internal/nistnvd: implement nist_nvd_cves data source (#137)

blackstork-io · Mar 30, 2024 · 23af466 · 23af466
1 parent f9825e5
commit 23af466
Show file tree

Hide file tree

Showing 23 changed files with 1,178 additions and 92 deletions.
diff --git a/.goreleaser-dev.yaml b/.goreleaser-dev.yaml
@@ -51,6 +51,12 @@ builds:
     ldflags: "-X main.version={{.Version}}"
     no_unique_dist_dir: true
 
+  - id: nistnvd
+    main: ./internal/nistnvd/cmd
+    binary: "plugins/blackstork/nist_nvd@{{ .Version }}"
+    ldflags: "-X main.version={{.Version}}"
+    no_unique_dist_dir: true
+
   - id: postgresql
     main: ./internal/postgresql/cmd
     binary: "plugins/blackstork/postgresql@{{ .Version }}"

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -77,6 +77,18 @@ builds:
       - windows
       - darwin
 
+  - id: plugin_nist_nvd
+    main: ./internal/nistnvd/cmd
+    binary: "nist_nvd@{{ .Version }}"
+    flags: "-trimpath"
+    hooks:
+      post:
+        - go run ./tools/pluginmeta --namespace blackstork --version {{.Version}} patch --plugin {{.Path}} --os {{.Os}} --arch {{.Arch}}
+    goos:
+      - linux
+      - windows
+      - darwin
+
   - id: plugin_opencti
     main: ./internal/opencti/cmd
     binary: "opencti@{{ .Version }}"
@@ -336,6 +348,18 @@ archives:
       {{- else }}{{ .Arch }}{{ end }}
       {{- if .Arm }}v{{ .Arm }}{{ end }}
 
+  - id: plugin_nist_nvd
+    format: tar.gz
+    builds:
+      - plugin_nist_nvd
+    name_template: >-
+      plugin_nist_nvd_
+      {{- .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+
 changelog:
   sort: asc
   filters:

diff --git a/.mockery.yaml b/.mockery.yaml
@@ -29,6 +29,10 @@ packages:
     config:
     interfaces:
       Client:
+  github.com/blackstork-io/fabric/internal/nistnvd/client:
+    config:
+    interfaces:
+      Client:
   github.com/blackstork-io/fabric/plugin/resolver:
     config:
       inpackage: true

diff --git a/docs/plugins/nist_nvd/_index.md b/docs/plugins/nist_nvd/_index.md
@@ -0,0 +1,30 @@
+---
+title: blackstork/nist_nvd
+weight: 20
+plugin:
+  name: blackstork/nist_nvd
+  description: ""
+  tags: []
+  version: "v0.4.0"
+  source_github: "https://github.com/blackstork-io/fabric/tree/main/internal/nistnvd/"
+type: docs
+---
+
+{{< plugin-header "blackstork/nist_nvd" "nist_nvd" "v0.4.0" >}}
+
+## Installation
+
+To install the plugin, add it to `plugin_versions` map in the Fabric global configuration block (see [Global configuration]({{< ref "configs.md#global-configuration" >}}) for more details), with a version constraint restricting which available versions of the plugin the codebase is compatible with:
+
+```hcl
+fabric {
+  plugin_versions = {
+    "blackstork/nist_nvd" = ">= v0.4.0"
+  }
+}
+```
+
+
+## Data sources
+
+{{< plugin-resources "nist_nvd" "data-source" >}}
diff --git a/docs/plugins/nist_nvd/data-sources/nist_nvd_cves.md b/docs/plugins/nist_nvd/data-sources/nist_nvd_cves.md
@@ -0,0 +1,70 @@
+---
+title: nist_nvd_cves
+plugin:
+  name: blackstork/nist_nvd
+  description: ""
+  tags: []
+  version: "v0.4.0"
+  source_github: "https://github.com/blackstork-io/fabric/tree/main/internal/nistnvd/"
+resource:
+  type: data-source
+type: docs
+---
+
+{{< breadcrumbs 2 >}}
+
+{{< plugin-resource-header "blackstork/nist_nvd" "nist_nvd" "v0.4.0" "nist_nvd_cves" "data source" >}}
+
+## Installation
+
+To use `nist_nvd_cves` data source, you must install the plugin `blackstork/nist_nvd`.
+
+To install the plugin, add the full plugin name to the `plugin_versions` map in the Fabric global configuration block (see [Global configuration]({{< ref "configs.md#global-configuration" >}}) for more details), as shown below:
+
+```hcl
+fabric {
+  plugin_versions = {
+    "blackstork/nist_nvd" = ">= v0.4.0"
+  }
+}
+```
+
+Note the version constraint set for the plugin.
+
+## Configuration
+
+The data source supports the following configuration parameters:
+
+```hcl
+config data nist_nvd_cves {
+    api_key = <string>  # optional
+}
+```
+
+## Usage
+
+The data source supports the following parameters in the data blocks:
+
+```hcl
+data nist_nvd_cves {
+    cpe_name = <string>  # optional
+    cve_id = <string>  # optional
+    cvss_v3_metrics = <string>  # optional
+    cvss_v3_severity = <string>  # optional
+    cwe_id = <string>  # optional
+    has_cert_alerts = <bool>  # optional
+    has_cert_notes = <bool>  # optional
+    has_kev = <bool>  # optional
+    is_vulnerable = <bool>  # optional
+    keyword_exact_match = <bool>  # optional
+    keyword_search = <string>  # optional
+    last_mod_end_date = <string>  # optional
+    last_mod_start_date = <string>  # optional
+    limit = <number>  # optional
+    no_rejected = <bool>  # optional
+    pub_end_date = <string>  # optional
+    pub_start_date = <string>  # optional
+    source_identifier = <string>  # optional
+    virtual_match_string = <string>  # optional
+}
+```