Add CVE Object and CVE enrichment module.

[CDJellen]

CVE Enrichment Capability

Adding the CVE data model and associated CVE enrichment capability to Pathfinder. The CVE enrichment module leverages the circle.lu CVE query API as well as the NIST CVE/CPE search API to identify applicable CVEs from keywords and host configurations.

Changes

New Objects:

• CVE data model located in app/objects/c_cve.py

New Modules:

• CVE enrichment methods [get_cve(), search_cve(), keyword_cve(), and match_cve()] in app/enrichment/cve.py

  Basis for PR

• Expand Pathfinder's used case for network information which lacks potential vulnerabilities.
• Identify new vulnerabilities from incomplete network vulnerability scans.
• Improve the way CVEs are stored as objects.
• Enable efficient query of CVEs by ID.
• Enable CVE search in a variety of contexts (keyword, host configuration, etc.)

[sonarcloud[bot]]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
3 Code Smells

No Coverage information
0.0% Duplication