-
Notifications
You must be signed in to change notification settings - Fork 0
/
extracter.js
125 lines (108 loc) · 4.7 KB
/
extracter.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
var https = require('https');
var AdmZip = require('adm-zip');
var fs = require('fs');
var moment = require('moment');
var busy=0;
var objectsToDownload = ['CVE-List', 'https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Recent.xml.zip'];
console.log("Connecting to mysql");
var mysql = require('mysql');
var connection = mysql.createConnection({
host: '127.0.0.1',
user: 'root',
password: '',
database: 'vulner_stats'
});
connection.connect();
var download = function(filename,url,cb){
var tmpZipStream = fs.createWriteStream(filename+'.zip');
var request = https.get(url, function(response) {
response.pipe(tmpZipStream);
});
tmpZipStream.on('close', function() {
var zip;
try {
zip = new AdmZip(filename+'.zip');
console.log("Extracting");
zip.extractAllTo(filename,true);
cb();
} catch (e) {
console.log('Can not create zip, bad data', e);
}
})
};
function loadXMLDoc(filePath) {
var fs = require('fs');
var xml2js = require('xml2js');
var json;
try {
updateVuln(null, null, null, null, null, true);
var fileData = fs.readFileSync(filePath, 'ascii');
var parser = new xml2js.Parser();
parser.parseString(fileData.substring(0, fileData.length), function(err, result) {
json = JSON.stringify(result);
});
var i;
json = JSON.parse(json);
for (i = 0; i < (json.nvd.entry).length; i++) {
if (json.nvd.entry[i]["vuln:cvss"] !== undefined){
busy++;
///console.log('********************');
console.log('CVE Entry Number: '+ json.nvd.entry[i].$.id);
console.log('Published Date: '+ json.nvd.entry[i]["vuln:published-datetime"]);
console.log('Rating: '+json.nvd.entry[i]["vuln:cvss"][0]['cvss:base_metrics'][0]["cvss:score"][0]);
console.log('Summary: '+json.nvd.entry[i]["vuln:summary"][0]);
var dt = new Date(json.nvd.entry[i]["vuln:published-datetime"]);
//console.log(moment(dt).format("YYYY-MM-DD HH:MM:S"));
if (typeof json.nvd.entry[i]["vuln:vulnerable-software-list"] === 'undefined' )
{
updateVuln(json.nvd.entry[i].$.id, moment(dt).format("YYYY-MM-DD HH:MM:S"),
json.nvd.entry[i]["vuln:cvss"][0]['cvss:base_metrics'][0]["cvss:score"][0],
"", json.nvd.entry[i]["vuln:summary"][0], false);
}else
{
var products_list="";
console.log((json.nvd.entry[i]["vuln:vulnerable-software-list"][0]["vuln:product"]).length);
for (iii=0; iii < (json.nvd.entry[i]["vuln:vulnerable-software-list"][0]["vuln:product"]).length ; iii++)
{
products_list = products_list + json.nvd.entry[i]["vuln:vulnerable-software-list"][0]["vuln:product"][iii]+"<br>";
}
products_list = products_list.replace(/cpe:\/o:/g,"");
products_list = products_list.replace(/cpe:\/a:/g,"");
updateVuln(json.nvd.entry[i].$.id, moment(dt).format("YYYY-MM-DD HH:MM:S"),
json.nvd.entry[i]["vuln:cvss"][0]['cvss:base_metrics'][0]["cvss:score"][0],
products_list,json.nvd.entry[i]["vuln:summary"][0], false);
}
//p
//console.log(busy);
} else {
console.log('Published Date: '+ json.nvd.entry[i]["vuln:published-datetime"]);
}
}
} catch (ex) {
console.log(ex);
} finally {
connection.end();
}
}
download(objectsToDownload[0], objectsToDownload[1],function () {
loadXMLDoc(objectsToDownload[0] + "/" + "nvdcve-2.0-recent.xml");
}
);
function updateVuln(Id, Date, Score, Product, Summary, delFlag) {
if (delFlag === true) {
connection.query("DELETE FROM vulnerabilities");
} else {
console.log("Inserting records into the table");
connection.query('INSERT INTO vulner_stats.vulnerabilities (vuln_id, vuln_pub_date, vuln_score, vuln_products, vuln_summary) ' +
'VALUES (\'' +Id + '\',"' + Date + '",' + Score + ',\'' + Product + '\',' + mysql.escape(Summary) + ')'),
function(err) {
if (err){
console.log('INSERT INTO vulner_stats.vulnerabilities (vuln_id, vuln_pub_date, vuln_score, vuln_products, vuln_summary) ' +
'VALUES (\'' +Id + '\',"' + Date + '",' + Score + ',\'' + Product + '\',' + mysql.escape(Summary) + ')');
console.log(err);
} else {
console.log("");
}
};
}
}