def getinfo(filename): if os.path.exists(filename + '.bin'): print(filename, "exists -- taking in") with open(filename + '.bin', 'rb') as reader: return eval(reader.read()) print(filename, "does not exist, parsing") f = open(filename) tree = etree.parse(f) f.close() vulns = [] entry_nodes = tree.xpath( '//prefix:entry', namespaces={ 'prefix': 'http://scap.nist.gov/schema/feed/vulnerability/2.0' }) for entry in entry_nodes: thisVuln = {} thisVuln['id'] = entry.find(prefixed('vuln', 'cve-id')).text vulnSoftware = entry.find(prefixed('vuln', 'vulnerable-software-list')) if vulnSoftware is not None: for v in vulnSoftware: try: myCPE = CPE(v.text) except NotImplementedError: print("Could not parse") #logging.warning("Unable to parse CPE '%s'" % v.text) else: thisVuln['part'] = myCPE.get_part()[0] thisVuln['vendor'] = myCPE.get_vendor()[0] if 'linux' in thisVuln['vendor']: thisVuln['vendor'] = 'linux' thisVuln['product'] = myCPE.get_product()[0] if 'linux' in thisVuln['product']: thisVuln['vendor'] = 'linux' thisVuln['version'] = myCPE.get_version()[0] thisVuln['update'] = myCPE.get_update()[0] thisVuln['edition'] = myCPE.get_edition()[0] thisVuln['language'] = myCPE.get_language()[0] cvss = entry.find(prefixed('vuln', 'cvss')) if cvss is not None: thisVuln['score'] = cvss.getchildren()[0].getchildren()[0].text thisVuln['accessVector'] = cvss.getchildren()[0].getchildren( )[1].text thisVuln['accessComplexity'] = cvss.getchildren()[0].getchildren( )[2].text thisVuln['auth'] = cvss.getchildren()[0].getchildren()[3].text thisVuln['impactConf'] = cvss.getchildren()[0].getchildren( )[4].text thisVuln['impactInt'] = cvss.getchildren()[0].getchildren()[5].text thisVuln['impactAvail'] = cvss.getchildren()[0].getchildren( )[6].text vulns.append(thisVuln) with open(filename + '.bin', 'wrb+') as myFile: myFile.write(bytes(vulns))
def __init__(self, cve_entry, thread: ThreadPool = None): self.id = cve_entry.find(prefixed('vuln', 'cve-id')).text self.vulnsoftware = cve_entry.find( prefixed('vuln', 'vulnerable-software-list')) self.part = [] self.vendor = [] self.version = [] self.update = [] self.edition = [] self.language = [] self.product = [] self.year_path = os.path.join("CVE_Detail", self.get_year()) self.cvssscore = None self.accessVector = None self.accessComplexity = None self.auth = None self.impactConf = None self.impactInt = None self.impactAvail = None if self.vulnsoftware is not None: for product in self.vulnsoftware: try: mycpe = CPE(product.text) except NotImplementedError as e: print(e) else: self.part.append(mycpe.get_part()[0]) self.vendor.append(mycpe.get_vendor()[0]) self.version.append(mycpe.get_version()[0]) self.update.append(mycpe.get_update()[0]) self.edition.append(mycpe.get_edition()[0]) self.language.append(mycpe.get_language()[0]) self.product.append(mycpe.get_product()[0]) cvss = cve_entry.find(prefixed('vuln', 'cvss')) if cvss is not None: self.cvssscore = cvss.getchildren()[0].getchildren()[0].text self.accessVector = cvss.getchildren()[0].getchildren()[1].text self.accessComplexity = cvss.getchildren()[0].getchildren()[2].text self.auth = cvss.getchildren()[0].getchildren()[3].text self.impactConf = cvss.getchildren()[0].getchildren()[4].text self.impactInt = cvss.getchildren()[0].getchildren()[5].text self.impactAvail = cvss.getchildren()[0].getchildren()[6].text self.summery = cve_entry.find(prefixed('vuln', 'summary')).text if thread != None: thread.apply_async(self.get_from_pycvesearch)
def get_cpe_df(self, debug=False): """Get the list of CPE names for the vulnerability. """ type_list = [] part_list = [] vendor_list = [] product_list = [] version_list = [] update_list = [] edition_list = [] language_list = [] sw_edition_list = [] target_sw_list = [] target_hw_list = [] other_list = [] published_datetime_list = [] for cpe_entry in self.cpe_list: #if(debug): #print(cpe_entry) try: cp = CPE(cpe_entry) if(cp.is_hardware()): type_list.append("HW") elif(cp.is_operating_system()): type_list.append("OS") elif(cp.is_application()): type_list.append("APP") else: type_list.append("UNDEFINED") part_list.append(list_to_string(cp.get_part())) vendor_list.append(list_to_string(cp.get_vendor())) product_list.append(list_to_string(cp.get_product())) version_list.append(list_to_string(cp.get_version())) update_list.append(list_to_string(cp.get_update())) edition_list.append(list_to_string(cp.get_edition())) language_list.append(list_to_string(cp.get_language())) sw_edition_list.append(list_to_string(cp.get_software_edition())) target_sw_list.append(list_to_string(cp.get_target_software())) target_hw_list.append(list_to_string(cp.get_target_hardware())) other_list.append(list_to_string(cp.get_other())) published_datetime_list.append(self.published_datetime) except Exception as inst: print(inst) data = pd.DataFrame() data['type'] = type_list data['part'] = part_list data['vendor'] = vendor_list data['product'] = product_list data['version'] = version_list data['update'] = update_list data['edition'] = edition_list data['language'] = language_list data['sw_edition'] = sw_edition_list data['target_sw'] = target_sw_list data['target_hw'] = target_hw_list data['other'] = other_list data['published_datetime'] = published_datetime_list return data
