This is tool to build a local copy of the National Vulnerabilities Database(NVD)

and the Japan Vulnerability Notes (JVN). NVD and JVN contain security vulnerabilities according to their CVE identifiers, including exhaustive information and a risk score. The local copy is generated in sqlite format, and the tool has a server mode for easy querying. WWW: https://github.com/kotakanbe/go-cve-dictionary/ PR: 220561 Submitted by: Alexandru Ciobanu <iscandr@gmail.com> (maintainer) Reviewed by: matthew (mentor), koobs, mat Approved by: matthew (mentor) Differential Revision: https://reviews.freebsd.org/D11745
svn path=/head/; revision=446843
2024-12-19 03:52:17 +00:00 · 2017-07-28 18:22:22 +00:00 · 2017-07-28 18:22:22 +00:00 · fda3db8dd1 · 2021-03-31 03:12:20 +00:00
commit fda3db8dd1
parent 37129afea9
12 changed files with 329 additions and 2 deletions
--- a/2
+++ b/2
@ -829,7 +829,7 @@ chronyd:*:849:
 # free: 885
 # free: 886
 # free: 887
-# free: 888
+vuls:*:888:
 # free: 889
 # free: 890
 # free: 891
--- a/2
+++ b/2
@ -834,7 +834,7 @@ chronyd:*:849:849::0:0:chronyd user:/nonexistent:/usr/sbin/nologin
 # free: 885
 # free: 886
 # free: 887
-# free: 888
+vuls:*:888:888::0:0:VULnerability Scanner:/var/db/vuls:/usr/sbin/nologin
 # free: 889
 # free: 890
 # free: 891
--- a/security/Makefile
+++ b/security/Makefile
@ -181,6 +181,7 @@
    SUBDIR += gnupg20
    SUBDIR += gnutls
    SUBDIR += go.crypto
+    SUBDIR += go-cve-dictionary
    SUBDIR += goptlib
    SUBDIR += gorilla
    SUBDIR += govpn
--- a/security/go-cve-dictionary/Makefile
+++ b/security/go-cve-dictionary/Makefile
@ -0,0 +1,87 @@
+# $FreeBSD$
+
+PORTNAME=	go-cve-dictionary
+DISTVERSIONPREFIX=	v
+DISTVERSION=		0.1.0-76
+DISTVERSIONSUFFIX=	-g0724974
+CATEGORIES=	security
+
+MAINTAINER=	iscandr@gmail.com
+COMMENT=	Build local copies of vulnerabilities from NVD and JVN
+
+LICENSE=	APACHE20
+
+RUN_DEPENDS=	ca_root_nss>=0:security/ca_root_nss
+
+USES=	go:1.7.1+
+
+USE_RC_SUBR=	${PORTNAME}
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	kotakanbe
+GH_SUBDIR=	src/github.com/${GH_ACCOUNT_DEFAULT}/${PORTNAME}
+
+GH_TUPLE+=	sirupsen:logrus:v1.0.0:logrus/src/github.com/sirupsen/logrus
+GH_TUPLE+=	asaskevich:govalidator:v6:govalidator/src/github.com/asaskevich/govalidator
+GH_TUPLE+=	cheggaaa:pb:v2.0.4:pb/src/gopkg.in/cheggaaa/pb.v2
+GH_TUPLE+=	go-redis:redis:v6.5.0:redis/src/github.com/go-redis/redis
+GH_TUPLE+=	google:subcommands:ce3d4cf:subcommands/src/github.com/google/subcommands
+GH_TUPLE+=	jinzhu:gorm:eae7f6b:gorm/src/github.com/jinzhu/gorm
+GH_TUPLE+=	kotakanbe:logrus-prefixed-formatter:e7519b8:logrusprefixedformatter/src/github.com/kotakanbe/logrus-prefixed-formatter
+GH_TUPLE+=	labstack:echo:bc173df:echo/src/github.com/labstack/echo
+GH_TUPLE+=	labstack:gommon:1121fd3:gommon/src/github.com/labstack/gommon
+GH_TUPLE+=	parnurzeal:gorequest:v0.2.15:gorequest/src/github.com/parnurzeal/gorequest
