# CVE data processing

In [1]:
# source data from Kaggle: https://www.kaggle.com/datasets/andrewkronser/cve-common-vulnerabilities-and-exposures/data

import pandas as pd

cve_df = pd.read_csv("/content/cve.csv")
cve_df.rename(columns={"Unnamed: 0": "cve_id"}, inplace=True)
print(cve_df.shape)

cve_df = cve_df.dropna(subset=['cve_id', 'cvss'])
print(cve_df.shape)

cve_df.head()

(89660, 13)
(89660, 13)


Unnamed: 0,cve_id,mod_date,pub_date,cvss,cwe_code,cwe_name,summary,access_authentication,access_complexity,access_vector,impact_availability,impact_confidentiality,impact_integrity
0,CVE-2019-16548,2019-11-21 15:15:00,2019-11-21 15:15:00,6.8,352,Cross-Site Request Forgery (CSRF),A cross-site request forgery vulnerability in ...,,,,,,
1,CVE-2019-16547,2019-11-21 15:15:00,2019-11-21 15:15:00,4.0,732,Incorrect Permission Assignment for Critical ...,Missing permission checks in various API endpo...,,,,,,
2,CVE-2019-16546,2019-11-21 15:15:00,2019-11-21 15:15:00,4.3,639,Authorization Bypass Through User-Controlled Key,Jenkins Google Compute Engine Plugin 4.1.1 and...,,,,,,
3,CVE-2013-2092,2019-11-20 21:22:00,2019-11-20 21:15:00,4.3,79,Improper Neutralization of Input During Web P...,Cross-site Scripting (XSS) in Dolibarr ERP/CRM...,,,,,,
4,CVE-2013-2091,2019-11-20 20:15:00,2019-11-20 20:15:00,7.5,89,Improper Neutralization of Special Elements u...,SQL injection vulnerability in Dolibarr ERP/CR...,,,,,,


In [2]:
products_df = pd.read_csv("/content/products.csv")
products_df.rename(columns={"Unnamed: 0": "cve_id"}, inplace=True)
print(products_df.shape)

products_df = products_df.dropna(subset=['cve_id', 'vulnerable_product'])
print(products_df.shape)

products_df.head()

(180585, 2)
(180543, 2)


Unnamed: 0,cve_id,vulnerable_product
0,CVE-2019-16548,google_compute_engine
1,CVE-2019-16547,google_compute_engine
2,CVE-2019-16546,google_compute_engine
3,CVE-2013-2092,dolibarr
4,CVE-2013-2091,dolibarr


In [3]:
windows_df = products_df[products_df['vulnerable_product'].str.contains('windows', case=False, na=False)]
merged_df = cve_df.merge(windows_df, on='cve_id', how='left')
print(merged_df.shape)
merged_df.head()

(98092, 14)


Unnamed: 0,cve_id,mod_date,pub_date,cvss,cwe_code,cwe_name,summary,access_authentication,access_complexity,access_vector,impact_availability,impact_confidentiality,impact_integrity,vulnerable_product
0,CVE-2019-16548,2019-11-21 15:15:00,2019-11-21 15:15:00,6.8,352,Cross-Site Request Forgery (CSRF),A cross-site request forgery vulnerability in ...,,,,,,,
1,CVE-2019-16547,2019-11-21 15:15:00,2019-11-21 15:15:00,4.0,732,Incorrect Permission Assignment for Critical ...,Missing permission checks in various API endpo...,,,,,,,
2,CVE-2019-16546,2019-11-21 15:15:00,2019-11-21 15:15:00,4.3,639,Authorization Bypass Through User-Controlled Key,Jenkins Google Compute Engine Plugin 4.1.1 and...,,,,,,,
3,CVE-2013-2092,2019-11-20 21:22:00,2019-11-20 21:15:00,4.3,79,Improper Neutralization of Input During Web P...,Cross-site Scripting (XSS) in Dolibarr ERP/CRM...,,,,,,,
4,CVE-2013-2091,2019-11-20 20:15:00,2019-11-20 20:15:00,7.5,89,Improper Neutralization of Special Elements u...,SQL injection vulnerability in Dolibarr ERP/CR...,,,,,,,


In [4]:
merged_df = merged_df[['cve_id', 'mod_date', 'pub_date', 'cvss', 'cwe_code', 'cwe_name', 'summary', 'vulnerable_product']]
merged_df.head()

Unnamed: 0,cve_id,mod_date,pub_date,cvss,cwe_code,cwe_name,summary,vulnerable_product
0,CVE-2019-16548,2019-11-21 15:15:00,2019-11-21 15:15:00,6.8,352,Cross-Site Request Forgery (CSRF),A cross-site request forgery vulnerability in ...,
1,CVE-2019-16547,2019-11-21 15:15:00,2019-11-21 15:15:00,4.0,732,Incorrect Permission Assignment for Critical ...,Missing permission checks in various API endpo...,
2,CVE-2019-16546,2019-11-21 15:15:00,2019-11-21 15:15:00,4.3,639,Authorization Bypass Through User-Controlled Key,Jenkins Google Compute Engine Plugin 4.1.1 and...,
3,CVE-2013-2092,2019-11-20 21:22:00,2019-11-20 21:15:00,4.3,79,Improper Neutralization of Input During Web P...,Cross-site Scripting (XSS) in Dolibarr ERP/CRM...,
4,CVE-2013-2091,2019-11-20 20:15:00,2019-11-20 20:15:00,7.5,89,Improper Neutralization of Special Elements u...,SQL injection vulnerability in Dolibarr ERP/CR...,


