def config_cpe_match(self, cm):
if all("$.vulnerable", cm)[0]:
v = PLATFORM.VulnerableConfiguration
else:
v = PLATFORM.NotVulnerableConfiguration
subject = BNode()
cveStr = all("$.cpe23Uri", cm)[0]
self.triples(subject, v, [(PLATFORM.hasPlatform, cpeURI(cveStr))] + \
self.versionStartExcluding(cm) + self.versionStartIncluding(cm) + self.versionEndExcluding(cm) + self.versionEndIncluding(cm))
#print(cveStr)
c = CPE(cveStr)
if c.is_hardware():
self.g.add((cpeURI(cveStr), RDF.type, PLATFORM.HardwarePlatform))
elif c.is_application():
self.g.add(
(cpeURI(cveStr), RDF.type, PLATFORM.ApplicationPlatform))
elif c.is_operating_system():
self.g.add(
(cpeURI(cveStr), RDF.type, PLATFORM.OperatingSystemPlatform))
vendor = ""
for i in c.get_vendor():
self.g.add((cpeURI(cveStr), PLATFORM.vendor,
self.plEnt(i, "Vendor_", cls=PLATFORM.Vendor)))
vendor = i
for i in c.get_product():
self.g.add((cpeURI(cveStr), PLATFORM.product,
self.plEnt(i,
"Product_" + vendor + "_",
cls=PLATFORM.Product)))
for i in c.get_edition():
self.g.add((cpeURI(cveStr), PLATFORM.edition,
self.plEnt(i, "Edition_", cls=PLATFORM.Edition)))
for i in c.get_language():
self.g.add((cpeURI(cveStr), PLATFORM.language,
self.plEnt(i, "Language_", cls=PLATFORM.Language)))
for i in c.get_other():
self.g.add((cpeURI(cveStr), PLATFORM.other,
self.plEnt(i, "Other_", cls=PLATFORM.Other)))
for i in c.get_software_edition():
self.g.add((cpeURI(cveStr), PLATFORM.softwareEdition,
self.plEnt(i,
"SoftwareEdition_",
cls=PLATFORM.SoftwareEdition)))
for i in c.get_target_hardware():
self.g.add((cpeURI(cveStr), PLATFORM.targetHardware,
self.plEnt(i, "Hardware_", cls=CORE.Hardware)))
for i in c.get_target_software():
self.g.add((cpeURI(cveStr), PLATFORM.targetSoftware,
self.plEnt(i, "Software_", cls=CORE.Software)))
for i in c.get_update():
if not i == "-":
self.g.add((cpeURI(cveStr), PLATFORM.update, Literal(i)))
for i in c.get_version():
if not i == "-":
self.g.add((cpeURI(cveStr), PLATFORM.version, Literal(i)))
return subject
def getinfo(filename):
if os.path.exists(filename + '.bin'):
print(filename, "exists -- taking in")
with open(filename + '.bin', 'rb') as reader:
return eval(reader.read())
print(filename, "does not exist, parsing")
f = open(filename)
tree = etree.parse(f)
f.close()
vulns = []
entry_nodes = tree.xpath(
'//prefix:entry',
namespaces={
'prefix': 'http://scap.nist.gov/schema/feed/vulnerability/2.0'
})
for entry in entry_nodes:
thisVuln = {}
thisVuln['id'] = entry.find(prefixed('vuln', 'cve-id')).text
vulnSoftware = entry.find(prefixed('vuln', 'vulnerable-software-list'))
if vulnSoftware is not None:
for v in vulnSoftware:
try:
myCPE = CPE(v.text)
except NotImplementedError:
print("Could not parse")
#logging.warning("Unable to parse CPE '%s'" % v.text)
else:
thisVuln['part'] = myCPE.get_part()[0]
thisVuln['vendor'] = myCPE.get_vendor()[0]
if 'linux' in thisVuln['vendor']:
thisVuln['vendor'] = 'linux'
thisVuln['product'] = myCPE.get_product()[0]
if 'linux' in thisVuln['product']:
thisVuln['vendor'] = 'linux'
thisVuln['version'] = myCPE.get_version()[0]
thisVuln['update'] = myCPE.get_update()[0]
thisVuln['edition'] = myCPE.get_edition()[0]
thisVuln['language'] = myCPE.get_language()[0]
cvss = entry.find(prefixed('vuln', 'cvss'))
if cvss is not None:
thisVuln['score'] = cvss.getchildren()[0].getchildren()[0].text
thisVuln['accessVector'] = cvss.getchildren()[0].getchildren(
)[1].text
thisVuln['accessComplexity'] = cvss.getchildren()[0].getchildren(
)[2].text
thisVuln['auth'] = cvss.getchildren()[0].getchildren()[3].text
thisVuln['impactConf'] = cvss.getchildren()[0].getchildren(
)[4].text
thisVuln['impactInt'] = cvss.getchildren()[0].getchildren()[5].text
thisVuln['impactAvail'] = cvss.getchildren()[0].getchildren(
)[6].text
vulns.append(thisVuln)
with open(filename + '.bin', 'wrb+') as myFile:
myFile.write(bytes(vulns))
def __init__(self, cve_entry, thread: ThreadPool = None):
self.id = cve_entry.find(prefixed('vuln', 'cve-id')).text
self.vulnsoftware = cve_entry.find(
prefixed('vuln', 'vulnerable-software-list'))
self.part = []
self.vendor = []
self.version = []
