extract-cve-score.pl
--------------------------------- 8< --------------------------------------
#!/usr/bin/perl
my $data = "";
my @cve_names = ("");
my @cve_scores = ("");
my $cve_name = "";
$data = readDBcontent($ARGV[0]);
$data =~ s/
@cve_names = $data =~ m|@cve_scores = $data =~ m|
for (my $i=0;$i<=$#cve_names;$i++) {
print $cve_names[$i]."\t".$cve_scores[$i]."\n";
}
sub readDBcontent {
my ($table) = @_;
my $dbcon = "";
open(TBL,"<$table")||die($table);
while () {
$dbcon .= $_ ;
}
close(TBL);
return ($dbcon);
}
--------------------------------- 8< --------------------------------------
extract-snort-cve.pl
--------------------------------- 8< --------------------------------------
#!/usr/bin/perl
#
my @issues = ("");
readDBcontent($ARGV[0],\@issues);
for (my $i=0;$i<@issues;$i++) {
my $issuetext = $issues[$i];
if ($issuetext =~ m/\|\| cve,(\d{4}-\d{4}) /) {
print "CVE-".$1."\n";
}
}
sub readDBcontent {
my ($table,$dbcon)=@_;
my $count=0;
open(TBL,"<$table")||die($table);
@{$dbcon}=;
close(TBL);
for(my $i=0;$i<@{$dbcon};$i++) {
chomp(${$dbcon}[$i]);
if(${$dbcon}[$i] ne "") { $count++; }
}
return ($count);
}
--------------------------------- 8< --------------------------------------
get-iss-content.pl
--------------------------------- 8< --------------------------------------
#!/usr/bin/perl
#
my $flag = 0;
my $program = "lynx -source ";
my $url_b = "http://xforce.iss.net/xforce/xfdb/";
my @issues = ("");
$|++;
readDBcontent($ARGV[0],\@issues);
for (my $i=0;$i<@issues;$i++) {
my $issuetext = $issues[$i];
my ($aa,$bb,$cc,$vul_id) = split (',',$issuetext);
if ($vul_id =~ m/^\d+/) {
my $iss_vuln = "$vul_id.txt";
# print $iss_vuln."\n";
if (!(-e $iss_vuln) || (-z $iss_vuln)) {
my $content = "";
$url = $url_b."${vul_id}";
$content = getSection();
open (DATAFILE,">$iss_vuln") or die ("$iss_vuln\n");
print DATAFILE $content;
close (DATAFILE);
}
}
}
sub getSection {
my @page;
my $section_con = "";
my $last = 0;
getPage("$url",\@page);
$section=uc("$section");
for ($i=0;$i<@page;$i++) {
if ($page[$i] =~ m/^
The information within this database may change without notice/) {$flag = 0};
if ($flag) {
$page[$i] = removeHtmltag ("$page[$i]");
if($page[$i] eq "") {
if(!$last) { $section_con .= "\n"; $last = 1;}
} else {
$section_con .= "$page[$i]\n";
$last = 0;
}
}
if ($page[$i] =~ m/X-Force Database Results/) {$flag = 1};
}
return $section_con;
}
sub getPage {
my ($url_section,$page_con) = @_;
open (EXECFILE, "$program '$url_section' |");
@{$page_con} = ;
close (EXECFILE);
}
sub removeHtmltag {
my ($string)=@_;
$string =~ s/\t//g;
$string =~ s/\n//g;
$string =~ s/ / /g;
$string =~ s/"/"/g;
$string =~ s/
/\n/g;
$string =~ s/
/\n/g;
$string =~ s/
/\n/g;
$string =~ s/
/\n/g;
$string =~ s/
/\n/g;
$string =~ s/<\/P>/\n/g;
$string =~ s/<\/p>/\n/g;
$string =~ s/
/---/g;
$string =~ s/
/---/g;
$string =~ s/—/-/g;
$string =~ s/<\/OPTION>/\n/g;
$string =~ s/<[^<]*>//g;
$string =~ s/</$string =~ s/>/>/g;
$string =~ s/&/&/g;
$string =~ s/"/"/g;
$string =~ s/\015//g;
$string =~ s/^\s*\n*//;
