Exemplo n.º 1
0
    def getcve(self, cveid=None):
        if cveid is not None:
            e = db.getCVE(cveid, collection=self.collection)
            if e is None:
                return None
            if "cwe" in e and self.capeclookup:
                if e['cwe'].lower() != 'unknown':
                    e['capec'] = self.getcapec(cweid=(e['cwe'].split('-')[1]))
            if "vulnerable_configuration" in e:
                vulconf = []
                ranking = []
                for conf in e['vulnerable_configuration']:
                    vulconf.append({'id': conf, 'title': self.getcpe(cpeid=conf)})
                    if self.rankinglookup:
                        rank = self.getranking(cpeid=conf)
                        if rank and rank not in ranking:
                            ranking.append(rank)
                e['vulnerable_configuration'] = vulconf
            if self.rankinglookup and len(ranking) > 0:
                e['ranking'] = ranking
            if self.via4lookup:
                f = self.getVIA4(cveid)
                if isinstance(f, dict):
                    e = dict(itertools.chain(e.items(), f.items()))
            if self.subscorelookup:
                exploitCVSS=exploitabilityScore(e)
                impactCVSS =impactScore(e)
                e['exploitCVSS']=(math.ceil(exploitCVSS*10)/10) if type(exploitCVSS) is not str else exploitCVSS
                e['impactCVSS']=(math.ceil(impactCVSS*10)/10) if type(impactCVSS) is not str else impactCVSS
        else:
            e = None

        return e
Exemplo n.º 2
0
    def getcve(self, cveid=None):
        if cveid is not None:
            e = db.getCVE(cveid, collection=self.collection)
            if e is None:
                return None
            if "cwe" in e and self.capeclookup:
                if e['cwe'].lower() != 'unknown':
                    e['capec'] = self.getcapec(cweid=(e['cwe'].split('-')[1]))
            if "vulnerable_configuration" in e:
                vulconf = []
                ranking = []
                for conf in e['vulnerable_configuration']:
                    vulconf.append({'id': conf, 'title': self.getcpe(cpeid=conf)})
                    if self.rankinglookup:
                        rank = self.getranking(cpeid=conf)
                        if rank and rank not in ranking:
                            ranking.append(rank)
                e['vulnerable_configuration'] = vulconf
            if self.rankinglookup and len(ranking) > 0:
                e['ranking'] = ranking
            if self.reflookup:
                f = self.getRefs(cveid=cveid)
                if not isinstance(f, str):
                    g = dict(itertools.chain(e.items(), f.items()))
                    e = g
            if self.subscorelookup:
                exploitCVSS=exploitabilityScore(e)
                impactCVSS =impactScore(e)
                e['exploitCVSS']=(math.ceil(exploitCVSS*10)/10) if type(exploitCVSS) is not str else exploitCVSS
                e['impactCVSS']=(math.ceil(impactCVSS*10)/10) if type(impactCVSS) is not str else impactCVSS
        else:
            e = None

        return e
Exemplo n.º 3
0
 def _enhance(self, cve, via4=False, subscore=False, ranking=False, **kwargs):
     if isinstance(cve, CVE): cve = [cve]
     for c in cve:
         # update CPE's for titles
         vulns = []
         for vuln in c.vulnerable_configuration:
             vulns.append(DatabaseLayer().CPE.get(vuln.id))
         c.vulnerable_configuration = vulns
         # Extra updates
         if via4:
             c.via4 = DatabaseLayer().VIA4.get(c.id)
         if ranking:
             ranks = set()
             for config in c.vulnerable_configuration:
                 rank = DatabaseLayer().CPE.ranking(config.id)
                 if rank:
                     rank = [hashableDict(x) for x in rank] # making the dict hashable
                     ranks.add(tuple(rank)) # tuple cuz lists are not hahsable
             c.ranking = ranks
         if subscore:
             exploitCVSS=exploitabilityScore(cve)
             impactCVSS =impactScore(cve)
             cve.access.cvss =(math.ceil(exploitCVSS*10)/10) if type(exploitCVSS) is not str else exploitCVSS
             cve.impact.cvss =(math.ceil(impactCVSS *10)/10) if type(impactCVSS)  is not str else impactCVSS