Don't outptu Gorm's cols(ID, date) in JSON

future-architect/vuls#77

README.md

@@ -77,18 +77,8 @@ $ go-cve-dictionary server
 ```
 $ curl http://127.0.0.1:1323/cves/CVE-2014-0160 | jq "." 
 {
-  "ID": 63949,
-  "CreatedAt": "2016-03-23T20:50:52.712279635+09:00",
-  "UpdatedAt": "2016-03-23T20:50:52.712279635+09:00",
-  "DeletedAt": null,
-  "CveInfoID": 0,
   "CveID": "CVE-2014-0160",
   "Nvd": {
-    "ID": 63949,
-    "CreatedAt": "2016-03-23T20:50:52.712384527+09:00",
-    "UpdatedAt": "2016-03-23T20:50:52.712384527+09:00",
-    "DeletedAt": null,
-    "CveDetailID": 63949,
     "Summary": "The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.",
     "Score": 5,
     "AccessVector": "NETWORK",
@@ -100,12 +90,6 @@ $ curl http://127.0.0.1:1323/cves/CVE-2014-0160 | jq "."
     "Cpes": null,
     "References": [
       {
-        "ID": 316262,
-        "CreatedAt": "2016-03-23T20:50:52.715120529+09:00",
-        "UpdatedAt": "2016-03-23T20:50:52.715120529+09:00",
-        "DeletedAt": null,
-        "JvnID": 0,
-        "NvdID": 63949,
         "Source": "CERT",
         "Link": "http://www.us-cert.gov/ncas/alerts/TA14-098A"
       },
@@ -115,11 +99,6 @@ $ curl http://127.0.0.1:1323/cves/CVE-2014-0160 | jq "."
     "LastModifiedDate": "2015-10-22T10:19:38.453-04:00"
   },
   "Jvn": {
-    "ID": 651,
-    "CreatedAt": "2016-03-23T20:53:47.711776398+09:00",
-    "UpdatedAt": "2016-03-23T20:53:47.711776398+09:00",
-    "DeletedAt": null,
-    "CveDetailID": 63949,
     "Title": "OpenSSL の heartbeat 拡張に情報漏えいの脆弱性",
     "Summary": "OpenSSL の heartbeat 拡張の実装には、情報漏えいの脆弱性が存在します。TLS や DTLS 通信において OpenSSL のコードを実行しているプロセスのメモリ内容が通信相手に漏えいする可能性があります。",
     "JvnLink": "http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-001920.html",
@@ -129,12 +108,6 @@ $ curl http://127.0.0.1:1323/cves/CVE-2014-0160 | jq "."
     "Vector": "(AV:N/AC:L/Au:N/C:P/I:N/A:N)",
     "References": [
       {
-        "ID": 369475,
-        "CreatedAt": "2016-03-23T20:53:47.711885901+09:00",
-        "UpdatedAt": "2016-03-23T20:53:47.711885901+09:00",
-        "DeletedAt": null,
-        "JvnID": 651,
-        "NvdID": 0,
         "Source": "AT-POLICE",
         "Link": "http://www.npa.go.jp/cyberpolice/detect/pdf/20140410.pdf"
       },
@@ -154,17 +127,8 @@ $ curl http://127.0.0.1:1323/cves/CVE-2014-0160 | jq "."
 $ curl -v -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"name": "cpe:/a:rubyonrails:ruby_on_rails:4.0.2:-"}' http://localhost:1323/cpes | jq "."