+GH_TUPLE+=	rifflock:lfshook:1.6:lfshook/src/github.com/rifflock/lfshook
+GH_TUPLE+=	dgrijalva:jwt-go:v3.0.0:jwtgo/src/github.com/dgrijalva/jwt-go
+GH_TUPLE+=	go-sql-driver:mysql:v1.3:mysql/src/github.com/go-sql-driver/mysql
+GH_TUPLE+=	jinzhu:inflection:1c35d90:inflection/src/github.com/jinzhu/inflection
+GH_TUPLE+=	k0kubun:pp:v2.3.0:pp/src/github.com/k0kubun/pp
+GH_TUPLE+=	lib:pq:8837942:pq/src/github.com/lib/pq
+GH_TUPLE+=	mgutz:ansi:9520e82:ansi/src/github.com/mgutz/ansi
+GH_TUPLE+=	pkg:errors:c605e28:pkgerrors/src/github.com/pkg/errors
+GH_TUPLE+=	moul:http2curl:4e24498:http2curl/src/github.com/moul/http2curl
+GH_TUPLE+=	golang:net:5f8847a:golangnet/src/golang.org/x/net
+GH_TUPLE+=	mattn:go-colorable:v0.0.8:gocolorable/src/github.com/mattn/go-colorable
+GH_TUPLE+=	mattn:go-runewidth:97311d9:gorunewidth/src/github.com/mattn/go-runewidth
+GH_TUPLE+=	mattn:go-isatty:v0.0.2:goisatty/src/github.com/mattn/go-isatty
+GH_TUPLE+=	mattn:go-sqlite3:v1.2.0:gosqlite3/src/github.com/mattn/go-sqlite3
+GH_TUPLE+=	valyala:fasttemplate:dcecefd:fasttemplate/src/github.com/valyala/fasttemplate
+GH_TUPLE+=	camlistore:go4:034d17a:go4syncutil/src/go4.org
+GH_TUPLE+=	VividCortex:ewma:v1.0:ewma/src/gopkg.in/VividCortex/ewma.v1
+GH_TUPLE+=	fatih:color:v1.5.0:colorv1/src/gopkg.in/fatih/color.v1
+
+USERS=		vuls
+GROUPS=		vuls
+
+SUB_FILES=	pkg-message
+SUB_LIST=	PORTNAME=${PORTNAME} USERS=${USERS} GROUPS=${GROUPS}
+
+post-patch:
+	@${REINPLACE_CMD} -e 's|Sirupsen|sirupsen|' \
+		${WRKSRC}/log/log.go \
+		${WRKSRC}/src/github.com/kotakanbe/logrus-prefixed-formatter/formatter.go \
+		${WRKSRC}/src/github.com/rifflock/lfshook/lfshook.go
+	@${REINPLACE_CMD} -e 's|github.com/cheggaaa/pb|gopkg.in/cheggaaa/pb.v2|' \
+		${WRKSRC}/db/rdb.go \
+		${WRKSRC}/db/redis.go \
+		${WRKSRC}/jvn/jvn.go \
+		${WRKSRC}/nvd/nvd.go
+	@${REINPLACE_CMD} -e 's|gopkg.in/mattn/go-runewidth.v0|github.com/mattn/go-runewidth|' \
+		${WRKSRC}/src/gopkg.in/cheggaaa/pb.v2/util.go
+	@${REINPLACE_CMD} -e 's|gopkg.in/mattn/go-colorable.v0|github.com/mattn/go-colorable|' \
+		${WRKSRC}/src/gopkg.in/cheggaaa/pb.v2/pb.go
+	@${REINPLACE_CMD} -e 's|gopkg.in/mattn/go-isatty.v0|github.com/mattn/go-isatty|' \
+		${WRKSRC}/src/gopkg.in/cheggaaa/pb.v2/pb.go
+
+do-build:
+	@cd ${GO_WRKSRC} && \
+		${SETENV} ${MAKE_ENV} ${GO_ENV} GOPATH=${WRKSRC} \
+		${GO_CMD} build -v -x -ldflags "-X main.version=${PORTVERSION}" \
+		-o ${WRKSRC}/${PORTNAME}
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin/${PORTNAME}
+	${MKDIR} ${STAGEDIR}/var/db/vuls
+	${MKDIR} ${STAGEDIR}/var/log/vuls
+
+.include <bsd.port.mk>
--- a/security/go-cve-dictionary/distinfo
+++ b/security/go-cve-dictionary/distinfo
@ -0,0 +1,59 @@
+TIMESTAMP = 1501176587
+SHA256 (kotakanbe-go-cve-dictionary-v0.1.0-76-g0724974_GH0.tar.gz) = fe70e8ca0ed86673d8887793659ec088fca87c95719a299ddd37e1e8cd4c47d7
