def test_client_smoke_fails_non_topic_mocked(self, mock_post, mock_get):
client = query_client.OpenVulnQueryClient(CLIENT_ID,
CLIENT_SECRET,
REQUEST_TOKEN_URL,
user_agent='foo')
self.assertRaises(KeyError, client.get_by,
'let_this_topic_be_non_existing', None, None, **{})
def periodic_check():
"""
This function will run inside a loop and check if psirt database has changed at an interval defined by background scheduler
"""
logger.debug(f"checking psirt for updates")
# check timedelta of most recent 5 alerts and send alert if newer than last 1hr
psirt_query = query_client.OpenVulnQueryClient(
client_id=config.credentials.get("CLIENT_ID"),
client_secret=config.credentials.get("CLIENT_SECRET"),
)
advisories = psirt_query.get_by_latest(adv_format="default", latest=20)
for advisory in advisories:
logger.debug(f"advisory last_updated: {advisory.last_updated}")
advisory_date = date_from_string(advisory.last_updated)
print("advisory date: ", advisory_date)
print("now date: ", datetime.now())
advisory_time_delta = (datetime.now() - advisory_date).total_seconds()
if advisory_time_delta <= 3600:
logger.info(
f"timedelta is less than 1 hr: {advisory_time_delta} - sending alert"
)
full_message = construct_message_alert(advisory)
bot.alert_subscribers(full_message)
else:
logger.debug(
f"timedelta is greater than 1 hr since last_update: {advisory_time_delta}"
)
# update the cache after peridoic check
notification_cache(advisories[0])
def main():
ovq_client = query_client.OpenVulnQueryClient(CLIENT_ID, CLIENT_SECRET)
with open("data.dmp", "rb") as input_file:
platform_ibj_list = pickle.load(input_file)
print_dictionary(build_dictionary(ovq_client, platform_ibj_list))
def test_client_smoke_init_succeeds_mocked(self, mock_post):
client = query_client.OpenVulnQueryClient(CLIENT_ID,
CLIENT_SECRET,
REQUEST_TOKEN_URL,
user_agent='foo')
self.assertIsInstance(client, query_client.OpenVulnQueryClient)
self.assertEqual(client.auth_token,
OAUTH2_RESPONSE_BOGUS_BUT_OK['access_token'])
self.assertEqual(client.auth_url, REQUEST_TOKEN_URL)
def test_client_cvrf_all_succeeds_mocked(self, mock_post, mock_get):
client = query_client.OpenVulnQueryClient(CLIENT_ID,
CLIENT_SECRET,
REQUEST_TOKEN_URL,
user_agent='foo')
sample_all = 'all'
advisories_as_cvrf = client.get_by(
'all',
format=constants.CVRF_ADVISORY_FORMAT_TOKEN,
aspect=sample_all,
a_filter=query_client.Filter())
self.assertTrue(len(advisories_as_cvrf) == 1)
cvrf_first = advisories_as_cvrf[0]
self.assertIsInstance(cvrf_first, advisory.CVRF)
def test_client_cvrf_succeeds_product_mocked(self, mock_post, mock_get):
client = query_client.OpenVulnQueryClient(CLIENT_ID,
CLIENT_SECRET,
REQUEST_TOKEN_URL,
user_agent='foo')
advisories_as_cvrf = client.get_by(
'product',
format=constants.CVRF_ADVISORY_FORMAT_TOKEN,
aspect=SAMPLE_PRODUCT,
**{'a_filter': None})
self.assertTrue(len(advisories_as_cvrf) == 1)
cvrf_first = advisories_as_cvrf[0]
self.assertIsInstance(cvrf_first, advisory.CVRF)
self.assertIn(SAMPLE_PRODUCT, cvrf_first.product_names)
def test_client_cvrf_succeeds_cve_mocked(self, mock_post, mock_get):
client = query_client.OpenVulnQueryClient(CLIENT_ID,
CLIENT_SECRET,
REQUEST_TOKEN_URL,
user_agent='foo')
advisories_as_cvrf = client.get_by(
'cve',
format=constants.CVRF_ADVISORY_FORMAT_TOKEN,
aspect=SAMPLE_CVE,
**{'a_filter': None})
self.assertTrue(len(advisories_as_cvrf) == 1)
cvrf_first = advisories_as_cvrf[0]
self.assertIsInstance(cvrf_first, advisory.CVRF)
self.assertEqual(cvrf_first.cves, CVES_EXPECTED)
def test_client_cvrf_succeeds_advisory_mocked(self, mock_post, mock_get):
client = query_client.OpenVulnQueryClient(CLIENT_ID,
CLIENT_SECRET,
REQUEST_TOKEN_URL,
user_agent='foo')
advisories_as_cvrf = client.get_by(
'advisory',
format=constants.CVRF_ADVISORY_FORMAT_TOKEN,
aspect='non_existing_aspect_on_server',
**{'a_filter': None})
self.assertTrue(len(advisories_as_cvrf) == 1)
cvrf_first = advisories_as_cvrf[0]
self.assertIsInstance(cvrf_first, advisory.CVRF)
self.assertEqual(cvrf_first.advisory_id, mock_response['advisoryId'])
def get_latest_advisories(room_id, product="cisco", count=5):
api.messages.create(
roomId=room_id,
