def _create_nessus_cve_cvss_vector(item, cve):
cvss_vector = get_value(item.find('cvss_vector'))
if cvss_vector:
cvss_vector = NessusReportParser.parse_vector(cvss_vector, 'CVSS2#')
cve.access_vector_v2 = metrics.AccessVectorV2(cvss_vector['AV'])
cve.access_complexity_v2 = metrics.AccessComplexityV2(cvss_vector['AC'])
cve.authentication_v2 = metrics.AuthenticationV2(cvss_vector['Au'])
cve.confidentiality_impact_v2 = metrics.ImpactV2(cvss_vector['C'])
cve.integrity_impact_v2 = metrics.ImpactV2(cvss_vector['I'])
cve.availability_impact_v2 = metrics.ImpactV2(cvss_vector['A'])
return cve
def get_cve(cve_id, oid, tags):
if cve_id == 'NOCVE':
cve_id = F'NOCVE-{oid}'
cve = CveDocument.get_or_create(cve_id=cve_id)
vector = tags['cvss_base_vector']
vector = dict(x.split(':') for x in vector.split('/'))
new_cve = CveDocument(id=cve_id)
new_cve.access_vector_v2 = metrics.AccessVectorV2(vector['AV'])
new_cve.access_complexity_v2 = metrics.AccessComplexityV2(vector['AC'])
new_cve.authentication_v2 = metrics.AuthenticationV2(vector['Au'])
new_cve.confidentiality_impact_v2 = metrics.ImpactV2(vector['C'])
new_cve.integrity_impact_v2 = metrics.ImpactV2(vector['I'])
new_cve.availability_impact_v2 = metrics.ImpactV2(vector['A'])
new_cve.base_score_v2 = calculate_base_score_v2(new_cve)
if cve.has_changed(new_cve):
return cve.update(new_cve, refresh=True)
return cve
return CveDocument.get_or_create(cve_id=cve_id)
def availability_impact_v2(item: dict) -> metrics.ImpactV2:
imp = CveFactory.value_from_base_metrics('cvssV2',
'availabilityImpact', item)
return metrics.ImpactV2(imp).value
def confidentiality_impact_v2(item: dict) -> metrics.ImpactV2:
imp = CveFactory.value_from_base_metrics('cvssV2',
'confidentialityImpact', item)
return metrics.ImpactV2(imp).value