feat(detector/cve): new support for fortinet data feed (#1736)
This commit is contained in:
MaineK00n
@@ -163,15 +163,15 @@ func (client goCveDictClient) detectCveByCpeURI(cpeURI string, useJVN bool) (cve
|
||||
return cves, nil
|
||||
}
|
||||
|
||||
nvdCves := []cvemodels.CveDetail{}
|
||||
filtered := []cvemodels.CveDetail{}
|
||||
for _, cve := range cves {
|
||||
if !cve.HasNvd() {
|
||||
if !cve.HasNvd() && !cve.HasFortinet() {
|
||||
continue
|
||||
}
|
||||
cve.Jvns = []cvemodels.Jvn{}
|
||||
nvdCves = append(nvdCves, cve)
|
||||
filtered = append(filtered, cve)
|
||||
}
|
||||
return nvdCves, nil
|
||||
return filtered, nil
|
||||
}
|
||||
|
||||
func httpPost(url string, query map[string]string) ([]cvemodels.CveDetail, error) {
|
||||
|
||||
@@ -96,7 +96,7 @@ func Detect(rs []models.ScanResult, dir string) ([]models.ScanResult, error) {
|
||||
return nil, xerrors.Errorf("Failed to fill with gost: %w", err)
|
||||
}
|
||||
|
||||
if err := FillCvesWithNvdJvn(&r, config.Conf.CveDict, config.Conf.LogOpts); err != nil {
|
||||
if err := FillCvesWithNvdJvnFortinet(&r, config.Conf.CveDict, config.Conf.LogOpts); err != nil {
|
||||
return nil, xerrors.Errorf("Failed to fill with CVE: %w", err)
|
||||
}
|
||||
|
||||
@@ -327,8 +327,8 @@ func DetectWordPressCves(r *models.ScanResult, wpCnf config.WpScanConf) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// FillCvesWithNvdJvn fills CVE detail with NVD, JVN
|
||||
func FillCvesWithNvdJvn(r *models.ScanResult, cnf config.GoCveDictConf, logOpts logging.LogOpts) (err error) {
|
||||
// FillCvesWithNvdJvnFortinet fills CVE detail with NVD, JVN, Fortinet
|
||||
func FillCvesWithNvdJvnFortinet(r *models.ScanResult, cnf config.GoCveDictConf, logOpts logging.LogOpts) (err error) {
|
||||
cveIDs := []string{}
|
||||
for _, v := range r.ScannedCves {
|
||||
cveIDs = append(cveIDs, v.CveID)
|
||||
@@ -352,6 +352,7 @@ func FillCvesWithNvdJvn(r *models.ScanResult, cnf config.GoCveDictConf, logOpts
|
||||
for _, d := range ds {
|
||||
nvds, exploits, mitigations := models.ConvertNvdToModel(d.CveID, d.Nvds)
|
||||
jvns := models.ConvertJvnToModel(d.CveID, d.Jvns)
|
||||
fortinets := models.ConvertFortinetToModel(d.CveID, d.Fortinets)
|
||||
|
||||
alerts := fillCertAlerts(&d)
|
||||
for cveID, vinfo := range r.ScannedCves {
|
||||
@@ -364,7 +365,7 @@ func FillCvesWithNvdJvn(r *models.ScanResult, cnf config.GoCveDictConf, logOpts
|
||||
vinfo.CveContents[con.Type] = []models.CveContent{con}
|
||||
}
|
||||
}
|
||||
for _, con := range jvns {
|
||||
for _, con := range append(jvns, fortinets...) {
|
||||
if !con.Empty() {
|
||||
found := false
|
||||
for _, cveCont := range vinfo.CveContents[con.Type] {
|
||||
@@ -511,6 +512,13 @@ func DetectCpeURIsCves(r *models.ScanResult, cpes []Cpe, cnf config.GoCveDictCon
|
||||
|
||||
for _, detail := range details {
|
||||
advisories := []models.DistroAdvisory{}
|
||||
if detail.HasFortinet() {
|
||||
for _, fortinet := range detail.Fortinets {
|
||||
advisories = append(advisories, models.DistroAdvisory{
|
||||
AdvisoryID: fortinet.AdvisoryID,
|
||||
})
|
||||
}
|
||||
}
|
||||
if !detail.HasNvd() && detail.HasJvn() {
|
||||
for _, jvn := range detail.Jvns {
|
||||
advisories = append(advisories, models.DistroAdvisory{
|
||||
@@ -542,9 +550,25 @@ func DetectCpeURIsCves(r *models.ScanResult, cpes []Cpe, cnf config.GoCveDictCon
|
||||
}
|
||||
|
||||
func getMaxConfidence(detail cvemodels.CveDetail) (max models.Confidence) {
|
||||
if !detail.HasNvd() && detail.HasJvn() {
|
||||
return models.JvnVendorProductMatch
|
||||
} else if detail.HasNvd() {
|
||||
if detail.HasFortinet() {
|
||||
for _, fortinet := range detail.Fortinets {
|
||||
confidence := models.Confidence{}
|
||||
switch fortinet.DetectionMethod {
|
||||
case cvemodels.FortinetExactVersionMatch:
|
||||
confidence = models.FortinetExactVersionMatch
|
||||
case cvemodels.FortinetRoughVersionMatch:
|
||||
confidence = models.FortinetRoughVersionMatch
|
||||
case cvemodels.FortinetVendorProductMatch:
|
||||
confidence = models.FortinetVendorProductMatch
|
||||
}
|
||||
if max.Score < confidence.Score {
|
||||
max = confidence
|
||||
}
|
||||
}
|
||||
return max
|
||||
}
|
||||
|
||||
if detail.HasNvd() {
|
||||
for _, nvd := range detail.Nvds {
|
||||
confidence := models.Confidence{}
|
||||
switch nvd.DetectionMethod {
|
||||
@@ -559,7 +583,13 @@ func getMaxConfidence(detail cvemodels.CveDetail) (max models.Confidence) {
|
||||
max = confidence
|
||||
}
|
||||
}
|
||||
return max
|
||||
}
|
||||
|
||||
if detail.HasJvn() {
|
||||
return models.JvnVendorProductMatch
|
||||
}
|
||||
|
||||
return max
|
||||
}
|
||||
|
||||
|
||||
@@ -69,6 +69,19 @@ func Test_getMaxConfidence(t *testing.T) {
|
||||
},
|
||||
wantMax: models.NvdVendorProductMatch,
|
||||
},
|
||||
{
|
||||
name: "FortinetExactVersionMatch",
|
||||
args: args{
|
||||
detail: cvemodels.CveDetail{
|
||||
Nvds: []cvemodels.Nvd{
|
||||
{DetectionMethod: cvemodels.NvdExactVersionMatch},
|
||||
},
|
||||
Jvns: []cvemodels.Jvn{{DetectionMethod: cvemodels.JvnVendorProductMatch}},
|
||||
Fortinets: []cvemodels.Fortinet{{DetectionMethod: cvemodels.FortinetExactVersionMatch}},
|
||||
},
|
||||
},
|
||||
wantMax: models.FortinetExactVersionMatch,
|
||||
},
|
||||
{
|
||||
name: "empty",
|
||||
args: args{
|
||||
|
||||
Reference in New Issue
Block a user