redhat-cve-to-csv

This repository contains helper playbook to pull Red Hat CVE data from the Red Hat CVE Database and generate a CSV file that can then be used with some excel lookup functions to provided answers to various security group when answers are needed due to CVE being reported during a security scan. The playbook expects the list of CVE (in comma separated list or in line separeted file).
There are other playooks that can be used to generate CSV export of CVRF, Oval, Ovalstreams data for a list of RHSA. These other playbooks use the Red Hat Security Data API 1.0 . For more information review the official documentation. Note that the main playbook generate-cve-data-csv.yml didn't not use the API parameters like the others because the parameters (e.g. ids) return a summary and not the full CVE information page as needed to generate the type of affidavit/supporting document security teams usually want. That is why it is getting the CVE document for each CVE instead of getting the summary of the CVE for all CVEs.

Requirements

As mentioned above the list of CVE to use should be passed as either a comma separeted yaml variable or a line separeted file (where each CVE is listed on a line) .
The playbook here only require ansible to run but python and jq are expected on the controler host.

Cloning the repository

1. Use git clone https://github.com/cadjai/redhat-cve-to-csv.git to clone the repository
2. USe cd redhat-cve-to-csv to change directory into the location of the playbook.

Running the playbooks

1. To generate CVE data using either the cve_file or the cve_list variable , run the playbook using the following command.

   ansible-playbook generate-cve-data-csv.yml -e cve_file=<path-to-cve-file> -e cve_data_result_file=<path-to-CSV-output-file> -vvv
   
   ansible-playbook generate-cve-data-csv.yml -e '{"cve_list": [CVE-2022-1280]}' -e cve_data_result_file=/tmp/CVE-2022-1280-cve-results.csv -vvv
   

Note: You can either use cve_file or cve_list to provide the list of CVE to generate the CSV file for.

2. To generate CVE data using RHSAs through rhsa_file or rhsa_list variable, run the playbook using one of the following commands. Note that this was only introduced with the v2.0 version

   ansible-playbook generate-cve-data-csv.yml -e rhsa_file=<path-to-cve-file> -e cve_data_result_file=<path-to-CSV-output-file> -vvv
   
   ansible-playbook generate-cve-data-csv.yml -e '{"rhsa_list": [RHSA-2022:3614,RHSA-2022:1642]}' -e cve_data_result_file=/tmp/RHSA-2022-cve-results.csv -vvv
   

3. To generate CVRF data using RHSAs through rhsa_file or rhsa_list variable, run the playbook using one of the following commands. Note that this was only introduced with the v2.0 version

   ansible-playbook generate-cvrf-data-csv.yml -e rhsa_file=<path-to-cve-file> -e rhsa_data_result_file=<path-to-rhsa-cvrf-CSV-output-file> -vvv
   
   ansible-playbook generate-cvrf-data-csv.yml -e '{"rhsa_list": [RHSA-2022:3614,RHSA-2022:1642]}' -e rhsa_data_result_file=/tmp/RHSA-2022-cvrf-results.csv -vvv
   

4. To generate oval data using RHSAs through rhsa_file or rhsa_list variable or the oval_after_date (and optionally the oval_before_date variable) variable, run the playbook using one of the following commands. Note that this was only introduced with the v2.0 version

   ansible-playbook generate-oval-data-csv.yml -e rhsa_file=<path-to-cve-file> -e rhsa_data_result_file=<path-to-rhsa-cvrf-CSV-output-file> -vvv
   
   ansible-playbook generate-oval-data-csv.yml -e '{"rhsa_list": [RHSA-2022:3614,RHSA-2022:1642]}' -e rhsa_data_result_file=/tmp/RHSA-oval-data-results.csv -vvv
   

5. To generate OvalStream data for a specific product using product_label variable or the oval_after_date (and optionally the oval_before_date variable) variable, run the playbook using one of the following commands. Note that this was only introduced with the v2.0 version

   ansible-playbook generate-ovalstreams-data-csv.yml -e product_label=<product-label> -e ovalstream_data_result_file=<path-to-ovalstreal-data-results-file> -vvv
   
   ansible-playbook generate-ovalstreams-data-csv.yml -e product_label='jboss-ws-4' -e oval_after_date='2022-02-02' -e oval_before_date='2022-06-01' -e ovalstream_data_result_file=/tmp/ovalstream-data-results-2022-0808.csv -vvv
   

