def draw_digraph(infile, cves, outfile):
data = load_file(infile)
pkgs = pkg_subset(data, cves)
svrs = svr_subset(data, pkgs)
label = {}
G = nx.DiGraph()
for cve in cves:
G.add_node(cve)
cvss = data.nodes[cve]['cvss']
supressed = data.nodes[cve]['suppressed']
label[cve] = "{0}\n cvss={1}".format(cve, cvss)
if supressed:
label[cve] += "\n/supressed"
for pkg in pkgs:
G.add_node(pkg)
label[pkg] = pkg
if pkg in data.neighbors(cve):
G.add_edge(cve, pkg)
for svr in svrs:
G.add_node(svr)
## find group & hostname for label
for neighbor in data.neighbors(svr):
if neighbor in data.neighbors('type_group'):
group = neighbor
elif neighbor in data.neighbors('type_hostname'):
hostname = neighbor
label[svr] = "{0}\n{1}\n{2}".format(group, hostname, svr)
for pkg in pkgs:
if svr in data.neighbors(pkg):
G.add_edge(pkg, svr)
pos = graphviz_layout(G, prog='dot')
nx.draw_networkx_nodes(G,
pos,
nodelist=cves,
node_color='r',
node_size=500,
alpha=0.8)
nx.draw_networkx_nodes(G,
pos,
nodelist=pkgs,
node_color='b',
node_size=400,
alpha=0.8)
nx.draw_networkx_nodes(G,
pos,
nodelist=svrs,
node_color='#DDDDDD',
node_size=300,
alpha=0.8)
nx.draw_networkx_edges(G, pos)
nx.draw_networkx_labels(G, pos, label, font_size=10)
plt.axis('off')
plt.savefig(outfile)
cve0 = [] # CVE's with cvss<5,>=0
for cve in cves:
## put cve in bin
cvss = graphdata.nodes[cve]['cvss']
if(cvss == 10.0):
cve10.append(cve)
elif(cvss >= 7.0):
cve7.append(cve)
elif(cvss >= 5.0):
cve5.append(cve)
else:
cve0.append(cve)
## find all packages for each bin
pkg10 = pkg_subset(graphdata,cve10)
pkg7 = pkg_subset(graphdata,cve7)
pkg5 = pkg_subset(graphdata,cve5)
pkg0 = pkg_subset(graphdata,cve0)
## find all servers for each bin
svr10 = svr_subset(graphdata, pkg10)
svr7 = svr_subset(graphdata, pkg7)
svr5 = svr_subset(graphdata, pkg5)
svr0 = svr_subset(graphdata, pkg0)
cvebins[d]['1. Worst CVSS=10'] = len(cve10)
cvebins[d]['2. Critical 7 <= CVSS <10'] = len(cve7)
cvebins[d]['3. Medium 5 <= CVSS <7'] = len(cve5)
cvebins[d]['4. Low 0 <= CVSS <5'] = len(cve0)