Skip to content

Commit 59406a5

Browse files
TG1999TG1999
authored
Merge pull request #785 from TG1999/cpe_url
Add URLs to CPEs
2 parents c94ed57 + 281f05c commit 59406a5

File tree

4 files changed

+88
-42
lines changed

4 files changed

+88
-42
lines changed

vulnerabilities/importers/nvd.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,9 @@
2626
from vulnerabilities.models import Advisory
2727
from vulnerabilities.utils import get_item
2828

29+
BASE_URL = "https://nvd.nist.gov/vuln/search/results"
30+
PARAMS = "?adv_search=true&isCpeNameSearch=true"
31+
2932

3033
class NVDImporter(Importer):
3134
# See https://github.com/nexB/vulnerablecode/issues/665 for follow up
@@ -76,9 +79,11 @@ def to_advisories(nvd_data):
7679
references = []
7780
severity_scores = list(extract_severity_scores(cve_item))
7881
for cpe in cpes:
82+
cpe_url = f"{BASE_URL}{PARAMS}&query={cpe}"
7983
references.append(
8084
Reference(
8185
reference_id=cpe,
86+
url=cpe_url,
8287
)
8388
)
8489
references.append(

vulnerabilities/migrations/0016_update_cpe_url.py

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
from django.db import migrations
2+
3+
class Migration(migrations.Migration):
4+
5+
def update_cpe_url(apps, schema_editor):
6+
Reference = apps.get_model("vulnerabilities", "VulnerabilityReference")
7+
for reference in Reference.objects.filter(reference_id__startswith="cpe"):
8+
cpe = reference.reference_id
9+
base_url = 'https://nvd.nist.gov/vuln/search/results'
10+
params = '?adv_search=true&isCpeNameSearch=true'
11+
vuln_url = f'{base_url}{params}&query={cpe}'
12+
reference.url = vuln_url
13+
reference.save()
14+
15+
dependencies = [
16+
('vulnerabilities', '0015_alter_vulnerabilityseverity_unique_together_and_more'),
17+
]
18+
19+
operations = [
20+
migrations.RunPython(update_cpe_url, migrations.RunPython.noop),
21+
]

