Mercurial > farol > farolluz
annotate farolluz/parsers/cve.py @ 48:3826f2701ff2
CPE: Add the possibility to add ourself integrally to the product tree
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Tue, 30 Dec 2014 12:30:19 +0100 |
parents | 075519975933 |
children |
rev | line source |
---|---|
43
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
1 # -*- coding: utf-8 -*- |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
2 # Description: |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
3 # Methods for parsing CVE XML documents |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
4 # |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
5 # Authors: |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
6 # BenoƮt Allard <benoit.allard@greenbone.net> |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
7 # |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
8 # Copyright: |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
9 # Copyright (C) 2014 Greenbone Networks GmbH |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
10 # |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
11 # This program is free software; you can redistribute it and/or |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
12 # modify it under the terms of the GNU General Public License |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
13 # as published by the Free Software Foundation; either version 2 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
14 # of the License, or (at your option) any later version. |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
15 # |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
16 # This program is distributed in the hope that it will be useful, |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
19 # GNU General Public License for more details. |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
20 # |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
21 # You should have received a copy of the GNU General Public License |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
22 # along with this program; if not, write to the Free Software |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
24 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
25 """\ |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
26 Methods for parsing of CVE XML Documents |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
27 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
28 Ref: http://scap.nist.gov/schema/vulnerability/0.4 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
29 """ |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
30 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
31 from __future__ import absolute_import |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
32 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
33 import xml.etree.ElementTree as ET |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
34 |
48
3826f2701ff2
CPE: Add the possibility to add ourself integrally to the product tree
Benoît Allard <benoit.allard@greenbone.net>
parents:
45
diff
changeset
|
35 from .cpe import parse as parseCPE |
43
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
36 from .xml import parseDate |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
37 |
44
b7e64d0a3a7c
CVE: Add a generator to our generated document
Benoît Allard <benoit.allard@greenbone.net>
parents:
43
diff
changeset
|
38 from .. import __version__ |
43
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
39 from ..common import CVRFNote, CVRFReference |
44
b7e64d0a3a7c
CVE: Add a generator to our generated document
Benoît Allard <benoit.allard@greenbone.net>
parents:
43
diff
changeset
|
40 from ..document import CVRF, CVRFPublisher, CVRFTracking, CVRFTrackingID, CVRFRevision, CVRFGenerator |
43
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
41 from ..producttree import CVRFFullProductName |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
42 from ..utils import utcnow |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
43 from ..vulnerability import CVRFVulnerability, CVRFCVSSSet, CVRFCWE, CVRFProductStatus |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
44 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
45 NAMESPACES = { |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
46 'cve': "http://scap.nist.gov/schema/feed/vulnerability/2.0", |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
47 'vuln': "http://scap.nist.gov/schema/vulnerability/0.4", |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
48 'cvss': "http://scap.nist.gov/schema/cvss-v2/0.2", |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
49 'xml': "http://www.w3.org/XML/1998/namespace", |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
50 } |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
51 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
52 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
53 def UN(ns, name): |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
54 """ returns a Universal Name """ |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
55 return "{%s}%s" % (NAMESPACES[ns], name) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
56 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
57 def parseCVSS(xmlElem): |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
58 """ Make a vector out of a list of elements """ |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
59 def get(name): |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
60 return xmlElem.findtext('/'.join([UN('cvss', 'base_metrics'), UN('cvss', name)])) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
61 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
62 cvss_set = CVRFCVSSSet(float(get('score'))) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
63 vector = [ |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
64 'AV:%s' % {'LOCAL': 'L', |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
65 'ADJACENT_NETWORK': 'A', |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
66 'NETWORK': 'N'}[get('access-vector')], |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
67 'AC:%s' % {'HIGH': 'H', |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
68 'MEDIUM': 'M', |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
69 'LOW': 'L'}[get('access-complexity')], |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
70 'Au:%s' % {'MULTIPLE': 'M', |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
71 'SINGLE': 'S', |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
72 'NONE': 'N'}[get('authentication')], |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
73 'C:%s' % {'NONE': 'N', |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
74 'PARTIAL': 'P', |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
75 'COMPLETE': 'C'}[get('confidentiality-impact')], |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
76 'I:%s' % {'NONE': 'N', |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
77 'PARTIAL': 'P', |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
78 'COMPLETE': 'C'}[get('integrity-impact')], |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
79 'A:%s' % {'NONE': 'N', |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
80 'PARTIAL': 'P', |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
81 'COMPLETE': 'C'}[get('availability-impact')], |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
82 ] |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
83 cvss_set.setVector('/'.join(vector)) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
84 return cvss_set |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
85 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
86 def parseXML(data): |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
87 """ returns am ET.Element from the input stuff. |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
88 input can be: |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
89 - a string |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
90 - a file handle |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
91 - an ET.Element instance |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
92 """ |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
93 if isinstance(data, ET.Element): |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
94 return data |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
95 # To allow passing file handles |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
96 if hasattr(data, 'read'): |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
97 data = data.read() |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
98 # Parse it. |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
