nemunaire/nemubot
1
0
Fork 0
Code Releases Activity

cve: improve read of partial and inexistant CVE

Browse Source
This commit is contained in:
nemunaire 2017-08-03 21:28:56 +02:00
parent 128afb5914
commit 0a576410c7
1 changed files with 46 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
modules/cve.py
View File

@ -5,6 +5,7 @@
from bs4 import BeautifulSoup from bs4 import BeautifulSoup
from urllib.parse import quote from urllib.parse import quote
from nemubot.exception import IMException
from nemubot.hooks import hook from nemubot.hooks import hook
from nemubot.tools.web import getURLContent, striphtml from nemubot.tools.web import getURLContent, striphtml
@ -15,31 +16,44 @@ BASEURL_NIST = 'https://nvd.nist.gov/vuln/detail/'
# MODULE CORE ######################################################### # MODULE CORE #########################################################
VULN_DATAS = {
"alert-title": "vuln-warning-status-name",
"alert-content": "vuln-warning-banner-content",
"description": "vuln-description",
"published": "vuln-published-on",
"last_modified": "vuln-last-modified-on",
"source": "vuln-source",
"base_score": "vuln-cvssv3-base-score-link",
"severity": "vuln-cvssv3-base-score-severity",
"impact_score": "vuln-cvssv3-impact-score",
"exploitability_score": "vuln-cvssv3-exploitability-score",
"av": "vuln-cvssv3-av",
"ac": "vuln-cvssv3-ac",
"pr": "vuln-cvssv3-pr",
"ui": "vuln-cvssv3-ui",
"s": "vuln-cvssv3-s",
"c": "vuln-cvssv3-c",
"i": "vuln-cvssv3-i",
"a": "vuln-cvssv3-a",
}
def get_cve(cve_id): def get_cve(cve_id):
search_url = BASEURL_NIST + quote(cve_id.upper()) search_url = BASEURL_NIST + quote(cve_id.upper())
soup = BeautifulSoup(getURLContent(search_url)) soup = BeautifulSoup(getURLContent(search_url))
return { vuln = {}
"description": soup.body.find(attrs={"data-testid":"vuln-description"}).text.strip(),
"published": soup.body.find(attrs={"data-testid":"vuln-published-on"}).text.strip(),
"last_modified": soup.body.find(attrs={"data-testid":"vuln-last-modified-on"}).text.strip(),
"source": soup.body.find(attrs={"data-testid":"vuln-source"}).text.strip(),
"base_score": float(soup.body.find(attrs={"data-testid":"vuln-cvssv3-base-score-link"}).text.strip()), for vd in VULN_DATAS:
"severity": soup.body.find(attrs={"data-testid":"vuln-cvssv3-base-score-severity"}).text.strip(), r = soup.body.find(attrs={"data-testid": VULN_DATAS[vd]})
"impact_score": float(soup.body.find(attrs={"data-testid":"vuln-cvssv3-impact-score"}).text.strip()), if r:
"exploitability_score": float(soup.body.find(attrs={"data-testid":"vuln-cvssv3-exploitability-score"}).text.strip()), vuln[vd] = r.text.strip()
"av": soup.body.find(attrs={"data-testid":"vuln-cvssv3-av"}).text.strip(), return vuln
"ac": soup.body.find(attrs={"data-testid":"vuln-cvssv3-ac"}).text.strip(),
"pr": soup.body.find(attrs={"data-testid":"vuln-cvssv3-pr"}).text.strip(),
"ui": soup.body.find(attrs={"data-testid":"vuln-cvssv3-ui"}).text.strip(),
"s": soup.body.find(attrs={"data-testid":"vuln-cvssv3-s"}).text.strip(),
"c": soup.body.find(attrs={"data-testid":"vuln-cvssv3-c"}).text.strip(),
"i": soup.body.find(attrs={"data-testid":"vuln-cvssv3-i"}).text.strip(),
"a": soup.body.find(attrs={"data-testid":"vuln-cvssv3-a"}).text.strip(),
}
def display_metrics(av, ac, pr, ui, s, c, i, a, **kwargs): def display_metrics(av, ac, pr, ui, s, c, i, a, **kwargs):
@ -68,7 +82,19 @@ def get_cve_desc(msg):
cve_id = 'cve-' + cve_id cve_id = 'cve-' + cve_id
cve = get_cve(cve_id) cve = get_cve(cve_id)
metrics = display_metrics(**cve) if not cve:
res.append_message("{cveid}: Base score: \x02{base_score} {severity}\x0F (impact: \x02{impact_score}\x0F, exploitability: \x02{exploitability_score}\x0F; {metrics}), from \x02{source}\x0F, last modified on \x02{last_modified}\x0F. {description}".format(cveid=cve_id, metrics=metrics, **cve)) raise IMException("CVE %s doesn't exists." % cve_id)
if "alert-title" in cve or "alert-content" in cve:
alert = "\x02%s:\x0F %s " % (cve["alert-title"] if "alert-title" in cve else "",
cve["alert-content"] if "alert-content" in cve else "")
else:
alert = ""
if "base_score" not in cve and "description" in cve:
res.append_message("{alert}From \x02{source}\x0F, last modified on \x02{last_modified}\x0F. {description}".format(alert=alert, **cve), title=cve_id)
else:
metrics = display_metrics(**cve)
res.append_message("{alert}Base score: \x02{base_score} {severity}\x0F (impact: \x02{impact_score}\x0F, exploitability: \x02{exploitability_score}\x0F; {metrics}), from \x02{source}\x0F, last modified on \x02{last_modified}\x0F. {description}".format(alert=alert, metrics=metrics, **cve), title=cve_id)
return res return res