...
Code Block | ||
---|---|---|
| ||
# get all posts for case VU#701852 api = 'https://kb.cert.org/vince/comm/api/case/701852/posts/701852/' r = requests.get(api, headers=headers, stream=True) print(r.text) |
Code Block | ||
---|---|---|
| ||
API: vince/comm/api/case/701852/posts/701852/ # get all posts for a specific case [ { 'author': 'vince.user', 'content': 'The [draft vulnerability ' 'note](http://localhost:8000/vince/comm/case/18/notedraft/) ' 'has been updated.', 'created': '2020-11-17T19:13:07.866230Z', 'pinned': True}, { 'author': 'vince.user', 'content': 'Please [view this draft vulnerability ' 'note](http://localhost:8000/vince/comm/case/18/notedraft/).', 'created': '2020-11-17T19:07:56.624450Z', 'pinned': True}, { 'author': 'vince.user', 'content': 'test 2', 'created': '2020-10-29T19:49:33.422875Z', 'pinned': False}, { 'author': 'vince.user', 'content': 'test 1', 'created': '2020-10-29T19:49:30.434164Z', 'pinned': False}] |
...
Code Block | ||
---|---|---|
| ||
# get the original report for VU#701852 api = 'https://kb.cert.org/vince/comm/api/case/701852/report/701852/' r = requests.get(api, headers=headers, stream=True) print(r.text) |
Code Block | ||
---|---|---|
| ||
API: /vince/comm/case/701582/report/701582/ # get report for a specific case { 'contact_email': 'joebob@vendor.example.com', 'contact_name': 'Joe Bob', 'contact_org': 'VendorExample', 'contact_phone': '5551231234', 'date_submitted': '2020-06-08T20:01:47.896419Z', 'disclosure_plans': '', 'exploit_references': '', 'product_name': 'test', 'product_version': 'v. 12.3', 'public_references': '', 'share_release': True, 'vendor_name': 'Test Vendor', 'vul_description': 'This is the description', 'vul_disclose': True, 'vul_discovery': 'This is the discovery.', 'vul_exploit': 'This is the exploit', 'vul_exploited': True, 'vul_impact': 'This is the impact', 'vul_public': True} |
...
Code Block | ||
---|---|---|
| ||
# get the vuls for VU#701852 api = 'https://kb.cert.org/vince/comm/api/case/701852/vuls/701852/' r = requests.get(api, headers=headers, stream=True) print(r.text) |
Code Block | ||
---|---|---|
| ||
API: /vince/comm/case/701582/vuls/701582/ # get vuls for a specific case [ { 'cve': None, 'date_added': '2020-11-19T21:43:17.210726Z', 'description': 'This is another vul without a cve.', 'name': 'VU#785701.2'}, { 'cve': '2020-19293', 'date_added': '2020-10-22T15:30:11.888074Z', 'description': 'Test this is a vul.', 'name': 'CVE-2020-19293'}] |
...
Code Block | ||
---|---|---|
| ||
# get all the vendors involved in VU#701582 (also gets their status and statements) api = 'https://kb.cert.org/vince/comm/api/case/701852/vendors/701852/' r = requests.get(api, headers=headers, stream=True) print(r.text) |
Code Block | ||
---|---|---|
| ||
API: /vince/comm/case/701582/vendors/701582/ # get vendors for a specific case [ { 'cert_addendum': None, 'date_added': '2020-11-20T14:40:24.080886Z', 'references': 'http://www.example.com\nhttps://www.example.org', 'statement': 'Test', 'statement_date': '2020-11-23T19:50:44.813809Z', 'status': 'Unknown', 'vendor': 'VendorCorp'}, { 'cert_addendum': None, 'date_added': '2020-10-08T18:27:41.526942Z', 'references': 'http://www.example.com\nhttps://www.example.org', 'statement': 'Test', 'statement_date': '2020-11-19T21:26:32.399730Z', 'status': 'Affected', 'vendor': 'Testing Co'}] |
...
