internal: move CVE structs from cmd/report2cve Structs from cmd/report2cve are moved to package internal, so that they can be used in other scripts that interact with CVEs. Change-Id: I0d05242756fbb75a4adbcb2bdc421767ac67ef21 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/355270 Trust: Julie Qiu <julie@golang.org> Run-TryBot: Julie Qiu <julie@golang.org> TryBot-Result: Go Bot <gobot@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org>

commit: bc3226dbb7d639288fc796a8ae45017a72052831 [log] [tgz]
author: Julie Qiu <julie@golang.org> Tue Oct 05 13:58:59 2021 -0500
committer: Julie Qiu <julie@golang.org> Fri Oct 15 20:05:30 2021 +0000
tree: 4ca909e76a00f2737afbd4d1f86edf83fe9f118f
parent: 0a8070bae7a2149a628949a8279e54f815a6fb75 [diff]
diff --git a/cmd/report2cve/main.go b/cmd/report2cve/main.go
index 4f3f588..a1030ed 100644
--- a/cmd/report2cve/main.go
+++ b/cmd/report2cve/main.go

@@ -12,150 +12,64 @@
 	"os"
 	"strings"
 
+	"golang.org/x/vulndb/internal"
 	"golang.org/x/vulndb/internal/report"
 	"gopkg.in/yaml.v2"
 )
 
-// Affects
-type Affects struct {
-	Vendor Vendor `json:"vendor"`
-}
-
-// CVEDataMeta
-type CVEDataMeta struct {
-	ASSIGNER string `json:"ASSIGNER"`
-	ID       string `json:"ID"`
-	STATE    string `json:"STATE"`
-}
-
-// Description
-type Description struct {
-	DescriptionData []LangString `json:"description_data"`
-}
-
-// LangString
-type LangString struct {
-	Lang  string `json:"lang"`
-	Value string `json:"value"`
-}
-
-// Problemtype
-type Problemtype struct {
-	ProblemtypeData []ProblemtypeDataItems `json:"problemtype_data"`
-}
-
-// ProblemtypeDataItems
-type ProblemtypeDataItems struct {
-	Description []LangString `json:"description"`
-}
-
-type VersionData struct {
-	VersionData []VersionDataItems `json:"version_data"`
-}
-
-type ProductDataItem struct {
-	ProductName string      `json:"product_name"`
-	Version     VersionData `json:"version"`
-}
-
-// Product
-type Product struct {
-	ProductData []ProductDataItem `json:"product_data"`
-}
-
-// Reference
-type Reference struct {
-	URL string `json:"url"`
-}
-
-// References
-type References struct {
-	ReferenceData []Reference `json:"reference_data"`
-}
-
-// Vendor
-type Vendor struct {
-	VendorData []VendorDataItems `json:"vendor_data"`
-}
-
-// VendorDataItems
-type VendorDataItems struct {
-	Product    Product `json:"product"`
-	VendorName string  `json:"vendor_name"`
-}
-
-// VersionDataItems
-type VersionDataItems struct {
-	VersionValue    string `json:"version_value"`
-	VersionAffected string `json:"version_affected"`
-}
-
-// CVE
-type CVE struct {
-	DataType    string      `json:"data_type"`
-	DataFormat  string      `json:"data_format"`
-	DataVersion string      `json:"data_version"`
-	CVEDataMeta CVEDataMeta `json:"CVE_data_meta"`
-
-	Affects     Affects     `json:"affects"`
-	Description Description `json:"description"`
-	Problemtype Problemtype `json:"problemtype"`
-	References  References  `json:"references"`
-}
-
-func fromReport(report *report.Report) (*CVE, error) {
-	if report.CVE != "" {
+func fromReport(r *report.Report) (*internal.CVE, error) {
+	if r.CVE != "" {
 		return nil, errors.New("report has CVE ID is wrong section (should be in cve_metadata for self-issued CVEs)")
 	}
-	if report.CVEMetadata == nil {
+	if r.CVEMetadata == nil {
 		return nil, errors.New("report missing cve_metadata section")
 	}
-	if report.CVEMetadata.ID == "" {
+	if r.CVEMetadata.ID == "" {
 		return nil, errors.New("report missing CVE ID")
 	}
 