# $string =~ s/\s*\n*$//;
return $string;
}
sub readDBcontent {
my ($table,$dbcon)=@_;
my $count=0;
open(TBL,"<$table")||die($table);
@{$dbcon}=;
close(TBL);
for(my $i=0;$i<@{$dbcon};$i++) {
chomp(${$dbcon}[$i]);
if(${$dbcon}[$i] ne "") { $count++; }
}
return ($count);
}
--------------------------------- 8< --------------------------------------
extract-iss-cve.pl
--------------------------------- 8< --------------------------------------
#!/usr/bin/perl
#
my @issues = ("");
readDBcontent($ARGV[0],\@issues);
for (my $i=0;$i<@issues;$i++) {
my $issuetext = $issues[$i];
my ($aa,$bb,$cc,$vul_id) = split (',',$issuetext);
if ($vul_id =~ m/^\d+/) {
my $iss_vuln = "$vul_id.txt";
if ((-e $iss_vuln) && !(-z $iss_vuln)) {
my @contents = ("");
readDBcontent($iss_vuln,\@contents);
for (my $j=0;$j<@contents;$j++) {
if ($contents[$j] =~ m/^---(CVE-\d{4}-\d{4})/) {
print $1."\n";
}
}
}
}
}
sub readDBcontent {
my ($table,$dbcon)=@_;
my $count=0;
open(TBL,"<$table")||die($table);
@{$dbcon}=;
close(TBL);
for(my $i=0;$i<@{$dbcon};$i++) {
chomp(${$dbcon}[$i]);
if(${$dbcon}[$i] ne "") { $count++; }
}
return ($count);
}
--------------------------------- 8< --------------------------------------
extract-idp-cve.pl
--------------------------------- 8< --------------------------------------
#!/usr/bin/perl
#
my @issues = ("");
readDBcontent($ARGV[0],\@issues);
for (my $i=0;$i<@issues;$i++) {
my $issuetext = $issues[$i];
if ($issuetext =~ m/:cve \((CVE-\d{4}-\d{4})\)/) {
print $1."\n";
}
}
sub readDBcontent {
my ($table,$dbcon)=@_;
my $count=0;
open(TBL,"<$table")||die($table);
@{$dbcon}=;
close(TBL);
for(my $i=0;$i<@{$dbcon};$i++) {
chomp(${$dbcon}[$i]);
if(${$dbcon}[$i] ne "") { $count++; }
}
return ($count);
}
--------------------------------- 8< --------------------------------------
caculate-score.pl
--------------------------------- 8< --------------------------------------
#!/usr/bin/perl
if(scalar(@ARGV) < 2){
print "Usage: $0 CVES-LIST-FILE CVE-SCORE-PAIR-LIST-FILE\n";
exit 1;
}
my %cve_name_score = ();
my @score_data = ("");
readDBcontent($ARGV[1],\@score_data);
my $cur_name = "";
my $cur_score = 0.0;
foreach (@score_data) {
$_ =~ m/(.+)\t(.+)/;
$cur_name = $1;
$cur_score = $2;
$cve_name_score{$cur_name} = $cur_score;
}
my @cves = ("");
readDBcontent($ARGV[0],\@cves);
my $score = 0.0;
my $score1 = 0.0;
my $cve_count = 0;
my $year = 0;
my $score_modified = 0;
foreach (@cves) {
if ($_ ne "") {
if (defined($cve_name_score{$_})) {
$score += $cve_name_score{$_};
$cve_count++;
$_ =~ m/(\d\d\d\d)-\d\d\d\d/;
$year = $1;
$score_modified = $cve_name_score{$_} * ((8-(2006-$year))/8);
$score1 += $score_modified;
}
}
}
my $average = $score/$cve_count;
printf "%d\t%.1f\t%.1f\t%.1f", $cve_count,$score,$average,$score1;
sub readDBcontent {
my ($table,$dbcon)= @_;
my $count= 0;
open(TBL,"<$table")||die($table);
@{$dbcon}=;
close(TBL);
for(my $i=0;$i<@{$dbcon};$i++) {
chomp(${$dbcon}[$i]);
if(${$dbcon}[$i] ne "") { $count++; }
}
return ($count);
}
--------------------------------- 8< -------------------------------------- |
相关文章