Code Block | ||
---|---|---|
| ||
# get all the vendors and their status/statement/references for each specific vul api = f'https://kb.cert.org/vince/comm/api/case/701582/vendors/vuls/{case}/' headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) } r = requests.get(api, headers=headers, stream=True) print(r.text) |
Code Block | ||
---|---|---|
| ||
API: /vince/comm/case/701582/vendors/vuls/701582/ # get vendors status for specific vuls [ { 'references': 'http://www.example.com\nhttps://www.example.org', 'statement': 'Test', 'statement_date': '2020-11-19T21:47:44.239683Z', 'status': 'Affected', 'vendor': 'Testing Co', 'vulnerability': 'VU#785701.2'}, { 'references': 'http://www.example.com\nhttps://www.example.org', 'statement': 'This is my statement', 'statement_date': '2020-10-22T15:38:11.859615Z', 'status': 'Not Affected', 'vendor': 'Testing Co', 'vulnerability': 'CVE-2020-19293'}, { 'references': '', 'statement': '', 'statement_date': '2020-11-20T15:23:18.997947Z', 'status': 'Unknown', 'vendor': 'VendorCorp', 'vulnerability': 'VU#785701.2'}, { 'references': '', 'statement': '', 'statement_date': '2020-11-20T15:23:18.938232Z', 'status': 'Unknown', 'vendor': 'VendorCorp', 'vulnerability': 'CVE-2020-19293'}] |
...
Code Block | ||
---|---|---|
| ||
# get the vulnerability note, if available api = f'https://kb.cert.org/vince/comm/api/case/701582/note/{case}/' headers={'content-type':'application/json', 'Authorization': "Token {}".format(token) } r = requests.get(api, headers=headers, stream=True) print(r.text) |
Code Block | ||
---|---|---|
| ||
#API: /vince/comm/api/case/710582/note/710582/ # get draft vul note { 'content': '### Overview\r\n' '\r\n' 'Testing API so need some content.\r\n' '\r\n' '\r\n' '### Description\r\n' '\r\n' '### Impact\r\n' 'The complete impact of this vulnerability is not yet known.\r\n' '\r\n' '### Solution\r\n' 'The CERT/CC is currently unaware of a practical solution to ' 'this problem.\r\n' '\r\n' '### Acknowledgements\r\n' 'Thanks to the reporter who wishes to remain anonymous.\r\n' '\r\n' 'This document was written by Emily Sarneso.', 'datefirstpublished': None, 'dateupdated': '2020-11-17T19:13:07.755453Z', 'published': False, 'references': ['www.example.org', 'www.example.com'], 'revision': 2, 'title': 'test', 'vuid': '785701'} |
...
Code Block | ||
---|---|---|
| ||
#update vendor status api = f'https://kb.cert.org/vince/comm/api/case/{case}/vendor/statement/{case}/' data = [{'vendor': 3548, 'status':'Not Affected', 'references':["http://www.test.gov", "https://www.google.com"], 'share':True, 'vulnerability':'CVE-2020-19293', 'statement': 'This is my statement'}, {'vendor': 3548, 'status':'Affected', 'statement':"Test", 'references':["http://www.test.gov","https://www.google.com"], 'share':True, 'vulnerability':'VU#785701.2'}] r = requests.post(api, headers=headers, data=json.dumps(data)) print(r.text) |
Code Block | ||
---|---|---|
| ||
#update vendor status api = f'https://kb.cert.org/vince/comm/api/case/{case}/vendor/statement/{case}/' data = [{'vendor': 3548, # vendor ID only required if user belongs to multiple vendors in a case 'status':'Not Affected', # required: ['Affected', 'Not Affected', 'Unknown'] 'references':["http://www.test.gov", "https://www.google.com"], # not required, must be a list 'share':True, # not required, default = False 'vulnerability':'CVE-2020-19293', # required - must be in the form 'CVE-xxxx-xxxxx' or 'VU#xxxxxx.n' 'statement': 'This is my statement'}] # not required |
...