Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add and use our own CVE API #1383

Merged
merged 14 commits into from Jul 19, 2023
Merged

Add and use our own CVE API #1383

merged 14 commits into from Jul 19, 2023

Conversation

dekkers
Copy link
Contributor

@dekkers dekkers commented Jul 12, 2023
edited

Add cveapi script that downloads CVE details from the NVD API and stores it in a directory to be made available by web server such as Nginx.

Change kat_cve_finding_types boefje to support fetching this data from https://cve.openkat.dev and make the URL configurable using a setting.

Update normalizer to the new CVE API format instead of the old deprecated one.

Checklist for code reviewers:

Copy-paste the checklist from the docs/source/templates folder into your comment.

Checklist for QA:

Copy-paste the checklist from the docs/source/templates folder into your comment.

@dekkers
Add and use our own CVE API
2c09c65 
Add cveapi script that downloads CVE details from the NVD API and stores
it in a directory to be made available by web server such as Nginx.

Change kat_cve_finding_types boefje to support fetching this data from
https://cve.openkat.dev and make the URL configurable using a setting.

Update normalizer to the new CVE API format instead of the old
deprecated one.
@dekkers dekkers self-assigned this Jul 12, 2023
@dekkers dekkers marked this pull request as ready for review July 17, 2023 13:32
@dekkers dekkers requested a review from a team as a code owner July 17, 2023 13:32
praseodym
praseodym previously approved these changes Jul 17, 2023
View reviewed changes
ammar92
ammar92 previously approved these changes Jul 19, 2023
View reviewed changes
Darwinkel
Darwinkel reviewed Jul 19, 2023
View reviewed changes
boefjes/boefjes/plugins/kat_cve_finding_types/schema.json Outdated Show resolved Hide resolved
cveapi/debian/copyright Outdated Show resolved Hide resolved
cveapi/pyproject.toml Outdated Show resolved Hide resolved
@Darwinkel
Copy link
Contributor

Checklist for QA:

  • I have checked out this branch, and successfully ran a fresh make reset.
  • I confirmed that there are no unintended functional regressions in this branch:
    • I have managed to pass the onboarding flow
    • Objects and Findings are created properly
    • Tasks are created and completed properly
  • I confirmed that the PR's advertised feature or hotfix works as intended.

What works:

  • CVE findings are run and created successfully
    image

What doesn't work:

  • PORTS argument should be named differently
    image
  • Attempting to change the settings of the CVE boefje results in the below error:
    image

@dekkers dekkers dismissed stale reviews from ammar92 and praseodym via 1012a9b July 19, 2023 09:38
@Darwinkel Darwinkel merged commit 8f2b5a2 into main Jul 19, 2023
52 checks passed
@Darwinkel Darwinkel deleted the cveapi branch July 19, 2023 12:34
dekkers added a commit that referenced this pull request Jul 19, 2023
@dekkers @Darwinkel
Add and use our own CVE API (#1383)
9827d02 
Co-authored-by: Patrick <Darwinkel@users.noreply.github.com>
@dekkers dekkers mentioned this pull request Jul 19, 2023
Merged
jpbruinsslot added a commit that referenced this pull request Jul 24, 2023
@jpbruinsslot
Merge branch 'main' into feature/mula/rate-limit
f70c8fb 
* main:
  Fix robot test (#1420)
  Use the correct clearance level variable in organization member list template (#1427)
  Fix translation in Debian package (#1432)
  Reschedule tasks when no results in bytes are found after grace period (#1410)
  Don't scan hostname nmap in nmap boefje (#1415)
  Add and use our own CVE API (#1383)
  Add `task_id` as a query parameter to the `GET /origins` endpoint (#1414)
  Remove member group checks and check for permission instead (#1275)
  Bump cryptography from 41.0.0 to 41.0.2 in /boefjes/boefjes/plugins/kat_ssl_certificates (#1396)
  Bump cryptography from 41.0.1 to 41.0.2 in /bytes (#1397)
  Build the Debian build image on the main branch (#1387)
  Add explicit `black` config to all modules (#1395)
  Fix <no title> in the user guide docs (#1391)
  Add configurable octpoes request timeout (#1382)
  Remove hardcoded clearance level in member list for superusers (#1390)
  Add Debian build depends for CVE API package (#1384)
  Add buttons to manual rerun tasks, both boefjes or normalizers (#1339)
  Use fix multiprocessing bug on macOS where `qsize()` is not implemented (#1374)
jpbruinsslot added a commit that referenced this pull request Jul 25, 2023
@jpbruinsslot
Merge branch 'main' into feature/mula/rescheduling
3607738 
* main: (95 commits)
  Translations for release 1.11 - EN -> NL, PAP (#1439)
  Add Question ooi model and create the first bit that generates a question (#1407)
  make port classification configurable (#1418)
  KATalogus API filtering and pagination (#1405)
  Fix robot test (#1420)
  Use the correct clearance level variable in organization member list template (#1427)
  Fix translation in Debian package (#1432)
  Reschedule tasks when no results in bytes are found after grace period (#1410)
  Don't scan hostname nmap in nmap boefje (#1415)
  Add and use our own CVE API (#1383)
  Add `task_id` as a query parameter to the `GET /origins` endpoint (#1414)
  Remove member group checks and check for permission instead (#1275)
  Bump cryptography from 41.0.0 to 41.0.2 in /boefjes/boefjes/plugins/kat_ssl_certificates (#1396)
  Bump cryptography from 41.0.1 to 41.0.2 in /bytes (#1397)
  Build the Debian build image on the main branch (#1387)
  Add explicit `black` config to all modules (#1395)
  Fix <no title> in the user guide docs (#1391)
  Add configurable octpoes request timeout (#1382)
  Remove hardcoded clearance level in member list for superusers (#1390)
  Add Debian build depends for CVE API package (#1384)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@praseodym praseodym praseodym left review comments

@underdarknl underdarknl underdarknl approved these changes

@Darwinkel Darwinkel Darwinkel approved these changes

@ammar92 ammar92 ammar92 left review comments

Assignees

@dekkers dekkers

Labels
None yet
Projects
KAT
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@dekkers @Darwinkel @praseodym @underdarknl @ammar92