def __init__(self, cve=None, **kwargs):
'''
Initialze a Holder for CVE Things
'''
if cve is None:
raise ValueError("CVE ID Required")
try:
cve_parts = re.search(self._cve_regex, cve, re.I)
except Exception as cve_parse_error:
self.logger.error("Unable to Parse CVE : {}".format(cve))
raise ValueError("Badly Formatted CVE")
else:
if cve_parts is not None:
self.cve_id = cve.upper()
self.cve_year = int(cve_parts.group(1))
self.cve_num = int(cve_parts.group(2))
else:
raise ValueError(
"Valid CVE ID Required, Recieved {}".format(cve))
self.description = kwargs.get("description", None)
self.title = kwargs.get("title", None)
if isinstance(kwargs.get("cvss2", None), str):
self.cvss2 = cvss.CVSS2(kwargs["cvss2"])
elif isinstance(kwargs.get("cvss2", None), cvss.CVSS2):
self.cvss2 = kwargs["cvss2"]
else:
self.cvss2 = None
if isinstance(kwargs.get("cvss3", None), str):
self.cvss3 = cvss.CVSS3(kwargs["cvss3"])
elif isinstance(kwargs.get("cvss3", None), cvss.CVSS3):
self.cvss3 = kwargs["cvss3"]
else:
self.cvss3 = None
self.severity_override = kwargs.get("severity_override", None)
self.score_override = kwargs.get("score_override", None)
self.cpe_list = [
cpe.CPE(indv_cpe) for indv_cpe in kwargs.get("cpe_list", list())
]
self.capec_list = kwargs.get("capec_list", list())
self.cwe_list = kwargs.get("cwe_list", list())
self.references = kwargs.get("references", dict())
self.primary_reference = kwargs.get("primary_reference", None)
self.last_updated = kwargs.get("last_updated", None)
self.published = kwargs.get("published", None)
# Updated Now!
self.self_updated = int(time.time())
# Audit Items
self.filters = kwargs.get("bucket_def", {})
self.comparisons = kwargs.get("comparisons", {})
def enhance_cve(self, parsed_cve_data=None, rh_url=None):
'''
Takes the parsed Data and Updates all the various bits
'''
self.title = parsed_cve_data["name"]
self.description = "\n\n".join(parsed_cve_data["details"])
if "cvss3" in parsed_cve_data.keys():
self.cvss3 = cvss.CVSS3(parsed_cve_data["cvss3"]["cvss3_scoring_vector"])
if "cwe" in parsed_cve_data.keys():
self.cwe_list = parsed_cve_data["cwe"].split("->")
readable_url = urljoin(self.__redhat_cve_hr, self.cve_id)
self.references = {"Red Hat {}".format(self.cve_id) : readable_url,
"{} API".format(self.cve_id) : rh_url}
self.primary_reference = readable_url
if "bugzilla" in parsed_cve_data.keys():
self.references["RH Bugzilla {}".format(parsed_cve_data["bugzilla"]["id"])] = parsed_cve_data["bugzilla"]["url"]
try:
updated_date = datetime.datetime.strptime(parsed_cve_data["public_date"], "%Y-%m-%dT%H:%M:%SZ")
except Exception as date_error:
self.logger.warning("Unable to Read date of {}".format(parsed_cve_data["publicdate"]))
self.logger.debug("Date Error {}".format(date_error))
else:
self.published = int(updated_date.timestamp())
for package in [*parsed_cve_data.get("package_state", list()), *parsed_cve_data.get("affected_release", list())]:
try:
self.cpe_list.append(cpe.CPE(package["cpe"]))
except Exception as cpe_error:
self.logger.error("CPE Error {} with CPE {}".format(cpe_error, package["cpe"]))
else:
if "package" in package.keys() and "advisory" in package.keys():
self.logger.debug("Found package fix for package {} and advisory {}".format(package["package"],
package["advisory"]))
if package["advisory"] not in self.rh_cust_package_fixed.keys():
self.rh_cust_package_fixed[package["advisory"]] = list()
self.rh_cust_package_fixed[package["advisory"]].append(package["package"])
def cvssscore(self):
try:
c = cvss.CVSS3("CVSS:3.0/" + self.cvssvector)
return c.base_score
except Exception:
return -1
Runs only with Python 3 because cvsslib does not support Python 2.
