def print_cve_counts_by_month_to_excel(product, keyword, cvss_lower_bound, access_complexity): csv_out = csv.writer(sys.stdout, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL) csv_out.writerow(["YEAR-MONTH", "CVES"]) results = query.product_search(product_pattern=product, keyword_pattern=keyword, cvss_lower_bound=cvss_lower_bound, access_complexity=access_complexity) year = '1997' month = '01' dates = [] for item in results: date = dateutil.parser.parse(item['Published']) dates.append(date) dates.sort() counter = 1 if len(dates) > 0: date = dates.pop(0) year = date.year month = date.month for date in dates: if year == date.year and month == date.month: counter += 1 else: csv_out.writerow([str(year)+'-'+str(month), counter]) counter = 1 year = date.year month = date.month csv_out.writerow([str(year)+'-'+str(month), counter])
def dump_fixes(product, regex): results = query.product_search(product_pattern=product) csv_out = csv.writer(sys.stdout, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL) csv_out.writerow(["CVE", "LINK"]) for record in results: cve_id = record["id"] pattern = re.compile(".*" + regex + ".*", re.IGNORECASE) for reference in record["references"]: if pattern.match(reference): csv_out.writerow([record["id"], reference])
def print_fix_links(product, regex): results = query.product_search(product_pattern=product) for record in results: cve_id = record["id"] references = "" pattern = re.compile(".*" + regex + ".*", re.IGNORECASE) print("----------------\n%s" % cve_id) for reference in record["references"]: if pattern.match(reference): references += reference + "\n" print("----------------\n%s----------------\n" % references)
def print_cve_counts_by_year_to_excel(product, keyword, cvss_lower_bound): csv_out = csv.writer(sys.stdout, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL) csv_out.writerow(["YEAR", "CVES"]) results = query.product_search(product_pattern=product, keyword_pattern=keyword, cvss_lower_bound=cvss_lower_bound) year = '1997' dates = [] for item in results: date = dateutil.parser.parse(item['Published']) dates.append(date) dates.sort() counter = 1 if len(dates) > 0: year = dates.pop(0).year for date in dates: if year == date.year: counter += 1 else: csv_out.writerow([year, counter]) counter = 1 year = date.year csv_out.writerow([year, counter])
def affected_versions_distribution(seed_cpe, results, cvss_lower_bound): versions = {} pattern = re.compile(r".*%s.*" % seed_cpe) for r in results: for cpe in r["vulnerable_configuration"]: if pattern.match(cpe): versions[cpe] = 0 results = query.product_search(product_pattern=seed_cpe, cvss_lower_bound=cvss_lower_bound) for r in results: for cpe in r["vulnerable_configuration"]: for v in versions: if v == cpe: versions[cpe] = versions[cpe] + 1 csv_out = csv.writer(sys.stdout, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL) csv_out.writerow(["VERSION", "AFFECTED_BY"]) od = collections.OrderedDict(sorted(versions.items())) for k,v in od.items(): versions_list = k csv_out.writerow([k,v])
try: date = args.y datetime.strptime(date, '%Y') date = date_parser.parse(date+'-01-01').isoformat() except ValueError: print('ERROR: wrong year format') sys.exit(0) if args.t: (total, hits) = query.count_keywords(product_pattern=args.p, cvss_lower_bound=cvss_lower_bound, start_year=date) print("TOTAL: %i" % total) print ("-------------------------------------------------\n") for (category, count) in hits.items(): print("%s ==> %i" % (category, count)) print ("-------------------------------------------------\n") elif args.k: results = query.product_search(product_pattern=args.p, keyword_pattern=args.k, cvss_lower_bound=cvss_lower_bound, sort_type=sort_type, start_year=date) printer.print_txt(results) else: results = query.product_search(product_pattern=args.p, cvss_lower_bound=cvss_lower_bound, sort_type=sort_type, start_year=date) if args.o == "csv": printer.print_csv(results, args.v) if args.o == "html": printer.print_html(results, args.p) elif args.o == "xml": printer.print_xml(results) elif args.o == "json": printer.print_json(results) else: printer.print_txt(results) elif args.f: results = query.free_search(pattern, sort_type)
start_year = args.b if args.b else 1997 end_year = args.e if args.e else 2050 start_year = date_parser.parse(str(start_year) + '-01-01').isoformat() end_year = date_parser.parse(str(end_year+1) + '-01-01').isoformat() cves = CVEs.last(rankinglookup='', namelookup='', capeclookup='') printer = CVEFilePrinter(cves=cves, rankinglookup='', namelookup='', capeclookup='') if args.p: if args.d: # print_distinct_cves_to_excel(product, keyword, cvss_lower_bound) dump_fixes(product, keyword) elif args.y: print_cve_counts_by_year_to_excel(product, keyword, cvss_lower_bound) elif args.m: access_complexity = args.c if args.c != None else ".*" print_cve_counts_by_month_to_excel(product, keyword, cvss_lower_bound, access_complexity) elif args.t: (total, hits) = query.count_keywords(product_pattern=args.p, cvss_lower_bound=cvss_lower_bound, start_year=start_year, end_year=end_year) print_summary(total, hits) elif args.l: print_fix_links(product=product, regex=keyword) else: results = query.product_search(product_pattern=product, keyword_pattern=keyword, cvss_lower_bound=cvss_lower_bound, start_year=start_year, end_year=end_year) if args.v: affected_versions_distribution(product, results, cvss_lower_bound) else: printer.print_txt(results)