScore": 6.8,
          "Severity": "Medium"
        },
        "Cvss3": {
          "VectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "AttackVector": "NETWORK",
          "AttackComplexity": "LOW",
          "PrivilegesRequired": "NONE",
          "UserInteraction": "REQUIRED",
          "Scope": "UNCHANGED",
          "ConfidentialityImpact": "HIGH",
          "IntegrityImpact": "HIGH",
          "AvailabilityImpact": "HIGH",
          "BaseScore": 8.8,
          "BaseSeverity": "High",
          "ExploitabilityScore": 0,
          "ImpactScore": 0
        },
        "Cpes": [
          {
            "URI": "cpe:/a:abb:800xa_information_manager",
            "FormattedString": "cpe:2.3:a:abb:800xa_information_manager:*:*:*:*:*:*:*:*",
            "WellFormedName": "wfn:[part=\"a\", vendor=\"abb\", product=\"800xa_information_manager\", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
            "Part": "a",
            "Vendor": "abb",
            "Product": "800xa_information_manager",
            "Version": "ANY",
            "Update": "ANY",
            "Edition": "ANY",
            "Language": "ANY",
            "SoftwareEdition": "ANY",
            "TargetSW": "ANY",
            "TargetHW": "ANY",
            "Other": "ANY",
            "VersionStartExcluding": "",
            "VersionStartIncluding": "",
            "VersionEndExcluding": "",
            "VersionEndIncluding": ""
          }
        ],
        "References": [
          {
            "Link": "https://jvn.jp/vu/JVNVU96482880/",
            "Source": "JVN",
            "Tags": "",
            "Name": ""
          },
          {
            "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8477",
            "Source": "CVE",
            "Tags": "",
            "Name": ""
          },
          {
            "Link": "https://nvd.nist.gov/vuln/detail/CVE-2020-8477",
            "Source": "NVD",
            "Tags": "",
            "Name": ""
          },
          {
            "Link": "https://www.us-cert.gov/ics/advisories/icsa-20-184-02",
            "Source": "ICS-CERT ADVISORY",
            "Tags": "",
            "Name": ""
          },
          {
            "Link": "https://jvndb.jvn.jp/ja/cwe/CWE-79.html",
            "Source": "",
            "Tags": "",
            "Name": "クロスサイトスクリプティング(CWE-79)"
          }
        ],
        "Certs": [],
        "PublishedDate": "2020-05-26T18:15:00+09:00",
        "LastModifiedDate": "2020-07-06T15:15:00+09:00"
      }
    ]
  },
  {
    "CveID": "CVE-2020-8489",
    "CveIDSource": "JVN",
    "Nvd": [
      {
        "CveID": "CVE-2020-8489",
        "Descriptions": [
          {
            "Lang": "en",
            "Value": "Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable."
          }
        ],
        "Cvss2": {
          "VectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "AccessVector": "LOCAL",
          "AccessComplexity": "LOW",
          "Authentication": "NONE",
          "ConfidentialityImpact": "PARTIAL",
          "IntegrityImpact": "PARTIAL",
          "AvailabilityImpact": "PARTIAL",
          "BaseScore": 4.6,
          "Severity": "MEDIUM",
          "ExploitabilityScore": 3.9,
          "ImpactScore": 6.4,
          "ObtainAllPrivilege": false,
          "ObtainUserPrivilege": false,
          "ObtainOtherPrivilege": false,
          "UserInteractionRequired": false
        },
        "Cvss3": {
          "VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "AttackVector": "LOCAL",
          "AttackComplexity": "LOW",
          "PrivilegesRequired": "LOW",
          "UserInteraction": "NONE",
          "Scope": "UNCHANGED",
          "ConfidentialityImpact": "HIGH",
          "IntegrityImpact": "HIGH",
          "AvailabilityImpact": "HIGH",
          "BaseScore": 7.8,
          "BaseSeverity": "HIGH",
          "ExploitabilityScore": 1.8,
          "ImpactScore": 5.9
        },
        "Cwes": [
          {
            "CweID": "NVD-CWE-Other"
          }
        ],
        "Cpes": [
          {
            "URI": "cpe:/a:abb:800xa_information_management",
            "FormattedString": "cpe:2.3:a:abb:800xa_information_management:*:*:*:*:*:*:*:*",
            "WellFormedName": "wfn:[part=\"a\", vendor=\"abb\", product=\"800xa_information_management\", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