99 return ET.fromstring(data) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
100 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
101 def parse_CVE_from_GSA(data): |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
102 xml = parseXML(data) |
45
075519975933
CVE: Handle the case where gsa has no result
Benoît Allard <benoit.allard@greenbone.net>
parents:
44
diff
changeset
|
103 content = xml.find('/'.join(['get_info', 'get_info_response', 'info', 'cve', 'raw_data', UN('cve', 'entry')])) |
075519975933
CVE: Handle the case where gsa has no result
Benoît Allard <benoit.allard@greenbone.net>
parents:
44
diff
changeset
|
104 if content is None: |
075519975933
CVE: Handle the case where gsa has no result
Benoît Allard <benoit.allard@greenbone.net>
parents:
44
diff
changeset
|
105 return None |
075519975933
CVE: Handle the case where gsa has no result
Benoît Allard <benoit.allard@greenbone.net>
parents:
44
diff
changeset
|
106 return parse(content) |
43
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
107 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
108 def parse(xml): |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
109 xml = parseXML(xml) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
110 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
111 # Create an extra-minimal document |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
112 doc = CVRF(xml.findtext(UN('vuln', 'cve-id')), |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
113 'Vulnerability Description') |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
114 pub = CVRFPublisher("Other") |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
115 doc.setPublisher(pub) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
116 now = utcnow() |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
117 tracking = CVRFTracking( |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
118 CVRFTrackingID('000000'), |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
119 "Draft", |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
120 (0,), |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
121 now, now |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
122 ) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
123 doc.setTracking(tracking) |
44
b7e64d0a3a7c
CVE: Add a generator to our generated document
Benoît Allard <benoit.allard@greenbone.net>
parents:
43
diff
changeset
|
124 generator = CVRFGenerator() |
b7e64d0a3a7c
CVE: Add a generator to our generated document
Benoît Allard <benoit.allard@greenbone.net>
parents:
43
diff
changeset
|
125 generator.setEngine('FarolLuz ' + __version__) |
b7e64d0a3a7c
CVE: Add a generator to our generated document
Benoît Allard <benoit.allard@greenbone.net>
parents:
43
diff
changeset
|
126 generator.setDate(now) |
b7e64d0a3a7c
CVE: Add a generator to our generated document
Benoît Allard <benoit.allard@greenbone.net>
parents:
43
diff
changeset
|
127 tracking.setGenerator(generator) |
43
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
128 tracking.addRevision(CVRFRevision((0,), now, 'Document created')) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
129 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
130 # Add the CVE to that document |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
131 return addToDoc(doc, xml) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
132 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
133 def addToDoc(doc, xml): |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
134 """ Adds the CVE as vulnerability in the document """ |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
135 xml = parseXML(xml) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
136 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
137 vulnid = xml.attrib['id'] |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
138 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
139 # Get a new ordinal for our new Vulnerability |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
140 if len(doc._vulnerabilities) == 0: |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
141 ordinal = 1 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
142 else: |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
143 ordinal = doc._vulnerabilities[-1]._ordinal + 1 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
144 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
145 # Create a Vulnerability |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
146 vuln = CVRFVulnerability(ordinal) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
147 doc.addVulnerability(vuln) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
148 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
149 vulnerable_products = [] |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
150 # Set the vulnerable products in productTree |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
151 for i, cpe in enumerate(xml.findall( |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
152 '/'.join([UN('vuln', 'vulnerable-software-list'), |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
153 UN('vuln', 'product')]))): |
48
3826f2701ff2
CPE: Add the possibility to add ourself integrally to the product tree
Benoît Allard <benoit.allard@greenbone.net>
parents:
45
diff
changeset
|
154 prod = parseCPE(cpe.text).addToDoc(doc) |
43
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
155 vulnerable_products.append(prod) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
156 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
157 if vulnerable_products: |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
158 status = CVRFProductStatus('Known Affected') |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
159 for product in vulnerable_products: |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
160 status.addProductID(product._productid) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
161 vuln.addProductStatus(status) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
162 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
163 # Add the CVE-id |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
164 vuln.setCVE(xml.findtext(UN('vuln', 'cve-id'))) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
165 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
166 # The release date |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
167 vuln.setReleaseDate(parseDate(xml.findtext(UN('vuln', 'published-datetime')))) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
168 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
169 # Add the CVSS |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
170 xmlcvss = xml.find(UN('vuln', 'cvss')) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
171 if xmlcvss is not None: |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
172 vuln.addCVSSSet(parseCVSS(xmlcvss)) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
173 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
174 # Add the CWE id |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
175 xmlcwe = xml.find(UN('vuln', 'cwe')) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
176 if xmlcwe is not None: |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
177 # XXX: Get a Description for the CWE ! |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
178 vuln.addCWE(CVRFCWE(xmlcwe.attrib['id'], xmlcwe.attrib['id'])) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
179 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
180 # Add references |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
181 for xmlref in xml.findall(UN('vuln', 'references')): |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
182 vuln.addReference(CVRFReference(xmlref.find(UN('vuln','reference')).attrib['href'], |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
183 xmlref.findtext(UN('vuln', 'reference')))) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
184 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
185 xmlsummary = xml.findtext(UN('vuln', 'summary')) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
186 if xmlsummary is not None: |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
187 vuln.addNote(CVRFNote( |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
188 'Summary', |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
189 1, |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
190 xmlsummary |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
191 )) |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
192 |
b87f2a6e613a
Add CVE parsing (from OpenVAS GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff
changeset
|
193 return doc |