概要
vulsが出力するjsonについて、pythonに取り込む。
やってみる
対話的に。
対話コンソール
>>> import json
>>> jsonData = json.load(open('finename.json','r'))
>>> len(jsonData["KnownCves"])
12
>>> len(jsonData["UnknownCves"])
5
>>>
>>> jsonData.keys()
[u'Container', u'IgnoredCves', u'Family', u'ScannedAt', u'KnownCves', u'Platform', u'Release', u'Optional', u'ServerName', u'UnknownCves']
>>>
>>> hoge = jsonData["KnownCves"][0]["CveDetail"]["Nvd"]
>>> for x in hoge.keys():
... print "%s: %s" % (x ,hoge[x])
...
CweID: CWE-20
PublishedDate: 2016-09-28T06:59:00.157-04:00
LastModifiedDate: 2016-11-28T15:04:33.89-05:00
AccessComplexity: LOW
Summary: buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query.
AvailabilityImpact: COMPLETE
Authentication: NONE
Score: 7.8
References: [{u'Source': u'CONFIRM', u'Link': u'http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html'}, {u'Source': u'CONFIRM', u'Link': u'http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html'}, {u'Source': u'CONFIRM', u'Link': u'http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html'}, {u'Source': u'BID', u'Link': u'http://www.securityfocus.com/bid/93188'}, {u'Source': u'CONFIRM', u'Link': u'https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05321107'}, {u'Source': u'CONFIRM', u'Link': u'https://kb.isc.org/article/AA-01419/0'}]
IntegrityImpact: NONE
ConfidentialityImpact: NONE
Cpes: None
AccessVector: NETWORK
>>> jsonData["KnownCves"][0]["Packages"][0]["Name"]
u'bind-libs'
>>>
日常的にjson弄っているpythonプログラマなら、簡単に操作できるんじゃないでしょうか。
- 私は違うので、なんだか無駄なfor文で色々取り出してます。
で、これがどうした?
vulsスキャン後の、results/currentに対して処理をするスクリプトを書く事で、ZabbixやPandoraFMSとの連携が可能かな。
- [NVD][Score]で集計したり、[Packages]で[KnownCves]の数を集計集計したり。
- Python使うかは分からないけど、PandoraFMS用のPluginとして、そのうちなんか出しますわ。
vulsのjson構造
だいたい、以下のような構造。
項目 | 型 | |||||
---|---|---|---|---|---|---|
ROOT | DICT | |||||
Container | DICT | |||||
ContainerID | Values | |||||
Name | Values | |||||
IgnoredCves | ||||||
Family | Value | centos | ||||
ScannedAt | Value | |||||
KnownCves | DICT | |||||
DistroAdvisories | Value | |||||
CveDetail | DICT | |||||
CveID | Value | CVE-2016-7032 | ||||
Nvd | DICT | |||||
CweID | Value | CWE-20 | ||||
PublishedDate | Value | 2016-09-28T06:59:00.157-04:00 | ||||
LastModifiedDate | Value | 2016-11-28T15:04:33.89-05:00 | ||||
AccessComplexity | Value | LOW | ||||
Summary | Value | buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x … | ||||
AvailabilityImpact | Value | COMPLETE | ||||
Authentication | Value | NONE | ||||
Score | Value | 7.8 | ||||
References | DICT | |||||
Source | Value | CONFIRM | ||||
Link | Value | http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html | ||||
IntegrityImpact | Value | NONE | ||||
ConfidentialityImpact | Value | NONE | ||||
Cpes | Value | NONE | ||||
AccessVector | Value | NETWORK | ||||
Jvn | DICT | |||||
JvnID | Value | JVNDB-2016-004926 | ||||
Severity | Value | High | ||||
Vector | Value | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | ||||
Title | Value | ISC BIND 9 にサービス運用妨害 (DoS) の脆弱性 | ||||
LastModifiedDate | Value | 2016-09-29T16:42:00+09:00 | ||||
PublishedDate | Value | 2016-09-29T16:42:00+09:00 | ||||
Summary | Value | ISC BIND 9 には、サービス運用妨害 (DoS) の脆弱性が存在します。 | ||||
Score | Value | 7.8 | ||||
References | DICT | |||||
Source | Value | JVN | ||||
Link | Value | http://jvn.jp/cert/JVNVU90255292 | ||||
JvnLink | Value | http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004926.html | ||||
Cpes | Value | None | ||||
Packages | DICT | |||||
Name | Value | bind-libs | ||||
Repository | Value | updates | ||||
Version | Value | 9.8.2 | ||||
NewRelease | Value | 0.47.rc1.el6_8.3 | ||||
Release | Value | 0.47.rc1.el6 | ||||
NewVersion | Value | 9.8.2 | ||||
CpeNames | ||||||
Platform | DICT | |||||
InstanceID | Value | |||||
Name | Value | other | ||||
Release | Value | 6.8 | ||||
Optional | ||||||
ServerName | Value | vuls-server | ||||
UnknownCves | DICT | 実質、KnownCvesと同じ。 | ||||
DistroAdvisories | Value | |||||
CveDetail | DICT | |||||
CveID | Value | |||||
Nvd | DICT | |||||
CweID | Value | |||||
PublishedDate | Value | |||||
LastModifiedDate | Value | |||||
AccessComplexity | Value | |||||
Summary | Value | |||||
AvailabilityImpact | Value | |||||
Authentication | Value | |||||
Score | Value | |||||
References | Value | |||||
IntegrityImpact | Value | |||||
ConfidentialityImpact | Value | |||||
Cpes | Value | |||||
AccessVector | Value | |||||
Jvn | DICT | |||||
JvnID | Value | |||||
Severity | Value | |||||
Vector | Value | |||||
Title | Value | |||||
LastModifiedDate | Value | |||||
PublishedDate | Value | |||||
Summary | Value | |||||
Score | Value | |||||
References | Value | |||||
JvnLink | Value | |||||
Cpes | Value | |||||
Packages | DICT | |||||
Name | Value | |||||
Repository | Value | |||||
Version | Value | |||||
NewRelease | Value | |||||
Release | Value | |||||
NewVersion | Value | |||||
CpeNames |