AIL-framework/bin/lib/objects/Cves.py

#!/usr/bin/env python3
# -*-coding:UTF-8 -*

import os
import re
import sys

from flask import url_for

from pymisp import MISPObject

import requests

sys.path.append(os.environ['AIL_BIN'])
##################################
# Import Project packages
##################################
from lib.ConfigLoader import ConfigLoader
from lib.objects.abstract_daterange_object import AbstractDaterangeObject
from packages import Date

config_loader = ConfigLoader()
r_objects = config_loader.get_db_conn("Kvrocks_Objects")
baseurl = config_loader.get_config_str("Notifications", "ail_domain")
config_loader = None


class Cve(AbstractDaterangeObject):
    """
    AIL Cve Object.
    """

    def __init__(self, id):
        super(Cve, self).__init__('cve', id)

    # def get_ail_2_ail_payload(self):
    #     payload = {'raw': self.get_gzip_content(b64=True),
    #                 'compress': 'gzip'}
    #     return payload

    # # WARNING: UNCLEAN DELETE /!\ TEST ONLY /!\
    def delete(self):
        # # TODO:
        pass

    def get_link(self, flask_context=False):
        if flask_context:
            url = url_for('correlation.show_correlation', type=self.type, id=self.id)
        else:
            url = f'{baseurl}/correlation/show?type={self.type}&id={self.id}'
        return url

    # TODO # CHANGE COLOR
    def get_svg_icon(self):
        return {'style': 'fas', 'icon': '\uf188', 'color': '#1E88E5', 'radius': 5}

    def get_misp_object(self):
        obj_attrs = []
        obj = MISPObject('vulnerability')
        first_seen = self.get_first_seen()
        last_seen = self.get_last_seen()
        if first_seen:
            obj.first_seen = first_seen
        if last_seen:
            obj.last_seen = last_seen
        if not first_seen or not last_seen:
            self.logger.warning(
                f'Export error, None seen {self.type}:{self.subtype}:{self.id}, first={first_seen}, last={last_seen}')

        obj_attrs.append(obj.add_attribute('id', value=self.id))
        for obj_attr in obj_attrs:
            for tag in self.get_tags():
                obj_attr.add_tag(tag)
        return obj

    def get_meta(self, options=set()):
        meta = self._get_meta(options=options)
        meta['id'] = self.id
        meta['tags'] = self.get_tags(r_list=True)
        return meta

    def get_cve_search(self):
        try:
            response = requests.get(f'https://cvepremium.circl.lu/api/cve/{self.id}', timeout=10)
            if response.status_code == 200:
                json_response = response.json()
                # 'summary'
                # 'references'
                # 'last-modified'
                # 'Published'
                # 'Modified'
                return json_response
            else:
                return {'error': f'{response.status_code}'}
        except requests.exceptions.ConnectionError:
            return {'error': f'Connection Error'}
        except requests.exceptions.ReadTimeout:
            return {'error': f'Timeout Error'}


# TODO  ADD SEARCH FUNCTION

def get_all_cves():
    return r_objects.smembers(f'cve:all')

def get_cves_by_date(date):
    return r_objects.zrange(f'cve:date:{date}', 0, -1)

def get_nb_cves_by_date(date):
    return r_objects.zcard(f'cve:date:{date}')

def get_cves_by_daterange(date_from, date_to):
    cves = set()
    for date in Date.substract_date(date_from, date_to):
        cves = cves | set(get_cves_by_date(date))
    return cves

def get_cves_meta(cves_id, options=set()):
    dict_cve = {}
    for cve_id in cves_id:
        cve = Cve(cve_id)
        dict_cve[cve_id] = cve.get_meta(options=options)
    return dict_cve

def sanitize_cve_name_to_search(name_to_search): # TODO FILTER NAME
    return name_to_search

def search_cves_by_name(name_to_search, r_pos=False):
    cves = {}
    # for subtype in subtypes:
    r_name = sanitize_cve_name_to_search(name_to_search)
    if not name_to_search or isinstance(r_name, dict):
        return cves
    r_name = re.compile(r_name)
    for cve_name in get_all_cves():
        res = re.search(r_name, cve_name)
        if res:
            cves[cve_name] = {}
            if r_pos:
                cves[cve_name]['hl-start'] = res.start()
                cves[cve_name]['hl-end'] = res.end()
    return cves

def api_get_cves_range_by_daterange(date_from, date_to):
    cves = []
    for date in Date.substract_date(date_from, date_to):
        d = {'date': f'{date[0:4]}-{date[4:6]}-{date[6:8]}',
             'CVE': get_nb_cves_by_date(date)}
        cves.append(d)
    return cves

def api_get_cves_meta_by_daterange(date_from, date_to):
    date = Date.sanitise_date_range(date_from, date_to)
    return get_cves_meta(get_cves_by_daterange(date['date_from'], date['date_to']), options=['sparkline'])

def get_cve_graphline(cve_id):
    cve = Cve(cve_id)
    graphline = []
    if cve.exists():
        nb_day = 30
        for date in Date.get_previous_date_list(nb_day):
            graphline.append({'date': f'{date[0:4]}-{date[4:6]}-{date[6:8]}', 'value': cve.get_nb_seen_by_date(date)})
    return graphline