self.update = []
self.edition = []
self.language = []
self.product = []
self.year_path = os.path.join("CVE_Detail", self.get_year())
self.cvssscore = None
self.accessVector = None
self.accessComplexity = None
self.auth = None
self.impactConf = None
self.impactInt = None
self.impactAvail = None
if self.vulnsoftware is not None:
for product in self.vulnsoftware:
try:
mycpe = CPE(product.text)
except NotImplementedError as e:
print(e)
else:
self.part.append(mycpe.get_part()[0])
self.vendor.append(mycpe.get_vendor()[0])
self.version.append(mycpe.get_version()[0])
self.update.append(mycpe.get_update()[0])
self.edition.append(mycpe.get_edition()[0])
self.language.append(mycpe.get_language()[0])
self.product.append(mycpe.get_product()[0])
cvss = cve_entry.find(prefixed('vuln', 'cvss'))
if cvss is not None:
self.cvssscore = cvss.getchildren()[0].getchildren()[0].text
self.accessVector = cvss.getchildren()[0].getchildren()[1].text
self.accessComplexity = cvss.getchildren()[0].getchildren()[2].text
self.auth = cvss.getchildren()[0].getchildren()[3].text
self.impactConf = cvss.getchildren()[0].getchildren()[4].text
self.impactInt = cvss.getchildren()[0].getchildren()[5].text
self.impactAvail = cvss.getchildren()[0].getchildren()[6].text
self.summery = cve_entry.find(prefixed('vuln', 'summary')).text
if thread != None:
thread.apply_async(self.get_from_pycvesearch)
def filter_generic_cpes(cpe_list: List[str]) -> List[str]:
'''
This function takes in a list of CPE strings and filters out any
CPEs with any specific information past the version number (edition, lang, etc).
Returns a new list of CPE strings.
'''
filtered_cpes = []
for cpe in cpe_list:
c = CPE(cpe)
# yapf: disable
if (c.get_update()[0] in EMPTY_WILDCARD_CPE_SET and
c.get_edition()[0] in EMPTY_WILDCARD_CPE_SET and
c.get_language()[0] in EMPTY_WILDCARD_CPE_SET and
c.get_software_edition()[0] in EMPTY_WILDCARD_CPE_SET and
c.get_target_software()[0] in EMPTY_WILDCARD_CPE_SET and
c.get_target_hardware()[0] in EMPTY_WILDCARD_CPE_SET and
c.get_other()[0] in EMPTY_WILDCARD_CPE_SET):
# yapf: enable
filtered_cpes.append(cpe)
return filtered_cpes
def get_cpe_df(self, debug=False):
"""Get the list of CPE names for the vulnerability.
"""
type_list = []
part_list = []
vendor_list = []
product_list = []
version_list = []
update_list = []
edition_list = []
language_list = []
sw_edition_list = []
target_sw_list = []
target_hw_list = []
other_list = []
published_datetime_list = []
for cpe_entry in self.cpe_list:
#if(debug):
#print(cpe_entry)
try:
cp = CPE(cpe_entry)
if(cp.is_hardware()):
type_list.append("HW")
elif(cp.is_operating_system()):
type_list.append("OS")
elif(cp.is_application()):
type_list.append("APP")
else:
type_list.append("UNDEFINED")
part_list.append(list_to_string(cp.get_part()))
vendor_list.append(list_to_string(cp.get_vendor()))
product_list.append(list_to_string(cp.get_product()))
version_list.append(list_to_string(cp.get_version()))
update_list.append(list_to_string(cp.get_update()))
edition_list.append(list_to_string(cp.get_edition()))
language_list.append(list_to_string(cp.get_language()))
sw_edition_list.append(list_to_string(cp.get_software_edition()))
target_sw_list.append(list_to_string(cp.get_target_software()))
target_hw_list.append(list_to_string(cp.get_target_hardware()))
other_list.append(list_to_string(cp.get_other()))
published_datetime_list.append(self.published_datetime)
except Exception as inst:
print(inst)
data = pd.DataFrame()
data['type'] = type_list
data['part'] = part_list
data['vendor'] = vendor_list
data['product'] = product_list
data['version'] = version_list
data['update'] = update_list
data['edition'] = edition_list
data['language'] = language_list
data['sw_edition'] = sw_edition_list
data['target_sw'] = target_sw_list
data['target_hw'] = target_hw_list
data['other'] = other_list
data['published_datetime'] = published_datetime_list
return data
def populate_CVE(root):
cve_data = []
vuln_data = []
for entry in root:
cve_id = entry.find(prefixed('vuln', 'cve-id')).text
cve_id = int(re.sub("[^0-9]", "", cve_id))
