Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(mitre): fill DataType, DataVersion, affected #395

Merged
merged 1 commit into from
Jul 5, 2024
Merged

feat(mitre): fill DataType, DataVersion, affected #395

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 42 additions & 1 deletion db/rdb.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -177,6 +177,14 @@ func (r *RDBDriver) MigrateDB() error {
&models.MitreProviderMetadata{},
&models.MitreDescription{},
&models.MitreDescriptionSupportingMedia{},
&models.MitreProduct{},
&models.MitreProductCPE{},
&models.MitreProductModule{},
&models.MitreProductProgramFile{},
&models.MitreProductProgramRoutine{},
&models.MitreProductPlatform{},
&models.MitreProductVersion{},
&models.MitreProductVersionChange{},
&models.MitreProblemType{},
&models.MitreProblemTypeDescription{},
&models.MitreProblemTypeDescriptionReference{},
Expand Down Expand Up @@ -350,6 +358,14 @@ func (r *RDBDriver) Get(cveID string) (*models.CveDetail, error) {
Preload("Containers.ProviderMetadata").
Preload("Containers.Descriptions").
Preload("Containers.Descriptions.SupportingMedia").
Preload("Containers.Affected").
Preload("Containers.Affected.Cpes").
Preload("Containers.Affected.Modules").
Preload("Containers.Affected.ProgramFiles").
Preload("Containers.Affected.ProgramRoutines").
Preload("Containers.Affected.Platforms").
Preload("Containers.Affected.Versions").
Preload("Containers.Affected.Versions.Changes").
Preload("Containers.ProblemTypes").
Preload("Containers.ProblemTypes.Descriptions").
Preload("Containers.ProblemTypes.Descriptions.References").
Expand Down Expand Up @@ -910,6 +926,14 @@ func deleteMitre(tx *gorm.DB) error {
models.MitreProviderMetadata{},
models.MitreDescription{},
models.MitreDescriptionSupportingMedia{},
models.MitreProduct{},
models.MitreProductCPE{},
models.MitreProductModule{},
models.MitreProductProgramFile{},
models.MitreProductProgramRoutine{},
models.MitreProductPlatform{},
models.MitreProductVersion{},
models.MitreProductVersionChange{},
models.MitreProblemType{},
models.MitreProblemTypeDescription{},
models.MitreProblemTypeDescriptionReference{},
Expand Down Expand Up @@ -955,9 +979,26 @@ func insertMitre(tx *gorm.DB, cves []models.Mitre, _ int) error {
return os.Stderr
}())
for _, cve := range cves {
if err := tx.Create(&cve).Error; err != nil {
if err := tx.Omit("Containers.Affected").Create(&cve).Error; err != nil {
return xerrors.Errorf("Failed to insert. err: %w", err)
}

for _, c := range cve.Containers {
for _, a := range c.Affected {
a.MitreContainerID = uint(c.ID)
if err := tx.Omit("Versions").Create(&a).Error; err != nil {
return xerrors.Errorf("Failed to insert. err: %w", err)
}

for _, v := range a.Versions {
v.MitreProductID = uint(a.ID)
if err := tx.Create(&v).Error; err != nil {
return xerrors.Errorf("Failed to insert. err: %w", err)
}
}
}
}

bar.Increment()
}
bar.Finish()
Expand Down
79 changes: 79 additions & 0 deletions fetcher/mitre/mitre.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,8 @@ func convertToModel(cvePath string) (*models.Mitre, error) {
}

return &models.Mitre{
DataType: item.DataType,
DataVersion: item.DataVersion,
CVEMetadata: models.MitreCVEMetadata{
CVEID: item.CVEMetadata.CVEID,
AssignerOrgID: item.CVEMetadata.AssignerOrgID,
Expand Down Expand Up @@ -216,6 +218,7 @@ func convertContainers(cna cna, adps []adp) []models.MitreContainer {
},
Title: cna.Title,
Descriptions: convertDescription(cna.Descriptions),
Affected: convertAffected(cna.Affected),
ProblemTypes: convertProblemType(cna.ProblemTypes),
Impacts: convertImpact(cna.Impacts),
Metrics: convertMetric(cna.Metrics),
Expand All @@ -242,6 +245,7 @@ func convertContainers(cna cna, adps []adp) []models.MitreContainer {
},
Title: adp.Title,
Descriptions: convertDescription(adp.Descriptions),
Affected: convertAffected(adp.Affected),
ProblemTypes: convertProblemType(adp.ProblemTypes),
Impacts: convertImpact(adp.Impacts),
Metrics: convertMetric(adp.Metrics),
Expand Down Expand Up @@ -281,6 +285,81 @@ func convertDescription(descriptions []description) []models.MitreDescription {
return ds
}

func convertAffected(affected []product) []models.MitreProduct {
ps := make([]models.MitreProduct, 0, len(affected))
for _, p := range affected {
cs := make([]models.MitreProductCPE, 0, len(p.Cpes))
for _, c := range p.Cpes {
cs = append(cs, models.MitreProductCPE{
CPE: c,
})
}

ms := make([]models.MitreProductModule, 0, len(p.Modules))
for _, m := range p.Modules {
ms = append(ms, models.MitreProductModule{
Module: m,
})
}

