search

crocs-muni / sec-certs

Tool for analysis of security certificates and their security targets (Common Criteria, NIST FIPS140-2...).
https://sec-certs.org
MIT License
12 stars 8 forks source link

Fine-tune parameters of transitive vulnerability search #286

Closed adamjanovsky closed 1 year ago

adamjanovsky commented 1 year ago

Currently, transtive vulnerabilities are reconstructed from report_references (or policy_processed_references for FIPS), but only from directly_referenced_by and indirectly_referenced_by.

Shouldn't it be that if certificate X references certificate Y and vuln. appears in Y, then X is possibly vulnerable as well?

We should analyze and possibly fix that.

J08nY commented 1 year ago

Shouldn't it be that if certificate X references certificate Y and vuln. appears in Y, then X is possibly vulnerable as well?

This is what the transitive computation of vulnerabilitites should be. Are you saying it is implemented in reverse? :grin:

adamjanovsky commented 1 year ago

I just checked. It's implemented corretly, but somewhat conter-intuitively. There are two ways around it:

  1. You can iterate over all certificates, look for outward references and then enhance yours certificate with CVEs in those other certificates that you reference.
  2. You can iterate over all certificates, look for inward references and then enhance CVEs of other certificates with yours CVEs.

Our tool does the second thing, which confused me. I think that we can close this.