vulsio / go-cpe-dictionary Goto Github PK
View Code? Open in Web Editor NEWBuild a local copy of CPE(Common Platform Enumeration)
License: Apache License 2.0
go-cpe-dictionary's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
ymomoi pombredanne sadayuki-matsuno zmackie c0ntr07 usiusi360 colorbox sudnonk directionless jbmaillet nsaeki scriptrock rainleo famatte69 noqcks remidinishanth-ntnx mainek00n jongho dogasantos jhb92 adpande yuanbing1113 ekmixon tttfrfr2 isabella232 sthagen opoet7 istolivinggo-cpe-dictionary's Issues
diff in integration test rdb vs redis
✗ ubuntu@dev ~│g│s│g│v│go-cpe-dictionary ⎇ master~ ./integration/go-cpe.old version
go-cpe-dictionary v0.4.0 b2ebf6b
ubuntu@dev ~│g│s│g│v│go-cpe-dictionary ⎇ master~ ./integration/go-cpe.new version
go-cpe-dictionary v0.4.0 81471ba
make diff-server-rdb-redis
integration/go-cpe.new server --dbpath=/home/ubuntu/go/src/github.com/vulsio/go-cpe-dictionary/integration/go-cpe.new.sqlite3 --port 1325 > /dev/null 2>&1 &
integration/go-cpe.new server --dbtype redis --dbpath "redis://127.0.0.1:6380/0" --port 1326 > /dev/null 2>&1 &
INFO[10-07|05:47:37] start server mode test(mode: cpes)
INFO[10-07|05:47:37] check the communication with the server
INFO[10-07|05:47:37] communication with the server has been confirmed
WARNING[10-07|05:52:28] There is a difference between old and new(or RDB and Redis):
{'args': ('qualcomm', 'sd_710'), 'path': 'cpes/qualcomm/sd_710'}
pkill go-cpe.new
diff integration/diff/cpes/qualcomm\#sd_710.*
3c3,4
< "cpe:/h:qualcomm:sd_710:-"
---
> "cpe:/h:qualcomm:sd_710:-",
> "cpe:/h:qualcomm:sdm710:-"
make install error
Hi,
I have an error below:
kei@DZA201804189:~/go/src/github.com/kotakanbe/go-cpe-dictionary$ make install
fatal: No names found, cannot describe anything.
go get -u github.com/golang/dep/...
package github.com/golang/dep
imports context: unrecognized import path "context" (import path does not begin with hostname)
GNUmakefile:28: recipe for target 'dep' failed
make: *** [dep] Error 1
Proxy set
$ echo $http_proxy
http://xx.xx.xx.xx:xxxx/
$ echo $https_proxy
http://xx.xx.xx.xx:xxxx/
Could you tell me the solution?
Thank you,
go-cpe-dictionary not found
Hi ! thanks you for your work !
I got an issue after make install.
-
Make install alone seem to dont work with this issue :
go install -ldflags "-X 'github.com/kotakanbe/go-cpe-dictionary/config.Version=v0.2.6' -X 'github.com/kotakanbe/go-cpe-dictionary/config.Revision=a707cd1'"
go: cannot find GOROOT directory: /usr/local/go
make: *** [GNUmakefile:38 : install] Erreur 2 -
So I sudo it :
sudo make install -
And it work with this output :
go install -ldflags "-X 'github.com/kotakanbe/go-cpe-dictionary/config.Version=v0.2.6' -X 'github.com/kotakanbe/go-cpe-dictionary/config.Revision=a707cd1'" -
After this I try to fetch CPE data with command :
gao-cpe-dictionary fetchnvd -
But I get :
Command 'go-cpe-dictionary' not found, did you mean:
command 'go-cve-dictionary' from deb go-cve-dictionary
Try: sudo apt install
I dont know what happen ...
it's the first time i use go ...
thanks for your time / help
Typo ?
README Missatake? or Typo?
$ go-cpe-dictionary fetch
... snip ...
$ ls -alh cpe.sqlite3
-rw-r--r-- 1 ec2-user ec2-user 7.0M Mar 24 13:20 cpe.sqlite3
$ go-cpe-dictionary fetch
... snip ...
$ ls -alh cpe.db
-rw-r--r-- 1 ec2-user ec2-user 7.0M Mar 24 13:20 cpe.db
[Question] How to find CPEs of locally installed applications
Hi,
I was just wondering if you knew how can one obtain the list of accurate CPEs for our locally installed applications? I did some searching but couldn't find any helpful material.
The question is out of topic and context of this tool, I'll close it afterward.
Thanks.
error:Fetch and insert from NVD
INFO[09-23|10:31:04] Fetch and insert from NVD...
554401 / 554401 [----------------------------------------------------------------------------------------------------] 100.00% 5925 p/s
INFO[09-23|10:39:51] Inserted 0 CPEs
INFO[09-23|10:39:51] Fetching... URL=https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2002.json.gz
INFO[09-23|10:39:51] Fetching... URL=https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2003.json.gz
2 / 2 [-----------------------------------------------------------------------------------------------------------------] 100.00% 1 p/s
CRIT[09-23|10:39:53] Failed to fetch. err="Failed to fetch nvd v3 feed. err : Failed to get feeds. err : [HTTP error. errs: [], url: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2003.json.gz HTTP error. errs: [], url: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2002.json.gz]"
What should i try to solve this problem
Recommend CPE based on package name
some CPEs are recommended like this
$ cpe-fuzzy-search search "Git"
2023/05/16 20:52:49 INFO: Search 5 results close to "Git" from cpe.sqlite3
[
{
"Title": "Gitpod",
"CPEs": [
"cpe:2.3:a:gitpod:gitpod:-:*:*:*:*:*:*:*"
]
},
{
"Title": "GitLab",
"CPEs": [
"cpe:2.3:a:gitlab:gitlab:-:*:*:*:-:*:*:*"
]
},
{
"Title": "Git 0.6",
"CPEs": [
"cpe:2.3:a:git:git:0.6:*:*:*:*:*:*:*"
]
},
{
"Title": "Git 0.5",
"CPEs": [
"cpe:2.3:a:git:git:0.5:*:*:*:*:*:*:*"
]
},
{
"Title": "Git 2.2.2",
"CPEs": [
"cpe:2.3:a:git:git:2.2.2:*:*:*:*:*:*:*"
]
}
]NVD quits its legacy data feeds by September 2023
NVD seems to quit its legacy data feeds by September 2023.
https://nvd.nist.gov/vuln/data-feeds
How should we face it?
Maybe it's easy to replace Fetcher > nvd.go ’s function below
func makeFeedURLBlocks(years []int) (urls []string) {
formatTemplate := "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-%d.json.gz"
for _, year := range years {
urls = append(urls, fmt.Sprintf(formatTemplate, year))
}
return urls
}
To the function to produce corresponnding API such as
https://services.nvd.nist.gov/rest/json/cves/2.0/?lastModStartDate=%d-01-01T00:00:00.000%2B01:00&lastModEndDate=%d-12-31T23:59:59.000%2B01:00
But I’m not sure whether this is a good solution.
My concern is about performance.
Does anybody have a good idea?
README.md
please change go-cpe-dictionary command.
before:
$ go-cpe-dictionary fetch
after:
$ go-cpe-dictionary fetchnvd
Backslashes in data?
I noticed that that periods in version numbers are escaped
Does the data come from NIST like this?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.