Source code for nvdlib.classes

import json

[docs]class CPE: """JSON dump class for CPEs :var name: CPE URI name :vartype name: str :var title: The first title result of the CPE. :vartype title: str :var deprecated: Indicates whether CPE has been deprecated :vartype deprecated: bool :var cpe23Uri: The CPE name :vartype cpe23Uri: str :var lastModifiedDate: CPE modification date :vartype lastModifiedDate: :var titles: Human-readable CPE titles :vartype titles: dict :var refs: Reference links. :vartype refs: dict :var deprecatedBy: If deprecated=true, one or more CPE that replace this one :vartype deprecatedby: list :var vulnerabilities: Optional vulnerabilities associated with this CPE. Must use 'cves = true' argument in searchCPE. :vartype vulnerabilities: list """ def __init__(self, dict): vars(self).update(dict) def __repr__(self): return str(self.__dict__) def __len__(self): return len(vars(self)) def __iter__(self): yield 5 yield from list(self.__dict__.keys()) def getvars(self): self.title = self.titles[0].title self.name = self.cpe23Uri
[docs]class CVE: """JSON dump class for CVEs :var cve: CVE ID, description, reference links, CWE. :vartype cve: dict :var configurations: CPE applicability statements and optional CPE names. :vartype configurations: dict :var impact: CVSS severity scores :vartype impact: dict :var publishedDate: CVE publication date :vartype publishedDate: ISO 8601 date/time format including time zone. :var lastModifiedDate: CVE modified date :vartype lastModifiedDate: ISO 8601 date/time format including time zone. :var id: CVE ID :vartype id: str :var cwe: Common Weakness Enumeration Specification (CWE) :vartype cwe: str :var url: Link to additional details on nvd.nist.gov for that CVE. :vartype url: str :var v3score: List that contains V3 or V2 CVSS score (float 1 - 10) as index 0 and the version that score was taken from as index 1. :vartype v3score: list :var v2vector: Version two of the CVSS score represented as a vector string, a compressed textual representation of the values used to derive the score. :vartype v2vector: str :var v3vector: Version three of the CVSS score represented as a vector string. :vartype v3vector: str :var v2severity: LOW, MEDIUM, HIGH (Critical is only available for v3). :vartype v2severity: str :var v3severity: LOW, MEDIUM, HIGH, CRITICAL. :vartype v3severity: str :var v2exploitability: Reflects the ease and technical means by which the vulnerability can be exploited. :vartype v2exploitability: float :var v3exploitability: Reflects the ease and technical means by which the vulnerability can be exploited. :vartype v3exploitability: float :var v2impactScore: Reflects the direct consequence of a successful exploit. :vartype v2impactScore: float :var v3impactScore: Reflects the direct consequence of a successful exploit. :vartype v3impactScore: float :var score: Contains the v3 CVSS score (v2 if v3 isn't available) [score, severity, version]. Where score is an int, severity is a string('LOW','MEDIUM','HIGH','CRITICAL'), and version is a string (V3 or V2). :vartype score: list """ def __init__(self, dict): vars(self).update(dict) def __repr__(self): return str(self.__dict__) def __len__(self): return len(vars(self)) def __iter__(self): yield 5 yield from list(self.__dict__.keys()) def getvars(self): self.id = self.cve.CVE_data_meta.ID """ ID of the CVE """ self.cwe = self.cve.problemtype.problemtype_data self.url = 'https://nvd.nist.gov/vuln/detail/' + self.id if hasattr(self.impact, 'baseMetricV3'): self.v3score = self.impact.baseMetricV3.cvssV3.baseScore self.v3vector = self.impact.baseMetricV3.cvssV3.vectorString self.v3severity = self.impact.baseMetricV3.cvssV3.baseSeverity self.v3exploitability = self.impact.baseMetricV3.exploitabilityScore self.v3impactScore = self.impact.baseMetricV3.impactScore if hasattr(self.impact, 'baseMetricV2'): self.v2score = self.impact.baseMetricV2.cvssV2.baseScore self.v2vector = self.impact.baseMetricV2.cvssV2.vectorString self.v2severity = self.impact.baseMetricV2.severity self.v2exploitability = self.impact.baseMetricV2.exploitabilityScore self.v2impactScore = self.impact.baseMetricV2.impactScore # Prefer the base score version to V3, if it isn't available use V2. # If no score is present, then set it to None. if hasattr(self.impact, 'baseMetricV3'): self.score = ['V3', self.impact.baseMetricV3.cvssV3.baseScore, self.impact.baseMetricV3.cvssV3.baseSeverity] elif hasattr(self.impact, 'baseMetricV2'): self.score = ['V2', self.impact.baseMetricV2.cvssV2.baseScore, self.impact.baseMetricV2.severity] else: self.score = [None, None, None]
def __convert(product, CVEID): """Convert the JSON response to a referenceable object.""" if product == 'cve': vuln = json.loads(json.dumps(CVEID), object_hook= CVE) vuln.getvars() return vuln else: cpeEntry = json.loads(json.dumps(CVEID), object_hook= CPE) return cpeEntry