Categorygithub.com/fleetdm/fleet/v4servervulnerabilitiesnvd

package

4.43.4

Repository: https://github.com/fleetdm/fleet.git

Documentation: pkg.go.dev

# README

Testing CPE Translations

To improve accuracy when mapping software to CVEs, we can add data to cpe_translations.json which will get picked up by the NVD repo.

To test these changes locally, you can:

make the appropriate changes to cpe_translations

host this file on a local web server

./tools/file-server 8082 ./server/vulnerabilities/nvd/cpe_translations.json

(re)launch your local fleet server with the following --config

vulnerabilities:
cpe_translations_url: "http://localhost:8082/cpe_translations.json"

trigger the vulnerabilities scan

fleetctl trigger --name vulnerabilities

# Packages

sync

Package nvdsync provides a CVE syncer that uses the NVD 2.0 API to download CVE information and stores it in the legacy format.

# Functions

CPEFromSoftware

CPEFromSoftware attempts to find a matching cpe entry for the given software in the NVD CPE dictionary.

DownloadCISAKnownExploitsFeed

DownloadCISAKnownExploitsFeed downloads the CISA known exploited vulnerabilities feed.

DownloadCPEDBFromGithub

DownloadCPEDB downloads the CPE database to the given vulnPath.

DownloadCPETranslationsFromGithub

DownloadCPETranslationsFromGithub downloads the CPE translations to the given vulnPath.

DownloadEPSSFeed

DownloadEPSSFeed downloads the EPSS scores feed.

DownloadNVDCVEFeed

DownloadNVDCVEFeed downloads CVEs information from a CVE source.

GenerateCPEDB

No description provided by the author

GetGithubNVDAsset

GetGithubNVDAsset looks at the last 10 releases and returns the first (release, asset) pair that matches pred.

GetKnownNVDBugRules

GetKnownNVDBugRules returns a list of CPEMatchingRules used for ignoring false positives detected during the NVD vuln.

GetMacOSCPEs

GetMacOSCPEs translates all found macOS Operating Systems to CPEs.

LoadCVEMeta

LoadCVEMeta loads the cvss scores, epss scores, and known exploits from the previously downloaded feeds and saves them to the database.

Sync

Sync downloads all the vulnerability data sources.

TranslateCPEToCVE

TranslateCPEToCVE maps the CVEs found in NVD archive files in the vulnerabilities database folder to software CPEs in the fleet database.

TranslateSoftwareToCPE

No description provided by the author

# Constants

XmlCPETestDict

No description provided by the author

# Structs

CPEMatchingRule

CPEMatchingRule allows you to express a matching rule based on some CPE properties, one or more CVEs and one or more SemVer constraint.

CPEMatchingRuleSpec

CPEMatchingRuleSpec allows you to match against a CPE.

CPETranslation

No description provided by the author

CPETranslationItem

No description provided by the author

CPETranslationSoftware

CPETranslationSoftware represents software match criteria for cpe translations.

IndexedCPEItem

No description provided by the author

SyncOptions

No description provided by the author

# Type aliases

CPEMatchingRules

No description provided by the author

CPETranslations

CPETranslations include special case translations for software that fail to match entries in the NVD CPE Dictionary using the standard logic.