def __init__(self, cve=None, **kwargs): ''' Initialze a Holder for CVE Things ''' if cve is None: raise ValueError("CVE ID Required") try: cve_parts = re.search(self._cve_regex, cve, re.I) except Exception as cve_parse_error: self.logger.error("Unable to Parse CVE : {}".format(cve)) raise ValueError("Badly Formatted CVE") else: if cve_parts is not None: self.cve_id = cve.upper() self.cve_year = int(cve_parts.group(1)) self.cve_num = int(cve_parts.group(2)) else: raise ValueError( "Valid CVE ID Required, Recieved {}".format(cve)) self.description = kwargs.get("description", None) self.title = kwargs.get("title", None) if isinstance(kwargs.get("cvss2", None), str): self.cvss2 = cvss.CVSS2(kwargs["cvss2"]) elif isinstance(kwargs.get("cvss2", None), cvss.CVSS2): self.cvss2 = kwargs["cvss2"] else: self.cvss2 = None if isinstance(kwargs.get("cvss3", None), str): self.cvss3 = cvss.CVSS3(kwargs["cvss3"]) elif isinstance(kwargs.get("cvss3", None), cvss.CVSS3): self.cvss3 = kwargs["cvss3"] else: self.cvss3 = None self.severity_override = kwargs.get("severity_override", None) self.score_override = kwargs.get("score_override", None) self.cpe_list = [ cpe.CPE(indv_cpe) for indv_cpe in kwargs.get("cpe_list", list()) ] self.capec_list = kwargs.get("capec_list", list()) self.cwe_list = kwargs.get("cwe_list", list()) self.references = kwargs.get("references", dict()) self.primary_reference = kwargs.get("primary_reference", None) self.last_updated = kwargs.get("last_updated", None) self.published = kwargs.get("published", None) # Updated Now! self.self_updated = int(time.time()) # Audit Items self.filters = kwargs.get("bucket_def", {}) self.comparisons = kwargs.get("comparisons", {})
def enhance_cve(self, parsed_cve_data=None, rh_url=None): ''' Takes the parsed Data and Updates all the various bits ''' self.title = parsed_cve_data["name"] self.description = "\n\n".join(parsed_cve_data["details"]) if "cvss3" in parsed_cve_data.keys(): self.cvss3 = cvss.CVSS3(parsed_cve_data["cvss3"]["cvss3_scoring_vector"]) if "cwe" in parsed_cve_data.keys(): self.cwe_list = parsed_cve_data["cwe"].split("->") readable_url = urljoin(self.__redhat_cve_hr, self.cve_id) self.references = {"Red Hat {}".format(self.cve_id) : readable_url, "{} API".format(self.cve_id) : rh_url} self.primary_reference = readable_url if "bugzilla" in parsed_cve_data.keys(): self.references["RH Bugzilla {}".format(parsed_cve_data["bugzilla"]["id"])] = parsed_cve_data["bugzilla"]["url"] try: updated_date = datetime.datetime.strptime(parsed_cve_data["public_date"], "%Y-%m-%dT%H:%M:%SZ") except Exception as date_error: self.logger.warning("Unable to Read date of {}".format(parsed_cve_data["publicdate"])) self.logger.debug("Date Error {}".format(date_error)) else: self.published = int(updated_date.timestamp()) for package in [*parsed_cve_data.get("package_state", list()), *parsed_cve_data.get("affected_release", list())]: try: self.cpe_list.append(cpe.CPE(package["cpe"])) except Exception as cpe_error: self.logger.error("CPE Error {} with CPE {}".format(cpe_error, package["cpe"])) else: if "package" in package.keys() and "advisory" in package.keys(): self.logger.debug("Found package fix for package {} and advisory {}".format(package["package"], package["advisory"])) if package["advisory"] not in self.rh_cust_package_fixed.keys(): self.rh_cust_package_fixed[package["advisory"]] = list() self.rh_cust_package_fixed[package["advisory"]].append(package["package"])
def cvssscore(self): try: c = cvss.CVSS3("CVSS:3.0/" + self.cvssvector) return c.base_score except Exception: return -1
Runs only with Python 3 because cvsslib does not support Python 2. """ import cvss import cvsslib vector_string = 'AV:L/AC:M/Au:N/C:N/I:N/A:N/E:F/RL:W/RC:C/TD:L/CR:H/IR:ND' result = cvss.CVSS2(vector_string).scores() expected = cvsslib.vector.calculate_vector(vector_string, module=cvsslib.cvss2) print('CVSS2') print(expected) print(result) print() vector_string = 'AV:L/AC:M/Au:S/C:N/I:P/A:C/E:U/RL:OF/RC:UR/CDP:N/TD:L/CR:H/IR:H/AR:H' result = cvss.CVSS2(vector_string).scores() expected = cvsslib.vector.calculate_vector(vector_string, module=cvsslib.cvss2) print('CVSS2') print(expected) print(result) print() vector_string = 'AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:W/CR:X/IR:M/AR:H/MAV:N/MAC:H/MPR:L/MUI:N/MS:X/MC:N/MI:N/MA:X' result = cvss.CVSS3(vector_string).scores() expected = cvsslib.vector.calculate_vector(vector_string, module=cvsslib.cvss3) print('CVSS3') print(expected) print(result)
def getCVE_detail(): # input_cve_result.log 파일에서 https://nvd.nist.gov 데이터 저장 file = open(file_cve, "r", encoding="utf-8") # temp_cve.log 로 저장 lines = file.readlines() # lines.remove("\n") # input_cve_result.log 첫번째 줄 리스트에서 제거 file.close() lines = list(map(lambda s: s.strip(), lines)) # \n 문자열 제거 ssl_url = "https://nvd.nist.gov" ssl_con = requests.get(ssl_url, verify=False) for line in lines: global numCVE numCVE = line url = "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=" + line res = requests.get(url, verify=False) url_v2 = "https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?name=" + line res_v2 = requests.get(url_v2, verify=False) get_nvdCVE = open(file_nvdTmp, "w", encoding="utf-8") get_nvdCVE.write(res.text) get_nvdCVE.close() get_nvdCVE_v2 = open(file_nvdTmp_v2, "w", encoding="utf-8") get_nvdCVE_v2.write(res_v2.text) get_nvdCVE_v2.close() PageRegex = re.compile( r'Warning: Unable to find vulnerability requested') chkPage = PageRegex.search(res.text) chkPage_v2 = PageRegex.search(res_v2.text) try: chkPage_v2.group() print('[-]' + line + ' -> [ERROR] Not found v2 CVE database') chkPage.group() print('[-]' + line + ' -> [ERROR] Not found v3 CVE database') except: try: file = open(file_nvdTmp, encoding="utf-8") # 데이터는 [+]cvss3_result.log 로 저장 file_v2 = open(file_nvdTmp_v2, encoding="utf-8") htmlParser = bs4.BeautifulSoup(file.read(), "html.parser") htmlParser_v2 = bs4.BeautifulSoup(file_v2.read(), "html.parser") file.close() file_v2.close() a = htmlParser.find_all( 'div', id= 'p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_CVSSV3Calculator_FormPanel' ) a2 = re.findall("(?<=value=\")[a-zA-Z:/]{20,40}", str(a)) b = cvss.CVSS3("CVSS:3.0/" + a2[0]) b2 = b.scores() c = b.severities() a_v2 = htmlParser_v2.find_all( 'div', id= 'p_lt_WebPartZone1_zoneCenter_pageplaceholder_p_lt_WebPartZone1_zoneCenter_CVSSV2Calculator_FormPanel' ) a2_v2 = re.findall("(?<=value=\"\()[a-zA-Z:/]{20,40}", str(a_v2)) b_v2 = cvss.CVSS2(a2_v2[0]) b2_v2 = b_v2.scores() saveFile = open(file_out, "a") #saveFile.write(numCVE+', Score(v3)= '+str(b2[0])+', Impact CIA= '+str(c)+"\n") #saveFile.write(numCVE+', Score(v3/v2)= '+str(b2[0])+'/'+str(b2_v2[0])+', Impact CIA(v3)= '+str(c)+'\n') saveFile.write(numCVE + ',' + str(b2[0]) + ',' + str(b2_v2[0]) + ',' + str(c[0]) + ',' + str(c[1]) + ',' + str(c[2]) + '\n') saveFile.close() print('[+]' + line + ' -> Score(v3/v2)= ' + str(b2[0]) + '/' + str(b2_v2[0]) + ' / ' + str(c[0]) + ',' + str(c[1]) + ',' + str(c[2])) except IndexError: print('[-]' + line + ' -> [ERROR] Not CVSS Vector')