In [18]:
import json

# Load the JSON file
with open('examples/CVE-2021-46022_NVD.json') as f:
    data_nvd = json.load(f)

print(data_nvd)

{'id': 'CVE-2021-46022', 'sourceIdentifier': 'cve@mitre.org', 'published': '2022-01-14T20:15:15.560', 'lastModified': '2024-11-21T06:33:29.270', 'vulnStatus': 'Modified', 'cveTags': [], 'descriptions': [{'lang': 'en', 'value': 'An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.'}, {'lang': 'es', 'value': 'Una vulnerabilidad de Uso de Memoria Previamente Liberada en la función rec_mset_elem_destroy() en el archivo rec-mset.c de GNU Recutils v1.8.90, puede conllevar a un fallo de segmentación o un fallo de la aplicación'}], 'metrics': {'cvssMetricV31': [{'source': 'nvd@nist.gov', 'type': 'Primary', 'cvssData': {'version': '3.1', 'vectorString': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H', 'baseScore': 5.5, 'baseSeverity': 'MEDIUM', 'attackVector': 'LOCAL', 'attackComplexity': 'LOW', 'privilegesRequired': 'NONE', 'userInteraction': 'REQUIRED', 'scope': 'UNCHANGED', 'confidentialityImpac

In [19]:
with open('examples/CVE-2021-46022_V5.json') as f:
    data_v5 = json.load(f)

print(data_v5)

{'dataType': 'CVE_RECORD', 'dataVersion': '5.1', 'cveMetadata': {'state': 'PUBLISHED', 'cveId': 'CVE-2021-46022', 'assignerOrgId': '8254265b-2729-46b6-b9e3-3dfca2d5bfca', 'assignerShortName': 'mitre', 'dateUpdated': '2024-08-04T04:54:31.232Z', 'dateReserved': '2022-01-03T00:00:00', 'datePublished': '2022-01-14T00:00:00'}, 'containers': {'cna': {'providerMetadata': {'orgId': '8254265b-2729-46b6-b9e3-3dfca2d5bfca', 'shortName': 'mitre', 'dateUpdated': '2023-11-13T22:41:58.698447'}, 'descriptions': [{'lang': 'en', 'value': 'An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.'}], 'affected': [{'vendor': 'n/a', 'product': 'n/a', 'versions': [{'version': 'n/a', 'status': 'affected'}]}], 'references': [{'url': 'https://lists.gnu.org/archive/html/bug-recutils/2021-12/msg00007.html'}, {'name': 'FEDORA-2022-4e6bd7ca62', 'tags': ['vendor-advisory'], 'url': 'https://lists.fedoraproject.org/archives/

### integrate nvd into V5

In [20]:
# add descriptions from NVD to V5 JSON

for description in data_nvd['descriptions']:
    v5_descriptions = [desc['value'] for desc in data_v5['containers']['cna']['descriptions']]
    if description['value'] not in v5_descriptions:
        data_v5['containers']['cna']['descriptions'].append(description)
        print(f"Description added to V5 JSON")
    else:
        print(f"Description found in V5 JSON")

Description found in V5 JSON
Description added to V5 JSON


In [21]:
# add weaknesses from NVD to V5 JSON

nvd_weaknesses = [weak['value'] for type in data_nvd['weaknesses'] for weak in type['description']]
for weakness in nvd_weaknesses:
    v5_weaknesses = [weak['cweId'] for weak in data_v5['containers']['cna']['problemTypes'] if weak['descriptions'] == 'CWE']
    if weakness not in v5_weaknesses:
        data_v5['containers']['cna']['problemTypes'].append({
            "lang": "en",
            "cweId": weakness,
            "descriptions": weakness,
            "type": "CWE"
        })
        print(f"Weakness added to V5 JSON")
    else:
        print(f"Weakness found in V5 JSON")

print(data_v5['containers']['cna']['problemTypes'])

Weakness added to V5 JSON
[{'descriptions': [{'type': 'text', 'lang': 'en', 'description': 'n/a'}]}, {'lang': 'en', 'cweId': 'CWE-416', 'descriptions': 'CWE-416', 'type': 'CWE'}]
