Source code for nvdlib.cve

import datetime

from datetime import datetime
from .classes import __convert
from .get import __get

[docs]def searchCVE( cpeName=False, cveId=False, cvssV2Metrics=False, cvssV2Severity=False, cvssV3Metrics=False, cvssV3Severity=False, cweId=False, hasCertAlerts=False, hasCertNotes=False, hasKev=False, hasOval=False, isVulnerable=False, keywordExactMatch=False, keywordSearch=False, lastModStartDate=False, lastModEndDate=False, pubStartDate=False, pubEndDate=False, sourceIdentifier=False, virtualMatchString=False, limit=False, delay=False, key=False, verbose=False): """Build and send GET request then return list of objects containing a collection of CVEs. For more information on the parameters available, please visit https://nvd.nist.gov/developers/vulnerabilities :param cpeName: This value will be compared agains the CPE Match Criteria within a CVE applicability statement. (i.e. find the vulnerabilities attached to that CPE). Partial match strings are allowed. :type cpeName: str :param cveId: Returns a single CVE that already exists in the NVD. :type cveId: str :param cvssV2Metrics: This parameter returns only the CVEs that match the provided CVSSv2 vector string. Either full or partial vector strings may be used. This parameter cannot be used in requests that include cvssV3Metrics. :type cvssV2Metrics: str :param cvssV2Severity: Find vulnerabilities having a 'LOW', 'MEDIUM', or 'HIGH' version 2 severity. :type cvssV2Severity: str :param cvssV3Metrics: This parameter returns only the CVEs that match the provided CVSSv3 vector string. Either full or partial vector strings may be used. This parameter cannot be used in requests that include cvssV2Metrics. :type cvssV3Metrics: str :param cvssV3Severity: Find vulnerabilities having a 'LOW', 'MEDIUM', 'HIGH', or 'CRITICAL' version 3 severity. :type cvssV3Severity: str :param cweId: Filter collection by CWE (Common Weakness Enumeration) ID. You can find a list at https://cwe.mitre.org/. A CVE can have multiple CWE IDs assigned to it. :type cweId: str :param hasCertAlerts: Returns CVE that contain a Technical Alert from US-CERT. :type hasCertAlerts: bool :param hasCertNotes: Returns CVE that contain a Vulnerability Note from CERT/CC. :type hasCertNotes: bool :param hasOval: Returns CVE that contain information from MITRE's Open Vulnerability and Assessment Language (OVAL) before this transitioned to the Center for Internet Security (CIS). :type hasOval: bool :param isVulnerable: Returns CVE associated with a specific CPE, where the CPE is also considered vulnerable. **REQUIRES** `cpeName` parameter. `isVulnerable` is not compatible with `virtualMatchString` parameter. :type isVulnerable: bool :param keywordExactMatch: When `keywordSearch` is used along with `keywordExactmatch`, it will search the NVD for CVEs containing exactly what was passed to `keywordSearch`. **REQUIRES** `keywordSearch`. :type keywordExactMatch: bool :param keywordSearch: Searches CVEs where a word or phrase is found in the current description. If passing multiple keywords with a space character in between then each word must exist somewhere in the description, not necessarily together unless `keywordExactMatch=True` is passed to `searchCVE`. :type keywordSearch: str :param lastModStartDate: These parameters return only the CVEs that were last modified during the specified period. If a CVE has been modified more recently than the specified period, it will not be included in the response. If filtering by the last modified date, both `lastModStartDate` and `lastModEndDate` are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days. :type lastModStartDate: str,datetime obj :param lastModEndDate: Required if using lastModStartDate. :type lastModEndDate: str, datetime obj :param pubStartDate: These parameters return only the CVEs that were added to the NVD (i.e., published) during the specified period. If filtering by the published date, both `pubStartDate` and `pubEndDate` are REQUIRED. The maximum allowable range when using any date range parameters is 120 consecutive days. :type pubStartDate: str,datetime obj :param pubEndDate: Required if using pubStartDate. :type pubEndDate: str, datetime obj :param sourceIdentifier: Returns CVE where the data source of the CVE is the value that is passed to `sourceIdentifier`. :type sourceIdentifier: str :param virtualMatchString: A more broad filter compared to `cpeName`. The cpe match string that is passed to `virtualMatchString` is compared against the CPE Match Criteria present on CVE applicability statements. :type virtualMatchString: str :param limit: Custom argument to limit the number of results of the search. Allowed any number between 1 and 2000. :type limit: int :param delay: Can only be used if