#!/bin/sh

#
# Update the CVE database every night.
#

# daily_go_cve_dictionary_enable 	- set to YES to enable nightly update of CVE definitions
# daily_go_cve_dictionary_databases	- This can be a space separated list of databases
#					  Supported databases are:
#					  nvd jvn fortinet
#
# All other configurations are made in /usr/local/etc/go-cve-dictionary.yaml.

# If there is a global system configuration file, suck it in.
#
if [ -r /etc/defaults/periodic.conf ]
then
    . /etc/defaults/periodic.conf
    source_periodic_confs
fi

: ${daily_go_cve_dictionary_enable:=NO}
: ${daily_go_cve_dictionary_databases:=nvd} {

# You can add arguments per database, for example
# daily_go_cve_dictionary_nvd_args="2020 2021 2022 2023 2024"

case "${daily_go_cve_dictionary_enable}" in
    [Yy][Ee][Ss])
	for db in ${daily_go_cve_dictionary_databases}; do
	    eval args="\${daily_go_cve_dictionary_${db}_args}"
	    su -fm vuls \
		    -c "/usr/bin/env HOME=/var/db/vuls /usr/local/bin/go-cve-dictionary fetch ${db} ${args}" \
		    >> /var/log/vuls/go-cve-dictionary-updates.log 2>&1
	done
esac
