tetheredge/nvd_full.go

## nvd_full.go
func SetupDb(user, password, host, dbName string) (*sql.DB, error) {
	if host == "locahost" || host == "127.0.0.1" {
		host = ""
	}
	d, err := sql.Open("mysql", user+":"+password+"@tcp("+host+":3306)/"+dbName)

	if err != nil {
		return nil, err
	}
	return d, nil
}

func UpsertEntryStm() string {
	return `
      INSERT INTO nist_nvd_cve_entry (
              type, name, sequence, published,
              modified, severity, cvss_version, cvss_score, cvss_base_score,
	      cvss_impact_subscore, cvss_exploit_subscore, cvss_vector)
       VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
       ON DUPLICATE KEY UPDATE type = VALUES(type),
         sequence = VALUES(sequence), published = VALUES(published),
	 modified = VALUES(modified), severity = VALUES(severity),
	 cvss_version = VALUES(cvss_version), cvss_score = VALUES(cvss_score),
	 cvss_base_score = VALUES(cvss_base_score),
	 cvss_impact_subscore = VALUES(cvss_impact_subscore),
	 cvss_exploit_subscore = VALUES(cvss_exploit_subscore),
	 cvss_vector = VALUES(cvss_vector)
       `
}

func ProductUpsert() string {
	return `
       INSERT INTO nist_nvd_cve_product (
       name, vendor, cve_name)
       VALUES(?, ?, ?)
       ON DUPLICATE KEY UPDATE id = LAST_INSERT_ID(id), name = VALUES(name), vendor = VALUES(vendor),
         cve_name = VALUES(cve_name)
       `
}

func VersionUpsert() string {
	return `
       INSERT INTO nist_nvd_cve_version (
       number, edition, prev, product_id, cve_name)
       VALUES(?, ?, ?, ?, ?)
       ON DUPLICATE KEY UPDATE number = VALUES(number),
         edition = VALUES(edition), prev = VALUES(prev),
	 product_id = VALUES(product_id), cve_name = VALUES(cve_name)
     `
}

func ReferenceUpsert() string {
	return `
       INSERT INTO nist_nvd_cve_reference (
	source, url, adv, patch, cve_name)
        VALUES(?, ?, ?, ?, ?)
        ON DUPLICATE KEY UPDATE source = VALUES(source), url = VALUES(url),
	adv = VALUES(adv), patch = VALUES(patch),
	cve_name = VALUES(cve_name)
     `
}

func DescriptionUpsert() string {
	return `
       INSERT INTO nist_nvd_cve_description(
         source, cve_name)
       VALUES(?, ?)
       ON DUPLICATE KEY UPDATE source = VALUES(source), cve_name = VALUES(cve_name)
     `
}

func main() {
	config := Config{}
	db, err := SetupDb("db_user", "db_password", "db_host", "db_name")
	CheckError(err)
	files, err := config.GetNvdFiles("../nvd-multi-import/nvd-import-files")
	CheckError(err)

	entPrep, err := db.Prepare(UpsertEntryStm())

	productPrep, err := db.Prepare(ProductUpsert())

	versionPrep, err := db.Prepare(VersionUpsert())

	referencePrep, err := db.Prepare(ReferenceUpsert())

	descriptionPrep, err := db.Prepare(DescriptionUpsert())

	CheckError(err)

	defer db.Close()

	for _, file := range files {
		os.Chdir("../nvd-multi-import/nvd-import-files")
		config, err = config.XmlDecompose(file)
		CheckError(err)
		for _, entry := range config.Entrys {
			_, err := entPrep.Exec(entry.Type, entry.Name, entry.Sequence,
				entry.Published, entry.Modified,
				entry.Severity, entry.CVSSVersion,
				entry.CVSSScore, entry.CVSSBaseScore,
				entry.CVSSImpactSubscore,
				entry.CVSSExploitSubscore, entry.CVSSVector)
			cve_name := entry.Name
			CheckError(err)

			for _, description := range entry.Descriptions {
				_, err := descriptionPrep.Exec(description, cve_name)
				CheckError(err)
			}

			for _, reference := range entry.References {
				_, err := referencePrep.Exec(reference.Source, reference.Url,
					reference.Adv, reference.Patch, cve_name)
				CheckError(err)
			}

			var prodId string
			for _, product := range entry.Vulnerabilites {
				for _, prod := range product.Product {
					_, err := productPrep.Exec(prod.Name,
						prod.Vendor,
						cve_name)
					CheckError(err)

					db.QueryRow("SELECT LAST_INSERT_ID()").Scan(&prodId)
					CheckError(err)

