From 26c259b5a893e37200c7c8ea6299510ab85e30cb Mon Sep 17 00:00:00 2001 From: toolswatch Date: Fri, 16 Jun 2017 17:58:56 +0300 Subject: [PATCH] Support to new Microsoft security update, support to CAPEC 2.10, and CWE 2.11 --- CHANGELOG.md | 10 ++++++++ README.md | 48 ++++++++--------------------------- config/constants.py | 2 -- lib/core/methods/json_dump.py | 10 +++----- lib/core/methods/patches.py | 22 +++------------- 5 files changed, 28 insertions(+), 64 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4b06576..998d3bd 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,16 @@ Changelog ========= +0.7.2 +----- +* Added support to CAPEC v2.10. Check [the full changelog](http://capec.mitre.org/data/reports/diff_reports/v2.9_v2.10.html). +* Added support to CWE v2.11. Check [the full changelog](http://cwe.mitre.org/data/reports/diff_reports/v2.10_v2.11.html). +* Added support to the new [Microsoft security update](https://portal.msrc.microsoft.com/en-us/security-guidance) +* [Improve] Improved the `get_ms` method to returns both all and new Microsoft bulletins and KBs. +* [Improve] Fixed issue #65. Cleaned the database from **Reject** entries. +* [Doc] [Documentation](https://vfeed.io/docs) updated to reflect the new changes. +_All changes are immediate for consultancy / integrator license customers. The CE database will be available by the end of the month_ + 0.7.1 ----- * [New] Reactivated the ability to automate the download process for Consultancy / Integrator plans using private Dropbox repository. diff --git a/README.md b/README.md index 5dd7f0e..789db0e 100755 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ vFeed The Correlated Vulnerability and Threat Intelligence Database Wrapper ======================================================================= ![vFeed](https://vfeed.io/wp-content/uploads/2016/07/vfeed.png) -[![Build Status](https://travis-ci.org/toolswatch/vFeed.svg?branch=v0.6.5)](https://travis-ci.org/toolswatch/vFeed) +[![Build Status](https://travis-ci.org/toolswatch/vFeed.svg?branch=master)](https://travis-ci.org/toolswatch/vFeed) [![Code Health](https://landscape.io/github/toolswatch/vFeed/master/landscape.svg?style=flat)](https://landscape.io/github/toolswatch/vFeed/master) [![Compatibility](https://img.shields.io/badge/CWE-Compatible-yellow.svg)](http://cwe.mitre.org/compatible/organizations.html#ToolsWatch) [![Compatibility](https://img.shields.io/badge/CVE-Compatible-yellow.svg)](https://cve.mitre.org/compatible/compatible.html#ToolsWatch) @@ -68,45 +68,19 @@ Refer to the [Documentation](https://vfeed.io/docs) official documentation page. Latest release ============== +0.7.2 +----- +* Added support to CAPEC v2.10. Check [the full changelog](http://capec.mitre.org/data/reports/diff_reports/v2.9_v2.10.html). +* Added support to CWE v2.11. Check [the full changelog](http://cwe.mitre.org/data/reports/diff_reports/v2.10_v2.11.html). +* Added support to the new [Microsoft security update](https://portal.msrc.microsoft.com/en-us/security-guidance) +* [Improve] Improved the `get_ms` method to returns both all and new Microsoft bulletins and KBs. +* [Improve] Fixed issue #65. Cleaned the database from **Reject** entries. +* [Doc] [Documentation](https://vfeed.io/docs) updated to reflect the new changes. +_All changes are immediate for consultancy / integrator license customers. The CE database will be available by the end of the month_ + 0.7.1 ----- * [New] Reactivated the ability to automate the download process for Consultancy / Integrator plans using private Dropbox repository. * [Improve] Improved the `mongo.py` to check whether SQLite exists. Thanks to Alex Faraino (https://github.com/AlexFaraino/vFeed) * [Fix] Modified vfeedcli from API to wrapper. * [Doc] [Documentation](https://vfeed.io/docs) updated to reflect the new changes. - -0.7.0.1 ------ -* [Fix] Fixed issue #72. Migration was not working for ubuntu and debian. -* [Improve] Improved the check_mongo() to support tp linux and OSX. - -0.7.0 ------ -* [New] Updated and optimized `search` function with new keys (cve, cpe, cwe, oval and text). Please refer to [documentation](https://github.com/toolswatch/vFeed/wiki/2--Usage-(API-and-Command-Line)) -* [New] The `search` result is returned as JSON content. It may contain references to exploits whenever they are available -* [New] Added support to Python3. Thanks to Elnappo (https://github.com/elnappo) -* [Fix] Fixed issue #64. The CLI is separated from the library. -* [Fix] Fixed issue #67. Modified the `config.py` to reflect The OVAL repository new URL hosted by CIS. - -0.6.9 ------ -* The vFeed DB is no more available through `update` command. The command is deprecated. -* The delivery of the vFeed DB was handed over to a new established entity [vFeed IO](https://vfeed.io). This entity sets the goal to become the Leading Provider of Vulnerability and Threat Intelligence Database. -* The API has been modified to reflect the new changes. - -0.6.8 ------ -* Added support to CAPEC version 2.8. Check [about CAPEC