Playbook Variables

cve_file

Required: Conditionally
The file containing the list of CVEs to query and generate the CSV file for. Only required if the list is not provided as a yaml or comma separeted variable.

cve_list

Required: Conditionally
The variable containing the list of CVEs to query and generate the CSV file for. Only required if the list is not provided as a line separeted flat file .

cve_data_result_file

Optional:
Default: '/tmp/cve-data-results.csv'
The name and location of the CSV output file generated by the playbook.

cve_data_result_file

Optional:
Default: '/tmp/cve-data-results.csv'
The name and location of the CSV output file generated by the playbook.

rhsa_data_result_file

Optional:
Default: '/tmp/rhsa-data-results-{{ lookup('pipe','date +%Y%m%d%H%M%S') }}.csv'
The name and location of the CSV output file generated by the playbook.

ovalstream_data_result_file

Optional:
Default: '/tmp/ovalstream-data-results-{{ lookup('pipe','date +%Y%m%d%H%M%S') }}.csv'
The name and location of the CSV output file generated by the generate-ovalstreams-data-csv.yml playbook.

cve_data_api_url

Optional:
Default: 'https://access.redhat.com/hydra/rest/securitydata/cve'
The URL of the Red Hat CVE Database API to use to query the CVE data for each of the CVE in the list provided above .

rhsa_cve_url_prefix

Optional:
Default: 'https://access.redhat.com/security/cve/'
The URL prefix of the Red Hat CVE API endpoint for a particular CVE being referenced by the RHSA .

rhsa_bugzilla_url_prefix

Optional:
Default: 'https://bugzilla.redhat.com/show_bug.cgi?id='
The URL prefix of the Red Hat Bugzilla being referenced by the CVE or RHSA .

cvrf_data_api_url

Optional:
Default: 'https://access.redhat.com/hydra/rest/securitydata/cvrf.json'
The URL of the Red Hat RHSA and CVRF API to use to query RHSA/CVRF data for each of the CVE or RHSA in the list provided above .

oval_data_api_url

Optional:
Default: 'https://access.redhat.com/hydra/rest/securitydata/oval.json'
The URL of the Red Hat Oval security data API to use to query the oval data .

ovalstream_data_api_url

Optional:
Default: 'https://access.redhat.com/hydra/rest/securitydata/oval/ovalstreams.json'
The URL of the Red Hat Ovalstream security data API to use to query the ovalstream data .

rhsa_file

Required: Conditionally
The file containing the list of RHSAs to query and generate the CSV file for. Only required if the list (of CVEs or RHSAs) is not provided as a yaml or comma separeted variable.
Note: If running the retrieve-cve-data-for-rhsa-txt.yml by itself to generate a line separated list of CVEs of a list of RHSAs then this become required if the rhsa_list is not set.

rhsa_list

Required: Conditionally
The variable containing the list of RHSAs to query and generate the CSV file for. Only required if the list is not provided as a line separeted flat file .
Note: If running the retrieve-cve-data-for-rhsa-txt.yml by itself to generate a line separated list of CVEs of a list of RHSAs then this become required if the rhsa_file is not set.

product_label

Required: Conditionally
The variable containing the label/name of product for which the ovalstream data is being pulled. Only becomes required if the oval_all or oval_after_date are missing as well. Note: Only used by the generate-ovalstreams-data-csv.yml playbook.

oval_after_date

Required: Conditionally
The variable containing the earlier date from which to pull the required data. Only becomes required if the oval_all or other conditionally required variables are missing as well.

oval_all

Required: Conditionally
The boolean variable stating whether to pull ovalstream data for all products or not. Only becomes required if the oval_after_date variable and product_label are missing as well. Note: Only used by the generate-ovalstreams-data-csv.yml playbook.