Esempio n. 1
0
    def config_cpe_match(self, cm):
        if all("$.vulnerable", cm)[0]:
            v = PLATFORM.VulnerableConfiguration
        else:
            v = PLATFORM.NotVulnerableConfiguration
        subject = BNode()
        cveStr = all("$.cpe23Uri", cm)[0]
        self.triples(subject, v, [(PLATFORM.hasPlatform, cpeURI(cveStr))] + \
          self.versionStartExcluding(cm) + self.versionStartIncluding(cm) + self.versionEndExcluding(cm) + self.versionEndIncluding(cm))
        #print(cveStr)

        c = CPE(cveStr)

        if c.is_hardware():
            self.g.add((cpeURI(cveStr), RDF.type, PLATFORM.HardwarePlatform))
        elif c.is_application():
            self.g.add(
                (cpeURI(cveStr), RDF.type, PLATFORM.ApplicationPlatform))
        elif c.is_operating_system():
            self.g.add(
                (cpeURI(cveStr), RDF.type, PLATFORM.OperatingSystemPlatform))

        vendor = ""
        for i in c.get_vendor():
            self.g.add((cpeURI(cveStr), PLATFORM.vendor,
                        self.plEnt(i, "Vendor_", cls=PLATFORM.Vendor)))
            vendor = i
        for i in c.get_product():
            self.g.add((cpeURI(cveStr), PLATFORM.product,
                        self.plEnt(i,
                                   "Product_" + vendor + "_",
                                   cls=PLATFORM.Product)))
        for i in c.get_edition():
            self.g.add((cpeURI(cveStr), PLATFORM.edition,
                        self.plEnt(i, "Edition_", cls=PLATFORM.Edition)))
        for i in c.get_language():
            self.g.add((cpeURI(cveStr), PLATFORM.language,
                        self.plEnt(i, "Language_", cls=PLATFORM.Language)))
        for i in c.get_other():
            self.g.add((cpeURI(cveStr), PLATFORM.other,
                        self.plEnt(i, "Other_", cls=PLATFORM.Other)))
        for i in c.get_software_edition():
            self.g.add((cpeURI(cveStr), PLATFORM.softwareEdition,
                        self.plEnt(i,
                                   "SoftwareEdition_",
                                   cls=PLATFORM.SoftwareEdition)))
        for i in c.get_target_hardware():
            self.g.add((cpeURI(cveStr), PLATFORM.targetHardware,
                        self.plEnt(i, "Hardware_", cls=CORE.Hardware)))
        for i in c.get_target_software():
            self.g.add((cpeURI(cveStr), PLATFORM.targetSoftware,
                        self.plEnt(i, "Software_", cls=CORE.Software)))
        for i in c.get_update():
            if not i == "-":
                self.g.add((cpeURI(cveStr), PLATFORM.update, Literal(i)))
        for i in c.get_version():
            if not i == "-":
                self.g.add((cpeURI(cveStr), PLATFORM.version, Literal(i)))

        return subject
Esempio n. 2
0
        def get_cpe_df(self, debug=False):
            """Get the list of CPE names for the vulnerability.
            """
            
            type_list = []
            part_list = []
            vendor_list = []
            product_list = []
            version_list = []
            update_list = []
            edition_list = []
            language_list = []
            sw_edition_list = []
            target_sw_list = []
            target_hw_list = []
            other_list = []
            published_datetime_list = []
            
            
            for cpe_entry in self.cpe_list:
                
                #if(debug):
                    #print(cpe_entry)
                
                try:
                    
                    cp = CPE(cpe_entry)
                    
                    if(cp.is_hardware()):
                        type_list.append("HW")
                    elif(cp.is_operating_system()):
                        type_list.append("OS")
                    elif(cp.is_application()):
                        type_list.append("APP")
                    else:
                        type_list.append("UNDEFINED")
    
                    part_list.append(list_to_string(cp.get_part()))
                    vendor_list.append(list_to_string(cp.get_vendor()))
                    product_list.append(list_to_string(cp.get_product()))
                    version_list.append(list_to_string(cp.get_version()))
                    update_list.append(list_to_string(cp.get_update()))
                    edition_list.append(list_to_string(cp.get_edition()))
                    language_list.append(list_to_string(cp.get_language()))
                    sw_edition_list.append(list_to_string(cp.get_software_edition()))
                    target_sw_list.append(list_to_string(cp.get_target_software()))
                    target_hw_list.append(list_to_string(cp.get_target_hardware()))
                    other_list.append(list_to_string(cp.get_other()))
                    
                    published_datetime_list.append(self.published_datetime)
                    
                except Exception as inst:
                    print(inst)
            
            data = pd.DataFrame()
            data['type'] = type_list
            data['part'] = part_list
            data['vendor'] = vendor_list
            data['product'] = product_list
            data['version'] = version_list
            data['update'] = update_list
            data['edition'] = edition_list
            data['language'] = language_list
            data['sw_edition'] = sw_edition_list
            data['target_sw'] = target_sw_list
            data['target_hw'] = target_hw_list
            data['other'] = other_list
            data['published_datetime'] = published_datetime_list

            return data