cveparse.py 1.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. #!/usr/bin/python3
  2. ###############################################################################
  3. ##
  4. ## Functions for downloading and parsing Common Vulnerability DB data
  5. ##
  6. ###############################################################################
  7. import logging, sys
  8. import re
  9. import urllib.request
  10. import datetime
  11. logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
  12. def correctCVE(cve_id):
  13. cve_id_new = cve_id
  14. if cve_id == 2116:
  15. cve_id_new = 1921
  16. return cve_id_new
  17. ## Get details of given CVE entry from NIST DB - we use cve-search and mongodb
  18. def fetchCVE(cve_id, client):
  19. logging.info('Fetching CVE: ' + cve_id + '\n')
  20. #Make this subtitution for some reason
  21. cve_id = re.sub('^CAN','CVE',cve_id)
  22. cve_id = correctCVE(cve_id)
  23. ##
  24. ## get CVE Scores from db
  25. ##
  26. db = client.cvedb
  27. collection = db.cves
  28. cve = collection.find_one({"id": cve_id})
  29. if cve == '':
  30. logging.warning('CVE not found in mongodb')
  31. # print(cve)
  32. return cve
  33. # Check for error pages: referenced but unpublished CVEs :-/
  34. ###############################################################################
  35. ## Get CVE severity rating and report date, and return
  36. ## (date base-score impact-score exploit-score)
  37. def parseCVE(cve_id, cve):
  38. #use worst case info as defaults
  39. cve_date = datetime.datetime.now()
  40. cve_base = 10
  41. cve_impact = 10
  42. cve_exploit = 10
  43. try:
  44. if cve == None:
  45. # No details means we assume worst-case (highest score, recent bug)
  46. print('CVE not yet reported, getting default values')
  47. return(cve_date, cve_base, cve_impact, cve_exploit)
  48. else:
  49. cve_date = cve['Published']
  50. cve_base = cve['cvss']
  51. except KeyError:
  52. print('CVE ' + cve_id + ' not parsed correctly')
  53. return(cve_date, cve_base, cve_impact, cve_exploit)