+SIZE (kotakanbe-go-cve-dictionary-v0.1.0-76-g0724974_GH0.tar.gz) = 25122
+SHA256 (sirupsen-logrus-v1.0.0_GH0.tar.gz) = de40c5f36b126217234cf5d40def87ce26789ce95c8f887b229b9f2ea1e3ed6b
+SIZE (sirupsen-logrus-v1.0.0_GH0.tar.gz) = 27996
+SHA256 (asaskevich-govalidator-v6_GH0.tar.gz) = 17ee798f3758885e6ed6f1cfc81033c3aca4c15a9d2b3856a01e648ffb46f0a0
+SIZE (asaskevich-govalidator-v6_GH0.tar.gz) = 39610
+SHA256 (cheggaaa-pb-v2.0.4_GH0.tar.gz) = 21388e5df7bed43ae2b8157a4e17b85ef416ca4925723ddc182f43e3fc719225
+SIZE (cheggaaa-pb-v2.0.4_GH0.tar.gz) = 17205
+SHA256 (go-redis-redis-v6.5.0_GH0.tar.gz) = 992b27dee80639c3605b99525adf76e5e76e4d1acd7e1e97476c5d0446e0d0b8
+SIZE (go-redis-redis-v6.5.0_GH0.tar.gz) = 72475
+SHA256 (google-subcommands-ce3d4cf_GH0.tar.gz) = 660c4a27138acf9f40eb5b69d8f8401521626bd29235f6472f1b1ac457ab4c99
+SIZE (google-subcommands-ce3d4cf_GH0.tar.gz) = 8551
+SHA256 (jinzhu-gorm-eae7f6b_GH0.tar.gz) = aff8d777868e65751deadff1353949cdc1c8c0680e4f687c2fa9311fdb6dfe74
+SIZE (jinzhu-gorm-eae7f6b_GH0.tar.gz) = 79432
+SHA256 (kotakanbe-logrus-prefixed-formatter-e7519b8_GH0.tar.gz) = e14b91af06bc0a752c97519dff4accf4a03547cbb9dd2ba197a9420fb3f14303
+SIZE (kotakanbe-logrus-prefixed-formatter-e7519b8_GH0.tar.gz) = 3862
+SHA256 (labstack-echo-bc173df_GH0.tar.gz) = 130084d65a0fd9fbeba6f2f88b7f6ef0dcf0d42d988b7720a9e158a16afa23f7
+SIZE (labstack-echo-bc173df_GH0.tar.gz) = 322895
+SHA256 (labstack-gommon-1121fd3_GH0.tar.gz) = b2799817a7225c50d37549db05b981cfa416ea7e3ee54aeb53187c3a29f83805
+SIZE (labstack-gommon-1121fd3_GH0.tar.gz) = 10176
+SHA256 (parnurzeal-gorequest-v0.2.15_GH0.tar.gz) = 776fbd9a5ebe79e6e1091cae47d5ace67f7bf49a224a35f2c84e27f3f464817f
+SIZE (parnurzeal-gorequest-v0.2.15_GH0.tar.gz) = 25591
+SHA256 (rifflock-lfshook-1.6_GH0.tar.gz) = 64f6a7b085bbceec503f311d9f130436457b996f7260dad7db6638ceb19d9f45
+SIZE (rifflock-lfshook-1.6_GH0.tar.gz) = 3515
+SHA256 (dgrijalva-jwt-go-v3.0.0_GH0.tar.gz) = af12bdfbfb897c4a5c86aeffd11cab35ee18ab0180b1a6e22e1a1a61d9f70543
+SIZE (dgrijalva-jwt-go-v3.0.0_GH0.tar.gz) = 33451
+SHA256 (go-sql-driver-mysql-v1.3_GH0.tar.gz) = 410bcaca471ea38892101464cc8b4a9cf63a9c7f94fce8728243829e36cd865b
+SIZE (go-sql-driver-mysql-v1.3_GH0.tar.gz) = 59830
+SHA256 (jinzhu-inflection-1c35d90_GH0.tar.gz) = 9403d9051e6fb253555c83261ce4c9ff9cb0210a4f326b8568b18d3e1bfbed24
+SIZE (jinzhu-inflection-1c35d90_GH0.tar.gz) = 4499
+SHA256 (k0kubun-pp-v2.3.0_GH0.tar.gz) = e411569ac6fe6413b24b63765fd9d6b7cbb03d162068c31186db947aeaf4b0b8
+SIZE (k0kubun-pp-v2.3.0_GH0.tar.gz) = 8778
+SHA256 (lib-pq-8837942_GH0.tar.gz) = a7b8aec65325b03799c5336af3ace1a04ade723a30c9abe927f2b16ffbc61385
+SIZE (lib-pq-8837942_GH0.tar.gz) = 85539
+SHA256 (mgutz-ansi-9520e82_GH0.tar.gz) = eed589c0869270ea90e776fa623a0a29a5973f2acc86fbf305573b4861887140
+SIZE (mgutz-ansi-9520e82_GH0.tar.gz) = 4870
+SHA256 (pkg-errors-c605e28_GH0.tar.gz) = 06fa83babc1d9aa80b0decb6d36504090bbde8a38d9a722a1f7a26616590a0d0
