def info_graph(one_day_graph): print("=================") mypprint(nx.info(one_day_graph)) ## print some status ## number of servers is number of edges to type_server num_svrs = len(one_day_graph.edges("type_server")) output = "number of server nodes = {0}".format(num_svrs) print(output) ## show number of servers by group groups = list(one_day_graph.neighbors("type_group")) for group in groups: ## number of servers is number of edges to group ## minus 1 for link from group to type_group num_svrs = len(one_day_graph.edges(group)) - 1 output = " number of {0} servers = {1}".format(group,num_svrs) print(output) ## number of unique packages is number of edges to type_package num_pkgs = len(one_day_graph.edges("type_package")) output = "number of package nodes = {0}".format(num_pkgs) print(output) ## number of unique package/versions is number of edges to type_version num_versions = len(one_day_graph.edges("type_version")) output = "number of package version nodes = {0}".format(num_versions) print(output) ## number of unique package/versions is number of edges to type_version num_cve = len(one_day_graph.edges("type_cve")) output = "number of cve nodes = {0}".format(num_cve) print(output)
def critical_servers(data): ## go thru servers and output dict of [group][server] ## which have critical cve's ## FW: add cve's as value in dict ## FW: make cve dict of relevant cve's crit = {} groups = data.keys() #iterator on servers for group in groups: crit[group] = {} for server in data[group].keys(): this_server = data[group][server]['svm']['scan'] if this_server['critical_findings_count'] > 0: crit[group][server] = {} findings = this_server['findings'] for finding in findings: ## if critical add to crit if finding['critical']: package_name = finding['package_name'] package_version = finding['package_version'] if package_name not in crit[group][server]: crit[group][server][package_name] = {} crit[group][server][package_name][package_version] = { 'crit_cve': finding['cve_entries'] } for group in crit: numcs = len(crit[group]) output = "group {0} has {1} servers with critical CVE".format( group, numcs) for group in crit: output = "========== {0} ===========".format(group) print(output) for server in crit[group]: hostname = data[group][server]['hostname'] server_label = data[group][server]['server_label'] output = " ----- {0} - {1} - {2} -----".format( server, hostname, server_label) print(output) for package in crit[group][server]: for ver in crit[group][server][package]: output = " ++++++ {0},{1} +++++++++++".format( package, ver) print(output) mypprint(crit[group][server][package][ver]['crit_cve'])
pkg5 = pkg_subset(graphdata,cve5) pkg0 = pkg_subset(graphdata,cve0) ## find all servers for each bin svr10 = svr_subset(graphdata, pkg10) svr7 = svr_subset(graphdata, pkg7) svr5 = svr_subset(graphdata, pkg5) svr0 = svr_subset(graphdata, pkg0) cvebins[d]['1. Worst CVSS=10'] = len(cve10) cvebins[d]['2. Critical 7 <= CVSS <10'] = len(cve7) cvebins[d]['3. Medium 5 <= CVSS <7'] = len(cve5) cvebins[d]['4. Low 0 <= CVSS <5'] = len(cve0) #mypprint (len(svr10)) #- added #mypprint (len(svr7)) #- added #mypprint (len(svr5)) #- added #mypprint (len(svr0)) #- added #mypprint (svr7) #- added #mypprint (svr5) #- added mypprint(cvebins) params = {} params['filename'] = outfilename params['title'] = 'CVE Totals by Date' params['ylabel'] = 'Total Number of CVEs across all Servers' params['xlabel'] = 'Dates' params['colors'] = ['yellow', 'gold', 'orange', 'red'] stacked_bar_image(cvebins, params)
