fleet/cmd/fleetctl/vulnerability_data_stream.go

package main

import (
	"errors"
	"os"

	"github.com/fleetdm/fleet/v4/pkg/fleethttp"
	"github.com/fleetdm/fleet/v4/server/vulnerabilities/nvd"
	"github.com/fleetdm/fleet/v4/server/vulnerabilities/oval"
	"github.com/urfave/cli/v2"
)

func vulnerabilityDataStreamCommand() *cli.Command {
	var dir string
	return &cli.Command{
		Name:  "vulnerability-data-stream",
		Usage: "Download the vulnerability data stream",
		UsageText: `
fleetctl vulnerability-data-stream [options]

Downloads (if needed) the data streams that can be used by the Fleet server to process software for vulnerabilities.
`,
		Flags: []cli.Flag{
			&cli.StringFlag{
				Name:        "dir",
				EnvVars:     []string{"DIR"},
				Value:       "",
				Destination: &dir,
				Usage:       "Directory to place the data streams in",
			},
			configFlag(),
			contextFlag(),
			debugFlag(),
		},
		Action: func(c *cli.Context) error {
			if dir == "" {
				return errors.New("No directory provided")
			}
			err := os.MkdirAll(dir, 0o700)
			if err != nil {
				return err
			}
			client := fleethttp.NewClient()

			log(c, "[-] Downloading CPE database...")
			err = nvd.DownloadCPEDB(dir, client, "")
			if err != nil {
				return err
			}
			log(c, " Done\n")

			log(c, "[-] Downloading CPE translations...")
			err = nvd.DownloadCPETranslations(dir, client, "")
			if err != nil {
				return err
			}
			log(c, " Done\n")

			log(c, "[-] Downloading NVD CVE feed...")
			err = nvd.DownloadNVDCVEFeed(dir, "")
			if err != nil {
				return err
			}
			log(c, " Done\n")

			log(c, "[-] Downloading EPSS feed...")
			err = nvd.DownloadEPSSFeed(dir, client)
			if err != nil {
				return err
			}
			log(c, " Done\n")

			log(c, "[-] Downloading CISA known exploits feed...")
			err = nvd.DownloadCISAKnownExploitsFeed(dir, client)
			if err != nil {
				return err
			}
			log(c, " Done\n")

			log(c, "[-] Downloading Oval definitions...")
			err = oval.Sync(client, dir, nil)
			if err != nil {
				return err
			}
			log(c, " Done\n")

			log(c, "[+] Data streams successfully downloaded!\n")
			return nil
		},
	}
}