The NVIP back end system is scheduled to run periodically to find CVEs as soon as they are disclosed at CVE Numbering Authority(CNA) web pages. It scrapes disclosed CVEs, scores/characterizes them automatically and stores them into the database.
db
module as a common dependency.NVIP requires at least Java version 8.
NVIP uses MySQL (version 8) to store CVEs. The database muste be created before running the system. The current database dump is provided at '/nvip_data/mysql-database'.
We're also going to be using Liquibase for updating and tracking changes to the database schema.
Java Maven is used to compile the project with its requirements.
We also use Docker for building and deploying the project.
Because the crawling process is a multi-threaded process and the characterization and product name extraction trains AI/ML models, minimum 8GB RAM is needed to run the system.
NVIP uses Crawler4j to conduct multi-threaded web crawling for CVE data: https://github.com/rzo1/crawler4j
NVIP uses WEKA (The workbench for machine learning) to train Machine Learning models for CVE characterization: https://www.cs.waikato.ac.nz/ml/weka/
MySQL database is used to store crawled and characterized CVEs: https://www.mysql.com/
The Apache Open NLP is used for CVE reconciliation: https://opennlp.apache.org/
The DeepLearning4j framework is used to train Deep Learning (LSTM) models for product name extraction: https://deeplearning4j.org/
NVIP also uses Log4j for logging errors and state: https://logging.apache.org/log4j/2.x/javadoc.html
Download “mysql-installer-community-8.0.20.0.msi” from https://dev.mysql.com/downloads/installer/.
Click on the downloaded file, choose “Full” installation and continue with default options.
During the configuration of MySQL Server, when prompted for a password (for user "root"), make sure you use the "same password" that you have at the HIKARI_PASSWORD Environment Variable.
After the setup process is finished open "MySQL Workbench" program (Click start and search for "MySQL Workbench" to find it).
Click on "Database/Connect To Database" menu on MySQL Workbench and Click "Ok". Enter the password you set for user "root" earlier. You should be connected to the MySQL database.
Once you have a database created, run this command in the mysql-database/newDB directory:
liquibase --changeLogFile=db.init.xml --classpath=./mysql-connector-j-8.0.33.jar --url="jdbc:mysql://localhost:3306/DB Name" --username=USERNAME --password=PASSWORD update
Make sure you can build the project before setting it up with docker From the root directory, run the following command via cmd line to install dependencies:
$ mvn clean install
If successful, run the following command to package the Maven project into a jar file
$ mvn package -DskipTests`
You can also run unit tests separately with the Maven test command:
$ mvn test
After the build process, the output jar will be located under the "target" directory of the project root. This is the Jar file that Docker will use to run the application. If you're using Docker (which is the prefferred way of running it), you don't have to worry about the jar file as long as it builds.
docker run -d --rm --memory=10g --env-file=./nvip.env --volume=./crawler-output:/usr/local/lib/output --volume=exploit-repo:/usr/local/lib/nvip_data/exploit-repo --volume=mitre-cve:/usr/local/lib/nvip_data/mitre-cve --name=nvip-crawler ghcr.io/softwaredesignlab/nvip-crawler:latest
docker run -d --env-file=./nvip.env --name=nvip-reconciler ghcr.io/softwaredesignlab/nvip-reconciler:latest
docker run -d --env-file=./nvip.env --name=nvip-productnameextractor ghcr.io/softwaredesignlab/nvip-productnameextractor:latest
docker run -d --env-file=./nvip.env --name=nvip-patchfinder ghcr.io/softwaredesignlab/nvip-patchfinder:latest
This project consists of 6 main components.
CVE Web Crawler
CVE Reconciler
CVE Characterizer (included in the reconciler module)
nvip_data
(Model is also here as well). It also uses an SSVC API running in the NVIP environment for SSVC scoring.NVD/MITRE Comparisons (included in the reconciler module)
Product Name Extractor
nvip_data
CVE Patch/Fix Finder
nvip_data
, then deleted afterwards after being used