This update adds enhancement/functionality to optionally filter for specific columns, and deduplicate results if there are multiple matches.
[x] Enhancement
[x] Documentation
[x] Code sample
Unit test coverage
Not required for samples
Bandit analysis
[main] INFO profile include tests: None
[main] INFO profile exclude tests: None
[main] INFO cli include tests: None
[main] INFO cli exclude tests: None
[main] INFO running on Python 3.10.12
Run started:2024-07-02 02:31:23.297185
Test results:
No issues identified.
Code scanned:
Total lines of code: 324
Total lines skipped (#nosec): 0
Run metrics:
Total issues (by severity):
Undefined: 0
Low: 0
Medium: 0
High: 0
Total issues (by confidence):
Undefined: 0
Low: 0
Medium: 0
High: 0
Files skipped (0):
Added features and functionality
Added -i --include option to only include output from specific columns.
Added seen set in the get_match_details function to track unique entries based on "hostname" and "local_ip". Modified the loop to skip duplicate entries by checking the seen set.
Added a —deduplicate (-d) option. When this argument is provided, the script will remove duplicates based on hostname and local_ip.
Other
I wanted a way to search by CVE, for specific hosts that need patching. The current script works great, and with the exclude (-x) argument, I found myself removing most columns.
In the context of a CVE, information like cve_description, severity, score, etc are repeated for each host. I found this to simple be too much informationt to sort through afterwards. I was removing 95% of it.
I wanted to do the inverse of --exclude, and "--include" only the column(s) I needed. If I am searching for hosts vulnerable to a certain CVE, I generally just need their hostname and local_ip for confirmation.
-i INCLUDE, --include INCLUDE
List of columns to include in the display, comma-separated.
If specified, only these columns will be displayed.
(cve, score, severity, cve_description, created_on, updated_on,
hostname, local_ip, os_version, service_provider, remediation)
I also found that some hosts in the results can appear more than once for a variety of reasons. I wanted to be able to trim the output at the script and avoid any other dependencies to pipe the output to another command. Using --deduplicate made sense, and this way a user can choose to see all results, or trim them down to unique hosts.
-d, --deduplicate Remove duplicate entries based on hostname and local_ip.
Updating find_hosts_by_cve.py
This update adds enhancement/functionality to optionally filter for specific columns, and deduplicate results if there are multiple matches.
Unit test coverage
Not required for samples
Bandit analysis
Added features and functionality
Added -i --include option to only include output from specific columns.
Added
seenset in theget_match_detailsfunction to track unique entries based on "hostname" and "local_ip". Modified the loop to skip duplicate entries by checking the seen set.Added a
—deduplicate(-d) option. When this argument is provided, the script will remove duplicates based on hostname and local_ip.Other
I wanted a way to search by CVE, for specific hosts that need patching. The current script works great, and with the exclude (-x) argument, I found myself removing most columns.
In the context of a CVE, information like cve_description, severity, score, etc are repeated for each host. I found this to simple be too much informationt to sort through afterwards. I was removing 95% of it.
I wanted to do the inverse of --exclude, and "--include" only the column(s) I needed. If I am searching for hosts vulnerable to a certain CVE, I generally just need their hostname and local_ip for confirmation.
I also found that some hosts in the results can appear more than once for a variety of reasons. I wanted to be able to trim the output at the script and avoid any other dependencies to pipe the output to another command. Using --deduplicate made sense, and this way a user can choose to see all results, or trim them down to unique hosts.
Example usage: