In [1]:
import pandas as pd
import requests
import time
import os
import json
import pprint
import nvdlib

def cvss_online(cve_id):
    try:
        cve = nvdlib.searchCVE(cveId=cve_id)[0]
    except IndexError:
        return "Invalid CVE ID"
    
    description = v2score = v2exploitability = v2severity = v2impactScore = 'NF'
    accessVector = accessComplexity = authentication = confidentialityImpact = integrityImpact = availabilityImpact = 'NF'
    
    try:
        description = cve.descriptions[0].value
    except AttributeError:
        pass
    
    try:
        v2score = cve.v2score
    except AttributeError:
        pass
    
    try:
        v2exploitability = cve.v2exploitability
    except AttributeError:
        pass
    
    try:
        v2severity = cve.v2severity
    except AttributeError:
        pass
    
    try:
        v2impactScore = cve.v2impactScore
    except AttributeError:
        pass
    
    try:
        cvss_data = cve.metrics.cvssMetricV2[0].cvssData
        accessVector = cvss_data.accessVector
        accessComplexity = cvss_data.accessComplexity
        authentication = cvss_data.authentication
        confidentialityImpact = cvss_data.confidentialityImpact
        integrityImpact = cvss_data.integrityImpact
        availabilityImpact = cvss_data.availabilityImpact
    except AttributeError:
        pass
    
    return {
        "cve":cve_id,
        "description": description,
        "baseScore": v2score,
        "exploitabilityScore": v2exploitability,
        "severity": v2severity,
        "impactScore": v2impactScore,
        "accessVector": accessVector,
        "accessComplexity": accessComplexity,
        "authentication": authentication,
        "confidentialityImpact": confidentialityImpact,
        "integrityImpact": integrityImpact,
        "availabilityImpact": availabilityImpact
    }



In [19]:
df = pd.read_csv('./data/scan_results/sockshop.csv')
db = pd.read_csv('./data/cve_id_db.csv',low_memory=False)
dfn = df.loc[~df['cve'].isin(db['cve']),['cve']]
dfn = dfn.drop_duplicates()
dfn = dfn['cve'].tolist()
dfn
new_cves = []
for cve in dfn:
    cve_info = cvss_online(cve)
    if cve_info != "Invalid CVE ID" or cve_info['description'] !='NF' :
        new_cves.append(cve_info)
print(cve_info)

#     # Convert new_cves list to a DataFrame and append it to the database
#     new_cves_df = pd.DataFrame(new_cves)
#     db = pd.concat([db, new_cves_df], ignore_index=True)

#     return db

{'description': "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted sourc

In [21]:
new_cves_df = pd.DataFrame(new_cves)
new_cves_df

Unnamed: 0,description,v2score,v2exploitability,v2severity,v2impactScore,accessVector,accessComplexity,authentication,confidentialityImpact,integrityImpact,availabilityImpact
0,"Two errors in the ""asn1_find_node()"" function ...",6.8,8.6,MEDIUM,6.4,NETWORK,MEDIUM,NONE,PARTIAL,PARTIAL,PARTIAL
1,A deserialization flaw was discovered in jacks...,NF,NF,NF,NF,NF,NF,NF,NF,NF,NF
2,In FasterXML jackson-databind before 2.14.0-rc...,NF,NF,NF,NF,NF,NF,NF,NF,NF,NF
3,"In FasterXML jackson-databind before 2.13.4, r...",NF,NF,NF,NF,NF,NF,NF,NF,NF,NF
4,"If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to ...",NF,NF,NF,NF,NF,NF,NF,NF,NF,NF
5,"The URL pattern of """" (the empty string) which...",4.3,8.6,MEDIUM,2.9,NETWORK,MEDIUM,NONE,PARTIAL,NONE,NONE
6,When using the RemoteIpFilter with requests re...,NF,NF,NF,NF,NF,NF,NF,NF,NF,NF
7,The simplified implementation of blocking read...,NF,NF,NF,NF,NF,NF,NF,NF,NF,NF
8,"In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 -...",NF,NF,NF,NF,NF,NF,NF,NF,NF,NF
9,\nReactive web applications that use Spring HA...,NF,NF,NF,NF,NF,NF,NF,NF,NF,NF
