概要
vulsが出力するjsonについて、pythonに取り込む。
やってみる
対話的に。
対話コンソール
>>> import json
>>> jsonData = json.load(open('finename.json','r'))
>>> len(jsonData["KnownCves"])
12
>>> len(jsonData["UnknownCves"])
5
>>>
>>> jsonData.keys()
[u'Container', u'IgnoredCves', u'Family', u'ScannedAt', u'KnownCves', u'Platform', u'Release', u'Optional', u'ServerName', u'UnknownCves']
>>>
>>> hoge = jsonData["KnownCves"][0]["CveDetail"]["Nvd"]
>>> for x in hoge.keys():
... print "%s: %s" % (x ,hoge[x])
...
CweID: CWE-20
PublishedDate: 2016-09-28T06:59:00.157-04:00
LastModifiedDate: 2016-11-28T15:04:33.89-05:00
AccessComplexity: LOW
Summary: buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
AvailabilityImpact: COMPLETE
Authentication: NONE
Score: 7.8
References: [{u'Source': u'CONFIRM', u'Link': u'http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html'}, {u'Source': u'CONFIRM', u'Link': u'http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html'}, {u'Source': u'CONFIRM', u'Link': u'http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html'}, {u'Source': u'BID', u'Link': u'http://www.securityfocus.com/bid/93188'}, {u'Source': u'CONFIRM', u'Link': u'https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107'}, {u'Source': u'CONFIRM', u'Link': u'https://kb.isc.org/article/AA-01419/0'}]
IntegrityImpact: NONE
ConfidentialityImpact: NONE
Cpes: None
AccessVector: NETWORK
>>> jsonData["KnownCves"][0]["Packages"][0]["Name"]
u'bind-libs'
>>>
日常的にjson弄っているpythonプログラマなら、簡単に操作できるんじゃないでしょうか。
- 私は違うので、なんだか無駄なfor文で色々取り出してます。
で、これがどうした?
vulsスキャン後の、results/currentに対して処理をするスクリプトを書く事で、ZabbixやPandoraFMSとの連携が可能かな。
- [NVD][Score]で集計したり、[Packages]で[KnownCves]の数を集計集計したり。
- Python使うかは分からないけど、PandoraFMS用のPluginとして、そのうちなんか出しますわ。
vulsのjson構造
だいたい、以下のような構造。
| 項目 | 型 | |||||
|---|---|---|---|---|---|---|
| ROOT | DICT | |||||
| Container | DICT | |||||
| ContainerID | Values | |||||
| Name | Values | |||||
| IgnoredCves | ||||||
| Family | Value | centos | ||||
| ScannedAt | Value | |||||
| KnownCves | DICT | |||||
| DistroAdvisories | Value | |||||
| CveDetail | DICT | |||||
| CveID | Value | CVE-2016-7032 | ||||
| Nvd | DICT | |||||
| CweID | Value | CWE-20 | ||||
| PublishedDate | Value | 2016-09-28T06:59:00.157-04:00 | ||||
| LastModifiedDate | Value | 2016-11-28T15:04:33.89-05:00 | ||||
| AccessComplexity | Value | LOW | ||||
| Summary | Value | buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x … | ||||
| AvailabilityImpact | Value | COMPLETE | ||||
| Authentication | Value | NONE | ||||
| Score | Value | 7.8 | ||||
| References | DICT | |||||
| Source | Value | CONFIRM | ||||
| Link | Value | http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html | ||||
| IntegrityImpact | Value | NONE | ||||
| ConfidentialityImpact | Value | NONE | ||||
| Cpes | Value | NONE | ||||
| AccessVector | Value | NETWORK | ||||
| Jvn | DICT | |||||
| JvnID | Value | JVNDB-2016-004926 | ||||
| Severity | Value | High | ||||
| Vector | Value | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | ||||
| Title | Value | ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性 | ||||
| LastModifiedDate | Value | 2016-09-29T16:42:00+09:00 | ||||
| PublishedDate | Value | 2016-09-29T16:42:00+09:00 | ||||
| Summary | Value | ISC BIND 9 には、サービス運用妨害 (DoS) の脆弱性が存在します。 | ||||
| Score | Value | 7.8 | ||||
| References | DICT | |||||
| Source | Value | JVN | ||||
| Link | Value | http://jvn.jp/cert/JVNVU90255292 | ||||
| JvnLink | Value | http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004926.html | ||||
| Cpes | Value | None | ||||
| Packages | DICT | |||||
| Name | Value | bind-libs | ||||
| Repository | Value | updates | ||||
| Version | Value | 9.8.2 | ||||
| NewRelease | Value | 0.47.rc1.el6_8.3 | ||||
| Release | Value | 0.47.rc1.el6 | ||||
| NewVersion | Value | 9.8.2 | ||||
| CpeNames | ||||||
| Platform | DICT | |||||
| InstanceID | Value | |||||
| Name | Value | other | ||||
| Release | Value | 6.8 | ||||
| Optional | ||||||
| ServerName | Value | vuls-server | ||||
| UnknownCves | DICT | 実質、KnownCvesと同じ。 | ||||
| DistroAdvisories | Value | |||||
| CveDetail | DICT | |||||
| CveID | Value | |||||
| Nvd | DICT | |||||
| CweID | Value | |||||
| PublishedDate | Value | |||||
| LastModifiedDate | Value | |||||
| AccessComplexity | Value | |||||
| Summary | Value | |||||
| AvailabilityImpact | Value | |||||
| Authentication | Value | |||||
| Score | Value | |||||
| References | Value | |||||
| IntegrityImpact | Value | |||||
| ConfidentialityImpact | Value | |||||
| Cpes | Value | |||||
| AccessVector | Value | |||||
| Jvn | DICT | |||||
| JvnID | Value | |||||
| Severity | Value | |||||
| Vector | Value | |||||
| Title | Value | |||||
| LastModifiedDate | Value | |||||
| PublishedDate | Value | |||||
| Summary | Value | |||||
| Score | Value | |||||
| References | Value | |||||
| JvnLink | Value | |||||
| Cpes | Value | |||||
| Packages | DICT | |||||
| Name | Value | |||||
| Repository | Value | |||||
| Version | Value | |||||
| NewRelease | Value | |||||
| Release | Value | |||||
| NewVersion | Value | |||||
| CpeNames |