{ "cells": [ { "cell_type": "markdown", "id": "604150b3-255c-441f-8f67-c95b2f91158e", "metadata": {}, "source": [ "# CVE" ] }, { "cell_type": "markdown", "id": "9688bdc8-ceb9-4fb5-a43b-588a5f108d83", "metadata": {}, "source": [ "**Common Vulnerabilities and Exposures Identifier (CVE ID)** is a unique, alphanumeric identifier assigned by the CVE Program. Each identifier references a specific vulnerability. A CVE ID enables automation and multiple parties to discuss, share, and correlate information about a specific vulnerability, knowing they are referring to the same thing\n", "\n", "> source: [www.cve.org](https://www.cve.org/ResourcesSupport/Glossary?activeTerm=glossaryCVEID)" ] }, { "cell_type": "markdown", "id": "bb012dcd-8476-4501-8ca2-1008a08588e3", "metadata": {}, "source": [ "You can see this notebook directly via:\n", "- [GitHub](https://github.com/LimberDuck/limberduck.org/blob/master/docs/notebooks/cve/cve.ipynb)\n", "- [Jupter nbviewer](https://nbviewer.org/github/LimberDuck/limberduck.org/blob/master/docs/notebooks/cve/cve.ipynb)" ] }, { "cell_type": "markdown", "id": "f7c29080-90bd-4e34-bc6f-92511ed31595", "metadata": {}, "source": [ "## Generation time" ] }, { "cell_type": "code", "execution_count": 6, "id": "ff06696a-18c2-4c59-9cae-bc0dd8b7b308", "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "2023-03-30 19:45:42 +0000\n" ] } ], "source": [ "from datetime import datetime, timezone, timedelta\n", "\n", "timezone_offset = 0.0\n", "tzinfo = timezone(timedelta(hours=timezone_offset))\n", "generation_time = datetime.now(tzinfo).strftime('%Y-%m-%d %H:%M:%S %z')\n", "print(generation_time)" ] }, { "cell_type": "markdown", "id": "f3a4c46a-1ece-4601-9f72-90d64e12f888", "metadata": {}, "source": [ "## Creative Commons" ] }, { "cell_type": "markdown", "id": "33983601-bf85-4ba0-babc-5e3a69bc5ef4", "metadata": {}, "source": [ "This notebook and generated diagrams are released with [Creative Commons liecense (CC BY 4.0)](https://creativecommons.org/licenses/by/4.0/deed.en).\n", "\n", "\"CC" ] }, { "cell_type": "code", "execution_count": 7, "id": "17811d3a-f62b-4c35-9bad-75fcdc9e9cf5", "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "cc.xlarge.png\n", "by.xlarge.png\n" ] } ], "source": [ "import requests\n", "import urllib3\n", "\n", "urllib3.disable_warnings()\n", "\n", "urls = ['https://mirrors.creativecommons.org/presskit/icons/cc.xlarge.png',\n", " 'https://mirrors.creativecommons.org/presskit/icons/by.xlarge.png']\n", "for url in urls:\n", " file_name = url.split(\"/\")[-1:][0]\n", " print(file_name)\n", "\n", " file = requests.get(url, verify=False)\n", " open(file_name, 'wb').write(file.content)" ] }, { "cell_type": "markdown", "id": "f0d55e25-0b30-4377-95cf-20f471fcaf21", "metadata": {}, "source": [ "## CVE data downloading" ] }, { "cell_type": "markdown", "id": "b29a1112-344a-4015-91d1-c1ee0aa63629", "metadata": {}, "source": [ "All CVE IDs are taken from [cve.mitre.org/data/downloads/index.html](https://cve.mitre.org/data/downloads/index.html)" ] }, { "cell_type": "code", "execution_count": 10, "id": "239ee776-f15c-43d4-a8f5-d1ca251f0f37", "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "allitems.xml.Z\n" ] } ], "source": [ "url = 'https://cve.mitre.org/data/downloads/allitems.xml.Z'\n", "file_name = url.split(\"/\")[-1:][0]\n", "print(file_name)" ] }, { "cell_type": "code", "execution_count": 11, "id": "50f24f67-75e2-4d85-bf23-47182cbf46f3", "metadata": {}, "outputs": [ { "data": { "text/plain": [ "60619173" ] }, "execution_count": 11, "metadata": {}, "output_type": "execute_result" } ], "source": [ "import requests\n", "import urllib3\n", "\n", "urllib3.disable_warnings()\n", "\n", "file = requests.get(url, verify=False)\n", "open(file_name, 'wb').write(file.content)" ] }, { "cell_type": "code", "execution_count": 14, "id": "e02dc4ee", "metadata": {}, "outputs": [], "source": [ "import unlzw3\n", "from pathlib import Path\n", "\n", "uncompressed_data = unlzw3.unlzw(Path(file_name))\n" ] }, { "cell_type": "code", "execution_count": 18, "id": "8b59663f", "metadata": {}, "outputs": [], "source": [ "with open(file_name[:-2], 'wb') as file:\n", " file.write(uncompressed_data)" ] }, { "cell_type": "code", "execution_count": 19, "id": "d2ff78a8", "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ "allitems.xml\n" ] } ], "source": [ "import glob\n", "\n", "file_name = glob.glob('*.xml')[-1]\n", "print(file_name)" ] }, { "cell_type": "markdown", "id": "cb262f32-6398-44c9-a365-d5e1b47dfcd8", "metadata": {}, "source": [ "## CVE data parsing" ] }, { "cell_type": "code", "execution_count": 20, "id": "69608e9f-cbad-40db-85f2-48d25d1aa381", "metadata": {}, "outputs": [ { "name": "stdout", "output_type": "stream", "text": [ " number year\n", "0 CVE-1999-0001 1999\n", "1 CVE-1999-0002 1999\n", "2 CVE-1999-0003 1999\n", "3 CVE-1999-0004 1999\n", "4 CVE-1999-0005 1999\n", "... ... ...\n", "268000 CVE-2023-29055 2023\n", "268001 CVE-2023-29056 2023\n", "268002 CVE-2023-29057 2023\n", "268003 CVE-2023-29058 2023\n", "268004 CVE-2023-29059 2023\n", "\n", "[268005 rows x 2 columns]\n" ] } ], "source": [ "import pandas as pd \n", "import xml.etree.ElementTree as et \n", "\n", "tree = et.parse(file_name)\n", "root = tree.getroot()\n", "df_cols = [\"number\", \"year\"]\n", "rows = []\n", "\n", "for item in root:\n", " item_name = item.attrib.get(\"name\")\n", " item_year = item_name[4:8]\n", " rows.append({\"number\": item_name, \"year\": item_year})\n", "\n", "df = pd.DataFrame(rows, columns = df_cols)\n", "\n", "print(df)" ] }, { "cell_type": "code", "execution_count": 21, "id": "ecbe6644-37e1-4747-b8cc-3181570bfb1e", "metadata": {}, "outputs": [ { "data": { "text/html": [ "\n", "\n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", " \n", "
 yearnumber
119991579
220001243
320011573
420022436
520031603
620042779
720054900
820067256
920076766
1020087325
1120095163
1220105349
1320115339
1420126731
1520137517
16201410546
1720159670
18201611357
19201719567
20201821914
21201921541
22202031262
23202130602
24202233267
25202310720
\n" ], "text/plain": [ "" ] }, "execution_count": 21, "metadata": {}, "output_type": "execute_result" } ], "source": [ "df = df.groupby(['year'], as_index=False)[['number']].count()\n", "df.reset_index(drop=True, inplace=True)\n", "df.index += 1\n", "\n", "df.style.bar(subset=['number'], color='#FF6200')" ] }, { "cell_type": "markdown", "id": "c8f1485b-5641-4610-92ab-25ffb1493bea", "metadata": {}, "source": [ "## CVE data saving" ] }, { "cell_type": "markdown", "id": "5b3522c7-1d6e-46c0-8400-ea82dbbb645f", "metadata": {}, "source": [ "CSV file is available in GitHub repository, see:\n", "\n", "- [file via GitHub](https://github.com/LimberDuck/limberduck.org/blob/master/docs/notebooks/cve/cve-number-of-entries.csv)\n", "- [file directly](https://raw.githubusercontent.com/LimberDuck/limberduck.org/master/docs/notebooks/cve/cve-number-of-entries.csv)" ] }, { "cell_type": "code", "execution_count": 22, "id": "6c1d9ff7-d783-4362-9f8f-336abded29bb", "metadata": {}, "outputs": [], "source": [ "csv_filename = 'cve-number-of-entries.csv'\n", "\n", "df.to_csv(csv_filename, index=False)" ] }, { "cell_type": "markdown", "id": "8142803d-8e8f-4d65-81d1-cf54eeeeacfc", "metadata": {}, "source": [ "## CVE data ploting" ] }, { "cell_type": "markdown", "id": "2ee8dc00-a654-4c99-98fb-9a87fa96d2f0", "metadata": {}, "source": [ "PNG files are available in GitHub repository with two background versions, see: \n", "\n", "- [file via GitHub (white background)](https://github.com/LimberDuck/limberduck.org/blob/master/docs/notebooks/cve/cve-number-of-entries-bg-white.png)\n", "- [file via GitHub (transparent background)](https://github.com/LimberDuck/limberduck.org/blob/master/docs/notebooks/cve/cve-number-of-entries-bg-transparent.png)\n", "- [file directly (white background)](https://raw.githubusercontent.com/LimberDuck/limberduck.org/master/docs/notebooks/cve/cve-number-of-entries-bg-white.png)\n", "- [file directly (transparent background)](https://raw.githubusercontent.com/LimberDuck/limberduck.org/master/docs/notebooks/cve/cve-number-of-entries-bg-transparent.png)" ] }, { "cell_type": "code", "execution_count": 23, "id": "f49c7474-a160-468f-9930-365b66710970", "metadata": {}, "outputs": [ { "data": { "image/png": "", "text/plain": [ "
" ] }, "metadata": {}, "output_type": "display_data" } ], "source": [ "import pandas as pd\n", "import matplotlib.pyplot as plt\n", "import datetime\n", "\n", "df = pd.read_csv(csv_filename)\n", "\n", "df.plot(x='year', \n", " xlabel='Year',\n", " y='number', \n", " ylabel='Number of CVE',\n", " kind='bar', \n", " title='Number of CVE per year')\n", "plt.tight_layout()\n", "plt.legend(['CVE'])\n", "plt.figtext(0.15, 0.02, f\"Generated on {generation_time} thanks to limberduck.org based on source: cve.mitre.org\", ha=\"left\", fontsize=7)\n", "fig = plt.gcf()\n", "fig.set_size_inches(10,6)\n", "fig.patch.set_facecolor('white')\n", "plt.grid(True)\n", "\n", "img_cc = plt.imread('cc.xlarge.png')\n", "newax_cc = fig.add_axes([0.88, 0.0, 0.05, 0.05], anchor='NE', zorder=-1)\n", "newax_cc.imshow(img_cc)\n", "newax_cc.axis('off')\n", "img_by = plt.imread('by.xlarge.png')\n", "newax_by = fig.add_axes([0.92, 0.0, 0.05, 0.05], anchor='NE', zorder=-1)\n", "newax_by.imshow(img_by)\n", "newax_by.axis('off')\n", "\n", "plt.savefig('cve-number-of-entries-bg-white.png', dpi = 300, facecolor = 'white')\n", "plt.savefig('cve-number-of-entries-bg-transparent.png', dpi = 300, transparent = True)" ] } ], "metadata": { "kernelspec": { "display_name": "Python 3 (ipykernel)", "language": "python", "name": "python3" }, "language_info": { "codemirror_mode": { "name": "ipython", "version": 3 }, "file_extension": ".py", "mimetype": "text/x-python", "name": "python", "nbconvert_exporter": "python", "pygments_lexer": "ipython3", "version": "3.9.5" } }, "nbformat": 4, "nbformat_minor": 5 }