From b398a5258e9a81dab74e20678acbda8928f15d96 Mon Sep 17 00:00:00 2001 From: kenna-bmcdevitt Date: Wed, 11 Sep 2024 13:56:52 -0500 Subject: [PATCH] added launchpad cve puller --- tools/launchpad_cve_puller/README.md | 136 +++++++++++++++++++++++ tools/launchpad_cve_puller/cve_puller.py | 104 +++++++++++++++++ 2 files changed, 240 insertions(+) create mode 100644 tools/launchpad_cve_puller/README.md create mode 100644 tools/launchpad_cve_puller/cve_puller.py diff --git a/tools/launchpad_cve_puller/README.md b/tools/launchpad_cve_puller/README.md new file mode 100644 index 0000000..fefa043 --- /dev/null +++ b/tools/launchpad_cve_puller/README.md @@ -0,0 +1,136 @@ +# Launchpad CVE Puller: +This program can be used to pull information for a CVE and all bugs/activity in Ubuntu's launchpad bug database. +There is a confluence page that showcases a little bit more: https://kennasecurity.atlassian.net/wiki/spaces/EN/pages/2428895235/Ubuntu+-+Launchpad+hacking + +### Example Usage: +Provide a CVE ID and the program will execute a query to launchpad for the CVE object. From this response it will parse the bugs_collection_link in the CVE object and will then send API queries for each bug id returned in the collection link. Each bug ID will then be used to query the activity for that bug. An example can be checked below. + +``` +bmcdev@BMCDEV-M-N4F3 launchpad_cve_puller % python3 cve_puller.py 'CVE-2015-8768' +connect: (api.launchpad.net, 443) +send: b'GET /1.0/ HTTP/1.1\r\nHost: api.launchpad.net\r\naccept: application/vnd.sun.wadl+xml\r\nuser-agent: lazr.restfulclient 0.14.4; oauth_consumer="just testing"\r\naccept-encoding: gzip, deflate\r\nif-none-match: "1762ac-5cfe85ab92a40-gzip"\r\nif-modified-since: Wed, 03 Nov 2021 20:35:45 GMT\r\nAuthorization: OAuth realm="OAuth", oauth_nonce="47903598616718557091636562636", oauth_timestamp="1636562636", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="just%20testing", oauth_token="", oauth_signature="%26"\r\n\r\n' +reply: 'HTTP/1.1 200 OK\r\n' +header: Date: Wed, 10 Nov 2021 16:43:57 GMT +header: Server: Apache +header: Content-Location: index.wadl +header: Vary: negotiate,accept,Accept-Encoding +header: TCN: choice +header: Last-Modified: Wed, 03 Nov 2021 20:35:45 GMT +header: ETag: "1762ac-5cfe85ab92a40-gzip" +header: Accept-Ranges: bytes +header: Content-Encoding: gzip +header: Transfer-Encoding: chunked +header: Content-Type: application/vnd.sun.wadl+xml +send: b'GET /1.0/ HTTP/1.1\r\nHost: api.launchpad.net\r\naccept: application/json\r\nuser-agent: lazr.restfulclient 0.14.4; oauth_consumer="just testing"\r\naccept-encoding: gzip, deflate\r\nif-none-match: "8bc-5cfe85ab92a40-gzip"\r\nif-modified-since: Wed, 03 Nov 2021 20:35:45 GMT\r\nAuthorization: OAuth realm="OAuth", oauth_nonce="99084209908414469401636562637", oauth_timestamp="1636562637", oauth_version="1.0", oauth_signature_method="PLAINTEXT", oauth_consumer_key="just%20testing", oauth_token="", oauth_signature="%26"\r\n\r\n' +reply: 'HTTP/1.1 200 OK\r\n' +header: Date: Wed, 10 Nov 2021 16:43:58 GMT +header: Server: Apache +header: Content-Location: index.json +header: Vary: negotiate,accept,Accept-Encoding +header: TCN: choice +header: Last-Modified: Wed, 03 Nov 2021 20:35:45 GMT +header: ETag: "8bc-5cfe85ab92a40-gzip" +header: Accept-Ranges: bytes +header: Content-Encoding: gzip +header: Content-Length: 420 +header: Content-Type: application/json +Now looking up CVE: CVE-2015-8768 +------------------------------------------------------------------------------------ +CVE JSON: { + "self_link": "https://api.launchpad.net/devel/bugs/cve/2015-8768", + "web_link": "https://bugs.launchpad.net/bugs/cve/2015-8768", + "resource_type_link": "https://api.launchpad.net/devel/#cve", + "sequence": "2015-8768", + "status": "Candidate", + "description": "click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone.", + "date_created": "2016-01-12T20:09:02.711616+00:00", + "date_modified": "2017-10-03T09:02:44.564029+00:00", + "bugs_collection_link": "https://api.launchpad.net/devel/bugs/cve/2015-8768/bugs", + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-8768", + "display_name": "CVE-2015-8768", + "title": "CVE-2015-8768 (Candidate)", + "http_etag": "\"3acf3f23b00798ecc308d3caa40d7187a1820651-10ec41981c2a6bb5d5f3acefe9424d7f33a43b19\"" +} +------------------------------------------------------------------------------------ +Bugs JSON: { + "start": 0, + "total_size": 1, + "entries": [ + { + "self_link": "https://api.launchpad.net/devel/bugs/1506467", + "web_link": "https://bugs.launchpad.net/bugs/1506467", + "resource_type_link": "https://api.launchpad.net/devel/#bug", + "id": 1506467, + "private": false, + "information_type": "Public Security", + "name": null, + "title": "click install does not ignore shipped files without leading './'", + "description": "The click install process does not filter out all illegitimate paths during the install process. For example, an app can ship '.click' in data.tar.gz which interferes with package installs. './.click/' is correctly filtered.", + "owner_link": "https://api.launchpad.net/devel/~jdstrand", + "bug_tasks_collection_link": "https://api.launchpad.net/devel/bugs/1506467/bug_tasks", + "duplicate_of_link": null, + "date_created": "2015-10-15T12:52:00.291948+00:00", + "activity_collection_link": "https://api.launchpad.net/devel/bugs/1506467/activity", + "subscriptions_collection_link": "https://api.launchpad.net/devel/bugs/1506467/subscriptions", + "date_last_updated": "2016-01-12T20:09:03.718917+00:00", + "who_made_private_link": null, + "date_made_private": null, + "heat": 260, + "bug_watches_collection_link": "https://api.launchpad.net/devel/bugs/1506467/bug_watches", + "cves_collection_link": "https://api.launchpad.net/devel/bugs/1506467/cves", + "duplicates_collection_link": "https://api.launchpad.net/devel/bugs/1506467/duplicates", + "attachments_collection_link": "https://api.launchpad.net/devel/bugs/1506467/attachments", + "security_related": true, + "latest_patch_uploaded": null, + "tags": [ + "hotfix" + ], + "date_last_message": "2016-01-12T20:09:02.711616+00:00", + "number_of_duplicates": 0, + "message_count": 5, + "users_affected_count": 1, + "users_unaffected_count": 0, + "users_affected_collection_link": "https://api.launchpad.net/devel/bugs/1506467/users_affected", + "users_unaffected_collection_link": "https://api.launchpad.net/devel/bugs/1506467/users_unaffected", + "users_affected_count_with_dupes": 1, + "other_users_affected_count_with_dupes": 1, + "users_affected_with_dupes_collection_link": "https://api.launchpad.net/devel/bugs/1506467/users_affected_with_dupes", + "messages_collection_link": "https://api.launchpad.net/devel/bugs/1506467/messages", + "linked_branches_collection_link": "https://api.launchpad.net/devel/bugs/1506467/linked_branches", + "linked_merge_proposals_collection_link": "https://api.launchpad.net/devel/bugs/1506467/linked_merge_proposals", + "http_etag": "\"a9cdde051b66f2580427b6bde558947906183adf-b5dbe97cceed31acf9787d76f5b506bb21212702\"" + } + ], + "resource_type_link": "https://api.launchpad.net/devel/#bug-page-resource" +------------------------------------------------------------------------------------ +Activity for bug_id 1506467: { + "start": 0, + "total_size": 35, + "entries": [ + { + "self_link": "https://api.launchpad.net/devel/bugs/1506467/activity", + "web_link": "https://bugs.launchpad.net/bugs/1506467/activity", + "resource_type_link": "https://api.launchpad.net/devel/#bug_activity", + "bug_link": "https://api.launchpad.net/devel/bugs/1506467", + "datechanged": "2015-10-15T12:52:00.291948+00:00", + "person_link": "https://api.launchpad.net/devel/~jdstrand", + "whatchanged": "bug", + "oldvalue": null, + "newvalue": null, + "message": "added