8000 Add URLs to CPEs by TG1999 · Pull Request #785 · aboutcode-org/vulnerablecode · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Add URLs to CPEs #785

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jun 29, 2022
Merged

Add URLs to CPEs #785

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions vulnerabilities/importers/nvd.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,9 @@
from vulnerabilities.models import Advisory
from vulnerabilities.utils import get_item

BASE_URL = "https://nvd.nist.gov/vuln/search/results"
PARAMS = "?adv_search=true&isCpeNameSearch=true"


class NVDImporter(Importer):
# See https://github.com/nexB/vulnerablecode/issues/665 for follow up
Expand Down Expand Up @@ -76,9 +79,11 @@ def to_advisories(nvd_data):
references = []
severity_scores = list(extract_severity_scores(cve_item))
for cpe in cpes:
cpe_url = f"{BASE_URL}{PARAMS}&query={cpe}"
references.append(
Reference(
reference_id=cpe,
url=cpe_url,
)
)
references.append(
Expand Down
21 changes: 21 additions & 0 deletions vulnerabilities/migrations/0016_update_cpe_url.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
from django.db import migrations

class Migration(migrations.Migration):

def update_cpe_url(apps, schema_editor):
Reference = apps.get_model("vulnerabilities", "VulnerabilityReference")
for reference in Reference.objects.filter(reference_id__startswith="cpe"):
cpe = reference.reference_id
base_url = 'https://nvd.nist.gov/vuln/search/results'
params = '?adv_search=true&isCpeNameSearch=true'
vuln_url = f'{base_url}{params}&query={cpe}'
reference.url = vuln_url
reference.save()

dependencies = [
10000 ('vulnerabilities', '0015_alter_vulnerabilityseverity_unique_together_and_more'),
]

operations = [
migrations.RunPython(update_cpe_url, migrations.RunPython.noop),
]
80 changes: 40 additions & 40 deletions vulnerabilities/tests/test_data/nvd/nvd-expected.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,17 +32,17 @@
},
{
"reference_id": "cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*",
"severities": []
}
],
Expand Down Expand Up @@ -146,187 +146,187 @@
},
{
"reference_id": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
"severities": []
},
{
"reference_id": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"url": "",
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
"severities": []
}
],
Expand Down
24 changes: 22 additions & 2 deletions vulnerabilities/tests/test_data_migrations.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,6 @@
from django.test import TestCase

from vulnerabilities import severity_systems
from vulnerabilities.models import VulnerabilityReference
from vulnerabilities.models import VulnerabilitySeverity


class TestMigrations(TestCase):
Expand Down Expand Up @@ -115,3 +113,25 @@ def test_dropping_vulnerability_from_severity(self):
reference=reference,
defaults={"value": str("TEST")},
)


class UpdateCPEURL(TestMigrations):

migrate_from = "0015_alter_vulnerabilityseverity_unique_together_and_more"
migrate_to = "0016_update_cpe_url"

def setUpBeforeMigration(self, apps):
# using get_model to avoid circular import
VulnerabilityReference = apps.get_model("vulnerabilities", "VulnerabilityReference")

reference = VulnerabilityReference.objects.create(
reference_id="cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", url=""
)
reference.save()
self.reference = reference

def test_cpe_url_updation(self):
# using get_model to avoid circular import
VulnerabilityReference = self.apps.get_model("vulnerabilities", "VulnerabilityReference")
ref = VulnerabilityReference.objects.get(reference_id = self.reference.reference_id)
assert ref.url == "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"
0