Add importer for CSAF

[Rafiot]

The instrumentation is there -> https://oasis-open.github.io/csaf-documentation/tools.html which comes with a downloader: https://github.com/csaf-poc/csaf_distribution/blob/main/docs/csaf_downloader.md

One sample source is there: https://wid.cert-bund.de/.well-known/csaf/provider-metadata.json

So the goal will be to fetch from a provider, store them locally and add an importer in vuln lookup.

[Rafiot]

Notes for CSAF importer:

• csaf_downloader work fine for domains that have a provider-metadata.json

• there is no obvious way to tell the downloader "only get new stuff since last time you ran" the hacky solution is (initial import):

  1. to fetch the provider-metadata.json
  2. get the last_updated key
  3. store that in kvrocks last_updates hash
  4. run csaf_downloader & wait for a long time

  Then, for updates:

  1. get the last update from the last_updates hash
  2. Throw that in the timerange option
  3. get only the updated entries
  4. Then, maybe use the log file to find the updated entries, or just re-iterate over all the files.

[Rafiot]

https://cert-portal.siemens.com/productcert/csaf/provider-metadata.json

[adulau]

Some additional CSAF sources

• CISA - https://github.com/cisagov/CSAF
• RedHat - https://access.redhat.com/security/data/csaf/v2/advisories/?extIdCarryOver=true&sc_cid=701f2000001OH7EAAW
• Siemens - https://cert-portal.siemens.com/productcert/csaf/provider-metadata.json

[adulau]

• [x] https://www.cisco.com/.well-known/csaf
• [x] https://wid.cert-bund.de/.well-known/csaf-aggregator/aggregator.json (listed some more CSAF feed)