"""
import cvss
import cvsslib
vector_string = 'AV:L/AC:M/Au:N/C:N/I:N/A:N/E:F/RL:W/RC:C/TD:L/CR:H/IR:ND'
result = cvss.CVSS2(vector_string).scores()
expected = cvsslib.vector.calculate_vector(vector_string, module=cvsslib.cvss2)
print('CVSS2')
print(expected)
print(result)
print()
vector_string = 'AV:L/AC:M/Au:S/C:N/I:P/A:C/E:U/RL:OF/RC:UR/CDP:N/TD:L/CR:H/IR:H/AR:H'
result = cvss.CVSS2(vector_string).scores()
expected = cvsslib.vector.calculate_vector(vector_string, module=cvsslib.cvss2)
print('CVSS2')
print(expected)
print(result)
print()
vector_string = 'AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/CR:X/IR:M/AR:H/MAV:N/MAC:H/MPR:L/MUI:N/MS:X/MC:N/MI:N/MA:X'
result = cvss.CVSS3(vector_string).scores()
expected = cvsslib.vector.calculate_vector(vector_string, module=cvsslib.cvss3)
print('CVSS3')
print(expected)
print(result)
def getCVE_detail(): # input_cve_result.log 파일에서 https://nvd.nist.gov 데이터 저장
file = open(file_cve, "r", encoding="utf-8") # temp_cve.log 로 저장
lines = file.readlines()
# lines.remove("\n") # input_cve_result.log 첫번째 줄 리스트에서 제거
file.close()
lines = list(map(lambda s: s.strip(), lines)) # \n 문자열 제거
ssl_url = "https://nvd.nist.gov"
ssl_con = requests.get(ssl_url, verify=False)
for line in lines:
global numCVE
numCVE = line
url = "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=" + line
res = requests.get(url, verify=False)
url_v2 = "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=" + line
res_v2 = requests.get(url_v2, verify=False)
get_nvdCVE = open(file_nvdTmp, "w", encoding="utf-8")
get_nvdCVE.write(res.text)
get_nvdCVE.close()
get_nvdCVE_v2 = open(file_nvdTmp_v2, "w", encoding="utf-8")
get_nvdCVE_v2.write(res_v2.text)
get_nvdCVE_v2.close()
PageRegex = re.compile(
r'Warning: Unable to find vulnerability requested')
chkPage = PageRegex.search(res.text)
chkPage_v2 = PageRegex.search(res_v2.text)
try:
chkPage_v2.group()
print('[-]' + line + ' -> [ERROR] Not found v2 CVE database')
chkPage.group()
print('[-]' + line + ' -> [ERROR] Not found v3 CVE database')
except:
try:
file = open(file_nvdTmp,
encoding="utf-8") # 데이터는 [+]cvss3_result.log 로 저장
file_v2 = open(file_nvdTmp_v2, encoding="utf-8")
htmlParser = bs4.BeautifulSoup(file.read(), "html.parser")
htmlParser_v2 = bs4.BeautifulSoup(file_v2.read(),
"html.parser")
file.close()
file_v2.close()
a = htmlParser.find_all(
'div',
id=
'p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_CVSSV3Calculator_FormPanel'
)
a2 = re.findall("(?<=value=\")[a-zA-Z:/]{20,40}", str(a))
b = cvss.CVSS3("CVSS:3.0/" + a2[0])
b2 = b.scores()
c = b.severities()
a_v2 = htmlParser_v2.find_all(
'div',
id=
'p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_CVSSV2Calculator_FormPanel'
)
a2_v2 = re.findall("(?<=value=\"\()[a-zA-Z:/]{20,40}",
str(a_v2))
b_v2 = cvss.CVSS2(a2_v2[0])
b2_v2 = b_v2.scores()
saveFile = open(file_out, "a")
#saveFile.write(numCVE+', Score(v3)= '+str(b2[0])+', Impact CIA= '+str(c)+"\n")
#saveFile.write(numCVE+', Score(v3/v2)= '+str(b2[0])+'/'+str(b2_v2[0])+', Impact CIA(v3)= '+str(c)+'\n')
saveFile.write(numCVE + ',' + str(b2[0]) + ',' +
str(b2_v2[0]) + ',' + str(c[0]) + ',' +
str(c[1]) + ',' + str(c[2]) + '\n')
saveFile.close()
print('[+]' + line + ' -> Score(v3/v2)= ' + str(b2[0]) + '/' +
str(b2_v2[0]) + ' / ' + str(c[0]) + ',' + str(c[1]) +
',' + str(c[2]))
except IndexError:
print('[-]' + line + ' -> [ERROR] Not CVSS Vector')
