|
|
@@ -128,7 +128,7 @@ class CVE:
|
|
|
filename = CVE.download_nvd_year(nvd_dir, year)
|
|
|
try:
|
|
|
uncompressed = subprocess.check_output(["xz", "-d", "-c", filename])
|
|
|
- content = ijson.items(uncompressed, 'CVE_Items.item')
|
|
|
+ content = ijson.items(uncompressed, 'cve_items.item')
|
|
|
except: # noqa: E722
|
|
|
print("ERROR: cannot read %s. Please remove the file then rerun this script" % filename)
|
|
|
raise
|
|
|
@@ -155,11 +155,11 @@ class CVE:
|
|
|
for parsed_node in self.parse_node(child):
|
|
|
yield parsed_node
|
|
|
|
|
|
- for cpe in node.get('cpe_match', ()):
|
|
|
+ for cpe in node.get('cpeMatch', ()):
|
|
|
if not cpe['vulnerable']:
|
|
|
return
|
|
|
- product = cpe_product(cpe['cpe23Uri'])
|
|
|
- version = cpe_version(cpe['cpe23Uri'])
|
|
|
+ product = cpe_product(cpe['criteria'])
|
|
|
+ version = cpe_version(cpe['criteria'])
|
|
|
# ignore when product is '-', which means N/A
|
|
|
if product == '-':
|
|
|
return
|
|
|
@@ -191,7 +191,7 @@ class CVE:
|
|
|
v_end = cpe['versionEndExcluding']
|
|
|
|
|
|
yield {
|
|
|
- 'id': cpe['cpe23Uri'],
|
|
|
+ 'id': cpe['criteria'],
|
|
|
'v_start': v_start,
|
|
|
'op_start': op_start,
|
|
|
'v_end': v_end,
|
|
|
@@ -199,14 +199,15 @@ class CVE:
|
|
|
}
|
|
|
|
|
|
def each_cpe(self):
|
|
|
- for node in self.nvd_cve['configurations']['nodes']:
|
|
|
- for cpe in self.parse_node(node):
|
|
|
- yield cpe
|
|
|
+ for nodes in self.nvd_cve.get('configurations', []):
|
|
|
+ for node in nodes['nodes']:
|
|
|
+ for cpe in self.parse_node(node):
|
|
|
+ yield cpe
|
|
|
|
|
|
@property
|
|
|
def identifier(self):
|
|
|
"""The CVE unique identifier"""
|
|
|
- return self.nvd_cve['cve']['CVE_data_meta']['ID']
|
|
|
+ return self.nvd_cve['id']
|
|
|
|
|
|
@property
|
|
|
def affected_products(self):
|
Yann E. MORIN