reorganize directory structure

2020-10-28 23:43:06 -05:00 · 2020-10-28 23:43:06 -05:00 · 04ce52f2cf
commit 04ce52f2cf
parent 588ffa593b
49 changed files with 0 additions and 1311053 deletions
--- a/security_tools/kenna_kdi_importer/asset.json
+++ b/security_tools/kenna_kdi_importer/asset.json
--- a/security_tools/kenna_kdi_importer/asset_generator.rb
+++ b/security_tools/kenna_kdi_importer/asset_generator.rb
--- a/security_tools/kenna_kdi_importer/cve_report.rb
+++ b/security_tools/kenna_kdi_importer/cve_report.rb
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2002.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2002.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2003.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2003.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2004.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2004.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2005.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2005.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2006.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2006.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2007.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2007.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2008.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2008.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2009.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2009.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2010.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2010.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2011.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2011.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2012.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2012.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2013.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2013.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2014.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2014.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2015.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2015.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2016.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2016.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2017.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2017.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2018.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2018.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2019.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-2019.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-modified.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-modified.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-recent.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.0-recent.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.1-2020.json.gz
+++ b/security_tools/kenna_kdi_importer/data/cve/nvdcve-1.1-2020.json.gz
--- a/security_tools/kenna_kdi_importer/data/cve_ids.json
+++ b/security_tools/kenna_kdi_importer/data/cve_ids.json
--- a/security_tools/kenna_kdi_importer/data/samples/100_assets_100_vulns_each_kdi.json
+++ b/security_tools/kenna_kdi_importer/data/samples/100_assets_100_vulns_each_kdi.json
--- a/security_tools/kenna_kdi_importer/data/samples/1_asset_1_vuln.json
+++ b/security_tools/kenna_kdi_importer/data/samples/1_asset_1_vuln.json
--- a/security_tools/kenna_kdi_importer/data/samples/1k_assets_with_50v_each.json
+++ b/security_tools/kenna_kdi_importer/data/samples/1k_assets_with_50v_each.json
--- a/security_tools/kenna_kdi_importer/data/samples/2_asset_2_vulns.json
+++ b/security_tools/kenna_kdi_importer/data/samples/2_asset_2_vulns.json
--- a/security_tools/kenna_kdi_importer/data/samples/3_asset_3_vulns.json
+++ b/security_tools/kenna_kdi_importer/data/samples/3_asset_3_vulns.json
--- a/security_tools/kenna_kdi_importer/data/samples/sample_multiple_vuln_sample_vulndef.json
+++ b/security_tools/kenna_kdi_importer/data/samples/sample_multiple_vuln_sample_vulndef.json
--- a/security_tools/kenna_kdi_importer/generate_cve_ids.rb
+++ b/security_tools/kenna_kdi_importer/generate_cve_ids.rb
--- a/security_tools/kenna_kdi_importer/kdi_file.json
+++ b/security_tools/kenna_kdi_importer/kdi_file.json
--- a/security_tools/kenna_kdi_importer/kdi_file_100_assets.json
+++ b/security_tools/kenna_kdi_importer/kdi_file_100_assets.json
--- a/security_tools/kenna_kdi_importer/kdi_format.rb
+++ b/security_tools/kenna_kdi_importer/kdi_format.rb
--- a/security_tools/kenna_kdi_importer/kenna_kdi_importer.rb
+++ b/security_tools/kenna_kdi_importer/kenna_kdi_importer.rb
--- a/security_tools/kenna_kdi_importer/sample_asset_with_tags_kdi.json
+++ b/security_tools/kenna_kdi_importer/sample_asset_with_tags_kdi.json
--- a/security_tools/kenna_kdi_importer/subdomain_generator.rb
+++ b/security_tools/kenna_kdi_importer/subdomain_generator.rb
--- a/security_tools/kenna_kdi_importer/vuln_generator.rb
+++ b/security_tools/kenna_kdi_importer/vuln_generator.rb
--- a/security_tools/microsoft_tools/microsoft_kb_auditer/microsoft_cve_audit.rb
+++ b/security_tools/microsoft_tools/microsoft_kb_auditer/microsoft_cve_audit.rb
--- a/security_tools/microsoft_tools/microsoft_kb_auditer/microsoft_kb_checker.rb
+++ b/security_tools/microsoft_tools/microsoft_kb_auditer/microsoft_kb_checker.rb
--- a/security_tools/redhat_oval_definition_parser/oval_stream_data_parser.rb
+++ b/security_tools/redhat_oval_definition_parser/oval_stream_data_parser.rb
@ -1,64 +0,0 @@
-# frozen_string_literal: true
-
-require 'json'
-require 'rest-client'
-
-class OvalStreamDataParser
-  attr_accessor :index_data, :api_url
-
-  def initialize
-    @api_url = 'https://access.redhat.com/hydra/rest/securitydata/oval'
-    @index_data = refresh_index
-  end
-
-  def refresh_index
-    response = RestClient::Request.execute(
-      method: :get,
-      url: "#{api_url}/ovalstreams.json",
-      content_type: 'application/json'
-    )
-    if response.code == 200
-      parse_index(response)
-    else
-      puts "Error: HTTP Response code #{response.code} received."
