# ANSSI Monitor - Testing Notebook
This notebook breaks down the ANSSI Monitor application into testable components.

## 1. Install and Import Dependencies

In [35]:
# Install required packages (uncomment if needed)
# !pip install feedparser requests textual

import feedparser
import requests
import re
from datetime import datetime
from typing import List, Dict, Any
import json
from pprint import pprint

## 2. Define ANSSI Feed URLs

In [36]:
# All available ANSSI RSS feeds
FEED_URLS = {
    "avis": "https://www.cert.ssi.gouv.fr/avis/feed/",
    "alertes": "https://www.cert.ssi.gouv.fr/alerte/feed/",
    "complet": "https://www.cert.ssi.gouv.fr/feed/",
    "actualite": "https://www.cert.ssi.gouv.fr/actualite/feed/",
    "scada": "https://www.cert.ssi.gouv.fr/feed/scada/",
    "cti": "https://www.cert.ssi.gouv.fr/cti/feed/",
    "ioc": "https://www.cert.ssi.gouv.fr/ioc/feed/",
    "dur": "https://www.cert.ssi.gouv.fr/dur/feed/"
}

print("Available feeds:")
for feed_name, url in FEED_URLS.items():
    print(f"  {feed_name}: {url}")

Available feeds:
  avis: https://www.cert.ssi.gouv.fr/avis/feed/
  alertes: https://www.cert.ssi.gouv.fr/alerte/feed/
  complet: https://www.cert.ssi.gouv.fr/feed/
  actualite: https://www.cert.ssi.gouv.fr/actualite/feed/
  scada: https://www.cert.ssi.gouv.fr/feed/scada/
  cti: https://www.cert.ssi.gouv.fr/cti/feed/
  ioc: https://www.cert.ssi.gouv.fr/ioc/feed/
  dur: https://www.cert.ssi.gouv.fr/dur/feed/


## 3. Test RSS Feed Parsing

In [37]:
def test_feed_parsing(feed_type="complet", max_entries=5):
    """Test parsing a specific ANSSI RSS feed"""
    url = FEED_URLS.get(feed_type)
    print(f"\nTesting feed: {feed_type}")
    print(f"URL: {url}")
    print("=" * 80)
    
    try:
        # Add headers
        headers = {
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36'
        }
        
        # Fetch and parse
        response = requests.get(url, headers=headers, timeout=10)
        response.raise_for_status()
        
        feed = feedparser.parse(response.content)
        
        # Display feed info
        print(f"\n✓ Feed Status: {response.status_code}")
        print(f"✓ Feed Version: {feed.get('version', 'unknown')}")
        print(f"✓ Total Entries: {len(feed.entries)}")
        
        if hasattr(feed, 'feed'):
            print(f"✓ Feed Title: {feed.feed.get('title', 'N/A')}")
            print(f"✓ Feed Updated: {feed.feed.get('updated', 'N/A')}")
        
        # Display first few entries
        print(f"\nFirst {min(max_entries, len(feed.entries))} entries:")
        print("-" * 80)
        
        for i, entry in enumerate(feed.entries[:max_entries]):
            print(f"\n[{i+1}] {entry.get('title', 'No title')}")
            print(f"    Date: {entry.get('published', entry.get('updated', 'N/A'))[:10]}")
            print(f"    Link: {entry.get('link', 'N/A')}")
        
        return feed
        
    except Exception as e:
        print(f"\n✗ Error: {str(e)}")
        return None

# Test the complete feed
feed = test_feed_parsing("complet", max_entries=10)


Testing feed: complet
URL: https://www.cert.ssi.gouv.fr/feed/

✓ Feed Status: 200
✓ Feed Version: rss20
✓ Total Entries: 40
✓ Feed Title: CERT-FR
✓ Feed Updated: Wed, 31 Dec 2025 13:27:04 +0000

First 10 entries:
--------------------------------------------------------------------------------

[1] Multiples vulnérabilités dans MISP (08 décembre 2025)
    Date: Mon, 08 De
    Link: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1076/

[2] Multiples vulnérabilités dans Google Chrome (11 décembre 2025)
    Date: Thu, 11 De
    Link: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1096/

[3] Multiples vulnérabilités dans Microsoft Edge (12 décembre 2025)
    Date: Fri, 12 De
    Link: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1103/

[4] Bulletin d'actualité CERTFR-2025-ACT-055 (15 décembre 2025)
    Date: Mon, 15 De
    Link: https://www.cert.ssi.gouv.fr/actualite/CERTFR-2025-ACT-055/

