Skip to content
Snippets Groups Projects
Normal view Permalink
cveproject.py 1.17 KiB
Newer Older
  • Learn to ignore specific revisions
    • shadow's avatar
    moved CVEProject description grabber to separate file and added internal cache to it
    shadow committed
    1 2 
    from requests import Session, HTTPError
    shadow's avatar
    moved all libs to one directory and updated dockerfile  
    shadow committed
    3 
    from contrib.descriptions import VulnDescriptionProvider
    shadow's avatar
    moved CVEProject description grabber to separate file and added internal cache to it
    shadow committed
    4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 
    

__all__ = ['CveProjectProvider']


class CveProjectProvider(VulnDescriptionProvider):
    """
    Provides vulnerability descriptions using requests to CVEProject
    """
    uri_template = 'https://raw.githubusercontent.com/CVEProject/cvelist/master/{}/{}/{}.json'

    def __init__(self, session: Session):
        self.sess = session
        self.cache = {}

    def get_description(self, vuln: str, vuln_type: str) -> str:
        if vuln in self.cache:
            return self.cache[vuln]

        try:
            if vuln_type == 'cve':
                year = vuln[4:8]
                section = vuln[9:-3] + 'xxx'
                url = self.uri_template.format(year, section, vuln)
                response = self.sess.get(url)
                response.raise_for_status()
                cve_json = response.json()
                description = cve_json['description']['description_data'][0]['value']
                self.cache[vuln] = description
                return description
        except HTTPError as he:
            return 'Description fetching error: ' + str(he)

        return ''