kev

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 5, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package kev uses CISA's KEV Catalog for vulnerability analysis

Cyber Infrastructure and Security Agency (CISA) Known Exploited Vulnerabilities

CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild: the Known Exploited Vulnerability (KEV) catalog. CISA strongly recommends all organizations review and monitor the KEV catalog and prioritize remediation of the listed vulnerabilities to reduce the likelihood of compromise by known threat actors.

Index

Constants

View Source 
const CVERecordURL = "https://www.cve.org/CVERecord?id=%s"

CVERecordURL will replace '%s' with the CVE for single record queries

View Source 
const DefaultBaseURL = "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"

DefaultBaseURL url for downloading the entire catalog in JSON format

View Source 
const FileTypeJSON = "CISA KEV Catalog [JSON]"

FileTypeJSON filetype plaintext

Variables

View Source 
var ErrAPI = errors.New("KEV API error")

ErrAPI any errors while requesting the API

Functions

func NewJSONDecoder 

func NewJSONDecoder() *gce.JSONWriterDecoder[Catalog]

NewJSONDecoder standard decoder for JSON with a check function for field validation

Types

type APIAgent 

type APIAgent struct {
	// contains filtered or unexported fields
}

APIAgent wraps the API call in an io.Reader to serve as a common interface

func NewAgent 

func NewAgent(client *http.Client, url string) *APIAgent

NewAgent customize the client or query URL, use DefaultBaseURL in most cases

func (*APIAgent) Read 

func (a *APIAgent) Read(p []byte) (int, error)

Read wraps the API call to run at read time

type Catalog 

type Catalog struct {
	Title           string          `json:"title"`
	CatalogVersion  string          `json:"catalogVersion"`
	DateReleased    time.Time       `json:"dateReleased"`
	Count           int             `json:"count"`
	Vulnerabilities []Vulnerability `json:"vulnerabilities"`
}

Catalog data model for KEVs

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service provides a validator with internal data for cross referencing

func NewService 

func NewService(r io.Reader) *Service

NewService ...

func (*Service) Catalog 

func (s *Service) Catalog() Catalog

Catalog a copy of the catalog

func (*Service) Fetch 

func (s *Service) Fetch() error

Fetch will query through the API agent or decode from a file

func (*Service) GrypeDenyRuleFunc 

func (s *Service) GrypeDenyRuleFunc() func([]models.Match, grype.Config) error

GrypeDenyRuleFunc denies any vulnerability matched to the KEV Vatalog

func (*Service) MatchedVulnerabilities 

func (s *Service) MatchedVulnerabilities(r *grype.ScanReport) []models.Match

MatchedVulnerabilities return a slice of vulnerabilities matched to the KEV Catalog

func (*Service) NewValidator 

func (s *Service) NewValidator() gcv.Validator[models.Match, grype.Config]

NewValidator ...

type Vulnerability 

type Vulnerability struct {
	CveID             string `json:"cveID"`
	VendorProject     string `json:"vendorProject"`
	Product           string `json:"product"`
	VulnerabilityName string `json:"vulnerabilityName"`
	DateAdded         string `json:"dateAdded"`
	ShortDescription  string `json:"shortDescription"`
	RequiredAction    string `json:"requiredAction"`
	DueDate           string `json:"dueDate"`
	Notes             string `json:"notes"`
}

Vulnerability data model for a single record

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.