def _create_nessus_cve(self, item):
cve = CveDocument()
cve.id = 'NESSUS-{}'.format(item.get('pluginID'))
base_score_v2 = get_value(item.find('cvss_base_score'))
if base_score_v2:
cve.base_score_v2 = float(base_score_v2)
base_score_v3 = get_value(item.find('cvss3_base_score'))
if base_score_v3:
cve.base_score_v3 = float(base_score_v3)
cve = self._create_nessus_cve_cvss3_vector(item, cve)
cve = self._create_nessus_cve_cvss_vector(item, cve)
return cve
def get_cve(cve_id, oid, tags):
if cve_id == 'NOCVE':
cve_id = F'NOCVE-{oid}'
cve = CveDocument.get_or_create(cve_id=cve_id)
vector = tags['cvss_base_vector']
vector = dict(x.split(':') for x in vector.split('/'))
new_cve = CveDocument(id=cve_id)
new_cve.access_vector_v2 = metrics.AccessVectorV2(vector['AV'])
new_cve.access_complexity_v2 = metrics.AccessComplexityV2(vector['AC'])
new_cve.authentication_v2 = metrics.AuthenticationV2(vector['Au'])
new_cve.confidentiality_impact_v2 = metrics.ImpactV2(vector['C'])
new_cve.integrity_impact_v2 = metrics.ImpactV2(vector['I'])
new_cve.availability_impact_v2 = metrics.ImpactV2(vector['A'])
new_cve.base_score_v2 = calculate_base_score_v2(new_cve)
if cve.has_changed(new_cve):
return cve.update(new_cve, refresh=True)
return cve
return CveDocument.get_or_create(cve_id=cve_id)