-	cve := &CVE{
+	c := &internal.CVE{
 		DataType:    "CVE",
 		DataFormat:  "MITRE",
 		DataVersion: "4.0",
-		CVEDataMeta: CVEDataMeta{
-			ID:       report.CVEMetadata.ID,
+		CVEDataMeta: internal.CVEDataMeta{
+			ID:       r.CVEMetadata.ID,
 			ASSIGNER: "security@golang.org",
 			STATE:    "PUBLIC",
 		},
 
-		Description: Description{
-			DescriptionData: []LangString{
+		Description: internal.Description{
+			DescriptionData: []internal.LangString{
 				{
 					Lang:  "eng",
-					Value: strings.TrimSuffix(report.CVEMetadata.Description, "\n"),
+					Value: strings.TrimSuffix(r.CVEMetadata.Description, "\n"),
 				},
 			},
 		},
 
-		Problemtype: Problemtype{
-			ProblemtypeData: []ProblemtypeDataItems{
+		Problemtype: internal.Problemtype{
+			ProblemtypeData: []internal.ProblemtypeDataItems{
 				{
-					Description: []LangString{
+					Description: []internal.LangString{
 						{
 							Lang:  "eng",
-							Value: report.CVEMetadata.CWE,
+							Value: r.CVEMetadata.CWE,
 						},
 					},
 				},
 			},
 		},
 
-		Affects: Affects{
-			Vendor: Vendor{
-				VendorData: []VendorDataItems{
+		Affects: internal.Affects{
+			Vendor: internal.Vendor{
+				VendorData: []internal.VendorDataItems{
 					{
 						VendorName: "n/a", // ???
-						Product: Product{
-							ProductData: []ProductDataItem{
+						Product: internal.Product{
+							ProductData: []internal.ProductDataItem{
 								{
-									ProductName: report.Package,
-									Version:     versionToVersion(report.Versions),
+									ProductName: r.Package,
+									Version:     versionToVersion(r.Versions),
 								},
 							},
 						},
@@ -165,11 +79,11 @@
 		},
 	}
 
-	for _, additional := range report.AdditionalPackages {
-		cve.Affects.Vendor.VendorData = append(cve.Affects.Vendor.VendorData, VendorDataItems{
+	for _, additional := range r.AdditionalPackages {
+		c.Affects.Vendor.VendorData = append(c.Affects.Vendor.VendorData, internal.VendorDataItems{
 			VendorName: "n/a",
-			Product: Product{
-				ProductData: []ProductDataItem{
+			Product: internal.Product{
+				ProductData: []internal.ProductDataItem{
 					{
 						ProductName: additional.Package,
 						Version:     versionToVersion(additional.Versions),
@@ -179,30 +93,30 @@
 		})
 	}
 
-	if report.Links.PR != "" {
-		cve.References.ReferenceData = append(cve.References.ReferenceData, Reference{URL: report.Links.PR})
+	if r.Links.PR != "" {
+		c.References.ReferenceData = append(c.References.ReferenceData, internal.Reference{URL: r.Links.PR})
 	}
-	if report.Links.Commit != "" {
-		cve.References.ReferenceData = append(cve.References.ReferenceData, Reference{URL: report.Links.Commit})
+	if r.Links.Commit != "" {
+		c.References.ReferenceData = append(c.References.ReferenceData, internal.Reference{URL: r.Links.Commit})
 	}
-	for _, url := range report.Links.Context {
-		cve.References.ReferenceData = append(cve.References.ReferenceData, Reference{URL: url})
+	for _, url := range r.Links.Context {
+		c.References.ReferenceData = append(c.References.ReferenceData, internal.Reference{URL: url})
 	}
 
