Skip to content

x/vulndb: implement client library and cli tool for MITRE CVE Services API #53256

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tatianab opened this issue Jun 6, 2022 · 4 comments
Closed

x/vulndb: implement client library and cli tool for MITRE CVE Services API #53256

tatianab opened this issue Jun 6, 2022 · 4 comments
Assignees
@tatianab
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
Unreleased

Comments

@tatianab
Copy link

tatianab commented Jun 6, 2022

No description provided.

@gopherbot gopherbot added this to the Unreleased milestone Jun 6, 2022
@cherrymui cherrymui added vulndb NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Jun 6, 2022
@tatianab tatianab self-assigned this Jun 6, 2022
@tatianab tatianab added NeedsFix The path to resolution is known, but the work has not been done. and removed NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. labels Jun 7, 2022
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/409995 mentions this issue: x/vulndb: add client and cli for managing CVE IDs

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/411514 mentions this issue: x/vulndb: add publish command to cve tool

gopherbot pushed a commit to golang/vulndb that referenced this issue Jun 10, 2022
@gopherbot
x/vulndb: add client and cli for managing CVE IDs
b33de87 
Adds new internal package cveclient, a Go client for the MITRE CVE
Services API. Implements functionality to reserve new IDs, lookup
existing IDs, lookup quota, and list IDs for an organization.

Also adds a command line tool 'cve' to call the client functions.

For golang/go#53256

Change-Id: I10fad48adbdac32485ddf05975e2604021607079
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/409995
Reviewed-by: Julie Qiu <julieqiu@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Auto-Submit: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Julie Qiu <julieqiu@google.com>
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/412877 mentions this issue: x/vulndb: add cve org command to lookup org info

gopherbot pushed a commit to golang/vulndb that referenced this issue Aug 1, 2022
x/vulndb: add cve publish and record commands
d66b9fe 
Adds a new command, cve publish, which can be used to publish CVE
Records to MITRE from YAML reports or JSON files. Also adds a cve record
command to look up existing CVE records by ID. The commands are
currently only supported in the test environment as the MITRE API does
not yet support the commands in production.

To support these commands, this CL also contains logic to convert YAML
report files to the new CVE JSON 5.0 format.

For golang/go#53256

Change-Id: I024bb18a2ece851724ca97f2f6d77f6aafc956b0
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/411514
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
@tatianab tatianab closed this as completed Aug 8, 2022
@julieqiu julieqiu added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Sep 8, 2022
gopherbot pushed a commit to golang/vulndb that referenced this issue Oct 28, 2022
@tatianab
internal/cveclient, cmd/cve: remove "unsupported" error in cve commands
6b4153e 
MITRE now supports publishing and looking up CVEs via a prod API
(https://github.com/CVEProject/cve-services), so our "cve" command no
longer errors when a user attempts to publish or view a record in the
prod environment.

This CL also fixes the endpoint for the "cve record" command which was
incorrect.

For golang/go#53256

Change-Id: I1a28f9607de1253a5e9bdeb1249f44de4b8f7e47
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/446216
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Reviewed-by: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/446216 mentions this issue: internal/cveclient, cmd/cve: remove "unsupported" error in cve commands

@golang golang locked and limited conversation to collaborators Oct 28, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@tatianab tatianab

Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
Go Security
Status: No status
Milestone
Unreleased
Development

No branches or pull requests
4 participants
@julieqiu @tatianab @gopherbot @cherrymui