def info_graph(one_day_graph):
print("=================")
mypprint(nx.info(one_day_graph))
## print some status
## number of servers is number of edges to type_server
num_svrs = len(one_day_graph.edges("type_server"))
output = "number of server nodes = {0}".format(num_svrs)
print(output)
## show number of servers by group
groups = list(one_day_graph.neighbors("type_group"))
for group in groups:
## number of servers is number of edges to group
## minus 1 for link from group to type_group
num_svrs = len(one_day_graph.edges(group)) - 1
output = " number of {0} servers = {1}".format(group,num_svrs)
print(output)
## number of unique packages is number of edges to type_package
num_pkgs = len(one_day_graph.edges("type_package"))
output = "number of package nodes = {0}".format(num_pkgs)
print(output)
## number of unique package/versions is number of edges to type_version
num_versions = len(one_day_graph.edges("type_version"))
output = "number of package version nodes = {0}".format(num_versions)
print(output)
## number of unique package/versions is number of edges to type_version
num_cve = len(one_day_graph.edges("type_cve"))
output = "number of cve nodes = {0}".format(num_cve)
print(output)
def critical_servers(data):
## go thru servers and output dict of [group][server]
## which have critical cve's
## FW: add cve's as value in dict
## FW: make cve dict of relevant cve's
crit = {}
groups = data.keys() #iterator on servers
for group in groups:
crit[group] = {}
for server in data[group].keys():
this_server = data[group][server]['svm']['scan']
if this_server['critical_findings_count'] > 0:
crit[group][server] = {}
findings = this_server['findings']
for finding in findings:
## if critical add to crit
if finding['critical']:
package_name = finding['package_name']
package_version = finding['package_version']
if package_name not in crit[group][server]:
crit[group][server][package_name] = {}
crit[group][server][package_name][package_version] = {
'crit_cve': finding['cve_entries']
}
for group in crit:
numcs = len(crit[group])
output = "group {0} has {1} servers with critical CVE".format(
group, numcs)
for group in crit:
output = "========== {0} ===========".format(group)
print(output)
for server in crit[group]:
hostname = data[group][server]['hostname']
server_label = data[group][server]['server_label']
output = " ----- {0} - {1} - {2} -----".format(
server, hostname, server_label)
print(output)
for package in crit[group][server]:
for ver in crit[group][server][package]:
output = " ++++++ {0},{1} +++++++++++".format(
package, ver)
print(output)
mypprint(crit[group][server][package][ver]['crit_cve'])
pkg5 = pkg_subset(graphdata,cve5)
pkg0 = pkg_subset(graphdata,cve0)
## find all servers for each bin
svr10 = svr_subset(graphdata, pkg10)
svr7 = svr_subset(graphdata, pkg7)
svr5 = svr_subset(graphdata, pkg5)
svr0 = svr_subset(graphdata, pkg0)
cvebins[d]['1. Worst CVSS=10'] = len(cve10)
cvebins[d]['2. Critical 7 <= CVSS <10'] = len(cve7)
cvebins[d]['3. Medium 5 <= CVSS <7'] = len(cve5)
cvebins[d]['4. Low 0 <= CVSS <5'] = len(cve0)
#mypprint (len(svr10)) #- added
#mypprint (len(svr7)) #- added
#mypprint (len(svr5)) #- added
#mypprint (len(svr0)) #- added
#mypprint (svr7) #- added
#mypprint (svr5) #- added
mypprint(cvebins)
params = {}
params['filename'] = outfilename
params['title'] = 'CVE Totals by Date'
params['ylabel'] = 'Total Number of CVEs across all Servers'
params['xlabel'] = 'Dates'
params['colors'] = ['yellow', 'gold', 'orange', 'red']
stacked_bar_image(cvebins, params)
