Skip to content

Instantly share code, notes, and snippets.

@tetheredge
Last active June 21, 2016 22:54
Show Gist options
  • Save tetheredge/acdfed2249da344cd19b0bdaa2348924 to your computer and use it in GitHub Desktop.
Save tetheredge/acdfed2249da344cd19b0bdaa2348924 to your computer and use it in GitHub Desktop.
nvd_full_code
func SetupDb(user, password, host, dbName string) (*sql.DB, error) {
if host == "locahost" || host == "127.0.0.1" {
host = ""
}
d, err := sql.Open("mysql", user+":"+password+"@tcp("+host+":3306)/"+dbName)
if err != nil {
return nil, err
}
return d, nil
}
func UpsertEntryStm() string {
return `
INSERT INTO nist_nvd_cve_entry (
type, name, sequence, published,
modified, severity, cvss_version, cvss_score, cvss_base_score,
cvss_impact_subscore, cvss_exploit_subscore, cvss_vector)
VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
ON DUPLICATE KEY UPDATE type = VALUES(type),
sequence = VALUES(sequence), published = VALUES(published),
modified = VALUES(modified), severity = VALUES(severity),
cvss_version = VALUES(cvss_version), cvss_score = VALUES(cvss_score),
cvss_base_score = VALUES(cvss_base_score),
cvss_impact_subscore = VALUES(cvss_impact_subscore),
cvss_exploit_subscore = VALUES(cvss_exploit_subscore),
cvss_vector = VALUES(cvss_vector)
`
}
func ProductUpsert() string {
return `
INSERT INTO nist_nvd_cve_product (
name, vendor, cve_name)
VALUES(?, ?, ?)
ON DUPLICATE KEY UPDATE id = LAST_INSERT_ID(id), name = VALUES(name), vendor = VALUES(vendor),
cve_name = VALUES(cve_name)
`
}
func VersionUpsert() string {
return `
INSERT INTO nist_nvd_cve_version (
number, edition, prev, product_id, cve_name)
VALUES(?, ?, ?, ?, ?)
ON DUPLICATE KEY UPDATE number = VALUES(number),
edition = VALUES(edition), prev = VALUES(prev),
product_id = VALUES(product_id), cve_name = VALUES(cve_name)
`
}
func ReferenceUpsert() string {
return `
INSERT INTO nist_nvd_cve_reference (
source, url, adv, patch, cve_name)
VALUES(?, ?, ?, ?, ?)
ON DUPLICATE KEY UPDATE source = VALUES(source), url = VALUES(url),
adv = VALUES(adv), patch = VALUES(patch),
cve_name = VALUES(cve_name)
`
}
func DescriptionUpsert() string {
return `
INSERT INTO nist_nvd_cve_description(
source, cve_name)
VALUES(?, ?)
ON DUPLICATE KEY UPDATE source = VALUES(source), cve_name = VALUES(cve_name)
`
}
func main() {
config := Config{}
db, err := SetupDb("db_user", "db_password", "db_host", "db_name")
CheckError(err)
files, err := config.GetNvdFiles("../nvd-multi-import/nvd-import-files")
CheckError(err)
entPrep, err := db.Prepare(UpsertEntryStm())
productPrep, err := db.Prepare(ProductUpsert())
versionPrep, err := db.Prepare(VersionUpsert())
referencePrep, err := db.Prepare(ReferenceUpsert())
descriptionPrep, err := db.Prepare(DescriptionUpsert())
CheckError(err)
defer db.Close()
for _, file := range files {
os.Chdir("../nvd-multi-import/nvd-import-files")
config, err = config.XmlDecompose(file)
CheckError(err)
for _, entry := range config.Entrys {
_, err := entPrep.Exec(entry.Type, entry.Name, entry.Sequence,
entry.Published, entry.Modified,
entry.Severity, entry.CVSSVersion,
entry.CVSSScore, entry.CVSSBaseScore,
entry.CVSSImpactSubscore,
entry.CVSSExploitSubscore, entry.CVSSVector)
cve_name := entry.Name
CheckError(err)
for _, description := range entry.Descriptions {
_, err := descriptionPrep.Exec(description, cve_name)
CheckError(err)
}
for _, reference := range entry.References {
_, err := referencePrep.Exec(reference.Source, reference.Url,
reference.Adv, reference.Patch, cve_name)
CheckError(err)
}
var prodId string
for _, product := range entry.Vulnerabilites {
for _, prod := range product.Product {
_, err := productPrep.Exec(prod.Name,
prod.Vendor,
cve_name)
CheckError(err)
db.QueryRow("SELECT LAST_INSERT_ID()").Scan(&prodId)
CheckError(err)
for _, version := range prod.Versions {
_, err := versionPrep.Exec(version.Number, version.Edition,
version.Prev, prodId, cve_name)
CheckError(err)
}
}
}
CheckError(err)
}
fmt.Printf("There are %#v, entries\n", len(config.Entrys))
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment