plugins/cvelib: new plugin for CVE Services API

The CVE Services API allows CVE Numbering Authorities (CNAs) to reserve, publish, and manage CVE IDs. This plugin sets the environment variables required to use the reference cvelib implementation of the API. See also: https://www.cve.org/AllResources/CveServices https://github.com/RedHatProductSecurity/cvelib https://vulnogram.github.io/cve5/#cvePortal
1Password · Apr 9, 2024 · 40147f9 · 40147f9
1 parent 39ed88f
commit 40147f9
Show file tree

Hide file tree

Showing 3 changed files with 96 additions and 0 deletions.
diff --git a/plugins/cvelib/api_key.go b/plugins/cvelib/api_key.go
@@ -0,0 +1,49 @@
+package cvelib
+
+import (
+	"github.com/1Password/shell-plugins/sdk"
+	"github.com/1Password/shell-plugins/sdk/importer"
+	"github.com/1Password/shell-plugins/sdk/provision"
+	"github.com/1Password/shell-plugins/sdk/schema"
+	"github.com/1Password/shell-plugins/sdk/schema/credname"
+	"github.com/1Password/shell-plugins/sdk/schema/fieldname"
+)
+
+func APIKey() schema.CredentialType {
+	return schema.CredentialType{
+		Name:          credname.APIKey,
+		DocsURL:       sdk.URL("https://github.com/RedHatProductSecurity/cvelib"),
+		ManagementURL: sdk.URL("https://vulnogram.github.io/cve5/#cvePortal"),
+		Fields: []schema.CredentialField{
+			{
+				Name:                fieldname.User,
+				MarkdownDescription: "User to authenticate to CVE Services API (CVE user).",
+			},
+			{
+				Name:                fieldname.Organization,
+				MarkdownDescription: "Organization to authenticate to CVE Services API (CNA short name).",
+			},
+			{
+				Name:                fieldname.APIKey,
+				MarkdownDescription: "API Key used to authenticate to CVE Services API (CNA API key).",
+				Secret:              true,
+				Composition: &schema.ValueComposition{
+					Length: 36,
+					Charset: schema.Charset{
+						Lowercase: true,
+						Digits:    true,
+					},
+				},
+			},
+		},
+		DefaultProvisioner: provision.EnvVars(defaultEnvVarMapping),
+		Importer: importer.TryAll(
+			importer.TryEnvVarPair(defaultEnvVarMapping),
+		)}
+}
+
+var defaultEnvVarMapping = map[string]sdk.FieldName{
+	"CVE_USER":    fieldname.User,
+	"CVE_ORG":     fieldname.Organization,
+	"CVE_API_KEY": fieldname.APIKey,
+}
diff --git a/plugins/cvelib/cve.go b/plugins/cvelib/cve.go
@@ -0,0 +1,25 @@
+package cvelib
+
+import (
+	"github.com/1Password/shell-plugins/sdk"
+	"github.com/1Password/shell-plugins/sdk/needsauth"
+	"github.com/1Password/shell-plugins/sdk/schema"
+	"github.com/1Password/shell-plugins/sdk/schema/credname"
+)
+
+func CVEServicesAPICLI() schema.Executable {
+	return schema.Executable{
+		Name:    "CVE Services API CLI",
+		Runs:    []string{"cve"},
+		DocsURL: sdk.URL("https://github.com/RedHatProductSecurity/cvelib"),
+		NeedsAuth: needsauth.IfAll(
+			needsauth.NotForHelpOrVersion(),
+			needsauth.NotWithoutArgs(),
+		),
+		Uses: []schema.CredentialUsage{
+			{
+				Name: credname.APIKey,
+			},
+		},
+	}
+}
diff --git a/plugins/cvelib/plugin.go b/plugins/cvelib/plugin.go
@@ -0,0 +1,22 @@
+package cvelib
+
+import (
+	"github.com/1Password/shell-plugins/sdk"
+	"github.com/1Password/shell-plugins/sdk/schema"
+)
+
+func New() schema.Plugin {
+	return schema.Plugin{
+		Name: "cvelib",
+		Platform: schema.PlatformInfo{
+			Name:     "CVE Services",
+			Homepage: sdk.URL("https://www.cve.org/AllResources/CveServices"),
+		},
+		Credentials: []schema.CredentialType{
+			APIKey(),
+		},
+		Executables: []schema.Executable{
+			CVEServicesAPICLI(),
+		},
+	}
+}