## Copyright (c) 2020 AT&T Intellectual Property. All rights reserved.
import sys
from load_db import load_graph
from load_db import get_groups
from load_db import server_by_group
from sbom_helpers import get_gdbpath
from sbom_helpers import mypprint
from sbom_helpers import validate_file_access
if( len(sys.argv) != 2 ):
print("There should be one argument, date eg 2019.03.16")
exit()
else:
d = sys.argv[1]
gfile = get_gdbpath() + d + '.gdb'
#validate gdb file exists
validate_file_access([gfile])
graphdata = load_graph(gfile)
groups = get_groups(graphdata)
svr_list = graphdata.neighbors('type_server')
svr_grp_dict = server_by_group(svr_list, groups, graphdata)
mypprint(svr_grp_dict)
for svr in data:
## Print each servers health report - each server separated by *** above and below contents
print(
"**************************************************************************************"
)
print("+++ file {0} ".format(gfile))
print("++++ group {0}".format(svr_grp))
print("++++ svr", svr)
hostname = intermediate(graphdata, 'type_hostname', svr)
print("++++ hostname {0}".format(hostname))
(num_pkg_vers, num_pkgs, pkg_ver_dict,
pkg_multiver_dict) = svr_pkgs(graphdata, svr)
print("+++++ {0} package/versions".format(num_pkg_vers))
print("+++++ {0} packages".format(num_pkgs))
mypprint(pkg_multiver_dict)
## print supressed cves
print("supressed cve's:")
scp = svr_cve_pkgs(graphdata, svr)
sup_cves = pkg_cve_supr(scp)
mypprint(sup_cves)
## print bins of cvss
no_cves = len(pkgs_with_no_cve(scp))
print("{0} packages with no cve's:".format(no_cves))
ten_cves = pkg_cve_cvss_threshold(scp, 10, 100)
l_ten_cves = len(ten_cves)
print("{0} packages with worst cve of cvss=10:".format(l_ten_cves))
mypprint(ten_cves)
## find all servers for each bin
svr10 = svr_subset(graphdata, pkg10)
svr7 = svr_subset(graphdata, pkg7)
## make the lists unique
svr7s = [item for item in svr7 if item not in svr10]
svr5 = svr_subset(graphdata, pkg5)
svr5s = [item for item in svr5 if item not in (svr10 + svr7s)]
svr0 = svr_subset(graphdata, pkg0)
svr0s = [item for item in svr0 if item not in (svr10 + svr7s + svr5s)]
cvebins['1. Servers with Worst CVSS=10'] = len(svr10)
cvebins['2a. Servers with Critical 7 <= CVSS <10'] = len(svr7)
cvebins['2b. Unique Servers 7 <= CVSS <10'] = len(svr7s)
cvebins['3a. Servers with Medium 5 <= CVSS <7'] = len(svr5)
cvebins['3b. Unique Servers 5 <= CVSS <7'] = len(svr5s)
cvebins['4a. Servers with Low 0 <= CVSS <5'] = len(svr0)
cvebins['4b. Unique Servers CVSS <5'] = len(svr0s)
mypprint(cvebins)
## print 3 random servers in each class
print('up to 3 random servers with CVSS=10')
mypprint(svr10[:3])
print('up to 3 random servers with 7<=CVSS<10')
mypprint(svr7s[:3])
print('up to 3 random servers with 5<=CVSS<7')
mypprint(svr5s[:3])
print('up to 3 random servers with CVSS<5')
mypprint(svr0s[:3])
cve5.append(cve)
else:
cve0.append(cve)
## find all packages for each bin
pkg10 = pkg_subset(graphdata,cve10)
pkg7 = pkg_subset(graphdata,cve7)
pkg5 = pkg_subset(graphdata,cve5)
pkg0 = pkg_subset(graphdata,cve0)
## find all servers for each bin
svr10 = svr_subset(graphdata, pkg10)
svr7 = svr_subset(graphdata, pkg7)
svr5 = svr_subset(graphdata, pkg5)
svr0 = svr_subset(graphdata, pkg0)
cvebins['1. Servers with Worst CVSS=10'] = len(svr10)
cvebins['2. Servers with Critical 7 <= CVSS <10'] = len(svr7)
cvebins['3. Servers with Medium 5 <= CVSS <7'] = len(svr5)
cvebins['4. Servers with Low 0 <= CVSS <5'] = len(svr0)
mypprint(cvebins)
## print 3 servers in each class
mypprint(svr10[:3])
mypprint(svr7[:3])
mypprint(svr5[:3])
mypprint(svr0[:3])
def list_packages(filename):
data = file_to_data(filename)
package_dict = {}
## dictionary of packages containing package name as top level key
## second level is also dict with key = package package_version
## third level is dict with group
## fourth level is dict with servers
## fifthlevel is dates as dict with cve's in list as values
## FW: datelist is dates that contain this point
## FW: add cve
server_count = {}
