def callsocs(workdir, xmlfile):
print "[+] starting"
os.rename(xmlfile, os.path.join(workdir, 'pom.xml'))
print "[+] Created pom.xml"
with ChDir(workdir):
subprocess.check_call(['mvn', 'dependency:copy-dependencies'])
print "[+] Maven Invocation done"
package_ids = list(scan_jars(os.path.join(workdir, 'target/dependency')))
spdx_query_results = spdxsearch(package_ids)
print "[+] DoSocs2 and Dependency-Check Done"
for item in spdx_query_results:
cves_cvss = []
for cpe in item['cpes']:
cves = search(cpe['cpe'][1:-1], 'cve')
#cvss_score = search(cve, 'cvss')
for cve in cves:
if cve:
cvss_score = search(cve, 'cvss')
print (cve, cvss_score)
cves_cvss.append((cve, cvss_score))
item['cves'] = cves_cvss
return list(sorted(spdx_query_results, key=lambda x: (x['name'], x['version'])))
from vfeedWarp import search
print search('cpe:/a:prosody:prosody:0.6.0', 'cve')
#print "Searching for CPE on CVE-2011-1234"
print search('CVE-2011-1234', 'cpe')
#print "Search CWE - Weakness identification on CVE-2014-2206"
print search('CVE-2014-2206', 'cwe')
#print "Search exploit database for CVE-2014-2206"
print search('CVE-2014-2206', 'exp')