 [
   {
-    "ID": 345,
-    "CreatedAt": "2016-04-10T10:52:26.196610454+09:00",
-    "UpdatedAt": "2016-04-10T10:52:26.196610454+09:00",
-    "DeletedAt": null,
-    "CveInfoID": 0,
     "CveID": "CVE-2016-0751",
     "Nvd": {
-      "ID": 345,
-      "CreatedAt": "2016-04-10T10:52:26.196853826+09:00",
-      "UpdatedAt": "2016-04-10T10:52:26.196853826+09:00",
-      "DeletedAt": null,
       "CveDetailID": 345,
       "Summary": "actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not properly restrict use of the MIME type cache, which allows remote attackers to cause a denial of service (memory consumption) via a crafted HTTP Accept header.",
       "Score": 5,
@@ -177,22 +141,10 @@ $ curl -v -H "Accept: application/json" -H "Content-type: application/json" -X P
       "Cpes": null,
       "References": [
         {
-          "ID": 486,
-          "CreatedAt": "2016-04-10T10:52:26.217958168+09:00",
-          "UpdatedAt": "2016-04-10T10:52:26.217958168+09:00",
-          "DeletedAt": null,
-          "JvnID": 0,
-          "NvdID": 345,
           "Source": "MLIST",
           "Link": "https://groups.google.com/forum/message/raw?msg=ruby-security-ann/9oLY_FCzvoc/5CDXbvpYEgAJ"
         },
         {
-          "ID": 487,
-          "CreatedAt": "2016-04-10T10:52:26.218175571+09:00",
-          "UpdatedAt": "2016-04-10T10:52:26.218175571+09:00",
-          "DeletedAt": null,
-          "JvnID": 0,
-          "NvdID": 345,
           "Source": "MLIST",
           "Link": "http://www.openwall.com/lists/oss-security/2016/01/25/9"
         }
@@ -201,11 +153,6 @@ $ curl -v -H "Accept: application/json" -H "Content-type: application/json" -X P
       "LastModifiedDate": "2016-03-18T21:02:43.817-04:00"
     },
     "Jvn": {
-      "ID": 0,
-      "CreatedAt": "0001-01-01T00:00:00Z",
-      "UpdatedAt": "0001-01-01T00:00:00Z",
-      "DeletedAt": null,
-      "CveDetailID": 0,
       "Title": "",
       "Summary": "",
       "JvnLink": "",

models/models.go

@@ -5,7 +5,6 @@ import (
 	"time"
 
 	"github.com/jinzhu/gorm"
-	log "github.com/kotakanbe/go-cve-dictionary/log"
 )
 
 // CveDetails is for sorting
@@ -25,8 +24,8 @@ func (c CveDetails) Less(i, j int) bool {
 
 // CveDetail is a parent of Jnv/Nvd model
 type CveDetail struct {
-	gorm.Model
-	CveInfoID uint // Foreign key
+	gorm.Model `json:"-"`
+	CveInfoID  uint `json:"-"`
 
 	CveID string
 	Nvd   Nvd
@@ -37,55 +36,21 @@ type CveDetail struct {
 func (c CveDetail) CvssScore(lang string) float64 {
 	switch lang {
 	case "en":
-		if c.Nvd.GetID() != 0 && c.Nvd.CvssScore() != 0 {
-			log.Debugf("%s, Score :%f, Nvd.ID: %d, Lang: %s",
-				c.CveID,
-				c.Nvd.CvssScore(),
-				c.Nvd.ID,
-				lang)
+		if 0 < c.Nvd.CvssScore() {
 			return c.Nvd.CvssScore()
-		} else if c.Jvn.GetID() != 0 && c.Jvn.CvssScore() != 0 {
-			log.Debugf("%s, Score :%f, Jvn.ID: %d, Lang: %s",
-				c.CveID,
-				c.Jvn.CvssScore(),
-				c.Jvn.ID,
-				lang)
+		} else if 0 < c.Jvn.CvssScore() {
 			return c.Jvn.CvssScore()
-		} else {
-			log.Debugf("Cvss Score is unknown. CveID: %v",
