Versions Compared

Old Version 9

changes.mady.by.user Allen D. Householder

Saved on

compared with

New Version 10

changes.mady.by.user user-5cf7e

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagepy
# get all posts for case VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/701852/posts/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: vince/comm/api/case/701852/posts/701852/ # get all posts for a specific case
[   {   'author': 'vince.user',
        'content': 'The [draft vulnerability '
                   'note](http://localhost:8000/vince/comm/case/18/notedraft/) '
                   'has been updated.',
        'created': '2020-11-17T19:13:07.866230Z',
        'pinned': True},
    {   'author': 'vince.user',
        'content': 'Please [view this draft vulnerability '
                   'note](http://localhost:8000/vince/comm/case/18/notedraft/).',
        'created': '2020-11-17T19:07:56.624450Z',
        'pinned': True},
    {   'author': 'vince.user',
        'content': 'test 2',
        'created': '2020-10-29T19:49:33.422875Z',
        'pinned': False},
    {   'author': 'vince.user',
        'content': 'test 1',
        'created': '2020-10-29T19:49:30.434164Z',
        'pinned': False}]

...

Code Block
languagepy
# get the original report for VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/701852/report/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/case/701582/report/701582/ # get report for a specific case
{   'contact_email': 'joebob@vendor.example.com',
    'contact_name': 'Joe Bob',
    'contact_org': 'VendorExample',
    'contact_phone': '5551231234',
    'date_submitted': '2020-06-08T20:01:47.896419Z',
    'disclosure_plans': '',
    'exploit_references': '',
    'product_name': 'test',
    'product_version': 'v. 12.3',
    'public_references': '',
    'share_release': True,
    'vendor_name': 'Test Vendor',
    'vul_description': 'This is the description',
    'vul_disclose': True,
    'vul_discovery': 'This is the discovery.',
    'vul_exploit': 'This is the exploit',
    'vul_exploited': True,
    'vul_impact': 'This is the impact',
    'vul_public': True}

...

Code Block
languagepy
# get the vuls for VU#701852
api = 'https://kb.cert.org/vince/comm/api/case/701852/vuls/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/case/701582/vuls/701582/ # get vuls for a specific case
[   {   'cve': None,
        'date_added': '2020-11-19T21:43:17.210726Z',
        'description': 'This is another vul without a cve.',
        'name': 'VU#785701.2'},
    {   'cve': '2020-19293',
        'date_added': '2020-10-22T15:30:11.888074Z',
        'description': 'Test this is a vul.',
        'name': 'CVE-2020-19293'}]

...

Code Block
languagepy
# get all the vendors involved in VU#701582 (also gets their status and statements)
api = 'https://kb.cert.org/vince/comm/api/case/701852/vendors/701852/'
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/case/701582/vendors/701582/ # get vendors for a specific case
[   {   'cert_addendum': None,
        'date_added': '2020-11-20T14:40:24.080886Z',
        'references': 'http://www.example.com\nhttps://www.example.org',
        'statement': 'Test',
        'statement_date': '2020-11-23T19:50:44.813809Z',
        'status': 'Unknown',
        'vendor': 'VendorCorp'},
    {   'cert_addendum': None,
        'date_added': '2020-10-08T18:27:41.526942Z',
        'references': 'http://www.example.com\nhttps://www.example.org',
        'statement': 'Test',
        'statement_date': '2020-11-19T21:26:32.399730Z',
        'status': 'Affected',
        'vendor': 'Testing Co'}]

...

Code Block
languagepy
# get all the vendors and their status/statement/references for each specific vul
api = f'https://kb.cert.org/vince/comm/api/case/701582/vendors/vuls/{case}/'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
API: /vince/comm/case/701582/vendors/vuls/701582/ # get vendors status for specific vuls
[   {   'references': 'http://www.example.com\nhttps://www.example.org',
        'statement': 'Test',
        'statement_date': '2020-11-19T21:47:44.239683Z',
        'status': 'Affected',
        'vendor': 'Testing Co',
        'vulnerability': 'VU#785701.2'},
    {   'references': 'http://www.example.com\nhttps://www.example.org',
        'statement': 'This is my statement',
        'statement_date': '2020-10-22T15:38:11.859615Z',
        'status': 'Not Affected',
        'vendor': 'Testing Co',
        'vulnerability': 'CVE-2020-19293'},
    {   'references': '',
        'statement': '',
        'statement_date': '2020-11-20T15:23:18.997947Z',
        'status': 'Unknown',
        'vendor': 'VendorCorp',
        'vulnerability': 'VU#785701.2'},
    {   'references': '',
        'statement': '',
        'statement_date': '2020-11-20T15:23:18.938232Z',
        'status': 'Unknown',
        'vendor': 'VendorCorp',
        'vulnerability': 'CVE-2020-19293'}]

...

Code Block
languagepy
# get the vulnerability note, if available
api = f'https://kb.cert.org/vince/comm/api/case/701582/note/{case}/'
headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) }
r = requests.get(api, headers=headers, stream=True)
print(r.text)
Code Block
languagejs
#API: /vince/comm/api/case/710582/note/710582/ # get draft vul note
{   'content': '### Overview\r\n'
               '\r\n'
               'Testing API so need some content.\r\n'
               '\r\n'
               '\r\n'
               '### Description\r\n'
               '\r\n'
               '### Impact\r\n'
               'The complete impact of this vulnerability is not yet known.\r\n'
               '\r\n'
               '### Solution\r\n'
               'The CERT/CC is currently unaware of a practical solution to '
               'this problem.\r\n'
               '\r\n'
               '### Acknowledgements\r\n'
               'Thanks to the reporter who wishes to remain anonymous.\r\n'
               '\r\n'
               'This document was written by Emily Sarneso.',
    'datefirstpublished': None,
    'dateupdated': '2020-11-17T19:13:07.755453Z',
    'published': False,
    'references': ['www.example.org', 'www.example.com'],
    'revision': 2,
    'title': 'test',
    'vuid': '785701'}

...

Code Block
languagepy
#update vendor status
api = f'https://kb.cert.org/vince/comm/api/case/{case}/vendor/statement/{case}/'
data = [{'vendor': 3548, 
	'status':'Not Affected', 
	'references':["http://www.test.gov", "https://www.google.com"], 
	'share':True,
	'vulnerability':'CVE-2020-19293', 
	'statement': 'This is my statement'}, 
	{'vendor': 3548, 
	'status':'Affected', 
	'statement':"Test", 
	'references':["http://www.test.gov","https://www.google.com"], 
	'share':True,
	'vulnerability':'VU#785701.2'}]
r = requests.post(api, headers=headers, data=json.dumps(data))
print(r.text)
Code Block
languagejs
#update vendor status
api = f'https://kb.cert.org/vince/comm/api/case/{case}/vendor/statement/{case}/'
data = [{'vendor': 3548,   # vendor ID only required if user belongs to multiple vendors in a case
	'status':'Not Affected',  # required: ['Affected', 'Not Affected', 'Unknown']
	'references':["http://www.test.gov", "https://www.google.com"],  # not required, must be a list 
	'share':True, # not required, default = False
	'vulnerability':'CVE-2020-19293', # required - must be in the form 'CVE-xxxx-xxxxx' or 'VU#xxxxxx.n'
	'statement': 'This is my statement'}]  # not required

...