# if __name__ == '__main__':
#     name_to_search = '98'
#     print(search_cves_by_name(name_to_search))
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 16:25:19 +02:00			`#!/usr/bin/env python3`
			`# --coding:UTF-8 -`

			`import os`
chg: [trackers] refactor trackers: track objects + filter by object types/sources/subtypes 2023-05-04 16:35:56 +02:00			`import re`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 16:25:19 +02:00			`import sys`

			`from flask import url_for`
chg: [trackers] refactor trackers: track objects + filter by object types/sources/subtypes 2023-05-04 16:35:56 +02:00
chg: [CVE] migrate CVE + get CVEs by daterange 2022-12-21 14:20:13 +01:00			`from pymisp import MISPObject`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 16:25:19 +02:00
chg: [CVE] CVE search integration 2022-12-21 16:48:08 +01:00			`import requests`

chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 16:25:19 +02:00			`sys.path.append(os.environ['AIL_BIN'])`
			`##################################`
			`# Import Project packages`
			`##################################`
			`from lib.ConfigLoader import ConfigLoader`
			`from lib.objects.abstract_daterange_object import AbstractDaterangeObject`
			`from packages import Date`

			`config_loader = ConfigLoader()`
			`r_objects = config_loader.get_db_conn("Kvrocks_Objects")`
			`baseurl = config_loader.get_config_str("Notifications", "ail_domain")`
			`config_loader = None`


			`class Cve(AbstractDaterangeObject):`
			`"""`
			`AIL Cve Object.`
			`"""`

			`def __init__(self, id):`
			`super(Cve, self).__init__('cve', id)`

			`# def get_ail_2_ail_payload(self):`
			`# payload = {'raw': self.get_gzip_content(b64=True),`
			`# 'compress': 'gzip'}`
			`# return payload`

			`# # WARNING: UNCLEAN DELETE /!\ TEST ONLY /!\`
			`def delete(self):`
			`# # TODO:`
			`pass`

			`def get_link(self, flask_context=False):`
			`if flask_context:`
			`url = url_for('correlation.show_correlation', type=self.type, id=self.id)`
			`else:`
			`url = f'{baseurl}/correlation/show?type={self.type}&id={self.id}'`
			`return url`

			`# TODO # CHANGE COLOR`
			`def get_svg_icon(self):`
			`return {'style': 'fas', 'icon': '\uf188', 'color': '#1E88E5', 'radius': 5}`

			`def get_misp_object(self):`
chg: [CVE] migrate CVE + get CVEs by daterange 2022-12-21 14:20:13 +01:00			`obj_attrs = []`
			`obj = MISPObject('vulnerability')`
fix: [MISP export] fix ail object first/last seen + obj logger 2023-06-09 11:19:22 +02:00			`first_seen = self.get_first_seen()`
			`last_seen = self.get_last_seen()`
			`if first_seen:`
			`obj.first_seen = first_seen`
			`if last_seen:`
			`obj.last_seen = last_seen`
			`if not first_seen or not last_seen:`
			`self.logger.warning(`
			`f'Export error, None seen {self.type}:{self.subtype}:{self.id}, first={first_seen}, last={last_seen}')`
chg: [CVE] migrate CVE + get CVEs by daterange 2022-12-21 14:20:13 +01:00
			`obj_attrs.append(obj.add_attribute('id', value=self.id))`
			`for obj_attr in obj_attrs:`
			`for tag in self.get_tags():`
			`obj_attr.add_tag(tag)`
			`return obj`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 16:25:19 +02:00
			`def get_meta(self, options=set()):`
			`meta = self._get_meta(options=options)`
			`meta['id'] = self.id`
chg: [tags] refactor tags + cleanup 2022-11-22 10:47:15 +01:00			`meta['tags'] = self.get_tags(r_list=True)`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 16:25:19 +02:00			`return meta`

