UPDATED: NVD-NIST

Author: Ruskonert

nvdnist.py

@@ -85,6 +85,8 @@ def add_thread(self, thread):
 def workstation(sql, tablename, jsonElement):
         try:
             # PyMySQL has thread-safety while a per, So It needs to new connect.
+            # The variable name is very important.
+            # Because the python interpreter checks name and matchs each of the table columns.
             new_db = initialize(sql.user, sql.password, sql.host, sql.port)
             base = Nvdnist(new_db)
             base.use_database(sql.database)
@@ -98,17 +100,17 @@ def workstation(sql, tablename, jsonElement):
             data_format = str(jsonElement['data_format'])
             data_version = str(jsonElement['data_version'])
             cve_data_version = str(jsonElement['CVE_data_version'])
-            reference = ""
-            description = ""
+            reference_url = ""
+            description_value = ""
             problemtype = ""
 
             for r in base.find_key(jsonElement, r"reference_.+$"):
-                reference += jsonElement[r] + " | "
-            reference = reference[:-3]
+                reference_url += jsonElement[r] + " | "
+            reference_url = reference_url[:-3]
 
             for d in base.find_key(jsonElement, r"desc_(.+)"):
-                description += jsonElement[d] + " | "
-            description = description[:-3]
+                description_value += jsonElement[d] + " | "
+            description_value = description_value[:-3]
 
             for d in base.find_key(jsonElement, r"cwe_\d"):
                 problemtype += jsonElement[d] + " | "
@@ -137,7 +139,7 @@ def workstation(sql, tablename, jsonElement):
             baseMetricV3_vectorString = str(jsonElement.get('baseMetricV3.vectorString', ''))
             baseMetricV3_attackVector = str(jsonElement.get('baseMetricV3.attackVector', ''))
             baseMetricV3_attackComplexity = str(jsonElement.get('baseMetricV3.attackComplexity', ''))
-            baseMetricV3_privillegesRequired = str(jsonElement.get('baseMetricV3.privillegesRequired', ''))
+            baseMetricV3_privilegesRequired = str(jsonElement.get('baseMetricV3.privilegesRequired', ''))
             baseMetricV3_userInteraction = str(jsonElement.get('baseMetricV3.userInteraction', ''))
 
             baseMetricV3_scope = str(jsonElement.get('baseMetricV3.scope', ''))
@@ -153,35 +155,40 @@ def workstation(sql, tablename, jsonElement):
             lastModifiedDate = str(jsonElement.get('lastModifiedDate', ''))
 
             cpe_list = []
-            r = base.find_key(jsonElement, r"cpe_\d_vulnderable")
+            r = base.find_key(jsonElement, r"cpe_[0-9]+_vulnderable")
             if len(r) != 0:
                 for index, c in enumerate(r):
                     cpe_list.append(str(jsonElement[c]) + "||")
 
-                for index, c in enumerate(base.find_key(jsonElement, r"cpe_\d_cpe22uri")):
+                for index, c in enumerate(base.find_key(jsonElement, r"cpe_[0-9]+_cpe22uri")):
                     cpe_list[index] += (str(jsonElement[c])) + "||"
 
 
-                for index, c in enumerate(base.find_key(jsonElement, r"cpe_\d_cpe23uri")):
+                for index, c in enumerate(base.find_key(jsonElement, r"cpe_[0-9]+_cpe23uri")):
+                    cpe_list[index] += (str(jsonElement[c])) + "||"
+                
+                for index, c in enumerate(base.find_key(jsonElement, r"cpe_[0-9]+_number")):
                     cpe_list[index] += (str(jsonElement[c]))
 
             # each of affect data.
-            for index, c in enumerate(base.find_key(jsonElement, r"affect_\d")):
-                r = jsonElement[c].split('|')
-                affect_vendor_name = r[0]
-                affect_product_name = r[1]
-                affect_version_value = r[2]
+            for index, c in enumerate(base.find_key(jsonElement, r"affect_[0-9]+")):
+                r = jsonElement[c].split(' || ')
+                affects_vendor_name = r[0]
+                affects_product_name = r[1]
+                affects_version_value = r[2]
 
                 nodes_cpe_vulnerable = None
                 nodes_cpe_cpe22uri = None
                 nodes_cpe_cpe23uri = None
+                nodes_cpe = None
 
                 if len(cpe_list) != 0:
                     for c in cpe_list:
                         r = c.split('||')
                         nodes_cpe_vulnerable = r[0]
                         nodes_cpe_cpe22uri = r[1]
                         nodes_cpe_cpe23uri = r[2]
+                        nodes_cpe = r[3]
                         a = None
                         r = None
                         d = None
@@ -197,9 +204,11 @@ def workstation(sql, tablename, jsonElement):
                     execute(base, sql, tablename, v)
             base.disconnect()
         except KeyboardInterrupt:
+            sql._threadList.kill = True
             sys.exit(0)
 
         except SystemExit:
+            sql._threadList.kill = True
             sys.exit(0)
 
 def execute(base, sql, tablename, v):
@@ -226,9 +235,10 @@ def execute(base, sql, tablename, v):
 class Nvdnist(CVEDatabase):
     def __init__(self, mysql_base):
         super().__init__(mysql_base)
+        self._threadList = None
 