def populate_CVE(root): cve_data = [] vuln_data = [] for entry in root: cve_id = entry.find(prefixed('vuln', 'cve-id')).text cve_id = int(re.sub("[^0-9]", "", cve_id)) pubdate = entry.find(prefixed('vuln', 'published-datetime')).text moddate = entry.find(prefixed('vuln', 'last-modified-datetime')).text summary = entry.find(prefixed('vuln', 'summary')).text pubdate = parser.parse(pubdate) moddate = parser.parse(moddate) vulnSoftware = entry.find(prefixed('vuln', 'vulnerable-software-list')) vulnList = [] unableToParse=0 if vulnSoftware is not None: for v in vulnSoftware: try: myCPE = CPE(v.text) except NotImplementedError: unableToParse+=1 #logging.warning("Unable to parse CPE '%s'" % v.text) else: part = myCPE.get_part()[0] vendor = myCPE.get_vendor()[0] product = myCPE.get_product()[0] version = myCPE.get_version()[0] update = myCPE.get_update()[0] edition = myCPE.get_edition()[0] language = myCPE.get_language()[0] derpa = {"part" : part, "vendor":vendor, "product":product, "version":version, "update":update, "edition":edition, "language":language, "cve":cve_id} vuln_data.append(derpa) if unableToParse>0: logging.warning("Could not parse %d lines from file." % unableToParse) vuln = entry.find(prefixed('vuln','cvss')) #metrics = vuln.find(prefixed('cvss','base_metrics')) if vuln is not None: score = vuln.getchildren()[0].getchildren()[0].text accessVector = vuln.getchildren()[0].getchildren()[1].text accessComplexity = vuln.getchildren()[0].getchildren()[2].text auth = vuln.getchildren()[0].getchildren()[3].text impactConf = vuln.getchildren()[0].getchildren()[4].text impactInt = vuln.getchildren()[0].getchildren()[5].text impactAvail = vuln.getchildren()[0].getchildren()[6].text if "DO NOT USE THIS CANDIDATE NUMBER" not in summary: data = { "cve":cve_id, "pubdate":pubdate, "moddate":moddate, "summary":summary, "score":score, "accessVector":accessVector, "accessComp":accessComplexity, "auth":auth, "impactConf": impactConf, "impactInt": impactInt, "impactAvail": impactAvail } cve_data.append(data) tables['CVEs'].insert().execute(cve_data) tables['VulnSoftware'].insert().execute(vuln_data)
def populate_CVE(root): cve_data = [] vuln_data = [] for entry in root: cve_id = entry.find(prefixed("vuln", "cve-id")).text cve_id = int(re.sub("[^0-9]", "", cve_id)) pubdate = entry.find(prefixed("vuln", "published-datetime")).text moddate = entry.find(prefixed("vuln", "last-modified-datetime")).text summary = entry.find(prefixed("vuln", "summary")).text pubdate = parser.parse(pubdate) moddate = parser.parse(moddate) vulnSoftware = entry.find(prefixed("vuln", "vulnerable-software-list")) vulnList = [] unableToParse = 0 if vulnSoftware is not None: for v in vulnSoftware: try: myCPE = CPE(v.text) except NotImplementedError: unableToParse += 1 # logging.warning("Unable to parse CPE '%s'" % v.text) else: part = myCPE.get_part()[0] vendor = myCPE.get_vendor()[0] product = myCPE.get_product()[0] version = myCPE.get_version()[0] update = myCPE.get_update()[0] edition = myCPE.get_edition()[0] language = myCPE.get_language()[0] derpa = { "part": part, "vendor": vendor, "product": product, "version": version, "update": update, "edition": edition, "language": language, "cve": cve_id, } vuln_data.append(derpa) if unableToParse > 0: logging.warning("Could not parse %d lines from file." % unableToParse) vuln = entry.find(prefixed("vuln", "cvss")) # metrics = vuln.find(prefixed('cvss','base_metrics')) if vuln is not None: score = vuln.getchildren()[0].getchildren()[0].text accessVector = vuln.getchildren()[0].getchildren()[1].text accessComplexity = vuln.getchildren()[0].getchildren()[2].text auth = vuln.getchildren()[0].getchildren()[3].text impactConf = vuln.getchildren()[0].getchildren()[4].text impactInt = vuln.getchildren()[0].getchildren()[5].text impactAvail = vuln.getchildren()[0].getchildren()[6].text if "DO NOT USE THIS CANDIDATE NUMBER" not in summary: data = { "cve": cve_id, "pubdate": pubdate, "moddate": moddate, "summary": summary, "score": score, "accessVector": accessVector, "accessComp": accessComplexity, "auth": auth, "impactConf": impactConf, "impactInt": impactInt, "impactAvail": impactAvail, } cve_data.append(data) tables["CVEs"].insert().execute(cve_data) tables["VulnSoftware"].insert().execute(vuln_data)