def lastcve():
"""Grab the last 30 CVEs."""
cve = CVESearch()
data = json.loads(cve.last())
print("[+] Attempting to retrieve the latest 30 CVEs")
if data:
try:
for vulns in data['results']:
with open('history.txt', 'ab+') as history_file:
if vulns['id'] in history_file.read():
print("[-] Package already generated: " + vulns['id'])
else:
history_file.seek(0, 2)
cvebuild(vulns['id'])
history_file.write(vulns['id'] + "\n")
except ImportError:
pass
def lastcve():
"""Grab the last 30 CVEs."""
cve = CVESearch()
data = json.loads(cve.last())
print("[+] Attempting to retrieve the latest 30 CVEs")
if data:
try:
for vulns in data['results']:
with open('history.txt', 'ab+') as history_file:
if vulns['id'] in history_file.read():
print("[-] Package already generated: " + vulns['id'])
else:
history_file.seek(0, 2)
cvebuild(vulns['id'])
history_file.write(vulns['id'] + "\n")
except ImportError:
pass
class CVEClass:
def __init__(self):
self.cve = CVESearch()
self.store_name = 'cvestore.db'
self.cached_cve_ids = []
self.message_queue = CustQueue()
self.mastodonClass = MastodonClass()
self.mastodonClass.initalize()
self.readCVEListFromFile()
def cveUpdate(self):
cves = json.loads(self.cve.last())
str_list = []
for result in cves['results']:
cve_string = ""
if result['id'].strip() in self.cached_cve_ids:
pass
else:
if len(self.cached_cve_ids) == 30:
self.cached_cve_ids.pop()
self.cached_cve_ids.append(str(result['id']))
self.cached_cve_ids = sorted(self.cached_cve_ids, reverse=True)
dt = parser.parse(result['Published'])
cve_string += "New CVE Notification"
cve_string += "\n\n"
cve_string += "Date: "
cve_string += "{:%B %d, %Y}".format(dt) + "\n"
cve_string += "CVE-ID : "
cve_string += result['id'] + "\n\n"
cve_string += "Summary: "
cve_string += result['summary'][:197] + "...\n\n"
cve_string += "References: \n"
for ref in result['references']:
cve_string += ref + "\n"
str_list.append(cve_string + "\n")
for revstr in list(reversed(str_list)):
self.message_queue.enqueue(revstr)
self.writeCVEListToFile()
def dequeueMessage(self):
if self.message_queue.size() > 0:
#print self.message_queue.dequeue()
self.shareToMastodon(self.message_queue.dequeue())
def shareToMastodon(self, cve_str):
self.mastodonClass.toot(cve_str)
def readCVEListFromFile(self):
print "Reading CVEList from file"
if os.path.isfile(self.store_name):
with open(self.store_name, 'r') as cveStoreFile:
data = cveStoreFile.read().replace('\n', '')
for result in json.loads(data):
self.cached_cve_ids.append(str(result))
def writeCVEListToFile(self):
print "Writing CVEList to file"
file = open('cvestore.db', 'w')
file.write(json.dumps(self.cached_cve_ids))
file.close()
class TestCVEAPI(unittest.TestCase):
def setUp(self):
self.cve = CVESearch()
def tearDown(self):
self.cve.session.close()
def test_init(self):
self.assertTrue(isinstance(self.cve, CVESearch))
def test_session_headers(self):
user_agent = 'ares - python wrapper around cve.circl.lu (github.com/barnumbirr/ares)'
self.assertEqual(self.cve.session.headers["Content-Type"],
"application/json")
self.assertEqual(self.cve.session.headers["User-agent"], user_agent)
@unittest.skip("Test too aggressive for provider.")
def test_empty_browse(self):
response = self.cve.browse()
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertIsNone(response["product"])
self.assertIsInstance(response["vendor"], list)
self.assertTrue(len(response["vendor"]) > 1000)
def test_browse(self):
response = self.cve.browse(param="python-requests")
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertEqual(response["vendor"], "python-requests")
def test_capec(self):
response = self.cve.capec(param="13")
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertEqual(response["name"],
"Subverting Environment Variable Values")
@unittest.skip("Endpoint disabled on cve.circl.lu")
def test_cpe22(self):
response = self.cve.cpe22(
'cpe:2.3:o:microsoft:windows_vista:6.0:sp1:-:-:home_premium:-:-:x64:-'
)
self.assertIsNotNone(response)
self.assertIsInstance(response, str)
self.assertEqual(
response,
"cpe:/o:microsoft:windows_vista:6.0:sp1:~~home_premium~~x64~")
@unittest.skip("Endpoint disabled on cve.circl.lu")
def test_cpe23(self):
response = self.cve.cpe23(
'cpe:/o:microsoft:windows_vista:6.0:sp1:~-~home_premium~-~x64~-')
self.assertIsNotNone(response)
self.assertIsInstance(response, str)
self.assertEqual(
response,
"cpe:2.3:o:microsoft:windows_vista:6.0:sp1:-:-:home_premium:-:-:x64"
)
@unittest.skip("Endpoint disabled on cve.circl.lu")
def test_cvefor(self):
response = self.cve.cvefor(
'cpe:/o:microsoft:windows_vista:6.0:sp1:~-~home_premium~-~x64~-')
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertEqual(response["id"], "CVE-2005-0100")
@unittest.skip("Test too aggressive for provider.")
def test_cwe(self):
response = self.cve.cwe()
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
def test_db_info(self):
response = self.cve.dbinfo()
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
def test_id(self):
response = self.cve.id(param="CVE-2015-2296")
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertEqual(response["Published"], "2015-03-18T16:59:00")
def test_bad_id(self):
response = self.cve.id(param="CVE-not-real")
self.assertIsNone(response)
def test_last(self):
response = self.cve.last()
self.assertIsNotNone(response)
self.assertIsInstance(response, list)
self.assertEqual(len(response), 30)
@unittest.skip("Endpoint disabled on cve.circl.lu")
def test_link(self):
response = self.cve.link(param="refmap.ms/CVE-2016-3309")
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertEqual(response["cves"]["cwe"], "CWE-264")
@unittest.skip("Endpoint disabled on cve.circl.lu")
def test_search_vendor(self):
response = self.cve.search(param="python-requests")
self.assertIsNotNone(response)
self.assertIsInstance(response, dict)
self.assertIsInstance(response["data"], list)