vulsio / go-cpe-dictionary Goto Github PK
View Code? Open in Web Editor NEWBuild a local copy of CPE(Common Platform Enumeration)
License: Apache License 2.0
Build a local copy of CPE(Common Platform Enumeration)
License: Apache License 2.0
✗ ubuntu@dev ~│g│s│g│v│go-cpe-dictionary ⎇ master~ ./integration/go-cpe.old version
go-cpe-dictionary v0.4.0 b2ebf6b
ubuntu@dev ~│g│s│g│v│go-cpe-dictionary ⎇ master~ ./integration/go-cpe.new version
go-cpe-dictionary v0.4.0 81471ba
make diff-server-rdb-redis
integration/go-cpe.new server --dbpath=/home/ubuntu/go/src/github.com/vulsio/go-cpe-dictionary/integration/go-cpe.new.sqlite3 --port 1325 > /dev/null 2>&1 &
integration/go-cpe.new server --dbtype redis --dbpath "redis://127.0.0.1:6380/0" --port 1326 > /dev/null 2>&1 &
INFO[10-07|05:47:37] start server mode test(mode: cpes)
INFO[10-07|05:47:37] check the communication with the server
INFO[10-07|05:47:37] communication with the server has been confirmed
WARNING[10-07|05:52:28] There is a difference between old and new(or RDB and Redis):
{'args': ('qualcomm', 'sd_710'), 'path': 'cpes/qualcomm/sd_710'}
pkill go-cpe.new
diff integration/diff/cpes/qualcomm\#sd_710.*
3c3,4
< "cpe:/h:qualcomm:sd_710:-"
---
> "cpe:/h:qualcomm:sd_710:-",
> "cpe:/h:qualcomm:sdm710:-"
Hi,
I have an error below:
kei@DZA201804189:~/go/src/github.com/kotakanbe/go-cpe-dictionary$ make install
fatal: No names found, cannot describe anything.
go get -u github.com/golang/dep/...
package github.com/golang/dep
imports context: unrecognized import path "context" (import path does not begin with hostname)
GNUmakefile:28: recipe for target 'dep' failed
make: *** [dep] Error 1
Proxy set
$ echo $http_proxy
http://xx.xx.xx.xx:xxxx/
$ echo $https_proxy
http://xx.xx.xx.xx:xxxx/
Could you tell me the solution?
Thank you,
Hi ! thanks you for your work !
I got an issue after make install.
Make install alone seem to dont work with this issue :
go install -ldflags "-X 'github.com/kotakanbe/go-cpe-dictionary/config.Version=v0.2.6' -X 'github.com/kotakanbe/go-cpe-dictionary/config.Revision=a707cd1'"
go: cannot find GOROOT directory: /usr/local/go
make: *** [GNUmakefile:38 : install] Erreur 2
So I sudo it :
sudo make install
And it work with this output :
go install -ldflags "-X 'github.com/kotakanbe/go-cpe-dictionary/config.Version=v0.2.6' -X 'github.com/kotakanbe/go-cpe-dictionary/config.Revision=a707cd1'"
After this I try to fetch CPE data with command :
gao-cpe-dictionary fetchnvd
But I get :
Command 'go-cpe-dictionary' not found, did you mean:
command 'go-cve-dictionary' from deb go-cve-dictionary
Try: sudo apt install
I dont know what happen ...
it's the first time i use go ...
thanks for your time / help
README Missatake? or Typo?
Hi,
I was just wondering if you knew how can one obtain the list of accurate CPEs for our locally installed applications? I did some searching but couldn't find any helpful material.
The question is out of topic and context of this tool, I'll close it afterward.
Thanks.
INFO[09-23|10:31:04] Fetch and insert from NVD...
554401 / 554401 [----------------------------------------------------------------------------------------------------] 100.00% 5925 p/s
INFO[09-23|10:39:51] Inserted 0 CPEs
INFO[09-23|10:39:51] Fetching... URL=https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2002.json.gz
INFO[09-23|10:39:51] Fetching... URL=https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2003.json.gz
2 / 2 [-----------------------------------------------------------------------------------------------------------------] 100.00% 1 p/s
CRIT[09-23|10:39:53] Failed to fetch. err="Failed to fetch nvd v3 feed. err : Failed to get feeds. err : [HTTP error. errs: [], url: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2003.json.gz HTTP error. errs: [], url: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2002.json.gz]"
What should i try to solve this problem
some CPEs are recommended like this
$ cpe-fuzzy-search search "Git"
2023/05/16 20:52:49 INFO: Search 5 results close to "Git" from cpe.sqlite3
[
{
"Title": "Gitpod",
"CPEs": [
"cpe:2.3:a:gitpod:gitpod:-:*:*:*:*:*:*:*"
]
},
{
"Title": "GitLab",
"CPEs": [
"cpe:2.3:a:gitlab:gitlab:-:*:*:*:-:*:*:*"
]
},
{
"Title": "Git 0.6",
"CPEs": [
"cpe:2.3:a:git:git:0.6:*:*:*:*:*:*:*"
]
},
{
"Title": "Git 0.5",
"CPEs": [
"cpe:2.3:a:git:git:0.5:*:*:*:*:*:*:*"
]
},
{
"Title": "Git 2.2.2",
"CPEs": [
"cpe:2.3:a:git:git:2.2.2:*:*:*:*:*:*:*"
]
}
]
NVD seems to quit its legacy data feeds by September 2023.
https://nvd.nist.gov/vuln/data-feeds
How should we face it?
Maybe it's easy to replace Fetcher > nvd.go ’s function below
func makeFeedURLBlocks(years []int) (urls []string) {
formatTemplate := "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-%d.json.gz"
for _, year := range years {
urls = append(urls, fmt.Sprintf(formatTemplate, year))
}
return urls
}
To the function to produce corresponnding API such as
https://services.nvd.nist.gov/rest/json/cves/2.0/?lastModStartDate=%d-01-01T00:00:00.000%2B01:00&lastModEndDate=%d-12-31T23:59:59.000%2B01:00
But I’m not sure whether this is a good solution.
My concern is about performance.
Does anybody have a good idea?
please change go-cpe-dictionary command.
before:
$ go-cpe-dictionary fetch
after:
$ go-cpe-dictionary fetchnvd
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.