 
-    def export(self, export_path_name, export_type, tablename, option="ORDER BY ID"):
+    def export(self, export_path_name, export_type, tablename, option="ORDER BY ID, nodes_cpe"):
         return super().export(export_path_name, export_type, tablename, option)
 
     def load(self, obj):
@@ -358,13 +368,13 @@ def default_table_column(self):
         a6 = TableColumn("data_format", "VARCHAR(10)")
         a7 = TableColumn("data_version", "VARCHAR(5)")
 
-        a8 = TableColumn("affect_vendor_name", "TEXT")
-        aa8 = TableColumn("affect_product_name", "TEXT")
-        ab8 = TableColumn("affect_version_value", "TEXT")
+        a8 = TableColumn("affects_vendor_name", "TEXT")
+        aa8 = TableColumn("affects_product_name", "TEXT")
+        ab8 = TableColumn("affects_version_value", "TEXT")
 
         ac8 = TableColumn("problemtype", "VARCHAR(25)")
-        a9 = TableColumn("description", "TEXT")
-        a10 = TableColumn("reference", "TEXT")
+        a9 = TableColumn("description_value", "TEXT")
+        a10 = TableColumn("reference_url", "TEXT")
         a11 = TableColumn("cve_data_version", "VARCHAR(5)")
 
         cpe1 = TableColumn("nodes_operator", "VARCHAR(5)")
@@ -400,7 +410,7 @@ def default_table_column(self):
         a35 = TableColumn('baseMetricV3_impactScore', "VARCHAR(10)")
         a36 = TableColumn('baseMetricV3_attackVector', "VARCHAR(36)")
         a37 = TableColumn('baseMetricV3_attackComplexity', "VARCHAR(10)")
-        a38 = TableColumn('baseMetricV3_privillegesRequired', "VARCHAR(10)")
+        a38 = TableColumn('baseMetricV3_privilegesRequired', "VARCHAR(10)")
         aa38 = TableColumn('baseMetricV3_userInteraction', "VARCHAR(10)")
         a39 = TableColumn('baseMetricV3_baseSeverity', "VARCHAR(10)")
         a40 = TableColumn('baseMetricV3_scope', "VARCHAR(10)")
@@ -421,6 +431,7 @@ def find_key(self, element, pattern):
 
     def table_insert(self, tablename, jsonCollection):
         threadlist = ThreadList(thread_count)
+        self._threadList = threadlist
         print("Inserting value ...")
 
         # Singlethreading-based
@@ -558,7 +569,8 @@ def metadata(self, cve):
         cve_assigner = cve['CVE_data_meta']['ASSIGNER']
         return [cve_id, cve_assigner, cve_data_type, cve_data_format, cve_data_version]
 
-    def cve_configuration(self, nodes, ref=None):
+    def cve_configuration(self, nodes, ref=None, number=0, isChildren=False):
+        n = number
         node_list = None
         if ref is not None:
             node_list = ref
@@ -573,9 +585,9 @@ def cve_configuration(self, nodes, ref=None):
 
             if operator == 'AND':
                 try:
-                    self.cve_configuration(node['children'], node_list)
+                    self.cve_configuration(node['children'], node_list, n, True)
                 except KeyError:
-                    self.cve_configuration(node['cpe'], node_list)
+                    self.cve_configuration(node['cpe'], node_list, n, True)
 
             elif operator == 'OR':
                 keys = node.get('cpe', None)
@@ -584,36 +596,39 @@ def cve_configuration(self, nodes, ref=None):
                     if keys is None:
                         return
                 for cpe in keys:
+
                     chk = cpe.get('cpe', None)
                     if chk is not None:
                         cpe = chk[0]
+
                     vulnerable = cpe['vulnerable']
                     cpe22uri = cpe['cpe22Uri']
                     cpe23uri = cpe['cpe23Uri']
-                    node_list.append(CPENode(vulnerable, cpe22uri, cpe23uri))
+                    node_list.append(CPENode(vulnerable, cpe22uri, cpe23uri, n))
             else:
                 for node in nodes:
                     vulnerable = node['vulnerable']
                     cpe22uri = node['cpe22Uri']
                     cpe23uri = node['cpe23Uri']
-                    node_list.append(CPENode(vulnerable, cpe22uri, cpe23uri))
+                    node_list.append(CPENode(vulnerable, cpe22uri, cpe23uri, n))
+            n = n + 1
         return node_list
 
