Skip to content

Commit

Permalink
Merge pull request #230 from cloudsecurityalliance/nvd_2.0_api
Browse files Browse the repository at this point in the history 
Migrate to NVD 2.0 API
  • Loading branch information
@joshbressers
joshbressers authored Dec 13, 2023
2 parents f38d410 + fefcd51 commit f533dec
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 12 deletions.
19 changes: 10 additions & 9 deletions securitylist/src/securitylist/NVD.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import requests
import datetime
import time
import json

class UnexpectedResults(Exception):
pass
Expand All @@ -14,7 +15,7 @@ def __init__(self):
self.now = datetime.datetime.utcnow()
self.total = 0
self.index = 0
self.nvd_url = "https://services.nvd.nist.gov/rest/json/cves/1.0"
self.nvd_url = "https://services.nvd.nist.gov/rest/json/cves/2.0"
self.payload = {}
self.last_update = self.now

Expand All @@ -28,8 +29,8 @@ def __get_time__(self, ts):
mi = ts.minute
s = ts.second

return f"{y}-{m:02}-{d:02}T{h:02}:{mi:02}:{s:02}:000 UTC-00:00"
#return f"{y}-{m:02}-{d:02}T{h:02}:{mi:02}:{s:02}:000+00:00"
return f"{y}-{m:02}-{d:02}T{h:02}:{mi:02}:{s:02}.000"
#return f"{y}-{m:02}-{d:02}T{h:02}:{mi:02}:{s:02}.000"

def get_end_time_str(self):

Expand All @@ -42,12 +43,12 @@ def get_end_time_str(self):
mi = ts.minute
s = ts.second

return f"{y}-{m:02}-{d:02}T{h:02}:{mi:02}:{s:02}:000"
return f"{y}-{m:02}-{d:02}T{h:02}:{mi:02}:{s:02}.000"

def get_range(self, start, end):

if start is None:
self.start_time = datetime.datetime.fromisoformat("1990-01-01T00:00:00:000")
self.start_time = datetime.datetime.fromisoformat("1990-01-01T00:00:00.000")
else:
self.start_time = datetime.datetime.fromisoformat(start)

Expand Down Expand Up @@ -82,8 +83,8 @@ def get_page(self, page):
self.payload = {
"startIndex": self.index,
"resultsPerPage": 500,
"modStartDate": self.__get_time__(self.start_time),
"modEndDate": self.__get_time__(self.end_time)
"lastModStartDate": self.__get_time__(self.start_time),
"lastModEndDate": self.__get_time__(self.end_time)
}

response = requests.get(self.nvd_url, params=self.payload)
Expand All @@ -100,13 +101,13 @@ def __next__(self):
if self.iter_n == self.total:
raise StopIteration

if self.iter_current == len(self.data["result"]["CVE_Items"]):
if self.iter_current == len(self.data["vulnerabilities"]):
# Time to paginate
self.iter_current = 0
self.page = self.page + 1
self.get_page(self.page)

to_return = self.data["result"]["CVE_Items"][self.iter_current]
to_return = self.data["vulnerabilities"][self.iter_current]
self.iter_n = self.iter_n + 1
self.iter_current = self.iter_current + 1
return to_return
4 changes: 2 additions & 2 deletions securitylist/src/tests/test_nvd.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@ def json(self):
def raise_for_status(self):
pass

if args[0] == 'https://services.nvd.nist.gov/rest/json/cve/1.0/CVE-1000-0001':
if args[0] == 'https://services.nvd.nist.gov/rest/json/cve/2.0/CVE-1000-0001':
return MockResponse(200)
elif args[0] == 'https://services.nvd.nist.gov/rest/json/cve/1.0/CVE-1000-0002':
elif args[0] == 'https://services.nvd.nist.gov/rest/json/cve/2.0/CVE-1000-0002':
return MockResponse(200)

return MockResponse(404)
Expand Down
2 changes: 1 addition & 1 deletion securitylist/src/update_nvd.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ def main():
print("Getting %d IDs" % nvd.total)

for i in nvd:
the_id = i['cve']['CVE_data_meta']['ID']
the_id = i['cve']['id']
# We need to put these in the NVD namespace
c = securitylist.CVE(the_id)
c.add_data('nvd.nist.gov', i)
Expand Down

0 comments on commit f533dec

Please sign in to comment.