CVEParse.py 1.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869
  1. import logging, sys
  2. import re
  3. import datetime
  4. class CVEParse:
  5. """
  6. Functions for downloading and parsing Common Vulnerability DB data.
  7. """
  8. logging.basicConfig(stream=sys.stderr, level=logging.DEBUG)
  9. @staticmethod
  10. def correctCVE(cve_id):
  11. cve_id_new = cve_id
  12. if cve_id == 2116:
  13. cve_id_new = 1921
  14. return cve_id_new
  15. @staticmethod
  16. def fetchCVE(cve_id, client):
  17. """
  18. Get details of given CVE entry from NIST DB - we use cve-search and mongodb
  19. """
  20. logging.info('Fetching CVE: ' + cve_id + '\n')
  21. # Make this subtitution for some reason
  22. cve_id = re.sub('^CAN', 'CVE', cve_id)
  23. cve_id = CVEParse.correctCVE(cve_id)
  24. ##
  25. ## get CVE Scores from db
  26. ##
  27. db = client.cvedb
  28. collection = db.cves
  29. cve = collection.find_one({"id": cve_id})
  30. if cve == '':
  31. logging.warning('CVE not found in mongodb')
  32. return cve
  33. # Check for error pages: referenced but unpublished CVEs :-/
  34. @staticmethod
  35. def parseCVE(cve_id, cve):
  36. """
  37. Get CVE severity rating and report date, and return
  38. (date base-score impact-score exploit-score)
  39. """
  40. # use -1 as defaults (meaning not reported yet)
  41. cve_date = datetime.datetime.now()
  42. cve_base = -1
  43. cve_impact = -1
  44. cve_exploit = -1
  45. cwe = 0
  46. try:
  47. if cve == None:
  48. print('CVE' + str(cve_id) + ' not yet reported, getting default value -1')
  49. return (cve_date, cve_base, cve_impact, cve_exploit, cwe)
  50. else:
  51. cve_date = cve['Published']
  52. cve_base = cve['cvss']
  53. cwe = cve['cwe']
  54. except KeyError:
  55. print('CVE ' + cve_id + ' not parsed correctly')
  56. return (cve_date, cve_base, cve_impact, cve_exploit, cwe)