Add files via upload

CVE checker v 0.1

2 files changed, 222 insertions, 0 deletions

diff --git a/checker.py b/checker.py
new file mode 100644
index 0000000..d4d5222
--- /dev/null
+++ b/checker.py
@@ -0,0 +1,206 @@
+import vulners
+import json
+import re
+import sys
+import requests
+import unlzw3
+import csv
+import configparser
+from pymongo import MongoClient, errors
+
+
+class VyosDf:
+
+    def __init__(self, config):
+        self.config = config
+        self.config.read('vyos-df.conf')
+        self.vulners_api = vulners.Vulners(api_key=self.config.get('VULNERS', 'api_key'))
+        self.all_cve = {}
+        self.FILECVE = self.config.get('LOGS', 'FILECVE')
+        self.CHECKER_LOG = self.config.get('LOGS', 'CHECKER_LOG')
+        self.client = MongoClient(self.config.get('MONGODB', 'host'), int(self.config.get('MONGODB', 'port')))
+        self.db = self.client.dfbase
+        self.vulndb = self.db.vulndb
+        self.packages = self.db.packages
+        self.debtrack_link = self.config.get('CVEDB', 'debtrack_link')
+        self.MITRE_LOG = self.config.get('LOGS', 'MITRE_LOG')
+        self.CVE_PATTERN = "CVE"
+        self.MITRE_STOP = "** "
+        self.mitre_link = self.config.get('CVEDB', 'mitre_link')
+        self.DEBTRACK_LOG = self.config.get('LOGS', 'DEBTRACK_LOG')
+        self.CVE_for_update = set()
+
+    def logger(self, logname, logrec, type):
+        file = open(logname, type, encoding='utf-8')
+        file.write(logrec)
+        file.close()
+
+    def binary_logger(self, logname, logrec):
+        file = open(logname, "wb")
+        file.write(logrec)
+        file.close()
+
+
+class Vuln(VyosDf):
+    """Receiving and processing information from the Vulners and Mitre databases"""
+    def create_indices(self):
+        try:
+            self.vulndb.create_index("id", unique=True)
+            self.vulndb.create_index([('_source.affectedSoftware.name', "text"),
+                                 ('_source.affectedSoftware.version', "text")])
+        except Exception as e:
+            print("Error! " + str(e))
+
+    def pull_vulners_cve(self, start_dt, end_dt):
+        self.all_cve = self.vulners_api.archive("cve", start_dt, end_dt)
+
+    def pull_mitre_cve(self):
+        ufr = requests.get(self.mitre_link)
+        uncompressed_data = unlzw3.unlzw(ufr.content)
+        self.binary_logger(self.MITRE_LOG, uncompressed_data)
+
+    def handler_mitre_cve(self):
+        mitrecve = set()
+        with open(self.MITRE_LOG, encoding='ISO-8859-1') as csv_file:
+            csv_reader = csv.reader(csv_file, delimiter=',')
+            for row in csv_reader:
+                if self.CVE_PATTERN in row[0] and (self.MITRE_STOP not in row[2] and row[2] != ""):
+                    mitrecve.add(row[0])
+
+        vulncve = set()
+        vulnrec = self.vulndb.find({}, {'_id': 0, 'id': 1})
+        for i in vulnrec:
+            vulncve.add(i['id'])
+
+        self.CVE_for_update = mitrecve - vulncve
+        print(f"The database is missing - {len(self.CVE_for_update)} CVE")
+
+    def save_cve_f(self):
+        handle = open(self.FILECVE, "w")
+        handle.write(json.dumps(self.all_cve))
+        handle.close()
+
+    def open_cve_f(self):
+        with open(self.FILECVE, encoding='utf-8') as f:
+            content = f.read()
+            self.all_cve = content
+            self.all_cve = json.loads(self.all_cve)
+
+    def handle_set(self):
+        for rec in self.all_cve:
+            try:
+                self.vulndb.insert_one(rec)
+            except errors.DuplicateKeyError:
+                pass
+
+    def processing_packages(self):
+        for rec in self.packages.find({}):
+            self.search_cve(rec['packname'], rec['packvers'], rec['fullpackname'])
+
+    def search_cve(self, pname, version, fullpackname):
+        a = list(self.vulndb.find({"$and": [{"$text": {"$search": pname}},
