bpmcdevitt/data_importer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add support for CNA info

Browse source
This commit is contained in:
Brendan McDevitt 2022-04-07 18:15:21 -05:00
parent 16ea868013
commit 7ca243b324
11 changed files with 133 additions and 43 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -11,6 +11,7 @@ Check the HTTP API section below for specific endpoints that can be queried via
## Supported data models: ## Supported data models:
- `Cve` data from [cve_list](https://github.com/CVEProject/cvelist) github repo. - `Cve` data from [cve_list](https://github.com/CVEProject/cvelist) github repo.
- `Cpe` data from [nvd](https://nvd.nist.gov/products/cpe) 2.2 format. - `Cpe` data from [nvd](https://nvd.nist.gov/products/cpe) 2.2 format.
- `Cna` data from [mitre](https://raw.githubusercontent.com/CVEProject/cve-website/dev/src/assets/data/CNAsList.json).
- `GithubPoc` data from [nomi-sec](https://github.com/nomi-sec/PoC-in-GitHub) github repo. - `GithubPoc` data from [nomi-sec](https://github.com/nomi-sec/PoC-in-GitHub) github repo.
- `InthewildCveExploit` data from [inthewild.io](https://inthewild.io/api/exploited) exploited feed. - `InthewildCveExploit` data from [inthewild.io](https://inthewild.io/api/exploited) exploited feed.
- `TrickestPocCve` data from [trickest](https://github.com/trickest/cve) github repo. - `TrickestPocCve` data from [trickest](https://github.com/trickest/cve) github repo.
@ -46,6 +47,13 @@ For now unauthenticated api over localhost:3000 until I put in some basic token
get "/cpes/:id", to: "cpes#show" get "/cpes/:id", to: "cpes#show"
``` ```
#### Cnas
```
get "/cnas", to: "cnas#index"
get "/cnas/:id", to: "cnas#show"
get "/cnas/cna/:cna_id", to: "cnas#show_for_cna"
```
#### GithubPocs #### GithubPocs
``` ```
get "/github_pocs", to: "github_pocs#index" get "/github_pocs", to: "github_pocs#index"

15
app/controllers/cnas_controller.rb Normal file
View file

@ -0,0 +1,15 @@
class CnasController < ApplicationController
def index
@cnas = Cna.all
end
def show
@cna = Cna.find(params[:id])
render json: @cna.to_json
end
def show_for_cna
@cna = Cna.find_by_cna_id(params[:cna_id])
render json: @cna.to_json
end
end

5
app/models/cna.rb Normal file
View file

@ -0,0 +1,5 @@
class Cna < ActiveRecord::Base
def self.find_by_cna_id(cna_id)
find_by(:cna_id => cna_id)
end
end

1
app/views/cnas/index.html.erb Normal file
View file

@ -0,0 +1 @@
<h1>Cnas#index</h1>

0
app/views/cnas/show.html.erb Normal file
View file

4
config/routes.rb
View file

@ -25,4 +25,8 @@ Rails.application.routes.draw do
get "/cvemon_cves/cve/:cve_id", to: "cvemon_cves#show_for_cve" get "/cvemon_cves/cve/:cve_id", to: "cvemon_cves#show_for_cve"
get "/cvemon_cves/years/:year", to: "cvemon_cves#show_year" get "/cvemon_cves/years/:year", to: "cvemon_cves#show_year"
get "/cnas", to: "cnas#index"
get "/cnas/:id", to: "cnas#show"
get "/cnas/cna/:cna_id", to: "cnas#show_for_cna"
end end

17
db/migrate/20220407223152_create_cnas.rb Normal file
View file

@ -0,0 +1,17 @@
class CreateCnas < ActiveRecord::Migration[7.0]
def change
create_table :cnas do |t|
t.string :short_name
t.string :cna_id
t.index :cna_id, unique: true
t.string :organization_name
t.string :scope
t.jsonb :contact
t.jsonb :disclosure_policy
t.jsonb :security_advisories
t.string :resources, array: true
t.jsonb :cna
t.string :country
end
end
end

