vfeedio/pyvfeed

Changelog

New feature "Common Patch Format" introduced. The Defense class has been updated to reflect a new method get_patches has been added. This method will enhance the methods already implemented in the past get_advisory. This new method will return the source(vendor), description, date of release, product, package, version fixed, version not fixed, status. For this first introduction, the CPF supports the packages from Ubuntu. Current January 2021, we will start adding support to Debian, Redhat, Fedora, Cisco, Suse (OpenSuse), Gentoo, Microsoft etc.
Updated the JSON schema to reflect the new feature CPF (Common Patch Format) addition. As a result, the Preventive tag has been modified. Data with vulnerable packages & patches will be packed under patches tag & data with bulletins, bugs will be under bulletins tag.
Updated Classification class to better restructure data under targets / packages. The enumeration is better organized to list vendor, product & affected packages.
Updated the JSON schema to version 1.2 to reflect the changes.
Regenerate the whole vFeed Professional Vulnerability Database alongside 'Sync & Use' private Github repositories.

Updated Classification class to reflect the changes made in capec_db table following the update to version 3.2.
- As a result, several MITRE ATT&CK identifiers has been added to the database.
Regenerate the whole vFeed Professional Vulnerability Database alongside 'Sync & Use' private Github repositories.

Updated the method get_targets in Classification class to reflect the changes made in map_cpe_cve table.
- New keys added to JSON targets such as : ID of the configuration, from / to affected version and running (on/with) extension.
Added a JSON schema that describes the structure of vFeed JSON data. It could be used for validation purposes or to understand the JSON files design.
Reflected the changes in the documentation
Regenerate the whole vFeed Professional Vulnerability Database alonside 'Sync & Use' private Github repositories.

Added a new method get_packages to Classification class. The method will return affected packages vendors, product names, versions and more information.
Reflected the changes of get_packages addition on the following:
- Updated JSON files with the addition of packages key under classification section. The packages key has a vendor section with multiple keys (product, version affected and condition)
- Added new table packages_db in the SQLite database.
Enhanced the Search class as follows:
- Added a new method search_cwe to search per CWE (Common Weakness Enumeration).
- Updated the pyvfeed CLI to search using 3 arguments (cve, cpe and cwe)
- Code optimizated.
Updated api_sample.py to demonstate how to perform the following:
- Call the get_packages in API mode
- Search for CWE in API mode.
Fixed requirement.txt to support the latest PyYAML version.
Reflected the changes in documentation
Regenerate the whole vFeed Professional Vulnerability Database alonside 'Sync & Use' private Github repositories.

Enhanced the support to the MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™). 3 new keys added :
- Permission required (permission_required)
- By passed defenses (bypassed_defenses)
- data sources (data_sources)
Regenerate the whole vFeed Professional Vulnerability Database alonside 'Sync & Use' private Github repositories.

Added the support to the MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK™) initiative.
Reflected the changes in the exported JSON files with the addition of attack_mitre key under ranking section.
Updated CAPEC data with "mitigations". Changes reflected with addition of a new key mitigations under CAPEC parameters section.
Modified key from category to categorization under ranking section.
Regenerate the whole vFeed Professional Vulnerability Database alonside 'Sync & Use' private Github repositories.