pfs := make([]models.MitreProductProgramFile, 0, len(p.ProgramFiles))
for _, pf := range p.ProgramFiles {
pfs = append(pfs, models.MitreProductProgramFile{
ProgramFile: pf,
})
}

prs := make([]models.MitreProductProgramRoutine, 0, len(p.ProgramRoutines))
for _, pr := range p.ProgramRoutines {
prs = append(prs, models.MitreProductProgramRoutine{
Name: pr.Name,
})
}

pls := make([]models.MitreProductPlatform, 0, len(p.Platforms))
for _, pl := range p.Platforms {
pls = append(pls, models.MitreProductPlatform{
Platform: pl,
})
}

vs := make([]models.MitreProductVersion, 0, len(p.Versions))
for _, v := range p.Versions {
cs := make([]models.MitreProductVersionChange, 0, len(v.Changes))
for _, c := range v.Changes {
cs = append(cs, models.MitreProductVersionChange{
At: c.At,
Status: c.Status,
})
}
vs = append(vs, models.MitreProductVersion{
Status: v.Status,
VersionType: v.VersionType,
Version: v.Version,
LessThan: v.LessThan,
LessThanOrEqual: v.LessThanOrEqual,
Changes: cs,
})
}

ps = append(ps, models.MitreProduct{
Vendor: p.Vendor,
Product: p.Product,
CollectionURL: p.CollectionURL,
PackageName: p.PackageName,
Cpes: cs,
Modules: ms,
ProgramFiles: pfs,
ProgramRoutines: prs,
Platforms: pls,
Repo: p.Repo,
DefaultStatus: p.DefaultStatus,
Versions: vs,
})
}
return ps
}

func convertProblemType(problemTypes []problemType) []models.MitreProblemType {
ps := make([]models.MitreProblemType, 0, len(problemTypes))
for _, p := range problemTypes {
Expand Down
74 changes: 74 additions & 0 deletions models/models.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package models

Check failure on line 1 in models/models.go

View workflow job for this annotation

GitHub Actions / Build 

should have a package comment https://revive.run/r#package-comments

import (
"time"
Expand Down Expand Up @@ -406,6 +406,7 @@
ProviderMetadata MitreProviderMetadata
Title *string `gorm:"type:varchar(256)"`
Descriptions []MitreDescription
Affected []MitreProduct
ProblemTypes []MitreProblemType
Impacts []MitreImpact
Metrics []MitreMetric
Expand Down Expand Up @@ -450,6 +451,79 @@
Value string `gorm:"type:text"`
}

// MitreProduct : #/definitions/product
type MitreProduct struct {
ID int64 `json:"-"`
MitreContainerID uint `json:"-" gorm:"index:idx_mitre_product"`
Vendor *string `gorm:"type:text"`
Product *string `gorm:"type:text"`
CollectionURL *string `gorm:"type:text"`
PackageName *string `gorm:"type:text"`
Cpes []MitreProductCPE
Modules []MitreProductModule
ProgramFiles []MitreProductProgramFile
ProgramRoutines []MitreProductProgramRoutine
Platforms []MitreProductPlatform
Repo *string `gorm:"type:text"`
DefaultStatus *string
Versions []MitreProductVersion
}

// MitreProductCPE : #/definitions/product
type MitreProductCPE struct {
ID int64 `json:"-"`
MitreProductID uint `json:"-" gorm:"index:idx_mitre_product_cpe"`
CPE string `gorm:"type:text"`
}

// MitreProductModule : #/definitions/product
type MitreProductModule struct {
ID int64 `json:"-"`
MitreProductID uint `json:"-" gorm:"index:idx_mitre_product_module"`
Module string `gorm:"type:text"`
}

// MitreProductProgramFile : #/definitions/product
type MitreProductProgramFile struct {
ID int64 `json:"-"`
MitreProductID uint `json:"-" gorm:"index:idx_mitre_product_program_file"`
ProgramFile string `gorm:"type:text"`
}

// MitreProductProgramRoutine : #/definitions/product
type MitreProductProgramRoutine struct {
ID int64 `json:"-"`
MitreProductID uint `json:"-" gorm:"index:idx_mitre_product_program_routine"`
Name string `gorm:"type:text"`
}

// MitreProductPlatform : #/definitions/product
type MitreProductPlatform struct {
ID int64 `json:"-"`
MitreProductID uint `json:"-" gorm:"index:idx_mitre_product_platform"`
Platform string `gorm:"type:text"`
}

// MitreProductVersion : #/definitions/product
type MitreProductVersion struct {
ID int64 `json:"-"`
MitreProductID uint `json:"-" gorm:"index:idx_mitre_product_version"`
Status string `gorm:"type:varchar(255)"`
VersionType *string `gorm:"type:varchar(128)"`
Version string `gorm:"type:text"`
LessThan *string `gorm:"type:text"`
LessThanOrEqual *string `gorm:"type:text"`
Changes []MitreProductVersionChange
}

// MitreProductVersionChange : #/definitions/product
type MitreProductVersionChange struct {
ID int64 `json:"-"`
MitreProductVersionID uint `json:"-" gorm:"index:idx_mitre_product_version_change"`
At string `gorm:"type:text"`
Status string `gorm:"type:varchar(255)"`
}

// MitreProblemType : #/definitions/problemTypes
type MitreProblemType struct {
ID int64 `json:"-"`
Expand Down
Loading