pubdate = entry.find(prefixed('vuln', 'published-datetime')).text
moddate = entry.find(prefixed('vuln', 'last-modified-datetime')).text
summary = entry.find(prefixed('vuln', 'summary')).text
pubdate = parser.parse(pubdate)
moddate = parser.parse(moddate)
vulnSoftware = entry.find(prefixed('vuln', 'vulnerable-software-list'))
vulnList = []
unableToParse=0
if vulnSoftware is not None:
for v in vulnSoftware:
try:
myCPE = CPE(v.text)
except NotImplementedError:
unableToParse+=1
#logging.warning("Unable to parse CPE '%s'" % v.text)
else:
part = myCPE.get_part()[0]
vendor = myCPE.get_vendor()[0]
product = myCPE.get_product()[0]
version = myCPE.get_version()[0]
update = myCPE.get_update()[0]
edition = myCPE.get_edition()[0]
language = myCPE.get_language()[0]
derpa = {"part" : part, "vendor":vendor, "product":product, "version":version, "update":update, "edition":edition, "language":language, "cve":cve_id}
vuln_data.append(derpa)
if unableToParse>0:
logging.warning("Could not parse %d lines from file." % unableToParse)
vuln = entry.find(prefixed('vuln','cvss'))
#metrics = vuln.find(prefixed('cvss','base_metrics'))
if vuln is not None:
score = vuln.getchildren()[0].getchildren()[0].text
accessVector = vuln.getchildren()[0].getchildren()[1].text
accessComplexity = vuln.getchildren()[0].getchildren()[2].text
auth = vuln.getchildren()[0].getchildren()[3].text
impactConf = vuln.getchildren()[0].getchildren()[4].text
impactInt = vuln.getchildren()[0].getchildren()[5].text
impactAvail = vuln.getchildren()[0].getchildren()[6].text
if "DO NOT USE THIS CANDIDATE NUMBER" not in summary:
data = {
"cve":cve_id,
"pubdate":pubdate,
"moddate":moddate,
"summary":summary,
"score":score,
"accessVector":accessVector,
"accessComp":accessComplexity,
"auth":auth,
"impactConf": impactConf,
"impactInt": impactInt,
"impactAvail": impactAvail
}
cve_data.append(data)
tables['CVEs'].insert().execute(cve_data)
tables['VulnSoftware'].insert().execute(vuln_data)
def populate_CVE(root):
cve_data = []
vuln_data = []
for entry in root:
cve_id = entry.find(prefixed("vuln", "cve-id")).text
cve_id = int(re.sub("[^0-9]", "", cve_id))
pubdate = entry.find(prefixed("vuln", "published-datetime")).text
moddate = entry.find(prefixed("vuln", "last-modified-datetime")).text
summary = entry.find(prefixed("vuln", "summary")).text
pubdate = parser.parse(pubdate)
moddate = parser.parse(moddate)
vulnSoftware = entry.find(prefixed("vuln", "vulnerable-software-list"))
vulnList = []
unableToParse = 0
if vulnSoftware is not None:
for v in vulnSoftware:
try:
myCPE = CPE(v.text)
except NotImplementedError:
unableToParse += 1
# logging.warning("Unable to parse CPE '%s'" % v.text)
else:
part = myCPE.get_part()[0]
vendor = myCPE.get_vendor()[0]
product = myCPE.get_product()[0]
version = myCPE.get_version()[0]
update = myCPE.get_update()[0]
edition = myCPE.get_edition()[0]
language = myCPE.get_language()[0]
derpa = {
"part": part,
"vendor": vendor,
"product": product,
"version": version,
"update": update,
"edition": edition,
"language": language,
"cve": cve_id,
}
vuln_data.append(derpa)
if unableToParse > 0:
logging.warning("Could not parse %d lines from file." % unableToParse)
vuln = entry.find(prefixed("vuln", "cvss"))
# metrics = vuln.find(prefixed('cvss','base_metrics'))
if vuln is not None:
score = vuln.getchildren()[0].getchildren()[0].text
accessVector = vuln.getchildren()[0].getchildren()[1].text
accessComplexity = vuln.getchildren()[0].getchildren()[2].text
auth = vuln.getchildren()[0].getchildren()[3].text
impactConf = vuln.getchildren()[0].getchildren()[4].text
impactInt = vuln.getchildren()[0].getchildren()[5].text
impactAvail = vuln.getchildren()[0].getchildren()[6].text
if "DO NOT USE THIS CANDIDATE NUMBER" not in summary:
data = {
"cve": cve_id,
"pubdate": pubdate,
"moddate": moddate,
"summary": summary,
"score": score,
"accessVector": accessVector,
"accessComp": accessComplexity,
"auth": auth,
"impactConf": impactConf,
"impactInt": impactInt,
"impactAvail": impactAvail,
}
cve_data.append(data)
tables["CVEs"].insert().execute(cve_data)
tables["VulnSoftware"].insert().execute(vuln_data)
