search

Ravenports / rvn

Package manager for Ravenports
ISC License
2 stars 1 forks source link

audit command design. #1

Open jrmarino opened 3 months ago

jrmarino commented 3 months ago

query example:

https://services.nvd.nist.gov/rest/json/cves/2.0?cpeName=cpe:2.3:a:pyyaml:libyaml:0.2.5:*:*:*:*:*:*:*

response:

{
  "resultsPerPage": 1,
  "startIndex": 0,
  "totalResults": 1,
  "format": "NVD_CVE",
  "version": "2.0",
  "timestamp": "2024-08-06T04:16:28.640",
  "vulnerabilities": [
    {
      "cve": {
        "id": "CVE-2024-35328",
        "sourceIdentifier": "cve@mitre.org",
        "published": "2024-06-13T16:15:11.037",
        "lastModified": "2024-07-19T15:25:50.030",
        "vulnStatus": "Analyzed",
        "cveTags": [],
        "descriptions": [
          {
            "lang": "en",
            "value": "libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c."
          },
          {
            "lang": "es",
            "value": "libyaml v0.2.5 es vulnerable a DDOS. La función yaml_parser_parse del archivo /src/libyaml/src/parser.c es afectada por esta vulnerabilidad."
          }
        ],
        "metrics": {
          "cvssMetricV31": [
            {
              "source": "nvd@nist.gov",
              "type": "Primary",
              "cvssData": {
                "version": "3.1",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "attackVector": "NETWORK",
                "attackComplexity": "LOW",
                "privilegesRequired": "NONE",
                "userInteraction": "NONE",
                "scope": "UNCHANGED",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6
            }
          ]
        },
        "weaknesses": [
          {
            "source": "nvd@nist.gov",
            "type": "Primary",
            "description": [
              {
                "lang": "en",
                "value": "CWE-835"
              }
            ]
          }
        ],
        "configurations": [
          {
            "nodes": [
              {
                "operator": "OR",
                "negate": false,
                "cpeMatch": [
                  {
                    "vulnerable": true,
                    "criteria": "cpe:2.3:a:pyyaml:libyaml:0.2.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A6BEAEF3-43E6-4FD6-8A52-C73530C631E9"
                  }
                ]
              }
            ]
          }
        ],
        "references": [
          {
            "url": "https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35328.c",
            "source": "cve@mitre.org",
            "tags": [
              "Exploit"
            ]
          }
        ]
      }
    }
  ]
}

I should be able to pass the generated CPE and generate a yaml report that rvn can retrieve.

jrmarino commented 3 months ago

we need the ability to make active CVE's solved. We can show them, but show them solved. the command needs the ability to filter out solved vulnerabilities.