-	return cve, nil
+	return c, nil
 }
 
-func versionToVersion(versions []report.VersionRange) VersionData {
-	vd := VersionData{}
+func versionToVersion(versions []report.VersionRange) internal.VersionData {
+	vd := internal.VersionData{}
 	for _, vr := range versions {
 		if vr.Introduced != "" {
-			vd.VersionData = append(vd.VersionData, VersionDataItems{
+			vd.VersionData = append(vd.VersionData, internal.VersionDataItems{
 				VersionValue:    vr.Introduced,
 				VersionAffected: ">=",
 			})
 		}
 		if vr.Fixed != "" {
-			vd.VersionData = append(vd.VersionData, VersionDataItems{
+			vd.VersionData = append(vd.VersionData, internal.VersionDataItems{
 				VersionValue:    vr.Fixed,
 				VersionAffected: "<",
 			})

diff --git a/internal/cve.go b/internal/cve.go
new file mode 100644
index 0000000..54cab41
--- /dev/null
+++ b/internal/cve.go

@@ -0,0 +1,92 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package internal
+
+// Affects
+type Affects struct {
+	Vendor Vendor `json:"vendor"`
+}
+
+// CVEDataMeta
+type CVEDataMeta struct {
+	ASSIGNER string `json:"ASSIGNER"`
+	ID       string `json:"ID"`
+	STATE    string `json:"STATE"`
+}
+
+// Description
+type Description struct {
+	DescriptionData []LangString `json:"description_data"`
+}
+
+// LangString
+type LangString struct {
+	Lang  string `json:"lang"`
+	Value string `json:"value"`
+}
+
+// Problemtype
+type Problemtype struct {
+	ProblemtypeData []ProblemtypeDataItems `json:"problemtype_data"`
+}
+
+// ProblemtypeDataItems
+type ProblemtypeDataItems struct {
+	Description []LangString `json:"description"`
+}
+
+type VersionData struct {
+	VersionData []VersionDataItems `json:"version_data"`
+}
+
+type ProductDataItem struct {
+	ProductName string      `json:"product_name"`
+	Version     VersionData `json:"version"`
+}
+
+// Product
+type Product struct {
+	ProductData []ProductDataItem `json:"product_data"`
+}
+
+// Reference
+type Reference struct {
+	URL string `json:"url"`
+}
+
+// References
+type References struct {
+	ReferenceData []Reference `json:"reference_data"`
+}
+
+// Vendor
+type Vendor struct {
+	VendorData []VendorDataItems `json:"vendor_data"`
+}
+
+// VendorDataItems
+type VendorDataItems struct {
+	Product    Product `json:"product"`
+	VendorName string  `json:"vendor_name"`
+}
+
+// VersionDataItems
+type VersionDataItems struct {
+	VersionValue    string `json:"version_value"`
+	VersionAffected string `json:"version_affected"`
+}
+
+// CVE
+type CVE struct {
+	DataType    string      `json:"data_type"`
+	DataFormat  string      `json:"data_format"`
+	DataVersion string      `json:"data_version"`
+	CVEDataMeta CVEDataMeta `json:"CVE_data_meta"`
+
+	Affects     Affects     `json:"affects"`
+	Description Description `json:"description"`
+	Problemtype Problemtype `json:"problemtype"`
+	References  References  `json:"references"`
+}
commit	bc3226dbb7d639288fc796a8ae45017a72052831	[log] [tgz]
author	Julie Qiu <julie@golang.org>	Tue Oct 05 13:58:59 2021 -0500
committer	Julie Qiu <julie@golang.org>	Fri Oct 15 20:05:30 2021 +0000
tree	4ca909e76a00f2737afbd4d1f86edf83fe9f118f
parent	0a8070bae7a2149a628949a8279e54f815a6fb75 [diff]