an API key is provided. This allows the user to define a delay. The delay must be greater than 0.6 seconds. The NVD API recommends scripts sleep for atleast 6 seconds in between requests. :type delay: int :param key: NVD API Key. Allows for the user to define a delay. NVD recommends scripts sleep 6 seconds in between requests. If no valid API key is provided, requests are sent with a 6 second delay. :type key: str :param verbose: Prints the URL request for debugging purposes. :type verbose: bool """ def __buildCVECall( cpeName, cveId, cvssV2Metrics, cvssV2Severity, cvssV3Metrics, cvssV3Severity, cweId, hasCertAlerts, hasCertNotes, hasKev, hasOval, isVulnerable, keywordExactMatch, keywordSearch, lastModStartDate, lastModEndDate, pubStartDate, pubEndDate, sourceIdentifier, virtualMatchString, limit, delay): parameters = {} if cpeName: parameters['cpeName'] = cpeName if cveId: parameters['cveId'] = cveId if cvssV2Metrics: parameters['cvssV2Metrics'] = cvssV2Metrics if cvssV2Severity: cvssV2Severity = cvssV2Severity.upper() if cvssV2Severity in ['LOW', 'MEDIUM', 'HIGH']: parameters['cvssV2Severity'] = cvssV2Severity else: raise SyntaxError("cvssV2Severity parameter can only be assigned LOW, MEDIUM, or HIGH value.") if cvssV3Metrics: parameters['cvssV3Metrics'] = cvssV3Metrics if cvssV3Severity: cvssV3Severity = cvssV3Severity.upper() if cvssV3Severity in ['LOW', 'MEDIUM', 'HIGH', 'CRITICAL']: parameters['cvssV3Severity'] = cvssV3Severity else: raise SyntaxError("cvssV3Severity parameter can only be assigned LOW, MEDIUM, HIGH, or CRITICAL value.") if cweId: parameters['cweId'] = cweId.upper() if hasCertAlerts: parameters['hasCertAlerts'] = None if hasCertNotes: parameters['hasCertNotes'] = None if hasKev: parameters['hasKev'] = None if hasOval: parameters['hasOval'] = None if isVulnerable: if cpeName: parameters['isVulnerable'] = None else: raise SyntaxError('cpeName parameter must be defined if isVulnerable parameter is passed.') if keywordExactMatch: if keywordSearch: parameters['keywordExactMatch'] = None else: raise SyntaxError('keywordSearch parameter must be passed if keywordExactMatch is set to True.') if keywordSearch: parameters['keywordSearch'] = keywordSearch if lastModStartDate: if isinstance(lastModStartDate, datetime): date = lastModStartDate.isoformat() elif isinstance(lastModStartDate, str): date = datetime.strptime(lastModStartDate, '%Y-%m-%d %H:%M').isoformat() else: raise SyntaxError('Invalid date syntax: ' + lastModStartDate) parameters['lastModStartDate'] = date if lastModEndDate: if isinstance(lastModEndDate, datetime): date = lastModEndDate.isoformat() elif isinstance(lastModEndDate, str): date = datetime.strptime(lastModEndDate, '%Y-%m-%d %H:%M').isoformat() else: raise SyntaxError('Invalid date syntax: ' + lastModEndDate) parameters['lastModEndDate'] = date if pubStartDate: if isinstance(pubStartDate, datetime): date = pubStartDate.isoformat() elif isinstance(pubStartDate, str): date = datetime.strptime(pubStartDate, '%Y-%m-%d %H:%M').isoformat() else: raise SyntaxError('Invalid date syntax: ' + pubEndDate) parameters['pubStartDate'] = date if pubEndDate: if isinstance(pubEndDate, datetime): date = pubEndDate.isoformat() elif isinstance(pubEndDate, str): date = datetime.strptime(pubEndDate, '%Y-%m-%d %H:%M').isoformat() else: raise SyntaxError('Invalid date syntax: ' + pubEndDate) parameters['pubEndDate'] = date if sourceIdentifier: parameters['sourceIdentifier'] = sourceIdentifier if virtualMatchString: parameters['virtualMatchString'] = virtualMatchString if limit: if limit > 2000 or limit < 1: raise SyntaxError('Limit parameter must be between 1 and 2000') parameters['resultsPerPage'] = str(limit) if key: headers = {'content-type': 'application/json', 'apiKey': key} else: headers = {'content-type': 'application/json'} if delay and key: if delay < 0.6: raise SyntaxError('Delay parameter must be greater than 0.6 seconds with an API key. NVD API recommends several seconds.') elif delay and key == False: raise SyntaxError('Key parameter must be present to define a delay. Requests are delayed 6 seconds without an API key by default.') return parameters, headers parameters, headers = __buildCVECall( cpeName, cveId, cvssV2Metrics, cvssV2Severity, cvssV3Metrics, cvssV3Severity, cweId, hasCertAlerts, hasCertNotes, hasKev, hasOval, isVulnerable, keywordExactMatch, keywordSearch, lastModStartDate, lastModEndDate, pubStartDate, pubEndDate, sourceIdentifier, virtualMatchString, limit, delay) # raw is the raw dictionary response. raw = __get('cve', headers, parameters, limit, verbose, delay) cves = [] # Generates the CVEs into objects for easy access and appends them to self.cves for eachCVE in raw['vulnerabilities']: cves.append(__convert('cve', eachCVE['cve'])) return cves