Implemented CVE retrieval mechanism

2026-04-29 07:29:32 +00:00 · 2023-10-12 11:58:33 +02:00 · 2023-10-12 11:58:33 +02:00 · 1e0d71ac43
commit 1e0d71ac43
parent 5e4587c094
1 changed files with 89 additions and 16 deletions
--- a/scripts/lua/modules/vulnerability_scan/cve_utils.lua
+++ b/scripts/lua/modules/vulnerability_scan/cve_utils.lua
@ -7,27 +7,100 @@ local dirs = ntop.getDirs()
 package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
 package.path = dirs.installdir .. "/scripts/lua/pro/modules/?.lua;" .. package.path

+local json = require("dkjson")
+
 local cve_utils = {}

-function cve_utils.getCVEscore(cve_name)
+-- **********************************************************

-    --[[  FOR TEST 
-    if (cve_name == 'CVE-2011-2900') then
-        return 9.0
-    end
+-- Example CVE-2023-28531
+local function retrieveCVE(cve_id)
+   local base_path = dirs.workingdir.."/cve/"
+   local cve_path  = base_path .. cve_id

-    if (cve_name == 'CVE-2009-4535') then
-        return 3.8
-    end
+   if(not(ntop.exists(cve_path))) then
+      if(not(ntop.exists(base_path))) then
+	 ntop.mkdir(base_path)
+      end
+      
+      -- Retrieve the CVE
+      local rsp = ntop.httpGet("https://services.nvd.nist.gov/rest/json/cves/2.0?cveId="..cve_id)

-    if (cve_name == 'CVE-2009-1354') then
-        return 6.9
-    end
-    --]]
-    
-    -- must be a number
-    return 0
+      if(rsp and (rsp.RESPONSE_CODE == 200)) then
+	 local handle = io.open(cve_path, "w")
+
+	 if(handle ~= nil) then
+	    local result = handle:write(rsp.CONTENT)
+	    handle:close()
+	 end
+
+	 return(json.decode(rsp.CONTENT))
+      end
+   end
+
+   if(ntop.exists(cve_path)) then
+      local handle = io.open(cve_path, "r")
+      local result = handle:read("*a")      
+      handle:close()
+
+      return(json.decode(result))
+   else
+      return(nil)
+   end
 end

+-- **********************************************************

-return cve_utils
+-- Retrieve full CVE information
+function cve_utils.getCVE(cve_id)
+   local cve = retrieveCVE(cve_id)
+   local rsp = {}
+   
+   if(cve == nil) then
+      return(nil)
+   end
+
+   for _,v in pairs(cve.vulnerabilities) do
+      local c = v.cve
+
+      rsp.published           = c.published
+
+      if(c.metrics.cvssMetricV31 ~= nil) then
+	 for _,v1 in pairs(c.metrics.cvssMetricV31) do
+	    rsp.baseScore           = v1.cvssData.baseScore
+	    rsp.exploitabilityScore = v1.exploitabilityScore	    
+	    break
+	 end
+      end
+
+      for _,d in pairs(c.descriptions) do
+	 rsp.description = d.value
+	 break
+      end
+      
+      rsp.references          = {}
+
+      for _,d in pairs(c.references) do
+	 table.insert(rsp.references, d.url)
+      end
+
+      break
+   end
+   
+   return(rsp)
+end
+
+-- **********************************************************
+
+function cve_utils.getCVEscore(cve_id)
+   local cve = cve_utils.getCVE(cve_id)
+   
+   if((cve ~= nil) and (cve.baseScore ~= nil)) then
+      return(tonumber(cve.baseScore))
+   else
+      -- must be a number
+      return 0
+   end
+end
+
+return cve_utils