+SIZE (pkg-errors-c605e28_GH0.tar.gz) = 11476
+SHA256 (moul-http2curl-4e24498_GH0.tar.gz) = 48957974315c9689a27e4a65315d4eb0e94cb04e266a59f813ad9e1b99df8e66
+SIZE (moul-http2curl-4e24498_GH0.tar.gz) = 100177
+SHA256 (golang-net-5f8847a_GH0.tar.gz) = 55a46531c8c0fb60ae7566cae1c59681c9869e5df1c4a9a8304448afef65164a
+SIZE (golang-net-5f8847a_GH0.tar.gz) = 909712
+SHA256 (mattn-go-colorable-v0.0.8_GH0.tar.gz) = 4f7b0196c6d7a7be96ba394c94860384b537cec6e0da57951bccda0d42c1c23c
+SIZE (mattn-go-colorable-v0.0.8_GH0.tar.gz) = 7526
+SHA256 (mattn-go-runewidth-97311d9_GH0.tar.gz) = 8330497728f75464111ee7145fc97cfa588cb0d6561b3af5447aa05d489bca85
+SIZE (mattn-go-runewidth-97311d9_GH0.tar.gz) = 22384
+SHA256 (mattn-go-isatty-v0.0.2_GH0.tar.gz) = c0681d72b185a8d4aa8f6a557d181bf25c6e3e7f3874711de507e550b25408bf
+SIZE (mattn-go-isatty-v0.0.2_GH0.tar.gz) = 3258
+SHA256 (mattn-go-sqlite3-v1.2.0_GH0.tar.gz) = ec21a30c397d0d3153d54b3aa71065481dd9702819006fb8bc0443a6ab47caa8
+SIZE (mattn-go-sqlite3-v1.2.0_GH0.tar.gz) = 1998473
+SHA256 (valyala-fasttemplate-dcecefd_GH0.tar.gz) = ba29e16f9b2d6425f500b40747b139c6ce88cdd26b60dcf5967fe9e6cf5f3eb7
+SIZE (valyala-fasttemplate-dcecefd_GH0.tar.gz) = 11627
+SHA256 (camlistore-go4-034d17a_GH0.tar.gz) = 1c9111f937747660e5cee7c6c435d010011d6fe506df5603b88cce4dd102f39c
+SIZE (camlistore-go4-034d17a_GH0.tar.gz) = 78850
+SHA256 (VividCortex-ewma-v1.0_GH0.tar.gz) = 7e62b9cc28b336f2496aa98da60f3a8ba6a1f0112f0493c60959e9bcc25709f3
+SIZE (VividCortex-ewma-v1.0_GH0.tar.gz) = 3609
+SHA256 (fatih-color-v1.5.0_GH0.tar.gz) = f22564848cd7d24022413c719bbc9c35d014ba7d19ee802b29ba5a93016d3250
+SIZE (fatih-color-v1.5.0_GH0.tar.gz) = 586937
--- a/security/go-cve-dictionary/files/go-cve-dictionary.in
+++ b/security/go-cve-dictionary/files/go-cve-dictionary.in
@ -0,0 +1,64 @@
+#!/bin/sh
+
+# PROVIDE: %%PORTNAME%%
+# REQUIRE: LOGIN
+# KEYWORD: shutdown
+#
+# Add the following lines to /etc/rc.conf.local or /etc/rc.conf
+# to enable this service:
+#
+# go_cve_dictionary_enable (bool):     Set to NO by default
+#                                Set it to YES to enable the CVE server
+# go_cve_dictionary_user (string):     Set user to run go_cve_dictionary
+#                                Default is "%%USERS%%"
+# go_cve_dictionary_group (string):    Set group to run go_cve_dictionary
+#                                Default is "%%GROUPS%%"
+# go_cve_dictionary_db_path (string):  Set database path
+#                                Default is "/var/db/vuls/cve.sqlite3"
+# go_cve_dictionary_db_type (string):  Set database type
+#                                Default is "sqlite3"
+# go_cve_dictionary_log_file (string): Set file that go_cve_dictionary will log to
+#                                Default is "/var/log/vuls/go_cve_dictionary.log"
