CVE¶
Package CVE provides functionality for querying and analyzing Common Vulnerabilities and Exposures (CVE) from the NIST National Vulnerability Database (NVD). It enables security assessment of detected technologies by checking for known vulnerabilities and calculating risk levels based on CVSS scores.
Index¶
- func GetThreatLevelFromAssessment(assessment *VulnerabilityAssessment) int
- func buildSearchQuery(technology, version string) string
- func normalizeTechnologyName(technology string) string
- type CVEClient
- func NewCVEClient() *CVEClient
- func (c *CVEClient) AssessTechnologyVulnerabilities(technology, version string) (*VulnerabilityAssessment, error)
- func (c *CVEClient) analyzeCVEs(technology, version string, cves []CVEResult) *VulnerabilityAssessment
- func (c *CVEClient) convertNVDToCVEResults(nvdResp NVDResponse) []CVEResult
- func (c *CVEClient) determineRiskLevel(assessment *VulnerabilityAssessment) string
- func (c *CVEClient) searchCVEs(technology, version string) ([]CVEResult, error)
- type CVEResult
- type NVDResponse
- type VulnerabilityAssessment
func GetThreatLevelFromAssessment¶
GetThreatLevelFromAssessment converts CVE risk level to the Tests package ThreatLevel enum. This function provides integration between CVE assessment results and the test framework's threat classification system.
Mapping:
- CRITICAL → 5 (Critical threat)
- HIGH → 4 (High threat)
- MEDIUM → 3 (Medium threat)
- LOW → 2 (Low threat)
- NONE → 0 (No threat)
- default → 1 (Info level)
Parameters:
- assessment: VulnerabilityAssessment containing the risk level
Returns:
- int: ThreatLevel value compatible with Tests.ThreatLevel enum
func buildSearchQuery¶
buildSearchQuery creates an optimized search query for the NVD API by combining technology name and version. If version is not available or set to "detected", it searches only by technology name.
Parameters:
- technology: Technology name to search for
- version: Technology version (optional, can be empty or "detected")
Returns:
- string: Formatted search query for the NVD API
func normalizeTechnologyName¶
normalizeTechnologyName standardizes technology names to match how they appear in the NVD database. This improves search accuracy by mapping common technology names to their official NVD identifiers.
Parameters:
- technology: Original technology name (e.g., "Apache", "Nginx")
Returns:
- string: Normalized technology name for NVD search (e.g., "apache http server", "nginx")
Supported technologies include web servers (Apache, Nginx, IIS), frameworks (Django, Laravel, Spring), and content management systems (WordPress, Drupal).
type CVEClient¶
CVEClient handles communication with CVE databases, specifically the NIST NVD API. It provides methods for searching vulnerabilities and assessing security risks for specific technologies and versions.
func NewCVEClient¶
NewCVEClient creates a new CVE client instance configured to communicate with the NIST NVD API. The client is initialized with a 30-second timeout for HTTP requests and uses the official NVD CVE API 2.0 endpoint.
Returns:
- *CVEClient: A ready-to-use CVE client instance
Example:
client := NewCVEClient()
assessment, err := client.AssessTechnologyVulnerabilities("nginx", "1.21.0")
func (*CVEClient) AssessTechnologyVulnerabilities¶
func (c *CVEClient) AssessTechnologyVulnerabilities(technology, version string) (*VulnerabilityAssessment, error)
AssessTechnologyVulnerabilities checks for CVEs affecting a specific technology and version. It performs a comprehensive vulnerability assessment by querying the NVD database, analyzing the results, and calculating an overall risk level.
The method normalizes technology names for better search accuracy and aggregates vulnerability data including severity counts and CVSS scores.
Parameters:
- technology: Technology name (e.g., "nginx", "Apache", "PHP")
- version: Technology version string (e.g., "1.21.0", "2.4.41")
Returns:
- *VulnerabilityAssessment: Complete assessment with CVEs and risk analysis
- error: Error if the search or analysis fails
Example:
client := NewCVEClient()
assessment, err := client.AssessTechnologyVulnerabilities("nginx", "1.21.0")
if err != nil {
log.Fatal(err)
}
fmt.Printf("Found %d CVEs with risk level: %s\n", assessment.CVECount, assessment.RiskLevel)
func (*CVEClient) analyzeCVEs¶
func (c *CVEClient) analyzeCVEs(technology, version string, cves []CVEResult) *VulnerabilityAssessment
analyzeCVEs performs comprehensive analysis on the CVE results to create a VulnerabilityAssessment. It categorizes CVEs by severity, finds the maximum CVSS score, and determines an overall risk level.
