This repository contains helper playbook to pull Red Hat CVE data from the Red Hat CVE Database and generate a CSV file that can then be used with some excel lookup functions to provided answers to various security group when answers are needed due to CVE being reported during a security scan. The playbook expects the list of CVE (in comma separated list or in line separeted file).
There are other playooks that can be used to generate CSV export of CVRF, Oval, Ovalstreams data for a list of RHSA. These other playbooks use the Red Hat Security Data API 1.0 . For more information review the official documentation.
Note that the main playbook generate-cve-data-csv.yml didn't not use the API parameters like the others because the parameters (e.g. ids) return a summary and not the full CVE information page as needed to generate the type of affidavit/supporting document security teams usually want. That is why it is getting the CVE document for each CVE instead of getting the summary of the CVE for all CVEs.
As mentioned above the list of CVE to use should be passed as either a comma separeted yaml variable or a line separeted file (where each CVE is listed on a line) .
The playbook here only require ansible to run but python and jq are expected on the controler host.
- Use
git clone https://github.com/cadjai/redhat-cve-to-csv.git
to clone the repository - USe
cd redhat-cve-to-csv
to change directory into the location of the playbook.
- To generate CVE data using either the cve_file or the cve_list variable , run the playbook using the following command.
ansible-playbook generate-cve-data-csv.yml -e cve_file=<path-to-cve-file> -e cve_data_result_file=<path-to-CSV-output-file> -vvv ansible-playbook generate-cve-data-csv.yml -e '{"cve_list": [CVE-2022-1280]}' -e cve_data_result_file=/tmp/CVE-2022-1280-cve-results.csv -vvv
Note: You can either use cve_file or cve_list to provide the list of CVE to generate the CSV file for.
-
To generate CVE data using RHSAs through rhsa_file or rhsa_list variable, run the playbook using one of the following commands. Note that this was only introduced with the v2.0 version
ansible-playbook generate-cve-data-csv.yml -e rhsa_file=<path-to-cve-file> -e cve_data_result_file=<path-to-CSV-output-file> -vvv ansible-playbook generate-cve-data-csv.yml -e '{"rhsa_list": [RHSA-2022:3614,RHSA-2022:1642]}' -e cve_data_result_file=/tmp/RHSA-2022-cve-results.csv -vvv
-
To generate CVRF data using RHSAs through rhsa_file or rhsa_list variable, run the playbook using one of the following commands. Note that this was only introduced with the v2.0 version
ansible-playbook generate-cvrf-data-csv.yml -e rhsa_file=<path-to-cve-file> -e rhsa_data_result_file=<path-to-rhsa-cvrf-CSV-output-file> -vvv ansible-playbook generate-cvrf-data-csv.yml -e '{"rhsa_list": [RHSA-2022:3614,RHSA-2022:1642]}' -e rhsa_data_result_file=/tmp/RHSA-2022-cvrf-results.csv -vvv
-
To generate oval data using RHSAs through rhsa_file or rhsa_list variable or the oval_after_date (and optionally the oval_before_date variable) variable, run the playbook using one of the following commands. Note that this was only introduced with the v2.0 version
ansible-playbook generate-oval-data-csv.yml -e rhsa_file=<path-to-cve-file> -e rhsa_data_result_file=<path-to-rhsa-cvrf-CSV-output-file> -vvv ansible-playbook generate-oval-data-csv.yml -e '{"rhsa_list": [RHSA-2022:3614,RHSA-2022:1642]}' -e rhsa_data_result_file=/tmp/RHSA-oval-data-results.csv -vvv
-
To generate OvalStream data for a specific product using product_label variable or the oval_after_date (and optionally the oval_before_date variable) variable, run the playbook using one of the following commands. Note that this was only introduced with the v2.0 version
ansible-playbook generate-ovalstreams-data-csv.yml -e product_label=<product-label> -e ovalstream_data_result_file=<path-to-ovalstreal-data-results-file> -vvv ansible-playbook generate-ovalstreams-data-csv.yml -e product_label='jboss-ws-4' -e oval_after_date='2022-02-02' -e oval_before_date='2022-06-01' -e ovalstream_data_result_file=/tmp/ovalstream-data-results-2022-0808.csv -vvv
Required: Conditionally
The file containing the list of CVEs to query and generate the CSV file for. Only required if the list is not provided as a yaml or comma separeted variable.
Required: Conditionally
The variable containing the list of CVEs to query and generate the CSV file for. Only required if the list is not provided as a line separeted flat file .
Optional:
Default: '/tmp/cve-data-results.csv'
The name and location of the CSV output file generated by the playbook.
Optional:
Default: '/tmp/cve-data-results.csv'
The name and location of the CSV output file generated by the playbook.
Optional:
Default: '/tmp/rhsa-data-results-{{ lookup('pipe','date +%Y%m%d%H%M%S') }}.csv'
The name and location of the CSV output file generated by the playbook.
Optional:
Default: '/tmp/ovalstream-data-results-{{ lookup('pipe','date +%Y%m%d%H%M%S') }}.csv'
The name and location of the CSV output file generated by the generate-ovalstreams-data-csv.yml playbook.
Optional:
Default: 'https://access.redhat.com/hydra/rest/securitydata/cve'
The URL of the Red Hat CVE Database API to use to query the CVE data for each of the CVE in the list provided above .
Optional:
Default: 'https://access.redhat.com/security/cve/'
The URL prefix of the Red Hat CVE API endpoint for a particular CVE being referenced by the RHSA .
Optional:
Default: 'https://bugzilla.redhat.com/show_bug.cgi?id='
The URL prefix of the Red Hat Bugzilla being referenced by the CVE or RHSA .
Optional:
Default: 'https://access.redhat.com/hydra/rest/securitydata/cvrf.json'
The URL of the Red Hat RHSA and CVRF API to use to query RHSA/CVRF data for each of the CVE or RHSA in the list provided above .
Optional:
Default: 'https://access.redhat.com/hydra/rest/securitydata/oval.json'
The URL of the Red Hat Oval security data API to use to query the oval data .
Optional:
Default: 'https://access.redhat.com/hydra/rest/securitydata/oval/ovalstreams.json'
The URL of the Red Hat Ovalstream security data API to use to query the ovalstream data .
Required: Conditionally
The file containing the list of RHSAs to query and generate the CSV file for. Only required if the list (of CVEs or RHSAs) is not provided as a yaml or comma separeted variable.
Note: If running the retrieve-cve-data-for-rhsa-txt.yml by itself to generate a line separated list of CVEs of a list of RHSAs then this become required if the rhsa_list is not set.
Required: Conditionally
The variable containing the list of RHSAs to query and generate the CSV file for. Only required if the list is not provided as a line separeted flat file .
Note: If running the retrieve-cve-data-for-rhsa-txt.yml by itself to generate a line separated list of CVEs of a list of RHSAs then this become required if the rhsa_file is not set.
Required: Conditionally
The variable containing the label/name of product for which the ovalstream data is being pulled. Only becomes required if the oval_all or oval_after_date are missing as well.
Note: Only used by the generate-ovalstreams-data-csv.yml playbook.
Required: Conditionally
The variable containing the earlier date from which to pull the required data. Only becomes required if the oval_all or other conditionally required variables are missing as well.
Required: Conditionally
The boolean variable stating whether to pull ovalstream data for all products or not. Only becomes required if the oval_after_date variable and product_label are missing as well.
Note: Only used by the generate-ovalstreams-data-csv.yml playbook.