Spaces:
Running
Running
File size: 2,418 Bytes
d523c31 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
import nvdlib
from datetime import datetime
from avidtools.datamodels.vulnerability import Vulnerability
from avidtools.datamodels.components import *
def import_cve(cve_id):
"""Import a CVE from the NVD API and return a JSON dump object.
Parameters
----------
cve_id : str
Identifier of the CVE to be imported. Has the format CVE-2XXX-XXXXX
Returns
--------
cve: nvdlib.classes.CVE
JSON dump object containing the imported CVE information.
"""
cv = nvdlib.searchCVE(cveId = cve_id)[0]
return cv
def convert_cve(cve):
"""Convert a CVE into an AVID report object.
Parameters
----------
cve : nvdlib.classes.CVE
JSON dump object containing the imported CVE information.
Returns
--------
vuln : Vulnerability
an AVID vulnerability object containing information in the CVE.
"""
vuln = Vulnerability()
aff = [c.criteria.split(':') for c in cve.cpe]
vuln.affects = Affects(
developer = [a[3] for a in aff],
deployer = [],
artifacts = [
Artifact(
type = ArtifactTypeEnum.system,
name = ':'.join(a[4:])
)
for a in aff
]
)
vuln.problemtype = Problemtype(
classof = ClassEnum.cve,
type = TypeEnum.advisory,
description = LangValue(
lang = 'eng',
value = cve.descriptions[0].value
)
)
vuln.references = [
Reference(
type = 'source',
label = 'NVD entry',
url = cve.url
)
] + [
Reference(
type = 'source',
label = ref.url,
url = ref.url
)
for ref in cve.references
]
vuln.description = LangValue(
lang = 'eng',
value = cve.id + ' Detail'
)
vuln.credit = [
LangValue(
lang = 'eng',
value = cve.sourceIdentifier
)
]
vuln.published_date = datetime.strptime(cve.published.split('T')[0], '%Y-%m-%d').date()
vuln.last_modified_date = datetime.strptime(cve.lastModified.split('T')[0], '%Y-%m-%d').date()
return vuln |