def callsocs(workdir, xmlfile): print "[+] starting" os.rename(xmlfile, os.path.join(workdir, 'pom.xml')) print "[+] Created pom.xml" with ChDir(workdir): subprocess.check_call(['mvn', 'dependency:copy-dependencies']) print "[+] Maven Invocation done" package_ids = list(scan_jars(os.path.join(workdir, 'target/dependency'))) spdx_query_results = spdxsearch(package_ids) print "[+] DoSocs2 and Dependency-Check Done" for item in spdx_query_results: cves_cvss = [] for cpe in item['cpes']: cves = search(cpe['cpe'][1:-1], 'cve') #cvss_score = search(cve, 'cvss') for cve in cves: if cve: cvss_score = search(cve, 'cvss') print (cve, cvss_score) cves_cvss.append((cve, cvss_score)) item['cves'] = cves_cvss return list(sorted(spdx_query_results, key=lambda x: (x['name'], x['version'])))
from vfeedWarp import search print search('cpe:/a:prosody:prosody:0.6.0', 'cve') #print "Searching for CPE on CVE-2011-1234" print search('CVE-2011-1234', 'cpe') #print "Search CWE - Weakness identification on CVE-2014-2206" print search('CVE-2014-2206', 'cwe') #print "Search exploit database for CVE-2014-2206" print search('CVE-2014-2206', 'exp')