Parameters:
- technology: Technology name being assessed
- version: Technology version being assessed
- cves: List of CVE entries to analyze
Returns:
- *VulnerabilityAssessment: Complete assessment with aggregated statistics and risk level
func (*CVEClient) convertNVDToCVEResults¶
convertNVDToCVEResults converts NVD API response to our internal CVEResult format. It extracts essential information including CVE ID, description, CVSS scores, and severity ratings. Prefers CVSS v3.1 metrics over v2 when available.
Parameters:
- nvdResp: Raw NVD API response structure
Returns:
- []CVEResult: Converted list of CVE entries in simplified format
func (*CVEClient) determineRiskLevel¶
determineRiskLevel calculates overall risk based on CVE analysis using a weighted approach that considers both the number and severity of vulnerabilities.
Risk levels are determined as follows:
- CRITICAL: Any HIGH/CRITICAL severity CVE present
- HIGH: 3 or more MEDIUM severity CVEs
- MEDIUM: Any MEDIUM severity CVE or 5+ LOW severity CVEs
- LOW: Any CVEs present that don't meet higher thresholds
- NONE: No CVEs found
Parameters:
- assessment: VulnerabilityAssessment with severity counts
Returns:
- string: Risk level classification (NONE, LOW, MEDIUM, HIGH, or CRITICAL)
func (*CVEClient) searchCVEs¶
searchCVEs performs the actual search against the NVD database using the CVE API 2.0. It constructs an HTTP request with appropriate headers, executes the search, and parses the JSON response into CVEResult structures.
Parameters:
- technology: Normalized technology name
- version: Technology version string
Returns:
- []CVEResult: List of matching CVE entries
- error: Error if the request fails or response cannot be parsed
type CVEResult¶
CVEResult represents a single CVE vulnerability entry with essential information including severity rating, CVSS score, and publication dates.
type CVEResult struct {
ID string `json:"id"` // CVE identifier (e.g., "CVE-2024-1234")
Description string `json:"description"` // Human-readable vulnerability description
Severity string `json:"severity"` // Severity level: LOW, MEDIUM, HIGH, or CRITICAL
Score float64 `json:"score"` // CVSS base score (0.0-10.0)
Published time.Time `json:"published"` // Original publication date
Modified time.Time `json:"modified"` // Last modification date
References []string `json:"references"` // External reference URLs
}
type NVDResponse¶
NVDResponse represents the structure of NIST NVD API response (CVE API 2.0). This structure maps the JSON response from the National Vulnerability Database, including pagination information and vulnerability details with CVSS metrics.
type NVDResponse struct {
ResultsPerPage int `json:"resultsPerPage"` // Number of results in current page
StartIndex int `json:"startIndex"` // Starting index for pagination
TotalResults int `json:"totalResults"` // Total number of matching results
Vulnerabilities []struct {
CVE struct {
ID string `json:"id"`
Description struct {
DescriptionData []struct {
Lang string `json:"lang"`
Value string `json:"value"`
} `json:"description_data"`
} `json:"description"`
Published time.Time `json:"published"`
Modified time.Time `json:"lastModified"`
Metrics struct {
CVSSMetricV31 []struct {
CVSSData struct {
BaseScore float64 `json:"baseScore"`
BaseSeverity string `json:"baseSeverity"`
} `json:"cvssData"`
} `json:"cvssMetricV31"`
CVSSMetricV2 []struct {
CVSSData struct {
BaseScore string `json:"baseScore"`
} `json:"cvssData"`
} `json:"cvssMetricV2"`
} `json:"metrics"`
} `json:"cve"`
} `json:"vulnerabilities"`
}
type VulnerabilityAssessment¶
VulnerabilityAssessment contains comprehensive analysis results for a specific technology and version. It aggregates CVE data, categorizes vulnerabilities by severity, and provides an overall risk assessment.
type VulnerabilityAssessment struct {
Technology string `json:"technology"` // Technology name (e.g., "nginx", "Apache")
Version string `json:"version"` // Technology version (e.g., "1.21.0")
CVECount int `json:"cve_count"` // Total number of CVEs found
HighSeverity int `json:"high_severity"` // Count of HIGH/CRITICAL severity CVEs
MediumSeverity int `json:"medium_severity"` // Count of MEDIUM severity CVEs
LowSeverity int `json:"low_severity"` // Count of LOW severity CVEs
MaxScore float64 `json:"max_score"` // Highest CVSS score among all CVEs
CVEs []CVEResult `json:"cves"` // Complete list of CVE entries
RiskLevel string `json:"risk_level"` // Overall risk: NONE, LOW, MEDIUM, HIGH, or CRITICAL
}
Generated by gomarkdoc