-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcvereader.py
80 lines (63 loc) · 2.04 KB
/
cvereader.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
import boto3
import requests
import os
import sys
import json
import gzip
from datetime import date
s3 = boto3.client(service_name='s3')
current_year = date.today().year
CVES_AVAILABLE = [str(x) for x in list(range(2002, current_year))] + ["recent", "modified"]
NVD_BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
STATEFILE = "cve.meta.state"
S3_BUCKET = os.environ.get('S3_BUCKET')
state_dict = {}
# request CVE metafiles
for x in CVES_AVAILABLE:
# try requests, error neterror
res = requests.get(NVD_BASE_URL + x + ".meta")
# try parse, error malformed
sha256 = res.text.split("\r\n")[4].split(":")[1]
state_dict[x] = sha256
# get latest status from S3
print(S3_BUCKET, STATEFILE)
s3.download_file(S3_BUCKET, STATEFILE, STATEFILE)
with open(STATEFILE, 'r') as f:
s3_state_dict = json.load(f)
list_to_dl = []
# for every updated, get latest and store into s3
for x in state_dict:
if not x in s3_state_dict:
list_to_dl.append(x)
else:
if s3_state_dict[x] != state_dict[x]:
list_to_dl.append(x)
# if no new files, no need to regenerate list
if not list_to_dl:
print("nothing to dl. exiting")
sys.exit(0)
cvelist = []
# now go over s3 again, regenerating entire list
for x in list_to_dl:
req = requests.get(NVD_BASE_URL + x + ".json.gz")
res = gzip.decompress(req.content).decode("utf-8")
cves = json.loads(res)
for cve in cves["CVE_Items"]:
for dd in cve['cve']['description']['description_data']:
if dd['lang'] == "en":
if dd['value'].lower().find("jenkins") > -1:
cvelist.append(cve)
if dd['value'].lower().find("aws") > -1:
cvelist.append(cve)
if dd['value'].lower().find("kubernetes") > -1:
cvelist.append(cve)
with open("cvelist", "w") as c:
json.dump(cvelist, c)
c.close()
with open(STATEFILE, "w") as st:
json.dump(state_dict, st)
st.close()
# upload list to s3
s3.upload_file("cvelist", S3_BUCKET, "cvelist")
# update state file
s3.upload_file(STATEFILE, S3_BUCKET, STATEFILE)