def get_vulristics_score_report(combined_cve_data_all, cve_scores, config,
source):
report_txt = ""
report_html = ""
statistics = get_statistics(cve_scores)
cve_score_dict = dict()
for cve in cve_scores:
cve_score_dict[cve] = int(cve_scores[cve]['value'] * 1000)
sorted_cves = functions_tools.get_sorted_list_from_weighted_dict(
cve_score_dict, combined_cve_data_all=combined_cve_data_all)
criticalities = ["Urgent", "Critical", "High", "Medium", "Low"]
components = get_components_list_sorted(cve_scores)
n = 1
for criticality in criticalities:
report_html += "<h4>" + criticality + " (" + str(
len(statistics[criticality])) + ")</h4>"
for cve in sorted_cves:
if cve in statistics[criticality] and cve in combined_cve_data_all:
report_html += get_vulristics_score_vulner_block(
cve_scores, combined_cve_data_all, config, components,
source, cve, n)
n += 1
return {"report_txt": report_txt, "report_html": report_html}
def get_components_list_sorted(cve_scores):
cve_id = list(cve_scores.keys())[0]
component_dict = dict()
for component in cve_scores[cve_id]['components']:
component_dict[component] = cve_scores[cve_id]['components'][
component]['weight']
components = functions_tools.get_sorted_list_from_weighted_dict(
component_dict)
# for component in components:
# print(component + ";" + str(component_dict[component]))
return components
def get_vulristics_score_report(cve_scores, ms_cve_data, config):
report_txt = ""
report_html = ""
cve_score_dict = dict()
for cve in cve_scores:
cve_score_dict[cve] = int(cve_scores[cve]['value'] * 1000)
sorted_cves = functions_tools.get_sorted_list_from_weighted_dict(
cve_score_dict)
components = get_components_list_sorted(cve_scores)
report_html += "<b>"
report_html += get_colored_text("Urgent", "Urgent") + "</br>"
report_html += get_colored_text("Critical", "Critical") + "</br>"
report_html += get_colored_text("High", "High") + "</br>"
report_html += get_colored_text("Medium", "Medium") + "</br>"
report_html += get_colored_text("Low", "Low") + "</br>"
report_html += "</b>"
for cve in sorted_cves:
report_txt += cve + "\n"
report_html += "<p>" + get_vuln_type_icon_html(ms_cve_data[cve]['vuln_type'], config) + \
" <b>" + str(ms_cve_data[cve]['vuln_type']) + \
"</b> - " + str(ms_cve_data[cve]['vuln_product']) + \
" (" + cve + ")" + \
" - " + get_colored_text(cve_scores[cve]['level'], cve_scores[cve]['level'] + " [" + str(int(cve_scores[cve]['value'] * 1000)) + "] ") + \
"</br>"
#report_html += str(cve_scores[cve])
report_html += "<table><tr><th>component</th><th>value</th><th>weight</th><th>comment</th></tr>"
for component in components:
report_html += "<tr>" + \
"<td>" + component + "</td>" +\
"<td>" + str(cve_scores[cve]['components'][component]['value']) + "</td>" + \
"<td>" + str(cve_scores[cve]['components'][component]['weight']) + "</td>" + \
"<td>" + str(cve_scores[cve]['components'][component]['comment']) + "</td>" + \
"</tr>"
report_html += "</table>"
report_html += "</p>\n"
# report_txt = str(cve_scores)
# report_html = str(cve_scores)
return {"report_txt": report_txt, "report_html": report_html}
def get_type_based_report(current_cve_data, report_config, source, cve_scores):
# Make a reports by grouping vulnerabilitites by product and vulnerability vuln_type
processed_cves = set()
report_txt = ""
report_html = ""
all_types = get_vuln_types(current_cve_data) # all vulnerability types
report_dict = dict()
for vuln_type in all_types:
report_dict[vuln_type] = dict()
report_dict[vuln_type]['score'] = 0
report_dict[vuln_type]['products'] = dict()
type_cves = get_vulns_filtered_by_type(vuln_type, current_cve_data)
for product in get_vuln_products(type_cves):
report_dict[vuln_type]['products'][product] = dict()
report_dict[vuln_type]['products'][product]['score'] = 0
report_dict[vuln_type]['products'][product]['cves'] = dict()
cves_by_product = get_vulns_filtered_by_product(product, type_cves)
for cve in cves_by_product:
report_dict[vuln_type]['products'][product]['cves'][
cve] = dict()
report_dict[vuln_type]['products'][product]['cves'][cve][
'score'] = cve_scores[cve]
for cve in type_cves.keys():
processed_cves.add(cve)
# Adding max VVS of vulnerabilities as a score for product
for vuln_type in report_dict:
for product in report_dict[vuln_type]['products']:
all_scores = list()
for cve in report_dict[vuln_type]['products'][product]['cves']:
all_scores.append(report_dict[vuln_type]['products'][product]
['cves'][cve]['score']['value'])
report_dict[vuln_type]['products'][product]['score'] = max(
all_scores)
# Adding max VVS of products as a score for vulnerability type
for vuln_type in report_dict:
all_scores = list()
for product in report_dict[vuln_type]['products']:
all_scores.append(
report_dict[vuln_type]['products'][product]['score'])
report_dict[vuln_type]['score'] = max(all_scores)
def get_cve_for_vuln_type(vuln_type_data):
all_cves = list()
for product in vuln_type_data['products']:
for cve in vuln_type_data['products'][product]['cves']:
all_cves.append(cve)
return all_cves
# Making sorted list of vulnerability types
vuln_types_dict = dict()
for vuln_type in report_dict:
vuln_types_dict[vuln_type] = report_dict[vuln_type]['score']
sorted_list_of_vulnerability_types = functions_tools.get_sorted_list_from_weighted_dict(
vuln_types_dict)
for vuln_type in sorted_list_of_vulnerability_types:
report_txt += vuln_type + "\n"
report_html += "<h4>" + get_vuln_type_html(
vuln_type, report_config) + " (" + str(
len(get_cve_for_vuln_type(
report_dict[vuln_type]))) + ")</h4>" + "\n"
report_html += "<ul>" + "\n"
# Making sorted list of products
product_dict = dict()
for product in report_dict[vuln_type]['products']:
product_dict[product] = report_dict[vuln_type]['products'][
product]['score']
sorted_list_of_products = functions_tools.get_sorted_list_from_weighted_dict(
product_dict)
for product in sorted_list_of_products:
cves = report_dict[vuln_type]['products'][product]['cves'].keys()
cves = list(cves)
cves.sort()
report_txt += " - " + product + " (" + get_cve_line(
cves) + ")" + "\n"
report_html += "<li>" + product + " (" + get_ms_cve_lines_html_vss(
cves, cve_scores) + ")" + "</li>" + "\n"
report_html += get_comments_for_cves(source, cves)["report_html"]
report_html += "</ul>" + "\n"
return {
"report_txt": report_txt,
"report_html": report_html,
"report_dict": report_dict,
"processed_cves": processed_cves
}