Created
June 28, 2018 22:16
-
-
Save SteveSimpson/c5e59675c04ad58c796e81486f127826 to your computer and use it in GitHub Desktop.
exercise1.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $numberOfDays = 7; // 90 in production, 7 days should be good for testing | |
| /* | |
| 1. Using the Red Hat Security API at https://access.redhat.com/labs/securitydataapi/ , write code that creates a report containing all Red Hat security advisories for the past 90 days. This report should include: | |
| - the RHSA identifier (e.g. RHSA-2018:1944) | |
| - the advisory release date | |
| - the CVEs related to the advisory | |
| - the CWE associated with each CVE | |
| You don't need to spend a lot of time trying to make the output beautiful. | |
| */ | |
| // GET /cvrf.json | |
| // GET /cvrf/<RHSA_ID>.json | |
| $rhapi = "https://access.redhat.com/labs/securitydataapi/"; | |
| $ch = curl_init(); | |
| curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); | |
| curl_setopt($ch, CURLOPT_HEADER, 0); | |
| // curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); // don't do this if you want to stay secure, if you want to test the code and don't want to waste time fixing CA's on your system then's its OK | |
| // curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // don't do this if you want to stay secure, if you want to test the code and don't want to waste time fixing CA's on your system then's its OK | |
| function getCwe($ch, $cve) { | |
| $rhapi = "https://access.redhat.com/labs/securitydataapi/"; | |
| $cveUrl = $rhapi . "cve/" . $cve . ".json"; | |
| curl_setopt($ch, CURLOPT_URL, $cveUrl); | |
| $cveJson = curl_exec($ch); | |
| $cve = json_decode($cveJson); | |
| //echo "<pre>\n\n"; | |
| //print_r($cve); | |
| //echo "</pre>\n"; | |
| //die(); | |
| return isset($cve->cwe) ? $cve->cwe : "no cwe data"; | |
| } | |
| $page = 1; | |
| $count = 1; // just an initial value to start the loop | |
| //loop through pages - as of writing this may not be necessary 273 issues w/ 1000 per page, probably safe to just get one, but everybody likes to see a nice while loop | |
| while ($count > 0) { | |
| $listUrl = $rhapi . "cvrf.json?after=" . date('Y-m-d', strtotime("$numberOfDays days ago") ) . "&page=" . $page; | |
| curl_setopt($ch, CURLOPT_URL, $listUrl); | |
| $issueListJson = curl_exec($ch); | |
| $issueList = json_decode($issueListJson); | |
| // echo "<pre>\n\n"; | |
| // print_r($issueList); | |
| // echo "</pre>\n"; | |
| foreach ($issueList as $item) { | |
| echo "RHSA Identifier: " . $item->RHSA . "<br />\n"; | |
| echo "Advisory Release Date: " . $item->released_on . "<br />\n"; | |
| echo "CVE / CWE: <br /><ul>"; | |
| if (count($item->CVEs)) { | |
| foreach ($item->CVEs as $cve) { | |
| echo "<li>" . $cve . " - " . getCwe($ch, $cve) . "</li>"; | |
| } | |
| } else { | |
| echo "<li>no cve data</li>"; | |
| } | |
| echo "</ul><hr />\n"; | |
| } | |
| $count = count($issueList); | |
| $page++; | |
| } | |
| /** | |
| OUTPUT: | |
| RHSA Identifier: RHSA-2018:2114 | |
| Advisory Release Date: 2018-06-28T16:03:00+00:00 | |
| CVE / CWE: | |
| no cve data | |
| RHSA Identifier: RHSA-2018:2113 | |
| Advisory Release Date: 2018-06-28T14:55:00+00:00 | |
| CVE / CWE: | |
| CVE-2017-7762 - CWE-290 | |
| CVE-2018-12359 - CWE-120 | |
| CVE-2018-12360 - CWE-416 | |
| CVE-2018-12362 - CWE-190->CWE-120 | |
| CVE-2018-12363 - CWE-416 | |
| CVE-2018-12364 - CWE-829 | |
| CVE-2018-12365 - CWE-552 | |
| CVE-2018-12366 - CWE-125 | |
| CVE-2018-5156 - CWE-120 | |
| CVE-2018-5188 - CWE-120 | |
| CVE-2018-6126 - no cwe data | |
| RHSA Identifier: RHSA-2018:2112 | |
| Advisory Release Date: 2018-06-28T14:54:00+00:00 | |
| CVE / CWE: | |
| CVE-2017-7762 - CWE-290 | |
| CVE-2018-12359 - CWE-120 | |
| CVE-2018-12360 - CWE-416 | |
| CVE-2018-12362 - CWE-190->CWE-120 | |
| CVE-2018-12363 - CWE-416 | |
| CVE-2018-12364 - CWE-829 | |
| CVE-2018-12365 - CWE-552 | |
| CVE-2018-12366 - CWE-125 | |
| CVE-2018-5156 - CWE-120 | |
| CVE-2018-5188 - CWE-120 | |
| CVE-2018-6126 - no cwe data | |
| RHSA Identifier: RHSA-2018:2102 | |
| Advisory Release Date: 2018-06-27T23:18:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-1059 - CWE-200 | |
| RHSA Identifier: RHSA-2018:2091 | |
| Advisory Release Date: 2018-06-27T18:05:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-1000156 - CWE-77 | |
| RHSA Identifier: RHSA-2018:2092 | |
| Advisory Release Date: 2018-06-27T18:05:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-1000156 - CWE-77 | |
| RHSA Identifier: RHSA-2018:2093 | |
| Advisory Release Date: 2018-06-27T18:05:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-1000156 - CWE-77 | |
