-
-
Save BuffaloWill/48b9cc74273b266d280e to your computer and use it in GitHub Desktop.
# An example script to import VulnDB data into the Serpico Template database | |
# => Must be run from the Serpico root directory | |
# | |
# Serpico: https://github.com/MooseDojo/Serpico | |
# VulnDB: https://github.com/vulndb/data | |
# Author: https://github.com/BuffaloWill | |
require './model/master.rb' | |
require 'json' | |
# Directory containing vulndb JSON files | |
vulndb_dir = "[ADD ME PLS]" # e.g. /Users/username/data/db/ | |
# Simple helper method rather than hand cleaning every string | |
def c(value) | |
c_value = value.gsub("\n\n","<paragraph></paragraph>") | |
c_value = c_value.gsub("`","'") | |
return c_value | |
end | |
# Iterate the VulnDB database | |
Dir.entries(vulndb_dir).each do |json_file| | |
next if json_file == "." or json_file == ".." | |
# Read in the JSON file and store as json obj | |
file = File.read(vulndb_dir+json_file) | |
json_data = JSON.parse(file) | |
#### Change this portion if the VulnDB Schema changes | |
finding = {} | |
puts "|+| Importing #{json_data["title"]}" | |
finding["title"] = c(json_data["title"]) | |
finding["overview"] = "<paragraph>" | |
finding["overview"] += c(json_data["description"].join(" ")) | |
finding["overview"] += "</paragraph>" | |
if json_data["fix"]["guidance"].kind_of?(Array) | |
finding["remediation"] = "<paragraph>" | |
finding["remediation"] += c(json_data["fix"]["guidance"].join(" ")) | |
finding["remediation"] += "</paragraph>" | |
else | |
finding["remediation"] = c(json_data["fix"]["guidance"]) | |
end | |
finding["references"] = "<paragraph>VulnDB: https://github.com/vulndb/data</paragraph>" | |
if json_data["references"] != nil | |
json_data["references"].each do |ref| | |
finding["references"] += "<paragraph>"+c(ref["url"])+"</paragraph>" | |
end | |
end | |
finding["type"] = "Imported" | |
finding["approved"] = true | |
finding["risk"] = 1 if json_data["severity"] == "informational" | |
finding["risk"] = 2 if json_data["severity"] == "low" | |
finding["risk"] = 3 if json_data["severity"] == "medium" | |
finding["risk"] = 4 if json_data["severity"] == "high" | |
# TODO: add a true DREAD score calculator | |
finding["damage"] = 1 | |
finding["reproducability"] = 1 | |
finding["exploitability"] = 1 | |
finding["affected_users"] = 1 | |
finding["discoverability"] = 1 | |
finding["dread_total"] = 5 | |
#### | |
# write the database | |
finding_db = TemplateFindings.create(finding) | |
finding_db.save | |
end | |
I am facing the same problem as you, I don't know if the problem is in the path, I have already tried the pre-built version, but still can't load any finding from the db.
Regards
I fixed the data_mapper issue but running gem install data_mapper and running the script from the root Serpico directory however now I am getting a different error
/usr/lib/ruby/vendor_ruby/data_objects/pooling.rb:149: warning: constant ::Fixnum is deprecated
|+| Importing Insecure SSL version enabled
Traceback (most recent call last):
2: from scripts/import_vulndb.rb:22:in <main>' 1: from scripts/import_vulndb.rb:22:in
each'
scripts/import_vulndb.rb:35:in block in <main>': undefined method
join' for {"$ref"=>"#/files/description/66"}:Hash (NoMethodError)
@voidnecron/Arfi2017 you are missing the data_mapper gem. Please run bundle install
or as @SchellerCyberSecurity said gem install data_mapper
I have run bundle install
and gem install data mapper
. It does not appear that the problem is in the path. The error I get is
|+| Importing HttpOnly cookie
scripts/import_vulndb.rb:35:in block in <main>': undefined method
join' for {"$ref"=>"#/files/description/22"}:Hash (NoMethodError)
Did you mean? JSON
from scripts/import_vulndb.rb:22:in each' from scripts/import_vulndb.rb:22:in
I am facing the same issue as @noahlevinasdf
|+| Importing HttpOnly cookie
scripts/import_vulndb.rb:35:in block in
Did you mean? JSON
from scripts/import_vulndb.rb:22:in each' from scripts/import_vulndb.rb:22:in
Can you please help with this issue ?
Hi,
Question, I keep getting ruby errors while running this script and I can't seem to find what's wrong.
root@box:/opt/Serpico/Serpico# ruby scripts/import_vulndb_serpico.rb /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in
require': cannot load such file -- data_mapper (LoadError)from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in
require' from /opt/Serpico/Serpico/model/master.rb:2:in
<top (required)>'from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in
require' from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in
require'from scripts/import_vulndb_serpico.rb:8:in
<main>'
Can you give me a pointer? I've tried Debian and Ubuntu, both fully updated and ruby-full installed.
Cheers,
/V