feat(cli): kve - new command for printing known exploited vulnerabili…

…ties

crates/cli/src/command.rs

@@ -11,6 +11,7 @@ use std::path::PathBuf;
 use structopt::StructOpt;
 mod cpe;
 mod cve;
+mod known_exploited_vulns;
 mod scan;
 mod sync;
 
@@ -27,6 +28,7 @@ pub async fn execute(cmd: Command) -> Result<(), Box<dyn Error>> {
             out_dir,
             pkg_dir,
         } => scan::execute(cpe_feed.feed_dir, out_dir, pkg_dir).await,
+        Command::KnownExploitedVulns {} => known_exploited_vulns::execute().await,
     }
 }
 
@@ -66,6 +68,12 @@ pub enum Command {
         #[structopt(short = "p", long = "pkg-dir", env = "VULNER_PKG_DIR")]
         pkg_dir: Option<PathBuf>,
     },
+
+    #[structopt(
+        name = "kev",
+        about = "Prints (K)nown (E)xploited (V)ulnerabilities catalog"
+    )]
+    KnownExploitedVulns {},
 }
 
 #[derive(Debug, StructOpt)]

crates/cli/src/command/known_exploited_vulns.rs

@@ -0,0 +1,18 @@
+/*
+ * SPDX-License-Identifier: MPL-2.0
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ */
+
+use security_advisories::http::get_client;
+use security_advisories::service::fetch_known_exploited_vulns;
+use std::error::Error;
+
+pub async fn execute() -> Result<(), Box<dyn Error>> {
+    let client = get_client()?;
+    let known_exploited_vulns = fetch_known_exploited_vulns(&client).await;
+
+    println!("{}", known_exploited_vulns?);
+    Ok(())
+}

crates/security-advisories/src/service.rs

@@ -10,6 +10,7 @@ use reqwest::Client;
 use serde_json::Value;
 use std::error::Error;
 use std::path::Path;
+mod cisa;
 mod nvd;
 
 pub const CPE_MATCH_FEED: &str = nvd::CPE_MATCH_FEED;
@@ -36,3 +37,8 @@ pub async fn download_cpe_match_feed(
     log::info!("downloading CPE match feed ...");
     nvd::download_cpe_match_feed(client, feed_path).await
 }
+
+pub async fn fetch_known_exploited_vulns(client: &Client) -> Result<Value, Box<dyn Error>> {
+    log::info!("fetching known exploited vulnerabilities ...");
+    cisa::fetch_known_exploited_vulns(client).await
+}

crates/security-advisories/src/service/cisa.rs

@@ -0,0 +1,23 @@
+/*
+ * SPDX-License-Identifier: MPL-2.0
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at https://mozilla.org/MPL/2.0/.
+ */
+
+use reqwest::Client;
+use serde_json::Value;
+use std::error::Error;
+
+pub async fn fetch_known_exploited_vulns(client: &Client) -> Result<Value, Box<dyn Error>> {
+    let home_url = "https://www.cisa.gov";
+    let feed_path = "sites/default/files/feeds";
+    let known_exploited_vulns = "known_exploited_vulnerabilities.json";
+    let url = format!("{}/{}/{}", home_url, feed_path, known_exploited_vulns);
+    let mut headers = reqwest::header::HeaderMap::new();
+    headers.insert(reqwest::header::ACCEPT, "application/json".parse()?);
+    let res = client.get(&url).headers(headers).send().await?;
+
+    let json: Value = res.json().await?;
+    Ok(json)
+}

crates/security-advisories/src/service/nvd.rs

@@ -136,7 +136,7 @@ fn get_cve_urls(id: &str, cve_data: &Value) -> Vec<String> {
     let mut urls = vec![format!("{}/{}", nvd_url, id)];
 
     if let Some(ref_data) = cve_data["references"]["reference_data"].as_array() {
-        for url in ref_data.iter().map(|x| x["url"].as_str()).flatten() {
+        for url in ref_data.iter().filter_map(|x| x["url"].as_str()) {
             urls.push(url.to_owned());
         }
     }

docs/COOKBOOK.md

@@ -7,6 +7,7 @@ vulner --help
 ## Content
 - [Scanning Funtoo Linux system for CVEs](#scanning-funtoo-linux-system-for-cves)
 - [Listing CVEs for given packages](#listing-cves-for-given-packages)
+- [Printing known exploited vulnerabilities catalog](#printing-known-exploited-vulnerabilities-catalog)
 
 
 ## Scanning Funtoo Linux system for CVEs
@@ -102,3 +103,31 @@ example produces:
 CPE match feed is up to date, available in "/tmp/vulner/feeds/json/nvdcpematch-1.0.json"
 {"id":"CVE-2020-7595","desc":{"description_data":[{"lang":"en","value":"xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation."}]},"impact":{"acInsufInfo":false,"cvssV2":{"accessComplexity":"LOW","accessVector":"NETWORK","authentication":"NONE","availabilityImpact":"PARTIAL","baseScore":5,"confidentialityImpact":"NONE","integrityImpact":"NONE","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","version":"2.0"},"exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainOtherPrivilege":false,"obtainUserPrivilege":false,"severity":"MEDIUM","userInteractionRequired":false}}
 ```
+
+
+## Printing known exploited vulnerabilities catalog
+```bash
+vulner kev | jq '.' > known-exploited-vulnerabilities.json
+```
+Results in:
+```bash
+$ head known-exploited-vulnerabilities.json
+
+{
+  "catalogVersion": "2022.02.25",
+  "count": 383,
+  "dateReleased": "2022-02-25T09:45:26.2626Z",
+  "title": "CISA Catalog of Known Exploited Vulnerabilities",
+  "vulnerabilities": [
+    {
+      "cveID": "CVE-2021-27104",
+      "dateAdded": "2021-11-03",
+      "dueDate": "2021-11-17",
+      "product": "FTA",
+      "requiredAction": "Apply updates per vendor instructions.",
+      "shortDescription": "Accellion FTA 9_12_370 and earlier is affected by OS
+command execution via a crafted POST request to various admin endpoints.",
+      "vendorProject": "Accellion",
+      "vulnerabilityName": "Accellion FTA OS Command Injection Vulnerability"
+    },
+```