+                                            {'_source.affectedSoftware': {"$elemMatch": {'version': version}}}]}))
+        print("\n", pname, fullpackname, "--->", len(a))
+        for cve in a:
+            print(cve['id'])
+            rec = "  ".join((cve['id'], pname, fullpackname, "\n"))
+            self.logger(self.CHECKER_LOG, rec, "a")
+
+
+class Packages(VyosDf):
+    """Receiving and processing information about system packages and libraries"""
+    def drop_pack(self):
+        self.db.drop_collection("packages")
+
+    def get_packages(self, filename):
+        with open(filename, encoding='utf-8') as fp:
+            Lines = fp.readlines()
+            for line in Lines:
+                try:
+                    self.packages.insert_one(self.parser(line))
+                except errors.DuplicateKeyError:
+                    pass
+
+    def parser(self, txtln):
+        allwords = re.split("\s", txtln)
+        packname = (re.split("/", allwords[0]))[0]
+        fullpackname = allwords[1]
+        packvers = (re.split("-", allwords[1]))[0]
+        if "+" in packvers:
+            packvers = (re.split("\+", allwords[1]))[0]
+        return {"packname": packname,
+                "packvers": packvers,
+                "fullpackname": fullpackname}
+
+
+
+def help():
+    print("""
+            You could use commands:
+            1.)   --help
+            2.)   --init-db - This operation is required when you first run the utility.
+            3.)   --update-db [date1, date2] - get updates of vulnerabilities database from date1 to date2
+              for example:    
+            4.)   --update-info - get information about the number of new CBEs, missing in the database. 
+              Checking is carried out on the basis of MitreCVE db.
+            5.)   --start [name of file with packages information]
+              it is something like this:
+              
+              accel-ppp/now 1.12.0-71-g4b5561e amd64 [installed,local]
+              acl/now 2.2.52-2 amd64 [installed,local]
+              acpi-support-base/now 0.142-6 all [installed,local]
+              """)
+
+def init_db(config):
+    indb = Vuln(config)
+    indb.create_indices()
+    print("The database was initialized successfully. Update required")
+
+def updatedb(start_dt, end_dt, config):
+    print("Start updating databases")
+    updb = Vuln(config)
+    updb.pull_vulners_cve(start_dt, end_dt)
+    updb.save_cve_f()
+    updb.open_cve_f()
+    updb.handle_set()
+    #debupd = Trackers(config)
+    #debupd.pull_debupdates()
+    print("Vulnerabilities database updated successfully")
+
+def update_info(config):
+    v = Vuln(config)
+    print("Starting analyze...")
+    v.pull_mitre_cve()
+    print("Сhecking the CVE...")
+    v.handler_mitre_cve()
+
+def start(filename, config):
+    print("Starting analyze...")
+    pac = Packages(config)
+    pac.drop_pack()
+    pac.get_packages(filename)
+    tst = Vuln(config)
+    tst.processing_packages()
+
+
+if __name__ == "__main__":
+    cnf = configparser.ConfigParser()
+    if sys.argv[1] == "--help":
+        help()
+    elif sys.argv[1] == "--init-db":
+        init_db(cnf)
+    elif sys.argv[1] == "--update-db":
+        updatedb(sys.argv[2], sys.argv[3], cnf)
+    elif sys.argv[1] == "--update-info":
+        update_info(cnf)
+    elif sys.argv[1] == "--start":
+        start(sys.argv[2], cnf)
+    else:
+        help()
+
+
+
+
+
+
+
diff --git a/vyos-df.conf b/vyos-df.conf
new file mode 100644
index 0000000..a7284df
--- /dev/null
+++ b/vyos-df.conf
@@ -0,0 +1,16 @@
+[VULNERS]
+api_key = EZUPC7OKWZ8ZLI0CCW5UH940B28W9FZTV4VR2QTMM3PCBBRPF2H4DY7D419J757I
+
+[MONGODB]
+host = localhost
+port = 27017
+
+[LOGS]
+FILECVE = vulndb.log
+CHECKER_LOG = VyOS_cve_checker.log
+MITRE_LOG = mitre.log
+DEBTRACK_LOG = debtrack.log
+
+[CVEDB]
+debtrack_link = https://security-tracker.debian.org/tracker/data/json
+mitre_link = https://cve.mitre.org/data/downloads/allitems.csv.Z
\ No newline at end of file