在SDL安全设计中,常常会做三方组件的CVE安全分析,基于这样的背景,决定开发一款能抓取CVE的数据并提供查询接口的程序。比如可以结合笔者的另一款工具dcweb,就可以快速构建三方组件的安全扫描。
CVE-DB 是一款抓取 https://nvd.nist.gov/ cve数据的工具,主要有两种功能:
1、抓取和更新cve数据保存在本地数据库
2、提供http接口查询cve数据
CGO_ENABLED=0 GOARCH=amd64 GOOS=linux go build -a -o cve-db .GOOS参数可以指定生成的二进制文件格式,包含三个平台选项:
-
linux
-
windows
-
drawin
1.获取帮助信息
$ ./cve-db -h2.更新或者插入cve数据
$ ./cve-db -u3.开启http服务器
$ ./cve-db -s
配置文件需要放在/etc/config.cfg路径下,如需修改到其他路径,可修改代码config.go第12行
const Path = "/etc/config.cfg"配置文件样例:
DBEngine = mysql
DBServer = 127.0.0.1:3306
DBName = cvedb
DBUser = root
DBPasswd = 123456
DebugSQL = false
Bind = 0.0.0.0
Port = 8000
HTTPProxy =
Year = 2012- 前面6个参数关于mysql的,开启
DebugSQL会打印mysql执行过程。 Bind和Port是配置服务器开启的地址和端口,默认监听0.0.0.0:8000- HTTPProxy设置下载代理,格式eg:
http://proxy.example.com:8080 - Year是配置从
哪一年开始抓取到至今的cve漏洞,默认是从爬取所有数据(2002开始)
1.获取单个cve漏洞的信息
$ curl http://127.0.0.1:8000/cves/cve-2020-0003| jq "."返回结果:
{
"CveID": "CVE-2020-0003",
"NvdJSON": {
"CveID": "CVE-2020-0003",
"Descriptions": [
{
"Lang": "en",
"Value": "In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904"
}
],
"Cvss2": {
"VectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"AccessVector": "LOCAL",
"AccessComplexity": "HIGH",
"Authentication": "NONE",
"ConfidentialityImpact": "PARTIAL",
"IntegrityImpact": "PARTIAL",
"AvailabilityImpact": "PARTIAL",
"BaseScore": 3.7,
"Severity": "LOW",
"ExploitabilityScore": 1.9,
"ImpactScore": 6.4,
"ObtainAllPrivilege": false,
"ObtainUserPrivilege": false,
"ObtainOtherPrivilege": false,
"UserInteractionRequired": true
},
"Cvss3": {
"VectorString": "",
"AttackVector": "",
"AttackComplexity": "",
"PrivilegesRequired": "",
"UserInteraction": "",
"Scope": "",
"ConfidentialityImpact": "",
"IntegrityImpact": "",
"AvailabilityImpact": "",
"BaseScore": 0,
"BaseSeverity": "",
"ExploitabilityScore": 0,
"ImpactScore": 0
},
"Cwes": [
{
"CweID": "CWE-367"
}
],
"Cpes": [
{
"URI": "cpe:/o:google:android:8.0",
"FormattedString": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"WellFormedName": "wfn:[part=\"o\", vendor=\"google\", product=\"android\", version=\"8\\.0\", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
"Part": "o",
"Vendor": "google",
"Product": "android",
"Version": "8\\.0",
"Update": "ANY",
"Edition": "ANY",
"Language": "ANY",
"SoftwareEdition": "ANY",
"TargetSW": "ANY",
"TargetHW": "ANY",
"Other": "ANY",
"VersionStartExcluding": "",
"VersionStartIncluding": "",
"VersionEndExcluding": "",
"VersionEndIncluding": "",
"EnvCpes": []
}
],
"Affects": [
{
"Vendor": "google",
"Product": "android",
"Version": "8.0"
}
],
"References": [
{
"Source": "",
"Link": "https://source.android.com/security/bulletin/2020-01-01"
}
],
"Certs": [],
"PublishedDate": "2020-01-08T19:15:00Z",
"LastModifiedDate": "2020-01-29T21:15:00Z"
}
}2.通过cpe获取对应cve的信息
$ curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"name": "cpe:/o:google:android:8.0"}' http://127.0.0.1:8000/cpes | jq "."返回结果:
[
{
"CveID": "CVE-2020-0001",
"NvdJSON": {
"CveID": "CVE-2020-0001",
"Descriptions": [
{
"Lang": "en",
"Value": "In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304"
}
],
"Cvss2": {
"VectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"AccessVector": "LOCAL",
"AccessComplexity": "LOW",
"Authentication": "NONE",
"ConfidentialityImpact": "COMPLETE",
"IntegrityImpact": "COMPLETE",
"AvailabilityImpact": "COMPLETE",
"BaseScore": 7.2,
"Severity": "HIGH",
"ExploitabilityScore": 3.9,
"ImpactScore": 10,
"ObtainAllPrivilege": false,
"ObtainUserPrivilege": false,
"ObtainOtherPrivilege": false,
"UserInteractionRequired": false
},
"Cvss3": {
"VectorString": "",
"AttackVector": "",
"AttackComplexity": "",
"PrivilegesRequired": "",
"UserInteraction": "",
"Scope": "",
"ConfidentialityImpact": "",
"IntegrityImpact": "",
"AvailabilityImpact": "",
"BaseScore": 0,
"BaseSeverity": "",
"ExploitabilityScore": 0,
"ImpactScore": 0
},
"Cwes": [
{
"CweID": "CWE-269"
}
],
"Cpes": [
{
"URI": "cpe:/o:google:android:8.0",
"FormattedString": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"WellFormedName": "wfn:[part=\"o\", vendor=\"google\", product=\"android\", version=\"8\\.0\", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]",
"Part": "o",
"Vendor": "google",
"Product": "android",
"Version": "8\\.0",
"Update": "ANY",
"Edition": "ANY",
"Language": "ANY",
"SoftwareEdition": "ANY",
"TargetSW": "ANY",
"TargetHW": "ANY",
"Other": "ANY",
"VersionStartExcluding": "",
"VersionStartIncluding": "",
"VersionEndExcluding": "",
"VersionEndIncluding": "",
"EnvCpes": []
},
......snip......3.通过cpe获取对应cve的id
curl -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"name": "cpe:/o:google:android:8.0"}' http://127.0.0.1:8000/cpes/ids | jq "."返回结果:
[
"CVE-2020-0003",
"CVE-2020-0001",
"CVE-2020-0002",
"CVE-2020-0005",
"CVE-2020-0006",
"CVE-2020-0004",
"CVE-2020-0007",
"CVE-2020-0008",
"CVE-2020-0014",
"CVE-2020-0015",
"CVE-2020-0017",
"CVE-2020-0018",
"CVE-2020-0022",
"CVE-2020-0026",
"CVE-2020-0027",
"CVE-2020-0034",
"CVE-2020-0033",
"CVE-2020-0032",
"CVE-2020-0035",
"CVE-2020-0037",
"CVE-2020-0036",
"CVE-2020-0039",
"CVE-2020-0038",
"CVE-2020-10829",
"CVE-2020-10831",
"CVE-2020-10836",
"CVE-2020-10839",
"CVE-2020-10842",
"CVE-2020-10843",
"CVE-2020-10845",
"CVE-2020-10844",
"CVE-2020-10850",
"CVE-2020-10848",
"CVE-2020-10852",
"CVE-2020-10854",
"CVE-2020-10849",
"CVE-2020-8860",
"CVE-2020-11605"
]