Hugging Face's logo

Spaces:
avid-ml
/
report-vuln-research
Running

App Files Community
report-vuln-research
File size: 2,878 Bytes 
d523c31
 
 
 
3b232e3
 
 
 
 
 
 
 
 
d523c31
3b232e3
 
 
d523c31
3b232e3
 
 
 
 
d523c31
 
3b232e3
d523c31
 
3b232e3
d523c31
 
3b232e3
d523c31
 
3b232e3
d523c31
 
3b232e3
d523c31
 
3b232e3
d523c31
 
3b232e3
d523c31
 
3b232e3
d523c31
 
3b232e3
d523c31
 
3b232e3
d523c31
 
3b232e3
d523c31
 
3b232e3
d523c31
3b232e3
 
d523c31
 
 
 
 
 
 
3b232e3
 
 
d523c31
3b232e3
 
 
 
 
 
 
 
 
 
d523c31
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
"""
Class definitions for AVID vulnerability.

"""
from pydantic import BaseModel
from typing import List
from datetime import date

from .components import Affects, AvidTaxonomy, Problemtype, Reference, LangValue, Impact
from .enums import TypeEnum
from .report import Report

class VulnMetadata(BaseModel):
    """Metadata class for a vulnerability."""
    vuln_id: str

class ReportSummary(BaseModel):
    """Summary of a report connected to a vuln."""
    report_id: str
    type: TypeEnum
    name: str

class Vulnerability(BaseModel):
    """Top-level class to store an AVID vulnerability."""

    data_type: str = 'AVID'
    """Namespace for the report. Set to AVID by default, change this only if you're adopting these datamodels to stand up your own vulnerability database."""

    data_version: str = None
    """Latest version of the data."""

    metadata: VulnMetadata = None
    """Metadata for the vuln."""

    affects: Affects = None
    """Information on Artifact(s) affected by this report."""
    
    problemtype: Problemtype = None
    """Description of the problem a report is concerned with."""
    
    references: List[Reference] = None
    """References and their details."""

    description: LangValue = None
    """High-level description."""

    reports: List[ReportSummary] = None
    """Brief summary of all reports connected to a vuln."""

    impact: Impact = None
    """Impact information, e.g. different taxonomy mappings, harm and severity scores."""

    credit: List[LangValue] = None
    """People credited for this vuln."""

    published_date: date = None
    """Date published."""

    last_modified_date: date = None
    """Date last modified."""
        
    def save(self, location):
        """Save a report as a json file.
        
        Parameters
        ----------
        location : str
            output *.json filename including location.
        """
        with open(location, "w") as outfile:
            outfile.write(self.json(indent=4))
    
    def ingest(self, report: Report):
        self.data_version = report.data_version
        self.affects = report.affects
        self.problemtype = report.problemtype
        self.description = report.description
        self.references = report.references
        self.impact = report.impact
        self.credit = report.credit
        self.published_date = date.today()
        self.last_modified_date = date.today()

        if self.impact is not None:
            if self.impact.avid is not None: # delete vuln_id field from report
                self.impact.avid = AvidTaxonomy(
                    risk_domain = self.impact.avid.risk_domain,
                    sep_view = self.impact.avid.sep_view,
                    lifecycle_view = self.impact.avid.lifecycle_view,
                    taxonomy_version = self.impact.avid.taxonomy_version
                )