+# go_cve_dictionary_args (string):     Set additional command line arguments
+#                                Default is ""
+
+. /etc/rc.subr
+
+name=go_cve_dictionary
+rcvar=go_cve_dictionary_enable
+
+load_rc_config $name
+
+: ${go_cve_dictionary_enable:="NO"}
+: ${go_cve_dictionary_user:="%%USERS%%"}
+: ${go_cve_dictionary_group:="%%GROUPS%%"}
+: ${go_cve_dictionary_db_path:="/var/db/vuls/cve.sqlite3"}
+: ${go_cve_dictionary_db_type:="sqlite3"}
+: ${go_cve_dictionary_log_file:="/var/log/vuls/go_cve_dictionary.log"}
+: ${go_cve_dictionary_args:=""}
+
+pidfile=/var/run/go_cve_dictionary.pid
+command="/usr/sbin/daemon"
+procname="%%PREFIX%%/bin/%%PORTNAME%%"
+
+command_args="-p ${pidfile} /usr/bin/env ${procname} server \
+                -dbpath=${go_cve_dictionary_db_path} \
+                -dbtype=${go_cve_dictionary_db_type} \
+                ${go_cve_dictionary_args} >> ${go_cve_dictionary_log_file} 2>&1"
+
+start_precmd=go_cve_dictionary_startprecmd
+
+go_cve_dictionary_startprecmd()
+{
+    if [ ! -e ${pidfile} ]; then
+        install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \
+            -m 640 /dev/null ${pidfile};
+    fi
+    if [ ! -f "${go_cve_dictionary_log_file}" ]; then
+        install -o ${go_cve_dictionary_user} -g ${go_cve_dictionary_group} \
+            -m 640 /dev/null ${go_cve_dictionary_log_file};
+    fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
--- a/security/go-cve-dictionary/files/patch-commands_fetchjvn.go
+++ b/security/go-cve-dictionary/files/patch-commands_fetchjvn.go
@ -0,0 +1,29 @@
+--- commands/fetchjvn.go.orig	2017-06-26 10:39:59 UTC
+++ commands/fetchjvn.go
+@@ -3,7 +3,6 @@ package commands
+ import (
+ 	"context"
+ 	"flag"
+-	"os"
+ 	"strconv"
+ 	"time"
+ 
+@@ -45,7 +44,7 @@ func (*FetchJvnCmd) Usage() string {
+ 		[-latest]
+ 		[-last2y]
+ 		[-years] 1998 1999 ...
+-		[-dbpath=$PWD/cve.sqlite3 or connection string]
+		[-dbpath=/var/db/vuls/cve.sqlite3 or connection string]
+ 		[-dbtype=mysql|postgres|sqlite3|redis]
+ 		[-http-proxy=http://192.168.0.1:8080]
+ 		[-debug]
+@@ -65,8 +64,7 @@ func (p *FetchJvnCmd) SetFlags(f *flag.F
+ 	defaultLogDir := util.GetDefaultLogDir()
+ 	f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log")
+ 
+-	pwd := os.Getenv("PWD")
+-	f.StringVar(&p.dbpath, "dbpath", pwd+"/cve.sqlite3",
+	f.StringVar(&p.dbpath, "dbpath", "/var/db/vuls/cve.sqlite3",
+ 		"/path/to/sqlite3 or SQL connection string")
+ 
+ 	f.StringVar(&p.dbtype, "dbtype", "sqlite3",
--- a/security/go-cve-dictionary/files/patch-commands_fetchnvd.go
+++ b/security/go-cve-dictionary/files/patch-commands_fetchnvd.go
@ -0,0 +1,29 @@
+--- commands/fetchnvd.go.orig	2017-06-26 10:39:59 UTC
+++ commands/fetchnvd.go
+@@ -3,7 +3,6 @@ package commands
+ import (
+ 	"context"
+ 	"flag"
+-	"os"
+ 	"strconv"
+ 	"time"
+ 
+@@ -43,7 +42,7 @@ func (*FetchNvdCmd) Usage() string {
+ 		[-last2y]
+ 		[-years] 2015 2016 ...
