Newer
Older
shadow
committed
from requests import Session, HTTPError
from contrib.descriptions import VulnDescriptionProvider, VulnDescription
shadow
committed
__all__ = ['CveProjectProvider']
class CveProjectProvider(VulnDescriptionProvider):
"""
Provides vulnerability descriptions using requests to CVEProject
"""
uri_template = 'https://raw.githubusercontent.com/CVEProject/cvelist/master/{}/{}/{}.json'
nist_uri_template = 'https://nvd.nist.gov/vuln/detail/{}'
shadow
committed
def __init__(self, session: Session):
self.sess = session
self.cache = {}
def get_description(self, vuln: str, vuln_type: str) -> VulnDescription:
shadow
committed
if vuln in self.cache:
return self.cache[vuln]
try:
if vuln_type == 'cve':
year = vuln[4:8]
section = vuln[9:-3] + 'xxx'
url = self.uri_template.format(year, section, vuln)
response = self.sess.get(url)
response.raise_for_status()
cve_json = response.json()
description = cve_json['description']['description_data'][0]['value']
Nadin El-Yabroudi
committed
vuln_description = VulnDescription(description, self.nist_uri_template.format(vuln))
self.cache[vuln] = vuln_description
return vuln_description
shadow
committed
except HTTPError as he:
return VulnDescription('', 'Description fetching error: ' + str(he))
shadow
committed
return VulnDescription('', '')