| RHSA Identifier: RHSA-2018:2094 | |
| Advisory Release Date: 2018-06-27T18:05:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-1000156 - CWE-77 | |
| RHSA Identifier: RHSA-2018:2095 | |
| Advisory Release Date: 2018-06-27T18:05:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-1000156 - CWE-77 | |
| RHSA Identifier: RHSA-2018:2096 | |
| Advisory Release Date: 2018-06-27T18:05:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-1000156 - CWE-77 | |
| RHSA Identifier: RHSA-2018:2097 | |
| Advisory Release Date: 2018-06-27T18:05:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-1000156 - CWE-77 | |
| RHSA Identifier: RHSA-2018:2013 | |
| Advisory Release Date: 2018-06-27T17:48:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-1070 - CWE-20 | |
| CVE-2018-10843 - CWE-20 | |
| CVE-2018-1085 - CWE-592 | |
| RHSA Identifier: RHSA-2018:2089 | |
| Advisory Release Date: 2018-06-27T14:46:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-7489 - CWE-20 | |
| RHSA Identifier: RHSA-2018:2090 | |
| Advisory Release Date: 2018-06-27T14:46:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-7489 - CWE-20 | |
| RHSA Identifier: RHSA-2018:2088 | |
| Advisory Release Date: 2018-06-27T14:33:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-7489 - CWE-20 | |
| RHSA Identifier: RHSA-2018:2071 | |
| Advisory Release Date: 2018-06-27T09:35:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-1072 - CWE-532 | |
| CVE-2018-1075 - CWE-532 | |
| RHSA Identifier: RHSA-2018:2079 | |
| Advisory Release Date: 2018-06-27T09:35:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-10855 - CWE-532 | |
| RHSA Identifier: RHSA-2018:2060 | |
| Advisory Release Date: 2018-06-27T08:13:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-3639 - CWE-200 | |
| RHSA Identifier: RHSA-2018:2037 | |
| Advisory Release Date: 2018-06-26T18:20:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-10856 - CWE-250 | |
| RHSA Identifier: RHSA-2018:2038 | |
| Advisory Release Date: 2018-06-26T18:20:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-1059 - CWE-200 | |
| RHSA Identifier: RHSA-2018:2022 | |
| Advisory Release Date: 2018-06-26T17:05:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-10855 - CWE-532 | |
| RHSA Identifier: RHSA-2018:2020 | |
| Advisory Release Date: 2018-06-26T16:39:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-9159 - CWE-22 | |
| RHSA Identifier: RHSA-2018:1967 | |
| Advisory Release Date: 2018-06-26T15:04:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-3639 - CWE-200 | |
| RHSA Identifier: RHSA-2018:2006 | |
| Advisory Release Date: 2018-06-26T15:04:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-3639 - CWE-200 | |
| RHSA Identifier: RHSA-2018:1965 | |
| Advisory Release Date: 2018-06-26T15:00:00+00:00 | |
| CVE / CWE: | |
| CVE-2017-11600 - CWE-125 | |
| CVE-2018-3639 - CWE-200 | |
| RHSA Identifier: RHSA-2018:1979 | |
| Advisory Release Date: 2018-06-26T15:00:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-1080 - CWE-284 | |
| RHSA Identifier: RHSA-2018:1997 | |
| Advisory Release Date: 2018-06-26T15:00:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-3639 - CWE-200 | |
| RHSA Identifier: RHSA-2018:2001 | |
| Advisory Release Date: 2018-06-26T15:00:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-3639 - CWE-200 | |
| RHSA Identifier: RHSA-2018:2003 | |
| Advisory Release Date: 2018-06-26T15:00:00+00:00 | |
| CVE / CWE: | |
| CVE-2017-11600 - CWE-125 | |
| CVE-2018-3639 - CWE-200 | |
| RHSA Identifier: RHSA-2018:1974 | |
| Advisory Release Date: 2018-06-25T14:45:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-2783 - no cwe data | |
| CVE-2018-2790 - CWE-347 | |
| CVE-2018-2794 - CWE-502 | |
| CVE-2018-2795 - CWE-770 | |
| CVE-2018-2796 - CWE-770 | |
| CVE-2018-2797 - CWE-770 | |
| CVE-2018-2798 - CWE-770 | |
| CVE-2018-2799 - CWE-770 | |
| CVE-2018-2800 - no cwe data | |
| RHSA Identifier: RHSA-2018:1975 | |
| Advisory Release Date: 2018-06-25T14:45:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-2783 - no cwe data | |
| CVE-2018-2790 - CWE-347 | |
| CVE-2018-2794 - CWE-502 | |
| CVE-2018-2795 - CWE-770 | |
| CVE-2018-2796 - CWE-770 | |
| CVE-2018-2797 - CWE-770 | |
| CVE-2018-2798 - CWE-770 | |
| CVE-2018-2799 - CWE-770 | |
| CVE-2018-2800 - no cwe data | |
| RHSA Identifier: RHSA-2018:1972 | |
| Advisory Release Date: 2018-06-25T14:07:00+00:00 | |
| CVE / CWE: | |
| CVE-2018-1101 - CWE-266 | |
| CVE-2018-1104 - CWE-20 | |
| CVE-2018-7750 - CWE-287 | |
| */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment