forked from cve-search/cve-search
-
Notifications
You must be signed in to change notification settings - Fork 0
/
db_mgmt.py
executable file
·162 lines (152 loc) · 6.1 KB
/
db_mgmt.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
#!/data/virtualenv/default/bin/python
# encoding: utf-8
# make sure these modules are available on your system
import json, sys
import pymongo
import argparse
import datetime
from urllib.request import urlopen
from xml.sax import make_parser
from xml.sax.handler import ContentHandler
# parse command line arguments
argparser = argparse.ArgumentParser(description='populate/update the local CVE database')
argparser.add_argument('-u', action='store_true', help='update the database')
argparser.add_argument('-p', action='store_true', help='populate the database')
argparser.add_argument('-f', help='process a local xml file')
argparser.add_argument('-v', action='store_true', help='verbose output')
args = argparser.parse_args()
#init parts of the file names to enable looped file download
file_prefix = "nvdcve-2.0-"
file_suffix = ".xml"
file_mod = "modified"
file_rec = "recent"
# get the current year. This enables us to download all CVE's up to this year :-)
date = datetime.datetime.now()
year = date.year+1
# default values if not set in XML
defaultvalue = {}
defaultvalue['cvss'] = "5"
# define the CVE parser. Thanks to Meredith Patterson (@maradydd) for help on this one.
class CVEHandler(ContentHandler):
def __init__(self):
self.cves = []
self.inCVSSElem = 0
self.inSUMMElem = 0
self.inDTElem = 0
self.inPUBElem = 0
def startElement(self, name, attrs):
if name == 'entry':
self.cves.append({'id': attrs.get('id'), 'references': [],'vulnerable_configuration': []})
elif name == 'cpe-lang:fact-ref':
self.cves[-1]['vulnerable_configuration'].append(attrs.get('name'))
elif name == 'cvss:score':
self.inCVSSElem = 1
self.CVSS = ""
elif name == 'vuln:summary':
self.inSUMMElem = 1
self.SUMM = ""
elif name == 'vuln:published-datetime':
self.inDTElem = 1
self.DT = ""
elif name == 'vuln:last-modified-datetime':
self.inPUBElem = 1
self.PUB = ""
elif name == 'vuln:reference':
self.cves[-1]['references'].append(attrs.get('href'))
def characters(self, ch):
if self.inCVSSElem:
self.CVSS += ch
if self.inSUMMElem:
self.SUMM += ch
if self.inDTElem:
self.DT += ch
if self.inPUBElem:
self.PUB += ch
def endElement(self, name):
if name == 'cvss:score':
self.inCVSSElem = 0
self.cves[-1]['cvss'] = self.CVSS
if name == 'vuln:summary':
self.inSUMMElem = 0
self.cves[-1]['summary'] = self.SUMM
if name == 'vuln:published-datetime':
self.inDTElem = 0
self.cves[-1]['Published'] = self.DT
if name == 'vuln:last-modified-datetime':
self.inPUBElem = 0
self.cves[-1]['Modified'] = self.PUB
if __name__=='__main__':
# connect to the DB. I may want to 'config' it up.
connect = pymongo.Connection()
db = connect.cvedb
collection = db.cves
info = db.info
parser = make_parser()
ch = CVEHandler()
parser.setContentHandler(ch)
# start here if it's an update.
if args.u:
# get the 'modified' file
getfile = file_prefix+file_mod+file_suffix
f = urlopen("http://static.nvd.nist.gov/feeds/xml/cve/"+getfile)
i = info.find_one({'db': 'cve'})
if i is not None:
if f.headers['last-modified'] == i['last-modified']:
print("Not modified")
sys.exit()
info.update({'db': 'cve'}, {"$set":{'last-modified': f.headers['last-modified']}}, upsert=True)
# get your parser on !!
parser = make_parser()
ch = CVEHandler()
parser.setContentHandler(ch)
parser.parse(f)
for item in ch.cves:
# check if the CVE already exists.
x=collection.find({'id': item['id']})
# if so, update the entry.
if x.count() > 0:
if 'cvss' not in item:
item['cvss'] = defaultvalue['cvss']
collection.update({'id': item['id']}, {"$set": {'cvss': item['cvss'],'summary': item['summary'], 'references': item['references'], 'vulnerable_configuration': item['vulnerable_configuration'], 'last-modified': item['Modified']}})
else:
collection.insert(item)
# get the 'recent' file
getfile = file_prefix+file_rec+file_suffix
f = urlopen("http://static.nvd.nist.gov/feeds/xml/cve/"+getfile)
parser = make_parser()
ch = CVEHandler()
parser.setContentHandler(ch)
parser.parse(f)
for item in ch.cves:
# check if the CVE already exists.
x=collection.find({'id': item['id']})
# if so, update the entry.
if x.count() > 0:
if args.v:
print("item found : "+item['id'])
if 'cvss' not in item:
item['cvss'] = defaultvalue['cvss']
collection.update({'id': item['id']}, {"$set": {'cvss': item['cvss'],'summary': item['summary'], 'references': item['references'], 'vulnerable_configuration': item['vulnerable_configuration'], 'last-modified': item['Modified']}})
# if not, create it.
else:
collection.insert(item)
elif args.p:
# populate is pretty straight-forward, just grab all the files from NVD
# and dump them into a DB.
x=collection.find({'id': 'CVE-2002-001'})
if args.v:
print(str(x.count()))
if x.count() > 1 :
print("database already populated")
else:
for x in range(2002,year):
parser = make_parser()
ch = CVEHandler()
parser.setContentHandler(ch)
getfile = file_prefix+str(x)+file_suffix
f = urlopen("http://static.nvd.nist.gov/feeds/xml/cve/"+getfile)
parser.parse(f)
if args.v:
for item in ch.cves:
print(item['id'])
collection.insert(ch.cves)