+ 		[-dbtype=mysql|postgres|sqlite3|redis]
+-		[-dbpath=$PWD/cve.sqlite3 or connection string]
+		[-dbpath=/var/db/vuls/cve.sqlite3 or connection string]
+ 		[-http-proxy=http://192.168.0.1:8080]
+ 		[-debug]
+ 		[-debug-sql]
+@@ -65,8 +64,7 @@ func (p *FetchNvdCmd) SetFlags(f *flag.F
+ 	defaultLogDir := util.GetDefaultLogDir()
+ 	f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log")
+ 
+-	pwd := os.Getenv("PWD")
+-	f.StringVar(&p.dbpath, "dbpath", pwd+"/cve.sqlite3",
+	f.StringVar(&p.dbpath, "dbpath", "/var/db/vuls/cve.sqlite3",
+ 		"/path/to/sqlite3 or SQL connection string")
+ 
+ 	f.StringVar(&p.dbtype, "dbtype", "sqlite3",
--- a/security/go-cve-dictionary/files/patch-commands_server.go
+++ b/security/go-cve-dictionary/files/patch-commands_server.go
@ -0,0 +1,29 @@
+--- commands/server.go.orig	2017-06-26 10:39:59 UTC
+++ commands/server.go
+@@ -3,7 +3,6 @@ package commands
+ import (
+ 	"context"
+ 	"flag"
+-	"os"
+ 
+ 	"github.com/google/subcommands"
+ 	c "github.com/kotakanbe/go-cve-dictionary/config"
+@@ -37,7 +36,7 @@ func (*ServerCmd) Usage() string {
+ 	server
+ 		[-bind=127.0.0.1]
+ 		[-port=8000]
+-		[-dbpath=$PWD/cve.sqlite3 or connection string]
+		[-dbpath=/var/db/vuls/cve.sqlite3 or connection string]
+ 		[-dbtype=mysql|postgres|sqlite3|redis]
+ 		[-debug]
+ 		[-debug-sql]
+@@ -56,8 +55,7 @@ func (p *ServerCmd) SetFlags(f *flag.Fla
+ 	defaultLogDir := util.GetDefaultLogDir()
+ 	f.StringVar(&p.logDir, "log-dir", defaultLogDir, "/path/to/log")
+ 
+-	pwd := os.Getenv("PWD")
+-	f.StringVar(&p.dbpath, "dbpath", pwd+"/cve.sqlite3",
+	f.StringVar(&p.dbpath, "dbpath", "/var/db/vuls/cve.sqlite3",
+ 		"/path/to/sqlite3 or SQL connection string")
+ 
+ 	f.StringVar(&p.dbtype, "dbtype", "sqlite3",
--- a/security/go-cve-dictionary/files/pkg-message.in
+++ b/security/go-cve-dictionary/files/pkg-message.in
@ -0,0 +1,19 @@
+===============================================================================
+Congratulations, you have installed %%PORTNAME%%!
+
+%%PORTNAME%% does not ship any CVE database.
+To download CVEs from 2002 until present run:
+
+for i in `seq 2002 $(date +"%Y")`; \
+    do %%PORTNAME%% fetchnvd -years $i; \
+    done
+
+After download, set the permissions of the CVE databases:
+
+chown %%USERS%%:%%GROUPS%% /var/db/vuls/* /var/log/vuls/*
+
+To enable %%PORTNAME%% and start:
+
+sysrc go_cve_dictionary_enable="YES"
+service %%PORTNAME%% start
+===============================================================================
--- a/security/go-cve-dictionary/pkg-descr
+++ b/security/go-cve-dictionary/pkg-descr
@ -0,0 +1,7 @@
+go-cve-dictionary builds a a local copy of the National Vulnerabilities
+Database(NVD) and Japan Vulnerability Notes(JVN). NVD and JVN contain security
+vulnerabilities according to their CVE identifiers including exhaustive
+information and a risk score. The local copy is generated in sqlite format.
+A server is included for easy querying.
+
+WWW: https://github.com/kotakanbe/go-cve-dictionary/
--- a/security/go-cve-dictionary/pkg-plist
+++ b/security/go-cve-dictionary/pkg-plist
@ -0,0 +1,3 @@
+bin/%%GO_PKGNAME%%
+@dir(vuls,vuls,0775) /var/db/vuls
+@dir(vuls,vuls,0775) /var/log/vuls