chg: [CVE] CVE search integration 2022-12-21 16:48:08 +01:00			`def get_cve_search(self):`
fix: [cves] catch cve search errors 2023-05-12 09:59:18 +02:00			`try:`
			`response = requests.get(f'https://cvepremium.circl.lu/api/cve/{self.id}', timeout=10)`
			`if response.status_code == 200:`
			`json_response = response.json()`
			`# 'summary'`
			`# 'references'`
			`# 'last-modified'`
			`# 'Published'`
			`# 'Modified'`
			`return json_response`
			`else:`
			`return {'error': f'{response.status_code}'}`
			`except requests.exceptions.ConnectionError:`
			`return {'error': f'Connection Error'}`
fix: [cves] fix cve search timeout 2023-05-16 13:28:31 +02:00			`except requests.exceptions.ReadTimeout:`
			`return {'error': f'Timeout Error'}`
fix: [cves] catch cve search errors 2023-05-12 09:59:18 +02:00
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 16:25:19 +02:00
chg: [CVE] migrate CVE + get CVEs by daterange 2022-12-21 14:20:13 +01:00			`# TODO ADD SEARCH FUNCTION`

chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 16:25:19 +02:00			`def get_all_cves():`
chg: [CVE] migrate CVE + get CVEs by daterange 2022-12-21 14:20:13 +01:00			`return r_objects.smembers(f'cve:all')`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 16:25:19 +02:00
			`def get_cves_by_date(date):`
chg: [CVE] migrate CVE + get CVEs by daterange 2022-12-21 14:20:13 +01:00			`return r_objects.zrange(f'cve:date:{date}', 0, -1)`

			`def get_nb_cves_by_date(date):`
			`return r_objects.zcard(f'cve:date:{date}')`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 16:25:19 +02:00
			`def get_cves_by_daterange(date_from, date_to):`
			`cves = set()`
			`for date in Date.substract_date(date_from, date_to):`
chg: [CVE] migrate CVE + get CVEs by daterange 2022-12-21 14:20:13 +01:00			`cves = cves \| set(get_cves_by_date(date))`
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 16:25:19 +02:00			`return cves`

			`def get_cves_meta(cves_id, options=set()):`
			`dict_cve = {}`
			`for cve_id in cves_id:`
			`cve = Cve(cve_id)`
			`dict_cve[cve_id] = cve.get_meta(options=options)`
			`return dict_cve`

chg: [trackers] refactor trackers: track objects + filter by object types/sources/subtypes 2023-05-04 16:35:56 +02:00			`def sanitize_cve_name_to_search(name_to_search): # TODO FILTER NAME`
			`return name_to_search`

			`def search_cves_by_name(name_to_search, r_pos=False):`
			`cves = {}`
			`# for subtype in subtypes:`
			`r_name = sanitize_cve_name_to_search(name_to_search)`
			`if not name_to_search or isinstance(r_name, dict):`
			`return cves`
			`r_name = re.compile(r_name)`
			`for cve_name in get_all_cves():`
			`res = re.search(r_name, cve_name)`
			`if res:`
			`cves[cve_name] = {}`
			`if r_pos:`
			`cves[cve_name]['hl-start'] = res.start()`
			`cves[cve_name]['hl-end'] = res.end()`
			`return cves`

chg: [CVE] migrate CVE + get CVEs by daterange 2022-12-21 14:20:13 +01:00			`def api_get_cves_range_by_daterange(date_from, date_to):`
			`cves = []`
			`for date in Date.substract_date(date_from, date_to):`
			`d = {'date': f'{date[0:4]}-{date[4:6]}-{date[6:8]}',`
			`'CVE': get_nb_cves_by_date(date)}`
			`cves.append(d)`
			`return cves`

chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 16:25:19 +02:00			`def api_get_cves_meta_by_daterange(date_from, date_to):`
			`date = Date.sanitise_date_range(date_from, date_to)`
			`return get_cves_meta(get_cves_by_daterange(date['date_from'], date['date_to']), options=['sparkline'])`

chg: [decoded migration] migrate Decoded Objects 2023-01-09 16:03:06 +01:00			`def get_cve_graphline(cve_id):`
			`cve = Cve(cve_id)`
			`graphline = []`
			`if cve.exists():`
			`nb_day = 30`
			`for date in Date.get_previous_date_list(nb_day):`
			`graphline.append({'date': f'{date[0:4]}-{date[4:6]}-{date[6:8]}', 'value': cve.get_nb_seen_by_date(date)})`
			`return graphline`

chg: [CVE] CVE search integration 2022-12-21 16:48:08 +01:00
chg: [crawler + core + cve] migrate crawler to lacus + add new CVE object and correlation + migrate core 2022-10-25 16:25:19 +02:00			`# if __name__ == '__main__':`
chg: [trackers] refactor trackers: track objects + filter by object types/sources/subtypes 2023-05-04 16:35:56 +02:00			`# name_to_search = '98'`
			`# print(search_cves_by_name(name_to_search))`