## Copyright (c) 2020 AT&T Intellectual Property. All rights reserved. import sys from load_db import load_graph from load_db import get_groups from load_db import server_by_group from sbom_helpers import get_gdbpath from sbom_helpers import mypprint from sbom_helpers import validate_file_access if( len(sys.argv) != 2 ): print("There should be one argument, date eg 2019.03.16") exit() else: d = sys.argv[1] gfile = get_gdbpath() + d + '.gdb' #validate gdb file exists validate_file_access([gfile]) graphdata = load_graph(gfile) groups = get_groups(graphdata) svr_list = graphdata.neighbors('type_server') svr_grp_dict = server_by_group(svr_list, groups, graphdata) mypprint(svr_grp_dict)
for svr in data: ## Print each servers health report - each server separated by *** above and below contents print( "**************************************************************************************" ) print("+++ file {0} ".format(gfile)) print("++++ group {0}".format(svr_grp)) print("++++ svr", svr) hostname = intermediate(graphdata, 'type_hostname', svr) print("++++ hostname {0}".format(hostname)) (num_pkg_vers, num_pkgs, pkg_ver_dict, pkg_multiver_dict) = svr_pkgs(graphdata, svr) print("+++++ {0} package/versions".format(num_pkg_vers)) print("+++++ {0} packages".format(num_pkgs)) mypprint(pkg_multiver_dict) ## print supressed cves print("supressed cve's:") scp = svr_cve_pkgs(graphdata, svr) sup_cves = pkg_cve_supr(scp) mypprint(sup_cves) ## print bins of cvss no_cves = len(pkgs_with_no_cve(scp)) print("{0} packages with no cve's:".format(no_cves)) ten_cves = pkg_cve_cvss_threshold(scp, 10, 100) l_ten_cves = len(ten_cves) print("{0} packages with worst cve of cvss=10:".format(l_ten_cves)) mypprint(ten_cves)
## find all servers for each bin svr10 = svr_subset(graphdata, pkg10) svr7 = svr_subset(graphdata, pkg7) ## make the lists unique svr7s = [item for item in svr7 if item not in svr10] svr5 = svr_subset(graphdata, pkg5) svr5s = [item for item in svr5 if item not in (svr10 + svr7s)] svr0 = svr_subset(graphdata, pkg0) svr0s = [item for item in svr0 if item not in (svr10 + svr7s + svr5s)] cvebins['1. Servers with Worst CVSS=10'] = len(svr10) cvebins['2a. Servers with Critical 7 <= CVSS <10'] = len(svr7) cvebins['2b. Unique Servers 7 <= CVSS <10'] = len(svr7s) cvebins['3a. Servers with Medium 5 <= CVSS <7'] = len(svr5) cvebins['3b. Unique Servers 5 <= CVSS <7'] = len(svr5s) cvebins['4a. Servers with Low 0 <= CVSS <5'] = len(svr0) cvebins['4b. Unique Servers CVSS <5'] = len(svr0s) mypprint(cvebins) ## print 3 random servers in each class print('up to 3 random servers with CVSS=10') mypprint(svr10[:3]) print('up to 3 random servers with 7<=CVSS<10') mypprint(svr7s[:3]) print('up to 3 random servers with 5<=CVSS<7') mypprint(svr5s[:3]) print('up to 3 random servers with CVSS<5') mypprint(svr0s[:3])
cve5.append(cve) else: cve0.append(cve) ## find all packages for each bin pkg10 = pkg_subset(graphdata,cve10) pkg7 = pkg_subset(graphdata,cve7) pkg5 = pkg_subset(graphdata,cve5) pkg0 = pkg_subset(graphdata,cve0) ## find all servers for each bin svr10 = svr_subset(graphdata, pkg10) svr7 = svr_subset(graphdata, pkg7) svr5 = svr_subset(graphdata, pkg5) svr0 = svr_subset(graphdata, pkg0) cvebins['1. Servers with Worst CVSS=10'] = len(svr10) cvebins['2. Servers with Critical 7 <= CVSS <10'] = len(svr7) cvebins['3. Servers with Medium 5 <= CVSS <7'] = len(svr5) cvebins['4. Servers with Low 0 <= CVSS <5'] = len(svr0) mypprint(cvebins) ## print 3 servers in each class mypprint(svr10[:3]) mypprint(svr7[:3]) mypprint(svr5[:3]) mypprint(svr0[:3])
def list_packages(filename): data = file_to_data(filename) package_dict = {} ## dictionary of packages containing package name as top level key ## second level is also dict with key = package package_version ## third level is dict with group ## fourth level is dict with servers ## fifthlevel is dates as dict with cve's in list as values ## FW: datelist is dates that contain this point ## FW: add cve server_count = {} ## dictionary of servers as top level key ## second level key is either group or count both of which tie to value at 3rd level groups = data.keys() #iterator on servers for