markdown=f"One moment please while I retrieve the last {count} alerts",
)
psirt_query = query_client.OpenVulnQueryClient(
client_id=config.credentials.get("CLIENT_ID"),
client_secret=config.credentials.get("CLIENT_SECRET"),
)
advisories = psirt_query.get_by_latest(adv_format="default", latest=count)
for advisory in advisories:
full_message = construct_message_alert(advisory)
api.messages.create(roomId=room_id, markdown=full_message)
return True
def worker():
"""Obtains host version by SNMP, then queries Cisco Openvuln API"""
global query_client
query_client = query_client.OpenVulnQueryClient(client_id=CLIENT_ID, client_secret=CLIENT_SECRET)
for address in address_ipv4:
address = str(address[0])
result = get(address, ['1.3.6.1.2.1.1.1.0'], snmp_community)
sysdescr = sysdescrparser(result['1.3.6.1.2.1.1.1.0'])
print('HOST: %s; vendor: %s; model: %s; version: %s' % (address, sysdescr.vendor, sysdescr.model, sysdescr.version))
if sysdescr.vendor == 'CISCO':
try:
advisories = query_client.get_by_ios('ios', sysdescr.version)
for element in advisories:
print('title: %s; cves: %s; cvss_base_score: %s' % (element.advisory_title, element.cves, element.cvss_base_score))
except:
print('version not found')
def main():
devs = CiscoDevice.objects.all()
dev_versions = {}
for dev in devs:
dev_versions[dev.ios_version] = dev.ios_type
# load credentials from file
with open('credentials.json', 'r') as f:
jdata = json.load(f)
qclient = query_client.OpenVulnQueryClient(
client_id=jdata['client_id'], client_secret=jdata['client_secret'])
progress = 0
end_progress = len(dev_versions)
# key => ios version, value => ios/ios-xe
for key, value in dev_versions.iteritems():
devs = CiscoDevice.objects.filter(ios_version=key)
advisories = []
progress += 1
print "LOG ::: Progress... %s of %s" % (progress, end_progress)
successful = False
if value == 'ios':
while not successful:
try:
print "LOG ::: Cisco API query for IOS version %s" % (key)
advisories = qclient.get_by_ios(key)
if len(advisories) > 0:
successful = True
except HTTPError as e:
print str(e)
print "IOS version %s not found in Cisco PRIST API for:\n%s" % (
key, devs)
break
except ConnectionError as e:
print str(e)
print "LOG ::: Sleeping for 30secs and then retrying..."
time.sleep(30)
continue
if value == 'ios-xe':
while not successful:
try:
print "LOG ::: Cisco API query for IOS-XE version %s" % (
key)
advisories = qclient.get_by_ios_xe(key)
if len(advisories) > 0:
successful = True
except HTTPError as e:
print str(e)
print "IOS-XE version %s not found in Cisco PRIST API for:\n%s" % (
key, devs)
break
except ConnectionError as e:
print str(e)
print "LOG ::: Sleeping for 30secs and then retrying..."
time.sleep(30)
continue
if len(advisories) > 0:
for adv in advisories:
vuln_db, created = IosVulnerability.objects.get_or_create(
cisco_id=adv.advisory_id)
vuln_db.title = adv.advisory_title
vuln_db.url = adv.publication_url
vuln_db.description = adv.summary
vuln_db.severity = adv.sir
vuln_db.save()
for dev in devs:
vuln_map, created = VulnMapper.objects.get_or_create(
device=dev, vulnerab=vuln_db)
if True: #created:
vuln_map.ios_version = key
vuln_map.affecting = True
vuln_map.save()
time.sleep(10)
if os.path.exists(f"{this_folder}/logs/logfile.log"):
pass
else:
os.makedirs(os.path.dirname(f"{this_folder}/logs/logfile.log"), exist_ok=True)
open(f"{this_folder}/logs/logfile.log", "a").close()
logging_config = yaml.safe_load(open("./logging_config.yaml", "r"))
logging.config.dictConfig(logging_config)
logger = logging.getLogger("standard")
api = WebexTeamsAPI(access_token=config.webex_teams_token)
psirt_query = query_client.OpenVulnQueryClient(
client_id=config.credentials.get("CLIENT_ID"),
client_secret=config.credentials.get("CLIENT_SECRET"),
)
def format_severity(sev_level):
if sev_level == "High":
alert_icon = f"🔒"
alert_color = "danger"
return alert_icon, alert_color
elif sev_level == "Medium":
alert_icon = f"🔒"
alert_color = "warning"
return alert_icon, alert_color
elif sev_level == "Critical":
alert_icon = f"💀"
alert_color = "dark"
def setUp(self):
self.open_vuln_client = query_client.OpenVulnQueryClient(
config.CLIENT_ID, config.CLIENT_SECRET)
self.adv_format = "cvrf"