## dictionary of servers as top level key
## second level key is either group or count both of which tie to value at 3rd level
groups = data.keys() #iterator on servers
for group in groups:
server_count[group] = {}
servers = data[group].keys() # iterator over list of servers
for server in servers:
hostname = data[group][server]['hostname']
## shorthand for findings of this particular server
findings = data[group][server]['svm']['scan']['findings']
## init and fill in server count for this server
server_count[group][server] = {}
server_count[group][server]['hostname'] = hostname
server_count[group][server]['package_count'] = len(findings)
## go thru each finding of this server and update package dict
for finding in findings:
package_name = finding['package_name']
if package_name not in package_dict.keys():
package_dict[package_name] = {}
package_version = finding['package_version']
if package_version not in package_dict[package_name]:
package_dict[package_name][package_version] = {}
if group not in package_dict[package_name][package_version]:
package_dict[package_name][package_version][group] = {}
if server not in package_dict[package_name][package_version][
group]:
package_dict[package_name][package_version][group][
server] = {}
package_dict[package_name][package_version][group][server][
'dates'] = []
package_dict[package_name][package_version][group][server][
'cve'] = ['TBD']
package_dict[package_name][package_version][group][server][
'dates'].append(filename)
print("===============")
mypprint(server_count)
print("===============")
mypprint(package_dict)
## make a distribuation of package counts
pkg_cnt = []
for group in groups:
servers = data[group].keys()
for server in servers:
pkg_cnt.append(server_count[group][server]['package_count'])
pkg_cnt.sort()
print(pkg_cnt)
## which package versions on how many machines
package_names = package_dict.keys()
package_count_dict = {}
for package in package_names:
package_count_dict[package] = {}
versions = package_dict[package].keys()
for version in versions:
package_count_dict[package][version] = 0
groups = package_dict[package][version].keys()
for group in groups:
servers = package_dict[package][version][group].keys()
for server in servers:
package_count_dict[package][version] += 1
mypprint(package_count_dict)
## get all packages, versions
(num_pkg_vers, num_pkgs, pkg_ver_dict,
pkg_multiver_dict) = svr_pkgs(graphdata, svr)
## make a list (from the iterator) of the packages
pkgs = list(pkg_ver_dict.keys())
## evaluate if package of interest on this server
if p in pkgs:
## check if multiver
if len(pkg_ver_dict[p]) > 1:
## multiple versions - store for later
num_mul += 1
mvp[svr] = {'versions': pkg_ver_dict[p]}
## get hostname
mvp[svr]['hostname'] = get_hostname(svr, graphdata)
else:
num_one_v += 1
v = pkg_ver_dict[p]
if v not in one_ver:
one_ver.append(v)
else:
num_no_v += 1
print("Number of servers without {0} package: {1}".format(p, num_no_v))
print("Number of servers with one version {0} package: {1}".format(
p, num_one_v))
mypprint(one_ver)
print("Number of servers with multiple versions {0} package: {1}".format(
p, num_mul))
mypprint(mvp)
extra_hist[num], num)
print(out)
print("===============")
## print pseudo histogram of multi-ver packages
nums = list(pkg_hist.keys())
nums.sort()
for num in nums:
out = "{0} servers has {1} mult-ver packages".format(pkg_hist[num], num)
print(out)
print("===============")
## print the servers with zero extras
out = "the following servers have zero extras:"
print(out)
annotated_clean_ver_list = [[(get_group(s, graphdata), s,
get_hostname(s, graphdata))
for s in clean_ver_list]]
annotated_clean_ver_list.sort()
mypprint(annotated_clean_ver_list)
print("===============")
## print the histogram of number of servers with multi-ver packages
## make tuple list of # svrs, mult-ver-package-string
out = "the following is a server count by package-vers hi to low:"
print(out)
mvps_tup = [(len(mvp[a]), a) for a in mvp.keys()]
mvps_tup.sort()
mvps_tup.reverse()
mypprint(mvps_tup)
