diff --git a/test.py b/test.py new file mode 100644 index 0000000000000000000000000000000000000000..3cf0ef9d83c26ff8ea8adb5e29cab84aa2cd3236 --- /dev/null +++ b/test.py @@ -0,0 +1,57 @@ +#!/usr/bin/env python3 + +import sys +import pymysql +import json +from pprint import pprint +import requests +import xml.etree.ElementTree as ET +import re + +one_office_cve = open("1office.txt").read().strip().split("\n") +db = pymysql.connect(host='rm-bp1473kp4sf9ui8t6go.mysql.rds.aliyuncs.com', + user='readonly', + password='%66Esuw#8PV^au^', + database='cvedb') + +cursor = db.cursor(cursor=pymysql.cursors.DictCursor) +#cursor.execute("select * from cve_list where origin='nvd.nist.gov' and name in (%s)" % ','.join("'%s'" % i for i in one_office_cve)) +cursor.execute("select * from cve_list where origin='redhat.com' and name in (%s)" % ','.join("'%s'" % i for i in one_office_cve)) +data = cursor.fetchall() +for item in data: + # remove useless columns + item.pop('id') + item.pop('gmt_create') + item.pop('gmt_modified') + item.pop('cvssv3score') + item.pop('cnvd_id') + item.pop('phase') + item.pop('votes') + item.pop('comments') + item.pop('cpe23uri') + item.pop('status') + item.pop('modified') + # parse raw data + raw = json.loads(item['rawdata']) + item['severity'] = item.pop('cvssv3severity') + item['cvss3_base_score'] = raw.get('cvss3', {}).get('cvss3_base_score') + item['cvss3_scoring_vector'] = raw.get('cvss3', {}).get('cvss3_scoring_vector') + # got nvd data + cursor.execute("SELECT * FROM cve_list where origin='nvd.nist.gov' AND name = '%s'" % item['name']) + nvd = cursor.fetchone() + if nvd is None: + print("not found in nvd:", item['name']) + continue + + nvd_raw = json.loads(nvd['rawdata']) + item['nvd'] = { + 'severity': nvd['cvssv3severity'], + 'cvss3_base_score': nvd_raw.get('impact', {}).get('baseMetricV3', {}).get('cvssV3', {}).get('baseScore', 0), + 'cvss3_scoring_vector': nvd_raw.get('impact', {}).get('baseMetricV3', {}).get('cvssV3', {}).get('vectorString', '') + } + +print("Got %d cve data" % len(data)) +with open('cve_data.json', 'w') as fp: + fp.write(json.dumps(data, indent=2)) +cursor.close() +db.close()