group in groups: server_count[group] = {} servers = data[group].keys() # iterator over list of servers for server in servers: hostname = data[group][server]['hostname'] ## shorthand for findings of this particular server findings = data[group][server]['svm']['scan']['findings'] ## init and fill in server count for this server server_count[group][server] = {} server_count[group][server]['hostname'] = hostname server_count[group][server]['package_count'] = len(findings) ## go thru each finding of this server and update package dict for finding in findings: package_name = finding['package_name'] if package_name not in package_dict.keys(): package_dict[package_name] = {} package_version = finding['package_version'] if package_version not in package_dict[package_name]: package_dict[package_name][package_version] = {} if group not in package_dict[package_name][package_version]: package_dict[package_name][package_version][group] = {} if server not in package_dict[package_name][package_version][ group]: package_dict[package_name][package_version][group][ server] = {} package_dict[package_name][package_version][group][server][ 'dates'] = [] package_dict[package_name][package_version][group][server][ 'cve'] = ['TBD'] package_dict[package_name][package_version][group][server][ 'dates'].append(filename) print("===============") mypprint(server_count) print("===============") mypprint(package_dict) ## make a distribuation of package counts pkg_cnt = [] for group in groups: servers = data[group].keys() for server in servers: pkg_cnt.append(server_count[group][server]['package_count']) pkg_cnt.sort() print(pkg_cnt) ## which package versions on how many machines package_names = package_dict.keys() package_count_dict = {} for package in package_names: package_count_dict[package] = {} versions = package_dict[package].keys() for version in versions: package_count_dict[package][version] = 0 groups = package_dict[package][version].keys() for group in groups: servers = package_dict[package][version][group].keys() for server in servers: package_count_dict[package][version] += 1 mypprint(package_count_dict)
## get all packages, versions (num_pkg_vers, num_pkgs, pkg_ver_dict, pkg_multiver_dict) = svr_pkgs(graphdata, svr) ## make a list (from the iterator) of the packages pkgs = list(pkg_ver_dict.keys()) ## evaluate if package of interest on this server if p in pkgs: ## check if multiver if len(pkg_ver_dict[p]) > 1: ## multiple versions - store for later num_mul += 1 mvp[svr] = {'versions': pkg_ver_dict[p]} ## get hostname mvp[svr]['hostname'] = get_hostname(svr, graphdata) else: num_one_v += 1 v = pkg_ver_dict[p] if v not in one_ver: one_ver.append(v) else: num_no_v += 1 print("Number of servers without {0} package: {1}".format(p, num_no_v)) print("Number of servers with one version {0} package: {1}".format( p, num_one_v)) mypprint(one_ver) print("Number of servers with multiple versions {0} package: {1}".format( p, num_mul)) mypprint(mvp)
extra_hist[num], num) print(out) print("===============") ## print pseudo histogram of multi-ver packages nums = list(pkg_hist.keys()) nums.sort() for num in nums: out = "{0} servers has {1} mult-ver packages".format(pkg_hist[num], num) print(out) print("===============") ## print the servers with zero extras out = "the following servers have zero extras:" print(out) annotated_clean_ver_list = [[(get_group(s, graphdata), s, get_hostname(s, graphdata)) for s in clean_ver_list]] annotated_clean_ver_list.sort() mypprint(annotated_clean_ver_list) print("===============") ## print the histogram of number of servers with multi-ver packages ## make tuple list of # svrs, mult-ver-package-string out = "the following is a server count by package-vers hi to low:" print(out) mvps_tup = [(len(mvp[a]), a) for a in mvp.keys()] mvps_tup.sort() mvps_tup.reverse() mypprint(mvps_tup)