            "Part": "a",
            "Vendor": "abb",
            "Product": "800xa_information_management",
            "Version": "ANY",
            "Update": "ANY",
            "Edition": "ANY",
            "Language": "ANY",
            "SoftwareEdition": "ANY",
            "TargetSW": "ANY",
            "TargetHW": "ANY",
            "Other": "ANY",
            "VersionStartExcluding": "",
            "VersionStartIncluding": "",
            "VersionEndExcluding": "",
            "VersionEndIncluding": "",
            "EnvCpes": []
          }
        ],
        "Affects": [],
        "References": [
          {
            "Link": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch",
            "Source": "CONFIRM",
            "Tags": "Vendor Advisory",
            "Name": "https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch"
          }
        ],
        "Certs": [],
        "PublishedDate": "2020-04-29T02:15:00Z",
        "LastModifiedDate": "2020-05-08T17:19:00Z"
      }
    ],
    "Jvn": [
      {
        "CveID": "CVE-2020-8489",
        "Title": "ABB System 800xA Information Management における脆弱性",
        "Summary": "ABB System 800xA Information Management には、不特定の脆弱性が存在します。",
        "JvnLink": "https://jvndb.jvn.jp/ja/contents/2020/JVNDB-2020-005104.html",
        "JvnID": "JVNDB-2020-005104",
        "Cvss2": {
          "VectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "AccessVector": "LOCAL",
          "AccessComplexity": "LOW",
          "Authentication": "NONE",
          "ConfidentialityImpact": "PARTIAL",
          "IntegrityImpact": "PARTIAL",
          "AvailabilityImpact": "PARTIAL",
          "BaseScore": 4.6,
          "Severity": "Medium"
        },
        "Cvss3": {
          "VectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "AttackVector": "LOCAL",
          "AttackComplexity": "LOW",
          "PrivilegesRequired": "LOW",
          "UserInteraction": "NONE",
          "Scope": "UNCHANGED",
          "ConfidentialityImpact": "HIGH",
          "IntegrityImpact": "HIGH",
          "AvailabilityImpact": "HIGH",
          "BaseScore": 7.8,
          "BaseSeverity": "High",
          "ExploitabilityScore": 0,
          "ImpactScore": 0
        },
        "Cpes": [
          {
            "URI": "cpe:/a:abb:800xa_information_manager",
            "FormattedString": "cpe:2.3:a:abb:800xa_information_manager:*:*:*:*:*:*:*:*",
            "WellFormedName": "wfn:[part=\"a\", vendor=\"abb\", product=\"800xa_information_manager\", version=ANY, update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
            "Part": "a",
            "Vendor": "abb",
            "Product": "800xa_information_manager",
            "Version": "ANY",
            "Update": "ANY",
            "Edition": "ANY",
            "Language": "ANY",
            "SoftwareEdition": "ANY",
            "TargetSW": "ANY",
            "TargetHW": "ANY",
            "Other": "ANY",
            "VersionStartExcluding": "",
            "VersionStartIncluding": "",
            "VersionEndExcluding": "",
            "VersionEndIncluding": ""
          }
        ],
        "References": [
          {
            "Link": "https://jvn.jp/vu/JVNVU94921886/index.html",
            "Source": "JVN",
            "Tags": "",
            "Name": ""
          },
          {
            "Link": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8489",
            "Source": "CVE",
            "Tags": "",
            "Name": ""
          },
          {
            "Link": "https://nvd.nist.gov/vuln/detail/CVE-2020-8489",
            "Source": "NVD",
            "Tags": "",
            "Name": ""
          },
          {
            "Link": "https://www.us-cert.gov/ics/advisories/icsa-20-154-03",
            "Source": "ICS-CERT ADVISORY",
            "Tags": "",
            "Name": ""
          },
          {
            "Link": "https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther",
            "Source": "",
            "Tags": "",
            "Name": "その他(CWE-Other)"
          }
        ],
        "Certs": [],
        "PublishedDate": "2020-06-05T17:48:00+09:00",
        "LastModifiedDate": "2020-06-05T17:48:00+09:00"
      }
    ]
  }
]

