diff options
| -rwxr-xr-x | bin/common/datasource.json | 5 | ||||
| -rwxr-xr-x | bin/common/srtool_utils.py | 58 | ||||
| -rwxr-xr-x | bin/mitre/srtool_mitre.py | 11 |
3 files changed, 69 insertions, 5 deletions
diff --git a/bin/common/datasource.json b/bin/common/datasource.json index 060b18e2..81d5c289 100755 --- a/bin/common/datasource.json +++ b/bin/common/datasource.json @@ -99,14 +99,15 @@ }, { + "_comment_" : "Only score 100 at a time to prevent run-away database overloading", "key" : "0921-common-score", "data" : "score_cves", "source" : "common", "name" : "Score", "description" : "Score CVEs", "cve_filter" : "", - "init" : "bin/common/srtool_common.py --score-new-cves NEW", - "update" : "bin/common/srtool_common.py --score-new-cves NEW", + "init" : "bin/common/srtool_common.py --score-new-cves NEW --count=100", + "update" : "bin/common/srtool_common.py --score-new-cves NEW --count=100", "lookup" : "", "update_frequency" : "0", "_comment_" : "Update every 10 minutes", diff --git a/bin/common/srtool_utils.py b/bin/common/srtool_utils.py index e411c413..b48582dc 100755 --- a/bin/common/srtool_utils.py +++ b/bin/common/srtool_utils.py @@ -33,6 +33,8 @@ from common.srt_schema import ORM # Setup: verbose = False +cmd_skip = 0 +cmd_count = 0 srtDbName = 'srt.sqlite' @@ -110,10 +112,56 @@ def settings(): ################################# +# fix_new_reserved +# + +# Is this reserved by Mitre? Is '** RESERVED **' within the first 20 char positions? +def fix_new_reserved(): + global cmd_skip + global cmd_count + + conn = sqlite3.connect(srtDbName) + cur = conn.cursor() + cur_write = conn.cursor() + + cur.execute('SELECT * FROM orm_cve WHERE status = "%s"' % ORM.STATUS_NEW) + i = 0 + j = 0 + for cve in cur: + i += 1 + + # Progress indicator support + if 0 == i % 10: + print('%05d: %20s\r' % (i,cve[ORM.CVE_NAME]), end='') + if (0 == i % 200): + conn.commit() + # Development/debug support + if cmd_skip: + if i < cmd_skip: + continue + if cmd_count: + if (i - cmd_skip) > cmd_count: + print("Count return: %s,%s" % (i,cmd_count)) + break + + reserved_pos = cve[ORM.CVE_DESCRIPTION].find('** RESERVED **') + if (0 <= reserved_pos) and (20 > reserved_pos): + print("STATUS_NEW_RESERVED:%s:%s:%s" % (cve[ORM.CVE_STATUS],cve[ORM.CVE_NAME],cve[ORM.CVE_DESCRIPTION][:40])) + sql = ''' UPDATE orm_cve + SET status = ? + WHERE id = ?''' + cur_write.execute(sql, (ORM.STATUS_NEW_RESERVED, cve[ORM.CVE_ID],)) + j += 1 + print("\nCVE COUNT=%5d,%5d" % (i,j)) + conn.commit() + +################################# # main loop # def main(argv): global verbose + global cmd_skip + global cmd_count # setup parser = argparse.ArgumentParser(description='srtool.py: manage the SRTool database') @@ -123,12 +171,20 @@ def main(argv): parser.add_argument('--force', '-f', action='store_true', dest='force', help='Force the update') parser.add_argument('--verbose', '-v', action='store_true', dest='verbose', help='Debugging: verbose output') + parser.add_argument('--skip', dest='skip', help='Debugging: skip record count') + parser.add_argument('--count', dest='count', help='Debugging: short run record count') + + parser.add_argument('--fix-new-reserved', action='store_const', const='fix_new_reserved', dest='command', help='Reset new reserved CVEs to NEW_RESERVED') args = parser.parse_args() master_log = open(os.path.join(script_pathname, "update_logs/master_log.txt"), "a") verbose = args.verbose + if None != args.skip: + cmd_skip = int(args.skip) + if None != args.count: + cmd_count = int(args.count) if args.sources: if args.sources.startswith('s'): @@ -145,6 +201,8 @@ def main(argv): sources('reset') elif 'settings' == args.command: settings() + elif 'fix_new_reserved' == args.command: + fix_new_reserved() else: print("Command not found") master_log.close() diff --git a/bin/mitre/srtool_mitre.py b/bin/mitre/srtool_mitre.py index 2ac8bc08..3c6af89d 100755 --- a/bin/mitre/srtool_mitre.py +++ b/bin/mitre/srtool_mitre.py @@ -91,7 +91,7 @@ def srt_error_log(msg): # Newly discovered or updated CVEs default to NEW for triage # Inited CVEs default to HISTORICAL, unless they are within the courtesy CVE_INIT_NEW_DELTA init_new_date = None -def get_cve_default_status(is_init,publishedDate): +def get_cve_default_status(is_init,publishedDate,description): global init_new_date if None == init_new_date: @@ -114,7 +114,12 @@ def get_cve_default_status(is_init,publishedDate): # Note: the NIST 'published date' is in the format "2017-05-11", so do a simple string compare #print("INIT status: %s versus %s" % (init_new_date,publishedDate)) if not publishedDate or (publishedDate > init_new_date): - return ORM.STATUS_NEW + # Is this reserved by Mitre? Is '** RESERVED **' within the first 20 char positions? + reserved_pos = description.find('** RESERVED **') + if (0 <= reserved_pos) and (20 > reserved_pos): + return ORM.STATUS_NEW_RESERVED + else: + return ORM.STATUS_NEW else: return ORM.STATUS_HISTORICAL else: @@ -310,7 +315,7 @@ def append_cve_database(is_init,file_xml): print("MITRE:FOUND %20s\r" % cve_name, end='') else: # Get the default CVE status - status = get_cve_default_status(is_init,summary['Published']) + status = get_cve_default_status(is_init,summary['Published'],summary['Description']) sql = ''' INSERT into orm_cve (name, name_sort, priority, status, comments, comments_private, cve_data_type, cve_data_format, cve_data_version, public, publish_state, publish_date, description, publishedDate, lastModifiedDate, recommend, recommend_list, cvssV3_baseScore, cvssV3_baseSeverity, cvssV2_baseScore, cvssV2_severity, srt_updated, packages) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)''' |