In [21]:
import feedparser
import requests
import re
import time
import pandas as pd
import numpy as np
import matplotlib.pyplot as plt
import seaborn as sns
import json

from tqdm import tqdm

# Etape 1 : Extraction des flux RSS

In [22]:
def extract_rss_entries():
    urls = [
        "https://www.cert.ssi.gouv.fr/avis/feed",
        "https://www.cert.ssi.gouv.fr/alerte/feed"
    ]
    entries = []
    for url in urls:
        feed = feedparser.parse(url)
        for entry in feed.entries:
            entries.append({
                'id': entry.link.split("/")[-2],
                'title': entry.title,
                'link': entry.link,
                'type': "Alerte" if "alerte" in url else "Avis",
                'date': entry.published
            })
    return entries

In [23]:
rss_entries = extract_rss_entries()
print(f"Nombre d'entrées RSS : {len(rss_entries)}\n")
# print(rss_entries)

Nombre d'entrées RSS : 80



# Etape 2 : Extraction des CVE

In [24]:
def extract_cves_from_json(entry_link):
    try:
        json_url = entry_link + "/json/"
        response = requests.get(json_url)
        data = response.json() # fichier JSON complet de l'entrée RSS

        # Extraction des CVE reference dans la clé cves du dict data
        cve_refs = data.get("cves", [])

        # Retourne la liste de CVE référence pour l'entrée RSS entrée en argument + le JSON complet de l'entrée RSS
        return cve_refs, data
    except:
        return [], {}


# Etape 3 : Enrichissement des CVE

In [25]:
def enrich_cve(cve_id):
    time.sleep(2)
    mitre_data = {}
    epss_score = None

    try:
        mitre_url = f"https://cveawg.mitre.org/api/cve/{cve_id}"
        r = requests.get(mitre_url)
        mitre_data = r.json()
    except:
        pass

    try:
        epss_url = f"https://api.first.org/data/v1/epss?cve={cve_id}"
        r = requests.get(epss_url)
        epss_json = r.json()
        epss_score = epss_json.get("data", [{}])[0].get("epss")
    except:
        epss_score = None

    return mitre_data, epss_score

# Etape 4 : Consolidation des données

In [26]:
def get_data_from_mitre(mitre_data):
    try:
        description = mitre_data.get('containers', {}).get('cna', {}).get('description', [{}])[0].get('value')
    except:
        description = None

    try:
        problem_type = mitre_data.get('containers', {}).get('cna', {}).get('problemTypes', [{}])[0].get('descriptions', [{}])
        cwe = problem_type[0].get("cweId", "Non disponible")
        cwe_desc = problem_type[0].get("description", "Non disponible")
    except:
        cwe, cwe_desc = "Non disponible", "Non disponible"

    try:
        affected = mitre_data.get('containers', {}).get('cna', {}).get('affected', [{}])
        vendor = affected[0].get('vendor', None)
        product = affected[0].get('product', None)
        versions = [v.get('version') for v in affected[0].get('versions', []) if v.get('status') == 'affected']
    except:
        vendor, product, versions = None, None, []

    try:
        cvss_info = mitre_data.get('containers', {}).get('cna', {}).get('metrics', [{}])[0]
        k = next((key for key in cvss_info if key.startswith('cvss')), None)
        if k:
            cvss_score = cvss_info[k].get('baseScore')
            severity = cvss_info[k].get('baseSeverity')
        else:
            cvss_score, severity = None, None
    except:
        cvss_score, severity = None, None

    return {
        'description': description,
        'cwe': cwe,
        'cwe_desc': cwe_desc,
        'vendor': vendor, 
        'product': product,
        'versions': versions,
        'cvss': cvss_score,
        'severity': severity
    }


In [27]:
def get_data(rss_entries):
    data = []  
    for entry in rss_entries:
        cves, entry_data = extract_cves_from_json(entry['link'])
        for cve_dico in cves:
            mitre_data, epss_score = enrich_cve(cve_dico['name'])
            mitre_dico = get_data_from_mitre(mitre_data)
            dico = {
                'id': entry['id'],
                'title': entry['title'],
                'type': entry['type'],
                'date': entry['date'],
                'link': entry['link'],
                'cve_id': cve_dico['name'],
                'description': mitre_dico['description'],
                'cwe': mitre_dico['cwe'],
                'cwe_desc' :mitre_dico['cwe_desc'],
                'vendor': mitre_dico['vendor'],
                'product': mitre_dico['product'],
                'affected_versions': mitre_dico['versions'],
                'epss' : epss_score,
                'cvss': mitre_dico['cvss'],
                'severity': mitre_dico['severity']
            }
            data.append(dico)
            
    return data
        

In [28]:
data = get_data(rss_entries)

In [35]:
df = pd.DataFrame(data)
df.shape

(1280, 15)

In [37]:
df.tail()

Unnamed: 0,id,title,type,date,link,cve_id,description,cwe,cwe_desc,vendor,product,affected_versions,epss,cvss,severity
1275,CERTFR-2025-ALE-005,Vulnérabilité dans SAP NetWeaver (28 avril 2025),Alerte,"Mon, 28 Apr 2025 00:00:00 +0000",https://www.cert.ssi.gouv.fr/alerte/CERTFR-202...,CVE-2025-31324,,CWE-434,CWE-434: Unrestricted Upload of File with Dang...,SAP_SE,SAP NetWeaver (Visual Composer development ser...,[VCFRAMEWORK 7.50],0.74446,10.0,CRITICAL
1276,CERTFR-2025-ALE-006,Vulnérabilité dans les produits Fortinet (13 m...,Alerte,"Tue, 13 May 2025 00:00:00 +0000",https://www.cert.ssi.gouv.fr/alerte/CERTFR-202...,CVE-2025-32756,,CWE-121,Execute unauthorized code or commands,Fortinet,FortiVoice,"[7.2.0, 7.0.0, 6.4.0]",0.10736,9.6,CRITICAL
1277,CERTFR-2025-ALE-007,Multiples vulnérabilités dans Ivanti Endpoint ...,Alerte,"Wed, 14 May 2025 00:00:00 +0000",https://www.cert.ssi.gouv.fr/alerte/CERTFR-202...,CVE-2025-4427,,CWE-288,CWE-288: Authentication Bypass Using an Altern...,Ivanti,Endpoint Manager Mobile,[],0.80199,5.3,MEDIUM
1278,CERTFR-2025-ALE-007,Multiples vulnérabilités dans Ivanti Endpoint ...,Alerte,"Wed, 14 May 2025 00:00:00 +0000",https://www.cert.ssi.gouv.fr/alerte/CERTFR-202...,CVE-2025-4428,,CWE-94,CWE-94: Improper Control of Generation of Code...,Ivanti,Endpoint Manager Mobile,[],0.15539,7.2,HIGH
1279,CERTFR-2025-ALE-008,[MàJ] Vulnérabilité dans Roundcube (05 juin 2025),Alerte,"Thu, 05 Jun 2025 00:00:00 +0000",https://www.cert.ssi.gouv.fr/alerte/CERTFR-202...,CVE-2025-49113,,CWE-502,CWE-502 Deserialization of Untrusted Data,Roundcube,Webmail,"[0, 1.6.0]",0.7308,9.9,CRITICAL
