In [None]:
import numpy as np
import pandas as pd
import zipfile
import os

import matplotlib.pyplot as plt
import seaborn as sns

In [None]:
# Path to the zip file
zip_path = "archive.zip"

# Directory to extract the zip file
extract_dir = r"C:\Users\DELL\Documents\Hamoye\Team project\Project"

# Extract the zip file
with zipfile.ZipFile(zip_path, 'r') as zip_ref:
    zip_ref.extractall(extract_dir)

# Get a list of all CSV files in the extracted directory
csv_files = [file for file in os.listdir(extract_dir) if file.endswith('.csv')]

# Combine the datasets
df = pd.concat([pd.read_csv(os.path.join(extract_dir, file)) for file in csv_files])

# Optional: Reset the index
df.reset_index(drop=True, inplace=True)

In [None]:
df.head()

## Information on the data frame

- cve_id: This column represents the unique identifier for each vulnerability entry. It is stored as string data.

- vendor_project: This column contains the name or identifier of the vendor or project associated with the vulnerability. It is stored as string data.

- product: This column denotes the specific product or software that is affected by the vulnerability. It is stored as string data.

- vulnerability_name: This column provides the name or description of the vulnerability itself. It is stored as string data.

- date_added: This column represents the date when the vulnerability was added or discovered. It is stored as a date data type.

- short_description: This column contains a brief summary or description of the vulnerability. It is stored as string data.

- required_action: This column specifies the recommended action or steps to be taken to address the vulnerability. It is stored as string data.

- due_date: This column denotes the deadline or due date for taking action to mitigate the vulnerability. It is stored as a date data type.

- notes: This column indicates whether there are any additional notes or comments associated with the vulnerability. It is stored as string data.

- grp: This column represents a grouping or categorization of vulnerabilities. It is stored as a numeric (float) data type.

- pub_date: This column denotes the date when the vulnerability was publicly disclosed or made known. It is stored as a date data type.

- cvss: This column contains the Common Vulnerability Scoring System (CVSS) score, which provides a standardized measure of vulnerability severity. It is stored as a numeric (float) data type.

- cwe: This column represents the Common Weakness Enumeration (CWE) ID associated with the vulnerability. It is stored as string data.

- vector: This column describes the vector or method of exploitation for the vulnerability. It is stored as string data.

- complexity: This column indicates the complexity level of exploiting the vulnerability. It is stored as string data.

- severity: This column represents the severity level assigned to the vulnerability. It is stored as string data.

From the dataset, I noticed that the 'cve_id' column had duplicate.
There are a few possible reasons why the 'cve_id' might be repeated across the datasets:
- The datasets were created from different sources, and the same vulnerability name was assigned a different cve_id by each source.
- The datasets were created at different times, and the same vulnerability name was assigned a new cve_id when it was patched.
- The datasets were created by different people, and some people made mistakes when entering the data.

In [None]:
# Group the data by vulnerability_name and collect unique cve_id values within each group
duplicate_vulnerabilities = df.groupby('vulnerability_name')['cve_id'].unique()

# Filter the duplicate vulnerabilities
duplicate_vulnerabilities = duplicate_vulnerabilities[duplicate_vulnerabilities.apply(lambda x: len(x) > 1)]

# Print the vulnerability_name and corresponding cve_id values with duplicates
if not duplicate_vulnerabilities.empty:
    print("Vulnerability names with different cve_id:")
    for vulnerability_name, cve_ids in duplicate_vulnerabilities.iteritems():
        print("Vulnerability Name:", vulnerability_name)
        print("CVE IDs:", cve_ids)
        print()
else:
    print("No vulnerability names with different cve_id found.")


**Observation**
- vulnerability names were assigned a different cve_id by different source

In [None]:
# View the number of rows and number of columns
df.shape

In [None]:
# View the summary of the data
df.describe(include = 'all')

In [None]:
# A display of the columns, non-null count and the dtypes per column
df.info()

In [None]:
# A better view of the number of null entries per column
df.isnull().sum()

### Dealing with the null entries

In [None]:
# Drop the "notes" column
df.drop('notes', axis=1, inplace=True)

Upon thorough examination of the data frame, I suspected that for rows with the same "cve_id," the corresponding values in other columns are identical, a check to know if that is true

In [None]:
# Group the data by cve_id and count the number of unique values in each column
grouped_df = df.groupby('cve_id').nunique()

# Check if all columns have the same number of unique values for each cve_id
identical = grouped_df.iloc[:, 1:].eq(grouped_df.iloc[:, 1:].count(axis=0)).all().all()

if identical:
    print("The suspicion holds true. Rows with the same 'cve_id' have identical values across other columns.")
else:
    print("The suspicion does not hold true. Rows with the same 'cve_id' have differing values across other columns.")

