diff --git a/tools/microsoft/bin/get_exploited_vulns_msft_bulletin.rb b/tools/microsoft/bin/get_exploited_vulns_msft_bulletin.rb index 1ec7ba0..8e7eaef 100755 --- a/tools/microsoft/bin/get_exploited_vulns_msft_bulletin.rb +++ b/tools/microsoft/bin/get_exploited_vulns_msft_bulletin.rb @@ -14,7 +14,7 @@ def do_export(bulletin_vulns, bulletin_id) puts "----" * 12 puts "Succesfully Exported to #{filename}:" puts "----" * 12 - puts pretty_vulns + puts bulletin_vulns puts "----" * 12 end @@ -24,38 +24,46 @@ OptionParser.new do |opts| opts.on("-id", "--id", "Bulletin ID") do |id| @options[:id] = id end - opts.on("-e", "--export", FalseClass, "Export bulletin info to json doc") do |export| - @options[:export] = export + opts.on("--export") do |export| + @options[:export] = export end - opts.on("-a", "--export-all", FalseClass, "Export bulletin info for all bulletin_ids into json docs.") do |export_all| + opts.on("--export-all") do |export_all| @options[:export_all] = export_all end end.parse! -# set vars from our cmdline args -bulletin_id = @options[:id] -export_on = @options[:export] -export_all = @options[:export_all] - api_client = MicrosoftCvrfClient.new -# this is broke as fuk: fix it with a case statement probably -if bulletin_id && export_on.nil? && export_all.nil? - exploited_vulns_for_bulletin = api_client.exploited_vulns_only(bulletin_id) +if (@options[:id] && !@options[:export] && !@options[:export_all]) + exploited_vulns_for_bulletin = api_client.exploited_vulns_only(@options[:id]) pretty_vulns = JSON.pretty_generate(exploited_vulns_for_bulletin) puts "----" * 12 puts pretty_vulns puts "----" * 12 -elsif bulletin_id && export_on - do_export(pretty_vulns, bulletin_id) -elsif bulletin_id.nil? && export_all +elsif (@options[:id] && @options[:export]) + exploited_vulns_for_bulletin = api_client.exploited_vulns_only(@options[:id]) + pretty_vulns = JSON.pretty_generate(exploited_vulns_for_bulletin) + do_export(pretty_vulns, @options[:id]) +elsif (@options[:export_all] && !@options[:id] && !@options[:export]) puts "Exporting All Bulletin Data:" api_client.ids.each do |bulletin_id| puts "----" * 12 puts "Now exporting #{bulletin_id}" puts "----" * 12 + # remove these in the next 3 months or put in something that acts based on + # Date.today.year + case bulletin_id + when '2022-Oct' + next + when '2022-Nov' + next + when '2022-Dec' + next + end vulns = api_client.exploited_vulns_only(bulletin_id) pretty_vulns = JSON.pretty_generate(vulns) do_export(pretty_vulns, bulletin_id) end end + +puts @options diff --git a/tools/microsoft/microsoft_cvrf_client.rb b/tools/microsoft/microsoft_cvrf_client.rb index 3e1889a..cac5b79 100755 --- a/tools/microsoft/microsoft_cvrf_client.rb +++ b/tools/microsoft/microsoft_cvrf_client.rb @@ -26,7 +26,7 @@ class MicrosoftCvrfClient attr_accessor :ids, :api_instance, :api_version, :api_key def initialize(api_instance = OpenapiClient::DefaultApi.new, api_version = 'api_version_example', api_key = 'api_key_example') - @ids = YEAR_RANGE.map { |y| MONTHS.map { |m| "#{y}-#{m}" } }.flatten + @ids = YEAR_RANGE.map { |y| MONTHS.map { |m| "#{y}-#{m}" } }.flatten.reject {|id| id == '2016-Feb' || id == '2016-Mar'} @api_instance = api_instance @api_version = api_version @api_key = api_key @@ -38,11 +38,16 @@ class MicrosoftCvrfClient puts "Exception when calling DefaultApi->cvrf_id_get: #{e}" end + # from 2019 on msft uses @remediations instead of @threats it seems + def get_remediation_str_for_vuln(vuln) + vuln.remediations.select { |t| t.type == 1 }.first.description.value + end + # THREAT STRING SPECIFIC METHODS # response from get_id() def cves_threat_strs(response) response.vulnerability.map do |vuln| - threat_str = get_threat_str_for_vuln(vuln) + threat_str = get_threat_str_for_vuln(vuln) || get_remediation_str_for_vuln(vuln) #see if this fixes 2019-Feb+ split_t_str_arr = split_threat_str(threat_str) hashed_t_str = threat_str_arr_to_hash(split_t_str_arr) vuln_hash = { :cve_id => vuln.cve, :exploitability_info => hashed_t_str }