vulnerabilities/tests/test_data/nvd/nvd-expected.json

Lines changed: 40 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -32,17 +32,17 @@
3232
},
3333
{
3434
"reference_id": "cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*",
35-
"url": "",
35+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:*:*:*:*:*:*:*:*",
3636
"severities": []
3737
},
3838
{
3939
"reference_id": "cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*",
40-
"url": "",
40+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:0.1:*:*:*:*:*:*:*",
4141
"severities": []
4242
},
4343
{
4444
"reference_id": "cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*",
45-
"url": "",
45+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:csilvers:gperftools:0.2:*:*:*:*:*:*:*",
4646
"severities": []
4747
}
4848
],
@@ -146,187 +146,187 @@
146146
},
147147
{
148148
"reference_id": "cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
149-
"url": "",
149+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.2:*:*:*:*:*:*:*",
150150
"severities": []
151151
},
152152
{
153153
"reference_id": "cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
154-
"url": "",
154+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.3:*:*:*:*:*:*:*",
155155
"severities": []
156156
},
157157
{
158158
"reference_id": "cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
159-
"url": "",
159+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.4:*:*:*:*:*:*:*",
160160
"severities": []
161161
},
162162
{
163163
"reference_id": "cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
164-
"url": "",
164+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.5:*:*:*:*:*:*:*",
165165
"severities": []
166166
},
167167
{
168168
"reference_id": "cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
169-
"url": "",
169+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.6:*:*:*:*:*:*:*",
170170
"severities": []
171171
},
172172
{
173173
"reference_id": "cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
174-
"url": "",
174+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:4.7:*:*:*:*:*:*:*",
175175
"severities": []
176176
},
177177
{
178178
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
179-
"url": "",
179+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.10:*:*:*:*:*:*:*",
180180
"severities": []
181181
},
182182
{
183183
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
184-
"url": "",
184+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.11:*:*:*:*:*:*:*",
185185
"severities": []
186186
},
187187
{
188188
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
189-
"url": "",
189+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.12:*:*:*:*:*:*:*",
190190
"severities": []
191191
},
192192
{
193193
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
194-
"url": "",
194+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.13:*:*:*:*:*:*:*",
195195
"severities": []
196196
},
197197
{
198198
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
199-
"url": "",
199+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.14:*:*:*:*:*:*:*",
200200
"severities": []
201201
},
202202
{
203203
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
204-
"url": "",
204+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.15:*:*:*:*:*:*:*",
205205
"severities": []
206206
},
207207
{
208208
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
209-
"url": "",
209+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.16:*:*:*:*:*:*:*",
210210
"severities": []
211211
},
212212
{
213213
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
214-
"url": "",
214+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.17:*:*:*:*:*:*:*",
215215
"severities": []
216216
},
217217
{
218218
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
219-
"url": "",
219+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.18:*:*:*:*:*:*:*",
220220
"severities": []
221221
},
222222
{
223223
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
224-
"url": "",
224+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.19:*:*:*:*:*:*:*",
225225
"severities": []
226226
},
227227
{
228228
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
229-
"url": "",
229+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.1:*:*:*:*:*:*:*",
230230
"severities": []
231231
},
232232
{
233233
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
234-
"url": "",
234+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.20:*:*:*:*:*:*:*",
235235
"severities": []
236236
},
237237
{
238238
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
239-
"url": "",
239+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.2:*:*:*:*:*:*:*",
240240
"severities": []
241241
},
242242
{
243243
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
244-
"url": "",
244+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.3:*:*:*:*:*:*:*",
245245
"severities": []
246246
},
247247
{
248248
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
249-
"url": "",
249+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.4:*:*:*:*:*:*:*",
250250
"severities": []
251251
},
252252
{
253253
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
254-
"url": "",
254+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.5:*:*:*:*:*:*:*",
255255
"severities": []
256256
},
257257
{
258258
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
259-
"url": "",
259+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.6:*:*:*:*:*:*:*",
260260
"severities": []
261261
},
262262
{
263263
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
264-
"url": "",
264+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.7:*:*:*:*:*:*:*",
265265
"severities": []
266266
},
267267
{
268268
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
269-
"url": "",
269+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.8:*:*:*:*:*:*:*",
270270
"severities": []
271271
},
272272
{
273273
"reference_id": "cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
274-
"url": "",
274+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:linux:linux_kernel:2.4.9:*:*:*:*:*:*:*",
275275
"severities": []
276276
},
277277
{
278278
"reference_id": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
279-
"url": "",
279+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
280280
"severities": []
281281
},
282282
{
283283
"reference_id": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
284-
"url": "",
284+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
285285
"severities": []
286286
},
287287
{
288288
"reference_id": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
289-
"url": "",
289+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
290290
"severities": []
291291
},
292292
{
293293
"reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*",
294-
"url": "",
294+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:*:*:*:*:*:*:*",
295295
"severities": []
296296
},
297297
{
298298
"reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*",
299-
"url": "",
299+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp1:*:*:*:*:*:*",
300300
"severities": []
301301
},
302302
{
303303
"reference_id": "cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*",
304-
"url": "",
304+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows_2000_terminal_services:*:sp2:*:*:*:*:*:*",
305305
"severities": []
306306
},
307307
{
308308
"reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
309-
"url": "",
309+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.1:*:*:*:*:*:*:*",
310310
"severities": []
311311
},
312312
{
313313
"reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
314-
"url": "",
314+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.2:*:*:*:*:*:*:*",
315315
"severities": []
316316
},
317317
{
318318
"reference_id": "cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
319-
"url": "",
319+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5.3:*:*:*:*:*:*:*",
320320
"severities": []
321321
},
322322
{
323323
"reference_id": "cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
324-
"url": "",
324+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.5:*:*:*:*:*:*:*",
325325
"severities": []
326326
},
327327
{
328328
"reference_id": "cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
329-
"url": "",
329+
"url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:1.6:*:*:*:*:*:*:*",
330330
"severities": []
331331
}
332332
],

vulnerabilities/tests/test_data_migrations.py

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,6 @@
1313
from django.test import TestCase
1414

1515
from vulnerabilities import severity_systems
16-
from vulnerabilities.models import VulnerabilityReference
17-
from vulnerabilities.models import VulnerabilitySeverity
1816

1917

2018
class TestMigrations(TestCase):
@@ -115,3 +113,25 @@ def test_dropping_vulnerability_from_severity(self):
115113
reference=reference,
116114
defaults={"value": str("TEST")},
117115
)
116+
117+
118+
class UpdateCPEURL(TestMigrations):
119+
120+
migrate_from = "0015_alter_vulnerabilityseverity_unique_together_and_more"
121+
migrate_to = "0016_update_cpe_url"
122+
123+
def setUpBeforeMigration(self, apps):
124+
# using get_model to avoid circular import
125+
VulnerabilityReference = apps.get_model("vulnerabilities", "VulnerabilityReference")
126+
127+
reference = VulnerabilityReference.objects.create(
128+
reference_id="cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", url=""
129+
)
130+
reference.save()
131+
self.reference = reference
132+
133+
def test_cpe_url_updation(self):
134+
# using get_model to avoid circular import
135+
VulnerabilityReference = self.apps.get_model("vulnerabilities", "VulnerabilityReference")
136+
ref = VulnerabilityReference.objects.get(reference_id = self.reference.reference_id)
137+
assert ref.url == "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"

0 commit comments

Comments
 (0)