     def reference_data(self, references):
         reference_list = []
         for data in references['reference_data']:
             url = data['url']
-            name = data['name']
-            refsource = data['refsource']
-            reference_list.append(Reference(url, name, refsource))
+            #name = data['name']
+            #refsource = data['refsource']
+            reference_list.append(Reference(url))
         return reference_list
 
     def description_data(self, descriptions):
         description_list = []
         for data in descriptions['description_data']:
-            lang = data['lang']
+            # lang = data['lang']
             value = data['value']
-            description_list.append(DescriptionType(lang, value))
+            description_list.append(DescriptionType(value))
         return description_list
 
     def problemtype_data(self, cve_problemtype):
@@ -636,7 +651,7 @@ def affect_vendor_data(self, cve_affects):
                     product_name = product_info['product_name']
                     for version in product_info['version']['version_data']:
                         version_value = version
-                        product_flag.append(product_name + "|" + version_value.get('version_value', 'invaild')) 
+                        product_flag.append(product_name + " || " + version_value.get('version_value', 'invaild')) 
                 affect = Affect(vendor_name, product_flag)
                 vendor_list.append(affect)
             except:
@@ -700,12 +715,12 @@ def serialize(self, jsonDefault, o):
                     value.serialize(jsonDefault, o)
 
 class Metricv3(AbstractMetric):
-    def __init__(self, version, vectorString, attackVector, attackComplexity, privillegesRequired, userInteraction, scope, confidentialityImpact, integrityImpact, availabilityImpact, baseScore, baseSeverity, cvss):
+    def __init__(self, version, vectorString, attackVector, attackComplexity, privilegesRequired, userInteraction, scope, confidentialityImpact, integrityImpact, availabilityImpact, baseScore, baseSeverity, cvss):
         super().__init__(version, vectorString, confidentialityImpact, integrityImpact, availabilityImpact, baseScore, cvss)
         self.attackVector = attackVector
         self.attackComplexity = attackComplexity
         self.scope = scope
-        self.privillegesRequired = privillegesRequired
+        self.privilegesRequired = privilegesRequired
         self.userInteraction = userInteraction
         self.baseSeverity = baseSeverity
 
@@ -721,15 +736,17 @@ def serialize(self, jsonDefault, o):
 
 class CPENode:
     __dbcolumn__ = "cpe"
-    def __init__(self, vulnerable, cpe22uri, cpe23uri):
+    def __init__(self, vulnerable, cpe22uri, cpe23uri, cpe=-1):
         self.vulnerable =vulnerable
         self.cpe22uri = cpe22uri
         self.cpe23uri = cpe23uri
+        self.cpe = cpe
 
     def serialize(self, jsonDefault, o):
         jsonDefault["cpe_" + str(o) + "_vulnderable"] = self.vulnerable
         jsonDefault["cpe_" + str(o) + "_cpe22uri"] = self.cpe22uri
         jsonDefault["cpe_" + str(o) + "_cpe23uri"] = self.cpe23uri
+        jsonDefault["cpe_" + str(o) + "_number"] = self.cpe
 
 
 class Affect:
@@ -739,29 +756,27 @@ def __init__(self, vendor_name, product_flag):
 
     def serialize(self, jsonDefault, o):
         for index, flag in enumerate(self.product_flag):
-            jsonDefault['affect_{n}'.format(n=index)] = str(self.vendor_name + "|" + flag)
+            jsonDefault['affect_{n}'.format(n=index)] = str(self.vendor_name + " || " + flag)
 
 class DescriptionType:
     __dbcolumn__ = "Description"
-    def __init__(self, lang, value):
-        self.lang = lang
+    def __init__(self, value):
         self.value = value
 
     def serialize(self, jsonDefault, o):
-            jsonDefault["desc_" + str(id(self))] = self.lang + ", " + self.value
+            jsonDefault["desc_" + str(id(self))] = self.value
 
 class ProblemType(DescriptionType):
     def __init__(self, lang, value):
-        super().__init__(lang, value)
+        super().__init__(value)
+        self.lang = lang
 
     def serialize(self, jsonDefault, o):
         jsonDefault["cwe_" + str(id(self))] = self.lang + ", " + self.value
 
 class Reference:
-    def __init__(self, url, name, refsource):
+    def __init__(self, url):
         self.url = url
-        self.name = name
-        self.refsource = refsource
 
     def serialize(self, jsonDefault, o):
-            jsonDefault["reference_" + self.name] = self.url + ", " + self.refsource
+            jsonDefault["reference_" + id(self)] = self.url