API Documentation

The “Crawler” Module

Get the CVE from Mitre based on requested packages/keyword/CVE-ID

mitrecve.crawler.get_cve_detail(package)

Main function to get cve details

Get all the CVE for a package/keyword with details. These are valid string:

  • Make multiple package request at the same time : get_cve_detail("package1,package2")
  • Use several keyword to narrow a research : get_cve_detail("keyword1+keyword2"
  • And a combination of the above options : get_cve_detail("keyword1+keyword2,package1,package2"). Here there will be 3 differents requests.
Parameters:package (str) – package, keyword you want to search for
Returns:List of Tuple composed of all the CVE found for the choosen package.

Data Structure: [(cve_name, cve_desc, nvd_link_1, [ref_1_cve_1, ref_2_cve_1]) ,…, (cve_name, cve_desc, nvd_link_n, [ref_1_cve_n, ref_2_cve_n])]

Return type:List

Examples:

  • Example for a simple package request:

    >> crawler.get_cve_detail("jython")
    [
        ('CVE-2016-4000',
            'Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a '
            'crafted serialized PyFunction object.', # cve description
            'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4000',
            ['http://advisories.mageia.org/MGASA-2015-0096.html',
             'http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html',
             'http://www.mandriva.com/security/advisories?name=MDVSA-2015:158',
             'https://bugzilla.redhat.com/show_bug.cgi?id=947949',
             'http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html']
        ),
    
        ('CVE-2013-2027',
            'Jython 2.2.1 uses the current umask to set the privileges of the class '
            'cache files, which allows local users to bypass intended access '
            'restrictions via unspecified vectors.',
            'http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2027',
            ['http://advisories.mageia.org/MGASA-2015-0096.html',
             'http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html',
             'http://www.mandriva.com/security/advisories?name=MDVSA-2015:158',
             'https://bugzilla.redhat.com/show_bug.cgi?id=947949',
             'http://lists.opensuse.org/opensuse-updates/2015-02/msg00055.html']
        )
    ]
    
mitrecve.crawler.get_main_page(__format, package)

Main function to get cve

Get all the CVE for a package/keyword. These are valid string:

  • Make multiple package request at the same time : get_main_page("package1,package2")
  • Use several keyword to narrow a research : get_main_page("keyword1+keyword2")
  • And a combination of the above options : get_main_page("keyword1+keyword2,package1,package2"). Here there will be 3 differents requests.
Parameters:package (str) – package, keyword you want to search for
Returns:ID,URL,DESC
Return type:dict. A dict with an entry for each CVE with these keyword

Examples:

  • Example for a simple package request:

    >> crawler.get_main_page("jython")
    
    {
        0: {
            'DESC': 'Jython before 2.7.1rc1 allows attackers to execute arbitrarycode via a crafted serialized PyFunction object.',
            'ID': 'CVE-2016-4000',
            'URL': 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4000'
        },
    
        1: {
            'DESC': 'Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.',
            'ID': 'CVE-2013-2027',
            'URL': 'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2027'
        }
    }