-				c.Jvn.JvnID,
-				c.Jvn.Link(),
-				c.CveID,
-			)
 		}
 		return -1
 	case "ja":
-		if c.Jvn.GetID() != 0 && c.Jvn.CvssScore() != 0 {
-			log.Debugf("%s, Score :%f, Jvn.ID: %d, Lang: %s",
-				c.CveID,
-				c.Jvn.CvssScore(),
-				c.Jvn.GetID(),
-				lang)
+		if 0 < c.Jvn.CvssScore() {
 			return c.Jvn.CvssScore()
-		} else if c.Nvd.GetID() != 0 && c.Nvd.CvssScore() != 0 {
-			log.Debugf("%s, Score :%f, Nvd.ID: %d, Lang: %s",
-				c.CveID,
-				c.Nvd.CvssScore(),
-				c.Nvd.ID,
-				lang)
+		} else if 0 < c.Nvd.CvssScore() {
 			return c.Nvd.CvssScore()
-		} else {
-			log.Debugf("Cvss Score is unknown. CveID: %v",
-				c.Jvn.JvnID,
-				c.Jvn.Link(),
-				c.CveID,
-			)
 		}
 		return -1
 	default:
-		log.Errorf("Not implement yet. lang: %s", lang)
 		return c.CvssScore("en")
-		// reutrn -1
 	}
 }
 
@@ -125,8 +90,8 @@ type CveDictionary interface {
 
 // Nvd is a model of NVD
 type Nvd struct {
-	gorm.Model
-	CveDetailID uint
+	gorm.Model  `json:"-"`
+	CveDetailID uint `json:"-"`
 
 	Summary string
 
@@ -212,15 +177,13 @@ func firstChar(str string) string {
 	return string(str[0])
 }
 
-// Link return summary
+// Link return empty string
 func (c Nvd) Link() string {
-	//TODO return NVD Link
 	return ""
 }
 
 // VulnSiteReferences return References
 func (c Nvd) VulnSiteReferences() []Reference {
-	//TODO return NVD Link
 	return c.References
 }
 
@@ -241,8 +204,8 @@ func (c Nvd) LastModified() time.Time {
 
 // Jvn is a model of JVN
 type Jvn struct {
-	gorm.Model
-	CveDetailID uint
+	gorm.Model  `json:"-"`
+	CveDetailID uint `json:"-"`
 
 	Title   string
 	Summary string
@@ -308,7 +271,6 @@ func (c Jvn) CvssSeverity() string {
 
 // VulnSiteReferences return summary
 func (c Jvn) VulnSiteReferences() []Reference {
-	//TODO return NVD Link
 	return c.References
 }
 
@@ -330,9 +292,9 @@ func (c Jvn) LastModified() time.Time {
 // Cpe is Child model of Jvn/Nvd.
 // see https://www.ipa.go.jp/security/vuln/CPE.html
 type Cpe struct {
-	gorm.Model
-	JvnID uint
-	NvdID uint
+	gorm.Model `json:"-"`
+	JvnID      uint `json:"-"`
+	NvdID      uint `json:"-"`
 
 	// CPE Name (URL sytle)
 	// JVN ... cpe:/a:oracle:mysql
@@ -352,9 +314,9 @@ type Cpe struct {
 // Reference is Child model of Jvn/Nvd.
 // It holds reference information about the CVE.
 type Reference struct {
-	gorm.Model
-	JvnID uint
-	NvdID uint
+	gorm.Model `json:"-"`
+	JvnID      uint `json:"-"`
+	NvdID      uint `json:"-"`
 
 	Source string
 	Link   string

nvd/nvd.go

@@ -153,7 +153,7 @@ func fetchFeedFile(url string, httpProxy string) (nvd Nvd, err error) {
 
 	resp, body, errs = gorequest.New().Proxy(httpProxy).Get(url).End()
 	//  defer resp.Body.Close()
-	if len(errs) > 0 || resp.StatusCode != 200 {
+	if len(errs) > 0 || resp == nil || resp.StatusCode != 200 {
 		return nvd, fmt.Errorf(
 			"HTTP error. errs: %v, url: %s", errs, url)
 	}

version/version.go

@@ -4,4 +4,4 @@ package version
 const Name string = "go-cve-dictionary"
 
 // Version ... Version
-const Version string = "0.1.0"
+const Version string = "0.1.1"