In [None]:
df.isnull().sum()

In [None]:
# group-wise imputation of missing values by replacing them with the first non-null value within each group
def impute_group(group):
    if group.notna().any().all():
        return group.fillna(group.dropna().iloc[0])
    else:
        return group

df1 = df.groupby('cve_id').apply(impute_group)

# Reset the index after grouping
df1.reset_index(drop=True, inplace=True)

In [None]:
df1.isnull().sum()

- The groupby() function groups the data by cve_id.
- The nunique() function counts the number of unique values in each column of the grouped data.
- The eq() function checks if each column of the grouped data has the same number of unique values.
- The all() function checks if all the values in a Boolean array are True.
- The print() function prints the results to the console.
- The def function defines a function called impute_group().
- The impute_group() function imputes missing values in a group by replacing them with the first non-null value in the group.
- The apply() function applies the impute_group() function to each group of the data.
- The reset_index() function resets the index of the data after grouping.

In [None]:
# Remove missing values
df1_cleaned = df1.dropna()

In [None]:
df1_cleaned.isnull().sum()

In [None]:
# Group by 'cve_id' and check if entries in other columns are not uniform throughout the group
non_uniform_groups = df1_cleaned.groupby('cve_id').transform(lambda x: x.nunique() > 1).any(axis=1)

# Get the rows with non-uniform 'cve_id' groups
non_uniform_rows = df1_cleaned[non_uniform_groups]

# Get the unique 'cve_id' groups where entries in other columns are not uniform
non_uniform_cve_groups = non_uniform_rows.groupby('cve_id').apply(lambda x: x.drop_duplicates()).reset_index(drop=True)

# Set display options to show all columns and rows
pd.set_option('display.max_columns', None)
pd.set_option('display.max_rows', None)
pd.set_option('display.max_colwidth', None)

# Print the non-uniform 'cve_id' groups
non_uniform_cve_groups


In [None]:
unique_cve_ids = non_uniform_cve_groups['cve_id'].unique()
print(unique_cve_ids)

In [None]:
non_uniform_cve_groups.shape

In [None]:
df1_cleaned.shape

In [None]:
df1_cleaned.dtypes

## EDA

### Identify unique vulnerabilities

In [None]:
# Create a new column combining relevant columns to identify unique vulnerabilities
df1_cleaned['unique_vulnerability'] = df1_cleaned['cve_id'].astype(str) + '_' + df1_cleaned['vendor_project'] + '_' + df1_cleaned['product'] + '_' + df1_cleaned['vulnerability_name']

# Identify unique vulnerabilities
unique_vulnerabilities = df1_cleaned['unique_vulnerability'].unique()

# Print the number of unique vulnerabilities
print("Number of unique vulnerabilities:", len(unique_vulnerabilities))


#### Vulnerabilities by severity level

In [None]:
# Set a cool color palette
colors = sns.color_palette("cool")

# Count vulnerabilities by severity level
severity_counts = df['severity'].value_counts()

# Create a bar plot with a larger figure size
plt.figure(figsize=(20, 10))
bars = plt.bar(severity_counts.index, severity_counts.values, color=colors)

# Add count labels to each bar
for bar in bars:
    height = bar.get_height()
    plt.text(bar.get_x() + bar.get_width() / 2, height, height, ha='center', va='bottom')

plt.xlabel('Severity')
plt.ylabel('Count')
plt.title('Vulnerabilities by Severity Level')
plt.xticks(rotation=90)
plt.show()


### Analyzing the datasets to identify patterns or trends in the occurrence and severity of vulnerabilities
Accessing changes in the frequency or distribution of vulnerabilities across the different dates, with the aim to identify areas of increased or decreased risk over time.

In [None]:
# Convert date columns to datetime data type
date_columns = ['date_added', 'due_date', 'pub_date']
df1_cleaned[date_columns] = df1_cleaned[date_columns].apply(pd.to_datetime)

# Group vulnerabilities by date and count the occurrences
vulnerability_counts = df1_cleaned.groupby('date_added').size()

In [None]:
# Plot the vulnerability occurrence trend
plt.figure(figsize=(20, 10))
vulnerability_counts.plot(kind='line', marker='o')
plt.title('Vulnerability Occurrence Trend')
plt.xlabel('Date')
plt.ylabel('Occurrences')
plt.xticks(rotation=0)
plt.show()