WindowsScanner/cve_parser.py at master · Shayaomer/WindowsScanner · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
import download_db
import json
from cve import Cve
from dataclasses import dataclass


@dataclass()
class CveParser:
    cve_collections_for_all_years = {}

    def __init__(self):
        self.cve_collections_for_all_years = download_db.DownloadDb().cve_dict

    def get_cve_collection_for_specific_year(self, year: str) -> []:
        """

        :param year:
        :return: list of all cve for the given year. Each cell in the returning list is cve object
        """
        cve_collection = []
        cve_dict = self.cve_collections_for_all_years[year]
        for cve_json_presentation in cve_dict['CVE_Items']:
            cve_id = cve_json_presentation['cve']['CVE_data_meta']['ID']
            assigner = None
            if 'ASSIGNER' in cve_json_presentation['cve']['CVE_data_meta'].keys():
                assigner = cve_json_presentation['cve']['CVE_data_meta']['ASSIGNER']
            description = cve_json_presentation['cve']['description']['description_data'][0]['value']
            severity = None
            if len(cve_json_presentation['impact']) > 1:
                severity = self.extract_severity(cve_json_presentation['impact'])
            cve = Cve(cve_id, assigner, description, severity)
            cve_collection.append(cve)

        return cve_collection

    def write_all_cve_collection_for_specific_year_to_file(self, year: str):
        """

        :param year:
        :return: This function write all the cve objects of a given year to Json file named : "cve_collections_for_{0}.json"
        """
        cve_collection = self.get_cve_collection_for_specific_year(year)
        cve_json_collection = []
        for cve in cve_collection:
            cve_json = {
                "identifier": cve.identifier,
                "assigner": cve.assigner,
                "description": cve.description,
                "severity": cve.severity
            }
            cve_json_collection.append(cve_json)
        json_object = json.dumps(cve_json_collection, indent=4)
        with open("cve_collections_for_{0}.json".format(year), "w") as outfile:
            outfile.write(json_object)

    @staticmethod
    def extract_severity(impact: []) -> str:
        if len(impact) > 1:
            severity = impact['baseMetricV3']['cvssV3']['baseSeverity']
        else:
            severity = impact['baseMetricV2']['severity']

        return severity

    def get_all_cpe23_uri(self):    # Generator that yield a CPE-23 Uri from the CVE dict
        for year in self.cve_collections_for_all_years:
            for cve_item in self.cve_collections_for_all_years[year]['CVE_Items']:
                if len(cve_item['configurations']['nodes']) != 0:
                    for cpe in cve_item['configurations']['nodes'][0]['cpe_match']:
                        yield (cpe['cpe23Uri'], cve_item['cve']['CVE_data_meta']['ID'])

if __name__ == '__main__':
    a = CveParser()
    for i in a.get_all_cpe23_uri():
        print(i)