From 20f5034cd36456fd472ccf38552aa9de1bf2138e Mon Sep 17 00:00:00 2001 From: eliasgranderubio Date: Wed, 30 Nov 2016 16:20:49 +0100 Subject: [PATCH] Improved the accuracy of the external vulnerabilities/exploits parser --- README.md | 4 ++-- dagda/vulnDB/ext_source_util.py | 11 +++++++++++ tests/vulnDB/test_ext_source_util.py | 4 +++- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 070da95..cbd730a 100644 --- a/README.md +++ b/README.md @@ -228,7 +228,8 @@ Dagda 0.3.0 is currently in the planning phase. The following features are already implemented and included in the 0.2.0 release. * Minimized the false positives improving the accuracy of the matches between the information retrieved from the docker images and the stored information into the MongoDB -* Improved the user feedback for the long time running processes such as the docker images analysis or the database update +* Improved the user feedback for the long time running processes +* Improved the accuracy of the external vulnerabilities/exploits parser * Created a quick starter with Docker * **Dagda** project included in a CI environment * Added tests for code coverage @@ -239,7 +240,6 @@ If you want contribute to this project, feel free to do it. That's why the wish * Analyze more software than the installed software in the Operating System * Analyze Java dependencies such as the [OWASP dependency-check](https://github.com/jeremylong/DependencyCheck) project * Analyze Javascript dependencies such as the [Retire.js](https://github.com/RetireJS/retire.js) project -* Improve the accuracy of the vulnerabilities/exploits parser, which are taken from the external sources ### 0.1.0 (Released) diff --git a/dagda/vulnDB/ext_source_util.py b/dagda/vulnDB/ext_source_util.py index 656282b..abb22ac 100644 --- a/dagda/vulnDB/ext_source_util.py +++ b/dagda/vulnDB/ext_source_util.py @@ -56,6 +56,17 @@ def get_exploit_db_list_from_csv(csv_content): item = str(exploit_db_id) + "#" + description + "#" + str(version) if item not in items: items.add(item) + else: + if '<' not in description and '>' not in description: + iterator = re.finditer("\s([0-9])+$", description) + match = next(iterator, None) + if match: + version = match.group() + description = description[:description.index(version)].rstrip().lstrip() + version = version.rstrip().lstrip() + item = str(exploit_db_id) + "#" + description + "#" + str(version) + if item not in items: + items.add(item) # Return return list(items) diff --git a/tests/vulnDB/test_ext_source_util.py b/tests/vulnDB/test_ext_source_util.py index cb72bde..26a5678 100644 --- a/tests/vulnDB/test_ext_source_util.py +++ b/tests/vulnDB/test_ext_source_util.py @@ -20,10 +20,11 @@ def test_get_cve_list_from_file(self): def test_get_exploit_db_list_from_csv(self): exploit_db_list = get_exploit_db_list_from_csv(mock_exploit_db_csv_content) - self.assertEqual(len(exploit_db_list), 2) + self.assertEqual(len(exploit_db_list), 3) # Check Exploits self.assertTrue("11#apache#2.0.44" in exploit_db_list) self.assertTrue("468#pigeon server#3.02.0143" in exploit_db_list) + self.assertTrue("37060#microsoft internet explorer#11" in exploit_db_list) def test_get_bug_traqs_lists_from_file(self): output = io.BytesIO(base64.b64decode(mock_bid_gz_file)) @@ -45,6 +46,7 @@ def test_get_bug_traqs_lists_from_file(self): 262,platforms/hardware/dos/262.pl,"Cisco Multiple Products - Automated Exploit Tool",2001-01-27,hypoclear,hardware,dos,0 11,platforms/linux/dos/11.c,"Apache 2.0.44 (Linux) - Remote Denial of Service",2003-04-11,"Daniel Nystram",linux,dos,0 345,platforms/windows/dos/345.c,"UDP Stress Tester - Denial of Service",2002-09-10,Cys,windows,dos,0 +37060,platforms/windows/dos/37060.html,"Microsoft Internet Explorer 11 - Crash PoC (1)",2015-05-19,Garage4Hackers,windows,dos,0 468,platforms/windows/dos/468.c,"Pigeon Server 3.02.0143 - Denial of Service",2004-09-19,"Luigi Auriemma",windows,dos,0 """