[5] Multiples vulnérabilités dans les produits Elastic (15 décembre 2025)
    Date: Mon, 15

## 4. Test All Feeds

In [38]:
def test_all_feeds():
    """Test all available ANSSI feeds"""
    results = {}
    
    for feed_type in FEED_URLS.keys():
        print(f"\n{'='*80}")
        feed = test_feed_parsing(feed_type, max_entries=3)
        results[feed_type] = {
            'success': feed is not None,
            'entries': len(feed.entries) if feed else 0
        }
    
    # Summary
    print(f"\n\n{'='*80}")
    print("SUMMARY")
    print(f"{'='*80}")
    for feed_type, result in results.items():
        status = "✓" if result['success'] else "✗"
        print(f"{status} {feed_type:12} - {result['entries']} entries")
    
    return results

# Test all feeds
all_results = test_all_feeds()



Testing feed: avis
URL: https://www.cert.ssi.gouv.fr/avis/feed/

✓ Feed Status: 200
✓ Feed Version: rss20
✓ Total Entries: 40
✓ Feed Title: CERT-FR
✓ Feed Updated: Wed, 31 Dec 2025 13:27:04 +0000

First 3 entries:
--------------------------------------------------------------------------------

[1] Multiples vulnérabilités dans MISP (08 décembre 2025)
    Date: Mon, 08 De
    Link: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1076/

[2] Multiples vulnérabilités dans Google Chrome (11 décembre 2025)
    Date: Thu, 11 De
    Link: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1096/

[3] Multiples vulnérabilités dans le noyau Linux d'Ubuntu (12 décembre 2025)
    Date: Fri, 12 De
    Link: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1106/


Testing feed: alertes
URL: https://www.cert.ssi.gouv.fr/alerte/feed/

✓ Feed Status: 200
✓ Feed Version: rss20
✓ Total Entries: 40
✓ Feed Title: CERT-FR
✓ Feed Updated: Wed, 31 Dec 2025 13:27:04 +0000

First 3 entries:
----------------

## 5. Test CVE Extraction from Entry

In [39]:
def extract_cves_from_entry(entry_link):
    """Extract CVEs from an ANSSI entry"""
    print(f"\nExtracting CVEs from: {entry_link}")
    print("=" * 80)
    
    try:
        # Fetch JSON data
        json_url = entry_link.rstrip("/") + "/json/"
        response = requests.get(json_url, timeout=10)
        data = response.json()
        
        # Extract from 'cves' field
        ref_cves = data.get("cves", [])
        print(f"\nCVEs from 'cves' field: {len(ref_cves)}")
        
        # Extract using regex
        cve_pattern = r"CVE-\d{4}-\d{4,7}"
        regex_cves = list(set(re.findall(cve_pattern, str(data))))
        print(f"CVEs from regex: {len(regex_cves)}")
        
        # Combine
        all_cves = set()
        for cve in ref_cves:
            all_cves.add(cve.get("name", ""))
        all_cves.update(regex_cves)
        all_cves.discard("")
        
        cve_list = sorted(list(all_cves))
        
        print(f"\nTotal unique CVEs: {len(cve_list)}")
        print("\nCVE List:")
        for cve in cve_list:
            print(f"  - {cve}")
        
        return cve_list
        
    except Exception as e:
        print(f"\n✗ Error: {str(e)}")
        return []

# Test with first entry from feed (if available)
if feed and feed.entries:
    first_entry = feed.entries[0]
    cves = extract_cves_from_entry(first_entry.link)
else:
    print("No feed entries available to test")


Extracting CVEs from: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1076/

CVEs from 'cves' field: 1
CVEs from regex: 1

Total unique CVEs: 1

CVE List:
  - CVE-2025-67906


## 6. Test CVE Details Fetching (MITRE API)

In [40]:
def fetch_cve_details(cve_id):
    """Fetch detailed information about a CVE from MITRE"""
    print(f"\nFetching details for: {cve_id}")
    print("=" * 80)
    
    try:
        url = f"https://cveawg.mitre.org/api/cve/{cve_id}"
        response = requests.get(url, timeout=10)
        response.raise_for_status()
        data = response.json()
        