v2.8](http://capec.mitre.org/news/index.html#december72015_CAPEC_List_Version_2.8_Now_Available). -* Added support to CWE v2.9. Check [the full changelog](http://cwe.mitre.org/data/reports/diff_reports/v2.8_v2.9.html). -* Added mapping to [WASC v2.0 Threat Classification](http://projects.webappsec.org/w/page/13246978/Threat%20Classification). -* Added CVSS v2.0 vectors to `risk.py` class. Now, the methods `get_cvss` and `get_severity` display the vector when available. -* Added new method `get_wasc` to reflect the new mapping with WASC v2.0. The method returns ID, Title and URL when available. -* Modified the method `get_capec` to return the following: - * The title - * [Method of Attacks](http://capec.mitre.org/documents/schema/schema_v2.7.1.html#Method_of_Attack%20%28Methods_of_Attack%29) - * [Mitigations](http://capec.mitre.org/documents/schema/schema_v2.7.1.html#Solution_or_Mitigation) -* Reflected the changes in `cvsexports.sql` MongoDB script to generate the new added tables. -* vFeed.db the correlated vulnerability & threat database fully regenerated to support the new changes. -* Documentation updated accordingly. - -**NOTE**: Some code was cleaned. Nevertheless, the issues reported [here](https://github.com/toolswatch/vFeed/issues) will be fixed in next minor version. diff --git a/config/constants.py b/config/constants.py index aa83478..5445c2b 100644 --- a/config/constants.py +++ b/config/constants.py @@ -29,8 +29,6 @@ capec_url = "https://capec.mitre.org/data/definitions/" osvdb_url = "http://www.osvdb.org/" bid_url = "http://www.securityfocus.com/bid/" -ms_bulletin_url = "http://technet.microsoft.com/en-us/security/bulletin/" -kb_bulletin_url = "https://support.microsoft.com/en-us/kb/" ibm_url = "http://www-01.ibm.com/support/docview.wss?uid=swg1" redhat_url = "https://rhn.redhat.com/errata/" redhat_oval_url = "https://www.redhat.com/security/data/oval/com.redhat.rhsa-" diff --git a/lib/core/methods/json_dump.py b/lib/core/methods/json_dump.py index 1074543..c6acc5f 100755 --- a/lib/core/methods/json_dump.py +++ b/lib/core/methods/json_dump.py @@ -27,9 +27,9 @@ def json_dump(self): """ # CVE basic information self.data = CveInfo(self.cve) - info = json.loads(self.data.get_cve()) + cve_info = json.loads(self.data.get_cve()) - if info is None: + if cve_info is None: return False cpe = json.loads(self.data.get_cpe()) @@ -54,7 +54,6 @@ def json_dump(self): # Patch Information self.data = CvePatches(self.cve) ms = json.loads(self.data.get_ms()) - kb = json.loads(self.data.get_kb()) aixapar = json.loads(self.data.get_aixapar()) redhat = json.loads(self.data.get_redhat()) debian = json.loads(self.data.get_debian()) @@ -89,11 +88,10 @@ def json_dump(self): json_export = { "vFeed": {"id": self.vfeed_id, "author": author, "product": title, "wrapper": build, "url": repository, 'Contact': twitter}, - "information": {"cve": info, "cpe": cpe, "cwe": cwe, "capec": capec, "category": category, "wasc": wasc}, + "information": {"cve": cve_info, "cpe": cpe, "cwe": cwe, "capec": capec, "category": category, "wasc": wasc}, "references": {"scip": scip, "osvdb": osvdb, "certvn": certvn, "bid": bid, "iavm": iavm, 'other': {"links": refs}}, "risk": severity, - "patches": {"microsoft bulletins": ms, "microsoft kb": kb, - "ibm": aixapar, "redhat": redhat, "debian": debian, + "patches": {"microsoft": ms, "ibm": aixapar, "redhat": redhat, "debian": debian, "ubuntu": ubuntu, "gentoo": gentoo, "suse": suse, "fedora": fedora, "mandriva": mandriva, "vmware": vmware, "cisco": cisco, "hp": hp}, "scanners": {"nessus": nessus, "openvas": openvas, "oval": oval, "nmap": nmap}, diff --git a/lib/core/methods/patches.py b/lib/core/methods/patches.py index f411beb..d3af86f 100755 --- a/lib/core/methods/patches.py +++ b/lib/core/methods/patches.py @@ -7,8 +7,8 @@ import json from config.constants import * -from lib.common.database import Database from lib.common.utils import check_env +from lib.common.database import Database class CvePatches(object): @@ -27,7 +27,8 @@ def get_ms(self): self.cur.execute('SELECT * FROM map_cve_ms WHERE cveid=?', self.query) for self.data in self.cur.fetchall(): - item = {"id": str(self.data[0]), "title": str(self.data[1]), "url": ms_bulletin_url + str(self.data[0])} + item = {"id": str(self.data[0]), "kb": str(self.data[1]), "title": str(self.data[2]), + "url": str(self.data[3])} self.ms.append(item) if len(self.ms) != 0: @@ -35,23 +36,6 @@ def get_ms(self): else: return json.dumps(None) - def get_kb(self): - """ Microsoft method - :return: JSON response with Microsoft KB ID and link - """ - self.kb = [] - self.cur.execute( - 'SELECT * FROM map_cve_mskb WHERE cveid=?', self.query) - - for self.data in self.cur.fetchall(): - item = {"id": str(self.data[0]), "title": str(self.data[1]), "url": kb_bulletin_url + str(self.data[0])} - self.kb.append(item) - - if len(self.kb) != 0: - return json.dumps(self.kb, indent=2, sort_keys=True) - else: - return json.dumps(None) - def get_aixapar(self): """ AIX APAR method :return: JSON response with IBM AIXapar KB ID and link