-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcve-hunter.py
58 lines (53 loc) · 2.03 KB
/
cve-hunter.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/usr/bin/env python3
import argparse
import npm_handler
import python_handler
from prettytable import PrettyTable
import osv_api
ECOSYSTEM = "ECOSYSTEM"
SEMVER = "SEMVER"
"""
function to set up the arguments the program gets
"""
def setup_args():
parser = argparse.ArgumentParser(description='Find CVEs in project dependencies')
group = parser.add_mutually_exclusive_group(required=True)
group.add_argument('-r', '--requirements', type=str, help='Path to requirements.txt file')
group.add_argument('-p', '--package', type=str, help='Path to package.json file')
return parser.parse_args()
"""
the function takes the dependencies
and uses the get_vulns() fucntion to get cve data
to print a table of the data collected
"""
def print_table(deps):
table = PrettyTable(['Dependency Name', 'Current Dependency Version', 'CVE ID', 'Fix version'])
for dependency in deps:
try:
json = osv_api.get_vulns(dependency, deps[dependency])
except:
print("There was an issue accessing the API")
print("Response status code:", json)
break
if len(json):
for vul in json['vulns']:# for each vulnerability
cve_id = vul['aliases'][0] if 'aliases' in vul.keys() else vul['id'] #if no CVEID get ID
fix_version = "None"
#find fix version
for r in vul['affected'][0]['ranges']:
if r['type'] == ECOSYSTEM or r['type'] == SEMVER:
for event in r['events']:
if 'fixed' in event.keys():
fix_version = event['fixed']
table.add_row([dependency, deps[dependency], cve_id, fix_version])
print(table)
if __name__ == "__main__":
args = setup_args()
try:
if args.requirements:
deps = python_handler.get_dependencies(args.requirements)
elif args.package:
deps = npm_handler.get_dependencies(args.package)
print_table(deps)
except:
pass