        # Extract key information
        description = data["containers"]["cna"]["descriptions"][0]["value"]
        
        # CVSS Score
        cvss_score = "N/A"
        cvss_severity = "N/A"
        metrics = data["containers"]["cna"].get("metrics", [])
        if metrics:
            for metric in metrics:
                if "cvssV3_1" in metric:
                    cvss_score = metric["cvssV3_1"]["baseScore"]
                    cvss_severity = metric["cvssV3_1"].get("baseSeverity", "N/A")
                    break
                elif "cvssV3_0" in metric:
                    cvss_score = metric["cvssV3_0"]["baseScore"]
                    cvss_severity = metric["cvssV3_0"].get("baseSeverity", "N/A")
                    break
        
        # CWE
        cwe = "N/A"
        problemtype = data["containers"]["cna"].get("problemTypes", [])
        if problemtype and "descriptions" in problemtype[0]:
            cwe = problemtype[0]["descriptions"][0].get("cweId", "N/A")
        
        # Display
        print(f"\n✓ CVE ID: {cve_id}")
        print(f"✓ CVSS Score: {cvss_score} ({cvss_severity})")
        print(f"✓ CWE: {cwe}")
        print(f"\nDescription:\n{description[:200]}...")
        
        return data
        
    except Exception as e:
        print(f"\n✗ Error: {str(e)}")
        return None

# Test with a known CVE
test_cve = "CVE-2023-46805"
cve_data = fetch_cve_details(test_cve)


Fetching details for: CVE-2023-46805

✓ CVE ID: CVE-2023-46805
✓ CVSS Score: 8.2 (HIGH)
✓ CWE: N/A

Description:
An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks....


## 7. Test EPSS Score Fetching

In [41]:
def fetch_epss_score(cve_id):
    """Fetch EPSS score for a CVE"""
    print(f"\nFetching EPSS score for: {cve_id}")
    print("=" * 80)
    
    try:
        url = f"https://api.first.org/data/v1/epss?cve={cve_id}"
        response = requests.get(url, timeout=10)
        response.raise_for_status()
        data = response.json()
        
        if data.get("data"):
            epss_score = data["data"][0]["epss"]
            percentile = data["data"][0].get("percentile", "N/A")
            
            print(f"\n✓ EPSS Score: {epss_score}")
            print(f"✓ Percentile: {percentile}")
            
            return data
        else:
            print("\n✗ No EPSS data available")
            return None
            
    except Exception as e:
        print(f"\n✗ Error: {str(e)}")
        return None

# Test EPSS for the same CVE
epss_data = fetch_epss_score(test_cve)


Fetching EPSS score for: CVE-2023-46805

✓ EPSS Score: 0.943670000
✓ Percentile: 0.999600000


## 8. Test CVE Regex Extraction

In [42]:
def test_cve_regex():
    """Test CVE regex pattern extraction"""
    test_strings = [
        "CVE-2023-46805 is a critical vulnerability",
        "Multiple CVEs: CVE-2023-1234, CVE-2024-56789",
        "Old format: CVE-1999-0001",
        "Long ID: CVE-2023-1234567",
        "No CVEs here",
        "Invalid: CVE-2023-123 (too short)"
    ]
    
    cve_pattern = r"CVE-\d{4}-\d{4,7}"
    
    print("\nTesting CVE Regex Pattern")
    print("=" * 80)
    print(f"Pattern: {cve_pattern}\n")
    
    for test_str in test_strings:
        matches = re.findall(cve_pattern, test_str)
        print(f"Text: {test_str}")
        print(f"Found: {matches if matches else 'None'}\n")

test_cve_regex()


Testing CVE Regex Pattern
Pattern: CVE-\d{4}-\d{4,7}

Text: CVE-2023-46805 is a critical vulnerability
Found: ['CVE-2023-46805']

Text: Multiple CVEs: CVE-2023-1234, CVE-2024-56789
Found: ['CVE-2023-1234', 'CVE-2024-56789']

Text: Old format: CVE-1999-0001
Found: ['CVE-1999-0001']

Text: Long ID: CVE-2023-1234567
Found: ['CVE-2023-1234567']

Text: No CVEs here
Found: None

Text: Invalid: CVE-2023-123 (too short)
Found: None



## 9. Complete Pipeline Test

In [43]:
def complete_pipeline_test(feed_type="complet", max_entries=3):
    """Test the complete pipeline: Feed → Entries → CVEs → Details"""
    print(f"\n{'='*80}")
    print(f"COMPLETE PIPELINE TEST - {feed_type.upper()}")
    print(f"{'='*80}\n")
    
    # Step 1: Fetch feed
    print("Step 1: Fetching RSS feed...")
    feed = test_feed_parsing(feed_type, max_entries=max_entries)
    
    if not feed or not feed.entries:
        print("✗ No entries to process")
        return
    
