added a way to pull exploit feed info from inthewild.io exploits feed

2022-04-06 02:08:19 -05:00 · 2022-04-06 02:08:19 -05:00 · b439d4fc60
commit b439d4fc60
parent bc06defa7c
11 changed files with 138 additions and 6 deletions
--- a/app/controllers/inthewild_cve_exploits_controller.rb
+++ b/app/controllers/inthewild_cve_exploits_controller.rb
@ -0,0 +1,10 @@
+class InthewildCveExploitsController < ApplicationController
+  def index
+    @cves = InthewildCveExploit.all
+  end
+
+  def show
+    @cve = InthewildCveExploit.find_by(:id => params[:cve_id])
+    render json: @poc.to_json
+  end
+end
--- a/app/models/inthewild_cve_exploit.rb
+++ b/app/models/inthewild_cve_exploit.rb
@ -0,0 +1,2 @@
+class InthewildCveExploit < ActiveRecord::Base
+end
--- a/app/views/inthewild_cve_exploits/index.html.erb
+++ b/app/views/inthewild_cve_exploits/index.html.erb
@ -0,0 +1,2 @@
+<h1>InthewildCveExploits#index</h1>
+
--- a/app/views/inthewild_cve_exploits/show.html.erb
+++ b/app/views/inthewild_cve_exploits/show.html.erb
@ -0,0 +1,2 @@
+<h1> @cves </h1>
+
--- a/config/routes.rb
+++ b/config/routes.rb
@ -10,4 +10,6 @@ Rails.application.routes.draw do
  get "/github_pocs", to: "github_pocs#index"
  get "/github_pocs/:id", to: "github_pocs#show"
  get "/github_pocs/cve/:cve_id", to: "github_pocs#show_for_cve"
+
+  get "inthewild/cve/:cve_id", to: "inthewild_exploitations#show"
 end
--- a/db/migrate/20220406064613_inthewild_cve_exploits.rb
+++ b/db/migrate/20220406064613_inthewild_cve_exploits.rb
@ -0,0 +1,8 @@
+class InthewildCveExploits < ActiveRecord::Migration[7.0]
+  def change
+    create_table :inthewild_cve_exploits do |t|
+      t.string :cve_id
+      t.date :earliest_report
+    end
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema[7.0].define(version: 2022_04_04_150811) do
+ActiveRecord::Schema[7.0].define(version: 2022_04_06_064613) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"

@ -39,4 +39,34 @@ ActiveRecord::Schema[7.0].define(version: 2022_04_04_150811) do
    t.index ["cve_id"], name: "index_cves_on_cve_id", unique: true
  end

+  create_table "github_pocs", force: :cascade do |t|
+    t.integer "github_poc_id"
+    t.string "cve_id", default: "None"
+    t.string "name"
+    t.string "full_name"
+    t.jsonb "owner"
+    t.string "html_url"
+    t.string "description"
+    t.boolean "fork"
+    t.date "created_at"
+    t.date "updated_at"
+    t.date "pushed_at"
+    t.integer "stargazers_count"
+    t.integer "watchers_count"
+    t.integer "forks_count"
+    t.boolean "allow_forking"
+    t.boolean "is_template"
+    t.string "topics", array: true
+    t.string "visibility"
+    t.integer "forks"
+    t.integer "watchers"
+    t.integer "score"
+    t.index ["github_poc_id"], name: "index_github_pocs_on_github_poc_id", unique: true
+  end
+
+  create_table "inthewild_cve_exploits", force: :cascade do |t|
+    t.string "cve_id"
+    t.date "earliest_report"
+  end
+
 end
--- a/db/seeds.rb
+++ b/db/seeds.rb
@ -8,8 +8,37 @@

 require '/data_importer/lib/cpe_importer.rb'
 require '/data_importer/lib/cve_list_importer.rb'
+require '/data_importer/lib/poc_in_github_importer.rb'
+require '/data_importer/lib/inthewild_cve_exploit_importer.rb'

-# this should get any new Cves and create them in the db
-CveListImporter.new.import
-# this should recreate CPE data
-CpeImporter.download_and_import
+def line_sep
+  puts '----------' * 12
+end
+
+def perform
+    import_cves
+    import_github_pocs
+    import_cpes
+end
+
+def import_cves
+    line_sep
+    CveListImporter.new.import
+end
+
+def import_cpes
+    line_sep
+    CpeImporter.download_and_import
+end
+
+def import_github_pocs
+    line_sep
+    PocInGithubImporter.new.import
+end
+
+def import_inthewild_cve_exploits
+    line_sep
+    InthewildCveExploitImporter.new.import
+end
+
+import_inthewild_cve_exploits
--- a/lib/cpe_importer.rb
+++ b/lib/cpe_importer.rb
@ -2,7 +2,6 @@

 require 'bulk_insert'
 require 'nokogiri'
-require 'net/http'

 # use this to import CPE data into postgres database
 class CpeImporter
--- a/lib/cve_list_importer.rb
+++ b/lib/cve_list_importer.rb
@ -72,6 +72,7 @@ class CveListImporter
      git_clone_repo
    end

+    puts "Now starting import for CveList."
    (1999..Date.today.year).map do |year|
      cves_from_json = cves_for_year(year)

--- a/lib/inthewild_cve_exploit_importer.rb
+++ b/lib/inthewild_cve_exploit_importer.rb
@ -0,0 +1,47 @@
+require 'bulk_insert'
+require 'json'
+
+class InthewildCveExploitImporter
+    attr_accessor :url
+    def initialize
+        @url = 'https://inthewild.io/api/exploited'
+    end
+
+    def get_exploit_feed
+        r = RestClient::Request.execute(
+            :method => :get,
+            :url => url,
+            :headers => {"Content-type": "application/json"}
+        )
+        if r.code == 200
+            JSON.parse(r.body)
+        else
+            puts "HTTP Code #{r.code}"
+        end
+    end
+
+    def cve_attrs_from_item(json)
+        cve_attrs = {}
+        cve_attrs[:cve_id] = json['id']
+        cve_attrs[:earliest_report] = json['earliestReport']
+        cve_attrs
+    end
+
+    def bulk_insert(cves)
+        InthewildCveExploit.bulk_insert do |worker|
+          cves.each do |attrs|
+            worker.add(attrs)
+          end
+        end
+    end
+
+    def import
+        feed = get_exploit_feed
+        puts "Now importing InthewildCveExploits."
+        cves = feed.map do |cve_entry|
+           cve_attrs_from_item(cve_entry)
+        end
+
+        bulk_insert(cves)
+    end
+end