Mapl-App-NVDs

The following application has different endpoints to retrieve and manage API vulnerabilities from the NATIONAL VULNERABILITIES DATABASE (NVD), NIST.

For more information: https://nvd.nist.gov/developers/vulnerabilities

The database used is MongoDB, it could be run in a local machine or in several cloud services.

The application is developed in Python using the FastAPI framework. The application could be deployed in a Docker container too.

Pre requisites

For the local execution of the API, the following components are required:

 Python3: The language the Ap has been written.
 Mongo:  The Db chosen as the data platform tested locally, containerized and in the Cloud.

And all the pip libraries contained in requirements.txt file.

pymongo
fastapi
requests
uvicorn

For Docker execution, Docker Engine (and optionally Docker compose plugin) it's only needed, and the rest of components will be automatically added.

---

---

Instructions for Installation

1.- Clone the Repo

Run the following command to clone the repository.

git clone https://github.com/Qubo-FNSD/Mapl-App-NVDs.git

Navigate to the ap directory with:

cd Mapl-App-NVDs

---

---

Depending on the excecution mode, (Locally or in Docker) follow the instruction below.

Locally:

2.- Create a new virtual environment.

python3 -m venv venv

3.- Activate the virtual environment.

source venv/bin/activate      

It will look like this:

---

Install all the libraries using pip install -r requirements.txt:

pip install -r requirements.txt

4.- Run MongoDB locally

sudo systemctl enable mongod

# Or in Mac 

brew services start mongodb-community

5.- Run the API

python3 main.py

Now you can continue testing from Postman (instructions below).

Installation Docker

 For mac:
      [https://docs.docker.com/desktop/install/mac-install/](https://docs.docker.com/desktop/install/mac-install/)   
      

 For Windows:
      
      [https://docs.docker.com/desktop/install/windows-install/](https://docs.docker.com/desktop/install/windows-install/)
      
      
 For Ubuntu:
      
      [https://docs.docker.com/desktop/install/ubuntu/](https://docs.docker.com/desktop/install/ubuntu/)

And follow the instructions. To run the scripts, we need to run Docker first.

Run the Docker Containers.

From Mapl-App-NVDs folder, run the Docker build and compose command.

docker-compose up -d

When stop the containers is needed, use:

docker-compose down

Or without docker-compose, but with Docker over Docker run from Dockerfile:

docker network create -d bridge mapl-net

docker run -d --network mapl-net -p 8000:8000 -v mapl-vol --name mapl-api --label mapl mapl-api

docker run -d --network mapl-net  -p 27017:27017 -v mapl-vol --name mongodb --label mapl mongo:latest

---

---

Endpoint details

---

1.- Endpoint that returns the vulnerabilities filtered by the keyword, saves their degree of severity and categorizes them with an open status.

Endpoint: http://localhost:8000/getVulns

Parameters:

• myapikey
• keyword
• resultsperpage

---

2.- Endpoint that receives the IDs of fixed vulnerabilities. If the vulnerability is open, it updates it to fixed status.

Endpoint: http://localhost:8000/postFixedVulns

Parameters:

• In the body, as raw JSON, the following scheme:

{ "IDS": [ {"ID": "CVE-2020-13254"},

{"ID": "CVE-2020-13596"} ] }

---

3.- Endpoint that returns a list with the vulnerabilities pending correction (status other than fixed).

Endpoint: http://localhost:8000/getOpenVulns

Parameters:

• Without parameters.

---

4.- Endpoint that returns a total of vulnerabilities by degree of severity (status open).

Endpoint: http://localhost:8000/getTotalVulnsBySeverity

parameters:

• Without parameters.

---

---

Postman usage

To import the testing collection, use the file .json

Developmental potential:

• Add more endpoints to manage the API.
• Testing the API with Pytest.
• QA testing.
• and more...

The app is also live in the cloud. AWS and Google Cloud.

Be connected

https://join.slack.com/t/mapl-alp-2022/shared_invite/zt-1exbwmwps-zE7NC~bKRPWOozkr20RH4g

On discord: Luck547#7467