-    end
-  end
-
-  def parse_index(response)
-    JSON.parse(response.body)
-  end
-
-  def list_stream_names
-    index_data.map do |entry|
-      entry['stream']
-    end.sort
-  end
-
-  def list_stream_urls
-    index_data.map do |entry|
-      entry['resourceUrl']
-    end.sort
-  end
-
-  def list_stream_labels
-    index_data.map do |entry|
-      entry['label']
-    end.sort
-  end
-
-  def select_stream_by_label(label)
-    index_data.select { |json| json['label'] == label }
-  end
-
-  def verify_shasum
-    # method that will check the sha256sum of a downloaded file from resourceUrl and ensure they match
-    # step 1:
-    # get original shasum
-    # step 2:
-    # download file
-    # step 3:
-    # run sha256sum against file download
-    # step 4:
-    # run == logic against both sums and return true/false
-  end
-end
--- a/security_tools/redhat_oval_definition_parser/ovalstreams.json
+++ b/security_tools/redhat_oval_definition_parser/ovalstreams.json
--- a/security_tools/redhat_oval_definition_parser/refresh_data_xml.sh
+++ b/security_tools/redhat_oval_definition_parser/refresh_data_xml.sh
@ -1,5 +0,0 @@
-#!/usr/bin/env bash
-# do a fresh pull of the data
-# the class should also do this when initialized but if you want a seperate script to run quick just to pull you can use this 
-
-wget https://access.redhat.com/hydra/rest/securitydata/oval/ovalstreams.json
--- a/security_tools/rpm_to_cve_parser/rhel_rpm_to_cve.rb
+++ b/security_tools/rpm_to_cve_parser/rhel_rpm_to_cve.rb
@ -1,50 +0,0 @@
-require 'ox'
-
-class RhelRpmToCve
-  # filepath == /path/to/rpm-to-cve.xml
-  attr_accessor :filepath, :file, :xml
-  
-  def initialize(filepath)
-    @filepath = filepath
-    @file = File.read(filepath)
-    @xml = Ox.parse(file)
-  end
-
-  def list_pkg_names
-    xml.rpms.locate("?/@rpm")
-  end
-
-  def pkg_exists?(pkg_name)
-    list_pkg_names.include? pkg_name
-  end
-
-  def cves_per_pkg_name(pkg_name)
-    if pkg_exists? pkg_name
-      results = find_pkg(pkg_name).locate('*/cve').map do |r|
-        r.text
-      end.compact
-
-      cves = results.map {|cve| cve}
-
-      { 
-        :rhel_package_name => pkg_name,
-        :cves => cves,
-        :cve_count => cves.count
-      }
-    else
-      'Package not found.'
-    end
-  end
-
-  def find_pkg(pkg_name)
-    xml.rpms.locate("rpm[@rpm=#{pkg_name}]").first
-  end
-
-  def convert_to_json
-    pkgs = list_pkg_names
-    pkgs_and_cves = pkgs.map do |pkg_name|
-      cves_per_pkg_name(pkg_name)
-    end
-    pkgs_and_cves.to_json
-  end
-end
--- a/security_tools/rpm_to_cve_parser/rpm-to-cve.xml
+++ b/security_tools/rpm_to_cve_parser/rpm-to-cve.xml
--- a/security_tools/rpm_to_cve_parser/rpm_pkg_audit.rb
+++ b/security_tools/rpm_to_cve_parser/rpm_pkg_audit.rb
@ -1,32 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require 'optparse'
-require 'json'
-require './rhel_rpm_to_cve'
-
-data_file = './rpm-to-cve.xml'
-
-options = {}
-
-parser = OptionParser.new do |parser|
-  parser.banner = 'Usage: rpm_pkg_audit.rb [options]'
-  parser.on('-p', '--pkg PKGNAME', 'The pkg name you want to audit.') do |pkg|
-    options[:pkg] = pkg
-  end
-  parser.on('-l', '--list', 'List packages in the XML datafile.') do |list|
-    options[:list] = list
-  end
-end
-
-parser.parse!
-
-pkg_name = options[:pkg]
-rpm_auditer = RhelRpmToCve.new(data_file)
-
-if pkg_name
-  json = rpm_auditer.cves_per_pkg_name(pkg_name).to_json
-  puts JSON.pretty_generate(JSON.parse(json))
-else options.key?(:list)
-  puts rpm_auditer.list_pkg_names.sort
-end
--- a/security_tools/rpm_to_cve_parser/sax_parser.rb
+++ b/security_tools/rpm_to_cve_parser/sax_parser.rb
@ -1,36 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'ox'
-
-class SaxParser < Ox::Sax
-
-  def initialize
-    @elements = []
-  end
-
-  def start_element(name)
-    #puts "start: #{name}"
-  end
-
-  def current_element
-    @elements.last
-  end
-
-  def end_element(name)
-    #puts "end: #{name}"
-  end
-
-  def attr(name, value)
-    #puts "  #{name} => #{value}"
-  end
-
-  def text(value)
-    #puts "text: #{value}"
-  end
-
-end
-
-file = File.read('./rpm-to-cve.xml')
-handler = SaxParser.new()
-
-Ox.sax_parse(handler, file)
--- a/security_tools/rpm_to_cve_parser/update_rpms_to_cve_xml.sh
+++ b/security_tools/rpm_to_cve_parser/update_rpms_to_cve_xml.sh
@ -1,4 +0,0 @@
-#!/usr/bin/env bash
-# refresh the latest rpm to cve xml mapping file from redhat security page
-
-wget https://www.redhat.com/security/data/metrics/rpm-to-cve.xml .