Remove dynamic CVE enrichment.

pyth0n1c · pyth0n1c · commit 0f1596830294 · 2024-06-25T12:24:08.000-07:00
Now only the CVE id and
the url, a new field, will be populated
with the aniticpated values. We have retained
the legacy fields to support future
enrichment development.
diff --git a/contentctl/enrichments/cve_enrichment.py b/contentctl/enrichments/cve_enrichment.py
@@ -5,7 +5,7 @@
 import shelve
 import time
 from typing import Annotated, Any, Union, TYPE_CHECKING
-from pydantic import BaseModel,Field
+from pydantic import BaseModel,Field, computed_field
 from decimal import Decimal
 from requests.exceptions import ReadTimeout
 
@@ -21,25 +21,14 @@ class CveEnrichmentObj(BaseModel):
     id:Annotated[str, "^CVE-[1|2][0-9]{3}-[0-9]+$"]
     cvss:Annotated[Decimal, Field(ge=.1, le=10, decimal_places=1)]
     summary:str
+    
+    @computed_field
+    @property
+    def url(self)->str:
+        BASE_NVD_URL = "https://nvd.nist.gov/vuln/detail/"
+        return f"{BASE_NVD_URL}{self.id}"
 
 
-    @staticmethod
-    def buildEnrichmentOnFailure(id:Annotated[str, "^CVE-[1|2][0-9]{3}-[0-9]+$"], errorMessage:str, 
-                                 raise_exception_on_failure:bool=True)->CveEnrichmentObj:
-        if raise_exception_on_failure:
-            raise Exception(errorMessage)
-        message = f"{errorMessage}. Default CVSS of 5.0 used"
-        print(message)
-        return CveEnrichmentObj(id=id, cvss=Decimal(5.0), summary=message)
-
-
-# We need a MUCH better way to handle issues with the cve.circl.lu API.
-# It is often extremely slow or down, which means that we cannot enrich CVEs.
-# Downloading the entire database is VERY large, but I don't know that there
-# is an alternative.
-# Being able to include CVEs that have not made it into this database, or additonal
-# enriching comments on pre-existing CVEs, would also be extremely useful.
-timeout_error = False
 class CveEnrichment(BaseModel):
     use_enrichment: bool = True
     cve_api_obj: Union[CVESearch,None] = None
@@ -52,8 +41,10 @@ class Config:
         
 
     @staticmethod
-    def getCveEnrichment(config:validate, timeout_seconds:int=10)->CveEnrichment:
-
+    def getCveEnrichment(config:validate, timeout_seconds:int=10, force_disable_enrichment:bool=True)->CveEnrichment:
+        if force_disable_enrichment:
+            return CveEnrichment(use_enrichment=False, cve_api_obj=None)    
+        
         if config.enrichments:
             try:
                 cve_api_obj = CVESearch(CVESSEARCH_API_URL, timeout=timeout_seconds)
@@ -64,34 +55,11 @@ def getCveEnrichment(config:validate, timeout_seconds:int=10)->CveEnrichment:
         return CveEnrichment(use_enrichment=False, cve_api_obj=None)
 
 
-    @functools.cache
     def enrich_cve(self, cve_id:str, raise_exception_on_failure:bool=True)->Union[CveEnrichmentObj,None]:
-        global timeout_error
 
         if not self.use_enrichment:
-            return None
-        
-        if timeout_error:
-            message = f"Previous timeout during enrichment - CVE {cve_id} enrichment skipped."
-            return CveEnrichmentObj.buildEnrichmentOnFailure(id = cve_id, errorMessage=f"WARNING, {message}", 
-                                                             raise_exception_on_failure=raise_exception_on_failure) 
- 
-        cve_enriched:dict[str,Any] = dict()
-
-        try:
-            result = self.cve_api_obj.id(cve_id)
-            cve_enriched['id'] = cve_id
-            cve_enriched['cvss'] = result['cvss']
-            cve_enriched['summary'] = result['summary']
-            return CveEnrichmentObj.model_validate(cve_enriched)
-        except ReadTimeout as e:
-            message = f"Timeout enriching CVE {cve_id}: {str(e)} after {self.cve_api_obj.timeout} seconds."\
-                      f" All other CVE Enrichment has been disabled"
-            #Set a global value to true so future runs don't waste time on this
-            timeout_error = True
-            return CveEnrichmentObj.buildEnrichmentOnFailure(id = cve_id, errorMessage=f"ERROR, {message}", 
-                                                             raise_exception_on_failure=raise_exception_on_failure)
-        except Exception as e:
-            message = f"Error enriching CVE {cve_id}. Are you positive this CVE exists: {str(e)}"
-            return CveEnrichmentObj.buildEnrichmentOnFailure(id = cve_id, errorMessage=f"WARNING, {message}", 
-                                                             raise_exception_on_failure=raise_exception_on_failure)
+            CveEnrichmentObj(id=cve_id,cvss=Decimal(5.0),summary="SUMMARY NOT AVAILABLE! ONLY THE LINK WILL BE USED AT THIS TIME")
+        else:
+            print("WARNING - Dynamic enrichment not supported at this time.")
+            CveEnrichmentObj(id=cve_id,cvss=Decimal(5.0),summary="SUMMARY NOT AVAILABLE! ONLY THE LINK WILL BE USED AT THIS TIME")
+        # Depending on needs, we may add dynamic enrichment functionality back to the tool