bug", + "http_etag": "\"84b52aa2a611f243f9f72cb30bccc46924711668-c607ca46c77b9673130a54553f81fd2595304c96\"" + }, + { + "self_link": "https://api.launchpad.net/devel/bugs/1506467/activity", + "web_link": "https://bugs.launchpad.net/bugs/1506467/activity", + "resource_type_link": "https://api.launchpad.net/devel/#bug_activity", + "bug_link": "https://api.launchpad.net/devel/bugs/1506467", + "datechanged": "2015-10-15T12:52:20.335990+00:00", + "person_link": "https://api.launchpad.net/devel/~jdstrand", + "whatchanged": "bug", + "oldvalue": null, + "newvalue": null, + "message": "added subscriber Colin Watson", + "http_etag": "\"7561b6fcc937991c079216eb5dd7dcf8efe0d7c9-c607ca46c77b9673130a54553f81fd2595304c96\"" + }, +``` diff --git a/tools/launchpad_cve_puller/cve_puller.py b/tools/launchpad_cve_puller/cve_puller.py new file mode 100644 index 0000000..e236303 --- /dev/null +++ b/tools/launchpad_cve_puller/cve_puller.py @@ -0,0 +1,104 @@ +from launchpadlib.launchpad import Launchpad +import requests +import json +import sys + +# for http logging support: +import httplib2 +httplib2.debuglevel = 1 + + +class CvePuller: + def __init__(self): + self.cachedir = './launchpadlib/cachedir' + self.url = 'https://api.launchpad.net/devel' + self.launchpad = self.login() + + def login(self): + return Launchpad.login_anonymously('just testing', 'production', self.cachedir) + + def cves(self): + return self.launchpad.cves + + def cve(self, sequence_id): + r = requests.get( + '{}/bugs/cve/{}'.format(self.url, sequence_id)) + if r.status_code == 200: + return r.json() + else: + print("HTTP Code: {}".format(r.status_code)) + + def bug_from_cve(self, sequence_id): + try: + cve_json = self.cve(sequence_id) + bug_link = cve_json['bugs_collection_link'] + return self.get_bug(bug_link) + except: + return 'Error occured while retrieving bug. Check HTTP status code for further information.' + + def activity_from_bug(self, bug_id): + r = requests.get('{}/bugs/{}/activity'.format(self.url, bug_id)) + if r.status_code == 200: + return r.json() + else: + print("HTTP Code: {}".format(r.status_code)) + + def get_bug(self, bug_collection_link): + r = requests.get(bug_collection_link) + if r.status_code == 200: + return r.json() + else: + print("HTTP Code: {}".format(r.status_code)) + + def bugs_with_cves(self): + return self.launchpad.bugs.searchTasks(has_cve=True) + + def iterate_cve_bugs(self, num): + bugs = [] + for bug in self.bugs_with_cves()[0:num]: + bug_obj = bug.bug + bugs.append(bug_obj) + + return bugs + + def cve_id_to_seq_id(self, cve_id): + return cve_id[4:] + + +def json_pp(data): + return json.dumps(data, indent=4) + +puller = CvePuller() + +cve_id = sys.argv[1] +sequence_id = puller.cve_id_to_seq_id(cve_id) + +cve_json = puller.cve(sequence_id) +cve_json_pp = json_pp(cve_json) + +bug_from_cve_json = puller.bug_from_cve(sequence_id) +bug_from_cve_json_pp = json_pp(bug_from_cve_json) + +bug_ids = [] + +for entry in bug_from_cve_json['entries']: + id = entry['id'] + bug_ids.append(id) + +activity_results = [] + +for bug_id in bug_ids: + activity = puller.activity_from_bug(bug_id) + activity_pp = json_pp(activity) + +print('Now looking up CVE: {}'.format(cve_id)) +print('-------' * 12) +print('CVE JSON: {}'.format(cve_json_pp)) +print('-------' * 12) +print('Bugs JSON: {}'.format(bug_from_cve_json_pp)) +print('-------' * 12) + +for bug_id in bug_ids: + activity = puller.activity_from_bug(bug_id) + activity_pp = json_pp(activity) + print('Activity for bug_id {}: {}'.format(bug_id, activity_pp))