16
db/schema.rb
View file

@ -10,10 +10,24 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema[7.0].define(version: 2022_04_07_083218) do ActiveRecord::Schema[7.0].define(version: 2022_04_07_223152) do
# These are extensions that must be enabled in order to support this database # These are extensions that must be enabled in order to support this database
enable_extension "plpgsql" enable_extension "plpgsql"
create_table "cnas", force: :cascade do |t|
t.string "short_name"
t.string "cna_id"
t.string "organization_name"
t.string "scope"
t.jsonb "contact"
t.jsonb "disclosure_policy"
t.jsonb "security_advisories"
t.string "resources", array: true
t.jsonb "cna"
t.string "country"
t.index ["cna_id"], name: "index_cnas_on_cna_id", unique: true
end
create_table "cpes", force: :cascade do |t| create_table "cpes", force: :cascade do |t|
t.string "status" t.string "status"
t.date "modification_date" t.date "modification_date"

7
db/seeds.rb
View file

@ -12,6 +12,7 @@ require '/data_importer/lib/poc_in_github_importer.rb'
require '/data_importer/lib/inthewild_cve_exploit_importer.rb' require '/data_importer/lib/inthewild_cve_exploit_importer.rb'
require '/data_importer/lib/trickest_poc_cve_importer.rb' require '/data_importer/lib/trickest_poc_cve_importer.rb'
require '/data_importer/lib/cvemon_cve_importer.rb' require '/data_importer/lib/cvemon_cve_importer.rb'
require '/data_importer/lib/cna_importer.rb'
def line_sep def line_sep
puts '----------' * 12 puts '----------' * 12
@ -24,6 +25,7 @@ def perform
import_inthewild_cve_exploits import_inthewild_cve_exploits
import_cvemon_cves import_cvemon_cves
import_cpes import_cpes
import_cnas
end end
def import_cves def import_cves
@ -56,4 +58,9 @@ def import_cvemon_cves
CvemonCveImporter.new.import CvemonCveImporter.new.import
end end
def import_cnas
line_sep
CnaImporter.new.import
end
perform perform

61
lib/cna_importer.rb Normal file
View file

@ -0,0 +1,61 @@
require 'json'
require 'rest-client'
require 'bulk_insert'
class CnaImporter
attr_accessor :url
def initialize
@url = 'https://raw.githubusercontent.com/CVEProject/cve-website/dev/src/assets/data/CNAsList.json'
end
def send_request_rest
RestClient::Request.execute(
method: :get,
url: url
)
end
def parse_res(response)
JSON.parse(response.body)
end
def get_json
res = send_request_rest
if res.code == 200
parse_res(res)
else
"HTTP Status: #{res.code}"
end
end
def json_to_hash(json)
data_hash = {}
data_hash[:short_name] = json['shortName']
data_hash[:cna_id] = json['cnaID']
data_hash[:organization_name] = json['organizationName']
data_hash[:scope] = json['scope']
data_hash[:contact] = json['contact']
data_hash[:disclosure_policy] = json['disclosurePolicy']
data_hash[:security_advisories] = json['securityAdvisories']
data_hash[:resources] = json['resources']
data_hash[:cna] = json['CNA']
data_hash[:country] = json['country']
data_hash
end
def bulk_insert(cves)
Cna.bulk_insert do |worker|
cves.each do |attrs|
worker.add(attrs)
end
end
end
def import
json = get_json
attrs = json.map {|j| json_to_hash(j) }
puts "Now importing CNAs."
bulk_insert(attrs)
end
end

42
lib/cna_security_advisories.rb
View file

@ -1,42 +0,0 @@
# outputs the list of CNA organizationNames and the securityAdvisory urls from the json file here:
# https://raw.githubusercontent.com/CVEProject/cve-website/dev/src/assets/data/CNAsList.json
require 'json'
require 'rest-client'
class CnaSecurityAdvisories
attr_accessor :url
def initialize
@url = 'https://raw.githubusercontent.com/CVEProject/cve-website/dev/src/assets/data/CNAsList.json'
end
def send_request_rest
RestClient::Request.execute(
method: :get,
url: url
)
end
def parse_res(response)
JSON.parse(response.body)
end
def get_json
res = send_request_rest
if res.code == 200
parse_res(res)
else
"HTTP Status: #{res.code}"
end
end
def perform
json = get_json
json.map do |d|
org_name = d.dig('organizationName')
security_advisories = d.dig('securityAdvisories')
security_advisory_urls = security_advisories.dig('advisories').map { |adv| adv.dig('url') }
{ orgName: org_name, security_advisories_urls: security_advisory_urls }
end
end
end