fix: CVE for descriptions

examples/tools/cve_check.py

@@ -9,7 +9,6 @@
     vuln = Vulnerabilities(ipf, timeout=30, cve_limit=20)
     # Increasing cve_limit will increase the amount of time NIST responds
 
-
     device = vuln.check_device('L47R6')
     pprint(device)
     """

ipfabric/tools/nist.py

@@ -2,9 +2,17 @@
 from pydantic import BaseModel, Field
 
 
+class CVE(BaseModel):
+    cve_id: str
+    description: str
+
+    def __repr__(self):
+        return self.cve_id
+
+
 class CVEs(BaseModel):
     total_results: int
-    cves: list
+    cves: list[CVE]
     error: str = Field(default=None)
 
 
@@ -46,8 +54,15 @@ def check_cve(self, vendor: str, family: str, version: str):
             res = self.get('', params=params)
             res.raise_for_status()
             data = res.json()
-            cves = CVEs(total_results=data['totalResults'],
-                        cves=[i['cve']['CVE_data_meta']['ID'] for i in data['result']['CVE_Items']])
+            for c in data['result']['CVE_Items']:
+                if len(c['cve']['description']['description_data']) > 1:
+                    print()
+            cves = CVEs(
+                total_results=data['totalResults'],
+                cves=[CVE(cve_id=i['cve']['CVE_data_meta']['ID'],
+                          description=i['cve']['description']['description_data'][0]['value'])
+                      for i in data['result']['CVE_Items']]
+            )
             return cves
         except ReadTimeout:
             return CVEs(total_results=0, cves=[], error='Timeout')

tests/unittests/tools/test_nist.py

@@ -14,7 +14,10 @@ def test_cve(self):
     def setUp(self) -> None:
         with patch("httpx.Client.__init__", return_value=None) as mock:
             self.vuln = nist.NIST(30, 1)
-        self.cve = dict(totalResults=1, result=dict(CVE_Items=[dict(cve=dict(CVE_data_meta=dict(ID='TEST')))]))
+        self.cve = dict(totalResults=1, result=dict(CVE_Items=[dict(cve=dict(CVE_data_meta=dict(ID='TEST'),
+                                                                             description=dict(description_data=[
+                                                                                 dict(value='test')
+                                                                             ])))]))
 
     def test_params(self):
         self.assertEqual(self.vuln.params, {'cpeMatchString': 'cpe:2.3:*:', 'startIndex': 0, 'resultsPerPage': 1})
@@ -24,7 +27,8 @@ def test_check_juniper(self, get):
         get().json.return_value = self.cve
         res = self.vuln.check_cve('juniper', 'junos', '17.2R1.13')
         self.assertIsInstance(res, nist.CVEs)
-        self.assertEqual(res.cves, ['TEST'])
+        self.assertEqual(res.cves[0].cve_id, 'TEST')
+        self.assertEqual(res.cves[0].description, 'test')
         self.assertEqual(res.total_results, 1)
         self.assertIsNone(res.error)
 

tests/unittests/tools/test_vulnerabilities.py

@@ -2,7 +2,7 @@
 from unittest.mock import patch, MagicMock
 
 from ipfabric.tools import vulnerabilities
-from ipfabric.tools.nist import CVEs
+from ipfabric.tools.nist import CVEs, CVE
 
 
 class Version(unittest.TestCase):
@@ -17,6 +17,7 @@ def setUp(self) -> None:
         with patch('ipfabric.tools.vulnerabilities.NIST') as mock:
             self.vuln = vulnerabilities.Vulnerabilities(MagicMock())
         self.vuln.nist.check_cve.return_value = CVEs(total_results=1, cves=[], error='None')
+        self.cve = CVE(cve_id='TEST', description='test')
 
     def test_check_versions_cve(self):
         res = self.vuln._check_versions([dict(version='1', vendor='cisco', family='ios', hostname='TEST',
@@ -27,7 +28,7 @@ def test_check_versions_cve(self):
     @patch('ipfabric.tools.vulnerabilities.Vulnerabilities._check_versions')
     def test_check_versions(self, versions):
         versions.return_value = [vulnerabilities.Version(version='1', vendor='cisco', family='ios', hostname='TEST',
-                                                         site='TEST', cves=CVEs(total_results=1, cves=['TEST']))]
+                                                         site='TEST', cves=CVEs(total_results=1, cves=[self.cve]))]
         self.vuln.ipf.inventory.devices.all.return_value = [dict(version='1', vendor='cisco', family='ios')]
         cve = self.vuln.check_versions()
         self.assertIsInstance(cve[0], vulnerabilities.Version)
@@ -36,7 +37,7 @@ def test_check_versions(self, versions):
     @patch('ipfabric.tools.vulnerabilities.Vulnerabilities._check_versions')
     def test_check_device(self, versions):
         versions.return_value = [vulnerabilities.Version(version='1', vendor='cisco', family='ios', hostname='TEST',
-                                                         site='TEST', cves=CVEs(total_results=1, cves=['TEST']))]
+                                                         site='TEST', cves=CVEs(total_results=1, cves=[self.cve]))]
         self.vuln.ipf.inventory.devices.all.return_value = [dict(version='1', vendor='cisco', family='ios')]
         cve = self.vuln.check_device('TEST')
         self.assertIsInstance(cve[0], vulnerabilities.Version)
@@ -45,7 +46,7 @@ def test_check_device(self, versions):
     @patch('ipfabric.tools.vulnerabilities.Vulnerabilities._check_versions')
     def test_check_site(self, versions):
         versions.return_value = [vulnerabilities.Version(version='1', vendor='cisco', family='ios', hostname='TEST',
-                                                         site='TEST', cves=CVEs(total_results=1, cves=['TEST']))]
+                                                         site='TEST', cves=CVEs(total_results=1, cves=[self.cve]))]
         self.vuln.ipf.inventory.devices.all.return_value = [dict(version='1', vendor='cisco', family='ios')]
         cve = self.vuln.check_site('TEST')
         self.assertIsInstance(cve[0], vulnerabilities.Version)