    # Step 2: Process each entry
    for i, entry in enumerate(feed.entries[:max_entries]):
        print(f"\n{'─'*80}")
        print(f"Processing Entry {i+1}/{min(max_entries, len(feed.entries))}")
        print(f"{'─'*80}")
        print(f"Title: {entry.title}")
        
        # Step 3: Extract CVEs
        cves = extract_cves_from_entry(entry.link)
        
        if not cves:
            print("  No CVEs found in this entry")
            continue
        
        # Step 4: Fetch details for first CVE
        if cves:
            print(f"\n  Fetching details for first CVE: {cves[0]}")
            cve_details = fetch_cve_details(cves[0])
            epss = fetch_epss_score(cves[0])

# Run complete pipeline
complete_pipeline_test("complet", max_entries=2)


COMPLETE PIPELINE TEST - COMPLET

Step 1: Fetching RSS feed...

Testing feed: complet
URL: https://www.cert.ssi.gouv.fr/feed/

✓ Feed Status: 200
✓ Feed Version: rss20
✓ Total Entries: 40
✓ Feed Title: CERT-FR
✓ Feed Updated: Wed, 31 Dec 2025 13:27:04 +0000

First 2 entries:
--------------------------------------------------------------------------------

[1] Multiples vulnérabilités dans MISP (08 décembre 2025)
    Date: Mon, 08 De
    Link: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1076/

[2] Multiples vulnérabilités dans Google Chrome (11 décembre 2025)
    Date: Thu, 11 De
    Link: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1096/

────────────────────────────────────────────────────────────────────────────────
Processing Entry 1/2
────────────────────────────────────────────────────────────────────────────────
Title: Multiples vulnérabilités dans MISP (08 décembre 2025)

Extracting CVEs from: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1076/

CVEs from 'cves'

## 10. Error Handling Tests

In [44]:
def test_error_handling():
    """Test error handling for various scenarios"""
    print("\nTesting Error Handling")
    print("=" * 80)
    
    # Test 1: Invalid CVE ID
    print("\n1. Invalid CVE ID")
    fetch_cve_details("CVE-9999-99999")
    
    # Test 2: Invalid URL
    print("\n2. Invalid feed URL")
    try:
        response = requests.get("https://www.cert.ssi.gouv.fr/invalid/feed/", timeout=5)
        print(f"Status: {response.status_code}")
    except Exception as e:
        print(f"✓ Caught error: {type(e).__name__}")
    
    # Test 3: Timeout simulation
    print("\n3. Timeout test (very short timeout)")
    try:
        response = requests.get(FEED_URLS["complet"], timeout=0.001)
    except Exception as e:
        print(f"✓ Caught error: {type(e).__name__}")

test_error_handling()


Testing Error Handling

1. Invalid CVE ID

Fetching details for: CVE-9999-99999

✗ Error: 404 Client Error: Not Found for url: https://cveawg.mitre.org/api/cve/CVE-9999-99999

2. Invalid feed URL
Status: 200

3. Timeout test (very short timeout)
✓ Caught error: ConnectionError


## 11. Summary and Statistics

In [45]:
def generate_statistics():
    """Generate statistics from all feeds"""
    print("\nGenerating Statistics")
    print("=" * 80)
    
    stats = {
        'total_entries': 0,
        'total_cves': 0,
        'entries_by_type': {}
    }
    
    for feed_type, url in FEED_URLS.items():
        try:
            headers = {'User-Agent': 'Mozilla/5.0'}
            response = requests.get(url, headers=headers, timeout=10)
            feed = feedparser.parse(response.content)
            
            count = len(feed.entries)
            stats['total_entries'] += count
            stats['entries_by_type'][feed_type] = count
            
        except Exception as e:
            stats['entries_by_type'][feed_type] = 0
    
    print(f"\nTotal entries across all feeds: {stats['total_entries']}")
    print("\nEntries by feed type:")
    for feed_type, count in sorted(stats['entries_by_type'].items(), key=lambda x: x[1], reverse=True):
        print(f"  {feed_type:12} : {count:4} entries")
    
    return stats

stats = generate_statistics()


Generating Statistics

Total entries across all feeds: 229

Entries by feed type:
  avis         :   40 entries
  alertes      :   40 entries
  complet      :   40 entries
  actualite    :   40 entries
  cti          :   40 entries
  ioc          :   15 entries
  scada        :   10 entries
  dur          :    4 entries