Checklist:

You don't have to satisfy all of the following.

Write tests
Write documentation
Check that there aren't other open pull requests for the same issue/feature
Format your source code by make fmt
Pass the test by make test
Provide verification config / commands
Enable "Allow edits from maintainers" for this PR
Update the messages below

Is this ready for review?: YES

Reference

kotakanbe

I made a few comments :)

db/redis.go

db/rdb.go

kotakanbe

LGTM

MaineK00n added 7 commits July 9, 2021 03:13

feat(integration): add test template

7916676

feat(integration): update test files

cd5bc52

chore: fill EnvCpes with empty list

163de58

chore: fill jvn data

a21bfec

chore: fill jvn data

2de167e

feat(redis): do not fill in CveID if both nvdjson and jvn are not found

42eb46e

feat(models): separate Nvd and Jvn

bd99e29

MaineK00n self-assigned this Jul 12, 2021

MaineK00n added 20 commits July 13, 2021 03:09

feat(fetcher/nvd): support new models

ab40587

feat(fetcher/jvn): support new models

12753db

feat(commands): change import packages

e60d57c

feat(db): support new models

cd54ef1

feat(redis): support new models

2c90bc0

feat(rdb): support new models

e0bdfac

feat(models): add CpeDetail

27e61de

feat(redis): support CveDetails

ee83a8d

feat(fetcher): support new models

6c576ca

fix: fix lint error

ad89b1b

fix(rdb): fix test failed

2a1dece

fix(redis): fix CoundNvd

b95d21a

feat(fetch): add FetchMeta

48c064a

chore: fix lint warn

064ebc6

fix(fetch): fix GetFetchMeta

3677831

feat(models): has Source

bb9ce7b

fix(fetcher): avoid division by zero

71d3fd2

fix(redis): fix feedmeta operation

29d9afb

style: fix indent

36140b0

Merge remote-tracking branch 'upstream/master' into split-db

2b14c21

MaineK00n changed the title ~~[WIP] feat(db): separate Nvd and Jvn~~ feat(db): separate Nvd and Jvn Jul 14, 2021

MaineK00n changed the title ~~feat(db): separate Nvd and Jvn~~ [WIP] feat(db): separate Nvd and Jvn Jul 14, 2021

MaineK00n added 11 commits July 16, 2021 07:44

Merge remote-tracking branch 'upstream/master' into split-db

58227c7

chore: fix typo

a6884f4

feat(db): insert by deleting the DB only for the years to be fetched

8077029

fix(rdb): delete NvdCpe.EnvCpes

eb5b532

Merge remote-tracking branch 'upstream/master' into split-db

d1c2377

feat(db): know whether the CVE-ID by CPE_URI belongs to NVD or JVN

59f5ba5

feat(integration): add cpe_uri test

db91058

feat(redis): implement GetCveIDsByCpeURI

fb6c823

fix(redis): remove no match cve details

250c0d4

chore: print NVD, JVN separately

b5e3490

style: not fill field

5885e85

MaineK00n mentioned this pull request Jul 23, 2021

breaking-change(go-cve-dict): support new go-cve-dictionary future-architect/vuls#1277

Merged

9 tasks

MaineK00n changed the title ~~[WIP] feat(db): separate Nvd and Jvn~~ feat(db): separate Nvd and Jvn Jul 23, 2021

kotakanbe self-requested a review August 9, 2021 21:04

kotakanbe requested changes Aug 10, 2021

View reviewed changes

db/redis.go Outdated Show resolved Hide resolved

db/rdb.go Show resolved Hide resolved

db/rdb.go Show resolved Hide resolved

MaineK00n added 3 commits August 10, 2021 11:02

chore: fix comment

9a019bd

chore: fix typo

cfa83bb

chore: change format

9845ef7

MaineK00n requested a review from kotakanbe August 10, 2021 02:11

MaineK00n added 6 commits August 13, 2021 10:44

Merge branch 'master' into split-db

d09b029

fix(rdb): fix query

09bc4c8

refactor(redis): change GetMulti

6e686bb

chore: increase read timeout

065538d

chore: add comment to CveDetail.CveIDSource

f7416b9

chore: chnage comment

da8b5c2

kotakanbe approved these changes Aug 13, 2021

View reviewed changes

kotakanbe changed the title ~~feat(db): separate Nvd and Jvn~~ breaking-change(db): separate Nvd and Jvn Aug 13, 2021

kotakanbe merged commit 21ddcc7 into vulsio:master Aug 13, 2021

MaineK00n deleted the split-db branch August 13, 2021 06:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

breaking-change(db): separate Nvd and Jvn #192

breaking-change(db): separate Nvd and Jvn #192

MaineK00n commented Jul 12, 2021 •

edited

Loading

kotakanbe left a comment

kotakanbe left a comment

breaking-change(db): separate Nvd and Jvn #192

breaking-change(db): separate Nvd and Jvn #192

Conversation

MaineK00n commented Jul 12, 2021 • edited Loading

What did you implement:

NOTE

Type of change

How Has This Been Tested?

Checklist:

Reference

kotakanbe left a comment

Choose a reason for hiding this comment

kotakanbe left a comment

Choose a reason for hiding this comment

MaineK00n commented Jul 12, 2021 •

edited

Loading