In [5]:
merged_df = merged_df[merged_df['vulnerable_product'].str.contains('windows', case=False, na=False)].reset_index(drop=True)
print(merged_df.shape)
merged_df.to_excel("cvedata.xlsx", index=0)
merged_df.head()

(10608, 8)


Unnamed: 0,cve_id,mod_date,pub_date,cvss,cwe_code,cwe_name,summary,vulnerable_product
0,CVE-2019-1456,2019-11-12 20:43:00,2019-11-12 19:15:00,6.8,119,Improper Restriction of Operations within the...,A remote code execution vulnerability exists i...,windows_10
1,CVE-2019-1456,2019-11-12 20:43:00,2019-11-12 19:15:00,6.8,119,Improper Restriction of Operations within the...,A remote code execution vulnerability exists i...,windows_7
2,CVE-2019-1456,2019-11-12 20:43:00,2019-11-12 19:15:00,6.8,119,Improper Restriction of Operations within the...,A remote code execution vulnerability exists i...,windows_8.1
3,CVE-2019-1456,2019-11-12 20:43:00,2019-11-12 19:15:00,6.8,119,Improper Restriction of Operations within the...,A remote code execution vulnerability exists i...,windows_rt_8.1
4,CVE-2019-1456,2019-11-12 20:43:00,2019-11-12 19:15:00,6.8,119,Improper Restriction of Operations within the...,A remote code execution vulnerability exists i...,windows_server_2008


In [6]:
merged_df.info()

<class 'pandas.core.frame.DataFrame'>
RangeIndex: 10608 entries, 0 to 10607
Data columns (total 8 columns):
 #   Column              Non-Null Count  Dtype  
---  ------              --------------  -----  
 0   cve_id              10608 non-null  object 
 1   mod_date            10608 non-null  object 
 2   pub_date            10608 non-null  object 
 3   cvss                10608 non-null  float64
 4   cwe_code            10608 non-null  int64  
 5   cwe_name            10608 non-null  object 
 6   summary             10608 non-null  object 
 7   vulnerable_product  10608 non-null  object 
dtypes: float64(1), int64(1), object(6)
memory usage: 663.1+ KB


In [7]:
ana_input = pd.DataFrame({
    "Server IP": ["10.1.1.2"] * len(merged_df),
    "Hostname": ["aws.host.server"] * len(merged_df),
    "OS": merged_df["vulnerable_product"],
    "CVE": merged_df["cve_id"],
    "CVE Score": merged_df["cvss"]
})
print(ana_input.shape)

ana_input.head()

(10608, 5)


Unnamed: 0,Server IP,Hostname,OS,CVE,CVE Score
0,10.1.1.2,aws.host.server,windows_10,CVE-2019-1456,6.8
1,10.1.1.2,aws.host.server,windows_7,CVE-2019-1456,6.8
2,10.1.1.2,aws.host.server,windows_8.1,CVE-2019-1456,6.8
3,10.1.1.2,aws.host.server,windows_rt_8.1,CVE-2019-1456,6.8
4,10.1.1.2,aws.host.server,windows_server_2008,CVE-2019-1456,6.8


In [8]:
import re

def os_priority(os_str):
    if os_str == "windows_10":
        return 100
    elif os_str == "windows_8.1":
        return 90
    elif os_str == "windows_rt_8.1":
        return 80
    elif os_str.startswith("windows_server_"):
        # Extract year from e.g., "windows_server_2016"
        try:
            year = int(re.findall(r"\d{4}", os_str)[0])
            return year  # Higher year = higher priority
        except:
            return 0
    else:
        return 0

# Apply priority
ana_input["os_priority"] = ana_input["OS"].apply(os_priority)

# Deduplicate based on CVE and CVE Score, keeping row with highest OS priority
df_dedup = ana_input.sort_values("os_priority", ascending=False).drop_duplicates(subset=["CVE", "CVE Score"])

# Drop helper column
df_dedup = df_dedup.drop(columns=["os_priority"]).reset_index(drop=True)
df_dedup.to_excel("cve_input.xlsx", index=0)
df_dedup.head()


Unnamed: 0,Server IP,Hostname,OS,CVE,CVE Score
0,10.1.1.2,aws.host.server,windows_server_2019,CVE-2019-1456,6.8
1,10.1.1.2,aws.host.server,windows_server_2019,CVE-2019-1440,2.1
2,10.1.1.2,aws.host.server,windows_server_2019,CVE-2019-1437,7.2
3,10.1.1.2,aws.host.server,windows_server_2019,CVE-2019-0888,9.3
4,10.1.1.2,aws.host.server,windows_server_2019,CVE-2019-1438,7.2


In [9]:
shuffled_df = df_dedup.sample(frac=1, random_state=42).reset_index(drop=True)
shuffled_df[:100].to_excel("cve_input_100.xlsx", index=0)