					for _, version := range prod.Versions {
						_, err := versionPrep.Exec(version.Number, version.Edition,
							version.Prev, prodId, cve_name)
						CheckError(err)
					}
				}
			}
			CheckError(err)
		}
		fmt.Printf("There are %#v, entries\n", len(config.Entrys))
	}
	func SetupDb(user, password, host, dbName string) (*sql.DB, error) {
	if host == "locahost" \|\| host == "127.0.0.1" {
	host = ""
	}
	d, err := sql.Open("mysql", user+":"+password+"@tcp("+host+":3306)/"+dbName)

	if err != nil {
	return nil, err
	}
	return d, nil
	}

	func UpsertEntryStm() string {
	return `
	INSERT INTO nist_nvd_cve_entry (
	type, name, sequence, published,
	modified, severity, cvss_version, cvss_score, cvss_base_score,
	cvss_impact_subscore, cvss_exploit_subscore, cvss_vector)
	VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
	ON DUPLICATE KEY UPDATE type = VALUES(type),
	sequence = VALUES(sequence), published = VALUES(published),
	modified = VALUES(modified), severity = VALUES(severity),
	cvss_version = VALUES(cvss_version), cvss_score = VALUES(cvss_score),
	cvss_base_score = VALUES(cvss_base_score),
	cvss_impact_subscore = VALUES(cvss_impact_subscore),
	cvss_exploit_subscore = VALUES(cvss_exploit_subscore),
	cvss_vector = VALUES(cvss_vector)
	`
	}

	func ProductUpsert() string {
	return `
	INSERT INTO nist_nvd_cve_product (
	name, vendor, cve_name)
	VALUES(?, ?, ?)
	ON DUPLICATE KEY UPDATE id = LAST_INSERT_ID(id), name = VALUES(name), vendor = VALUES(vendor),
	cve_name = VALUES(cve_name)
	`
	}

	func VersionUpsert() string {
	return `
	INSERT INTO nist_nvd_cve_version (
	number, edition, prev, product_id, cve_name)
	VALUES(?, ?, ?, ?, ?)
	ON DUPLICATE KEY UPDATE number = VALUES(number),
	edition = VALUES(edition), prev = VALUES(prev),
	product_id = VALUES(product_id), cve_name = VALUES(cve_name)
	`
	}

	func ReferenceUpsert() string {
	return `
	INSERT INTO nist_nvd_cve_reference (
	source, url, adv, patch, cve_name)
	VALUES(?, ?, ?, ?, ?)
	ON DUPLICATE KEY UPDATE source = VALUES(source), url = VALUES(url),
	adv = VALUES(adv), patch = VALUES(patch),
	cve_name = VALUES(cve_name)
	`
	}

	func DescriptionUpsert() string {
	return `
	INSERT INTO nist_nvd_cve_description(
	source, cve_name)
	VALUES(?, ?)
	ON DUPLICATE KEY UPDATE source = VALUES(source), cve_name = VALUES(cve_name)
	`
	}

	func main() {
	config := Config{}
	db, err := SetupDb("db_user", "db_password", "db_host", "db_name")
	CheckError(err)
	files, err := config.GetNvdFiles("../nvd-multi-import/nvd-import-files")
	CheckError(err)

	entPrep, err := db.Prepare(UpsertEntryStm())

	productPrep, err := db.Prepare(ProductUpsert())

	versionPrep, err := db.Prepare(VersionUpsert())

	referencePrep, err := db.Prepare(ReferenceUpsert())

	descriptionPrep, err := db.Prepare(DescriptionUpsert())

	CheckError(err)

	defer db.Close()

	for _, file := range files {
	os.Chdir("../nvd-multi-import/nvd-import-files")
	config, err = config.XmlDecompose(file)
	CheckError(err)
	for _, entry := range config.Entrys {
	_, err := entPrep.Exec(entry.Type, entry.Name, entry.Sequence,
	entry.Published, entry.Modified,
	entry.Severity, entry.CVSSVersion,
	entry.CVSSScore, entry.CVSSBaseScore,
	entry.CVSSImpactSubscore,
	entry.CVSSExploitSubscore, entry.CVSSVector)
	cve_name := entry.Name
	CheckError(err)

	for _, description := range entry.Descriptions {
	_, err := descriptionPrep.Exec(description, cve_name)
	CheckError(err)
	}

	for _, reference := range entry.References {
	_, err := referencePrep.Exec(reference.Source, reference.Url,
	reference.Adv, reference.Patch, cve_name)
	CheckError(err)
	}

	var prodId string
	for _, product := range entry.Vulnerabilites {
	for _, prod := range product.Product {
	_, err := productPrep.Exec(prod.Name,
	prod.Vendor,
	cve_name)
	CheckError(err)

	db.QueryRow("SELECT LAST_INSERT_ID()").Scan(&prodId)
	CheckError(err)

	for _, version := range prod.Versions {
	_, err := versionPrep.Exec(version.Number, version.Edition,
	version.Prev, prodId, cve_name)
	CheckError(err)
	}
	}
	}
	CheckError(err)
	}
	fmt.Printf("There are %#v, entries\n", len(config.Entrys))
	}