概要
vulsが出力するjsonについて、pythonに取り込む。
やってみる
対話的に。
>>> import json
>>> jsonData = json.load(open('finename.json','r'))
>>> len(jsonData["KnownCves"])
12
>>> len(jsonData["UnknownCves"])
5
>>>
>>> jsonData.keys()
[u'Container', u'IgnoredCves', u'Family', u'ScannedAt', u'KnownCves', u'Platform', u'Release', u'Optional', u'ServerName', u'UnknownCves']
>>>
>>> hoge = jsonData["KnownCves"][0]["CveDetail"]["Nvd"]
>>> for x in hoge.keys():
... print "%s: %s" % (x ,hoge[x])
...
CweID: CWE-20
PublishedDate: 2016-09-28T06:59:00.157-04:00
LastModifiedDate: 2016-11-28T15:04:33.89-05:00
AccessComplexity: LOW
Summary: buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
AvailabilityImpact: COMPLETE
Authentication: NONE
Score: 7.8
References: [{u'Source': u'CONFIRM', u'Link': u'http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html'}, {u'Source': u'CONFIRM', u'Link': u'http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html'}, {u'Source': u'CONFIRM', u'Link': u'http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html'}, {u'Source': u'BID', u'Link': u'http://www.securityfocus.com/bid/93188'}, {u'Source': u'CONFIRM', u'Link': u'https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107'}, {u'Source': u'CONFIRM', u'Link': u'https://kb.isc.org/article/AA-01419/0'}]
IntegrityImpact: NONE
ConfidentialityImpact: NONE
Cpes: None
AccessVector: NETWORK
>>> jsonData["KnownCves"][0]["Packages"][0]["Name"]
u'bind-libs'
>>>
日常的にjson弄っているpythonプログラマなら、簡単に操作できるんじゃないでしょうか。
- 私は違うので、なんだか無駄なfor文で色々取り出してます。
で、これがどうした?
vulsスキャン後の、results/currentに対して処理をするスクリプトを書く事で、ZabbixやPandoraFMSとの連携が可能かな。
- [NVD][Score]で集計したり、[Packages]で[KnownCves]の数を集計集計したり。
- Python使うかは分からないけど、PandoraFMS用のPluginとして、そのうちなんか出しますわ。
vulsのjson構造
だいたい、以下のような構造。
項目| | | | |型| |
:----|:----|:---- |:---- |:---- |:---- |:----|:----
ROOT| | | | |DICT | |
|Container| | | | |DICT|
| |ContainerID| | | |Values|
| |Name| | | |Values|
|IgnoredCves| | | | | |
|Family| | | | |Value|centos
|ScannedAt| | | | |Value|
|KnownCves| | | | |DICT|
| |DistroAdvisories| | | |Value|
| |CveDetail| | | |DICT|
| | |CveID| | |Value|CVE-2016-7032
| | |Nvd| | |DICT|
| | | |CweID| |Value|CWE-20
| | | |PublishedDate| |Value|2016-09-28T06:59:00.157-04:00
| | | |LastModifiedDate| |Value|2016-11-28T15:04:33.89-05:00
| | | |AccessComplexity| |Value|LOW
| | | |Summary| |Value|buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x …
| | | |AvailabilityImpact| |Value|COMPLETE
| | | |Authentication| |Value|NONE
| | | |Score| |Value|7.8
| | | |References| |DICT|
| | | | |Source|Value|CONFIRM
| | | | |Link|Value|http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
| | | |IntegrityImpact| |Value|NONE
| | | |ConfidentialityImpact| |Value|NONE
| | | |Cpes| |Value|NONE
| | | |AccessVector| |Value|NETWORK
| | |Jvn| | |DICT|
| | | |JvnID| |Value|JVNDB-2016-004926
| | | |Severity| |Value|High
| | | |Vector| |Value|(AV:N/AC:L/Au:N/C:N/I:N/A:C)
| | | |Title| |Value|ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性
| | | |LastModifiedDate| |Value|2016-09-29T16:42:00+09:00
| | | |PublishedDate| |Value|2016-09-29T16:42:00+09:00
| | | |Summary| |Value|ISC BIND 9 には、サービス運用妨害 (DoS) の脆弱性が存在します。
| | | |Score| |Value|7.8
| | | |References| |DICT|
| | | | |Source|Value|JVN
| | | | |Link|Value|http://jvn.jp/cert/JVNVU90255292
| | | |JvnLink| |Value|http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004926.html
| | | |Cpes| |Value|None
| |Packages| | | |DICT|
| | |Name| | |Value|bind-libs
| | |Repository| | |Value|updates
| | |Version| | |Value|9.8.2
| | |NewRelease| | |Value|0.47.rc1.el6_8.3
| | |Release| | |Value|0.47.rc1.el6
| | |NewVersion| | |Value|9.8.2
| |CpeNames| | | | |
|Platform| | | | |DICT|
| |InstanceID| | | |Value|
| |Name| | | |Value|other
|Release| | | | |Value|6.8
|Optional| | | | | |
|ServerName| | | | |Value|vuls-server
|UnknownCves| | | | |DICT|実質、KnownCvesと同じ。
| |DistroAdvisories| | | |Value|
| |CveDetail| | | |DICT|
| | |CveID| | |Value|
| | |Nvd| | |DICT|
| | | |CweID| |Value|
| | | |PublishedDate| |Value|
| | | |LastModifiedDate| |Value|
| | | |AccessComplexity| |Value|
| | | |Summary| |Value|
| | | |AvailabilityImpact| |Value|
| | | |Authentication| |Value|
| | | |Score| |Value|
| | | |References| |Value|
| | | |IntegrityImpact| |Value|
| | | |ConfidentialityImpact| |Value|
| | | |Cpes| |Value|
| | | |AccessVector| |Value|
| | |Jvn| | |DICT|
| | | |JvnID| |Value|
| | | |Severity| |Value|
| | | |Vector| |Value|
| | | |Title| |Value|
| | | |LastModifiedDate| |Value|
| | | |PublishedDate| |Value|
| | | |Summary| |Value|
| | | |Score| |Value|
| | | |References| |Value|
| | | |JvnLink| |Value|
| | | |Cpes| |Value|
| |Packages| | | |DICT|
| | |Name| | |Value|
| | |Repository| | |Value|
| | |Version| | |Value|
| | |NewRelease| | |Value|
| | |Release| | |Value|
| | |NewVersion| | |Value|
| |CpeNames| | | | |