cve-search / pycvesearch Goto Github PK

Python wrapper for the API of cve-search

License: Other

Python 100.00%

pycvesearch's Introduction

Important Note: The API search endpoint has been removed from the public instance due to massive abusive behavior. You can use this API against a local version of CVE Search.

PyCVESearch is an easy to use wrapper around cve-search. Some of the calls will work against https://cve.circl.lu but for most of them, you need your own CVE Search instance. For the ones available on the public instance, see https://github.com/cve-search/PyCVESearch/blob/main/tests/tests.py.

This library is based on the work of Martin Simon and Kai Renken.

Installation:

From source use

    $ pip install pycvesearch

Documentation:

GET /api/browse/
GET /api/browse/vendor

>>> from pycvesearch import CVESearch
>>> cve = CVESearch()
>>> cve.browse(<vendor>)

GET /api/search/vendor/product

>>> cve.search('microsoft/office')

GET /api/cveid/cveid

>>> cve.id('CVE-2014-0160')

GET /api/last

>>> cve.last()

GET /api/dbInfo

>>> cve.dbinfo()

GET /api/cpe2.2/cpe

>>> cve.cpe22('cpe:/a:microsoft:office:2011::mac')

GET /api/cpe2.3/cpe

>>> cve.cpe23('cpe:2.3:a:microsoft:office:2011:-:mac')

GET /api/cvefor/cpe

>>> cve.cvefor('cpe:/a:microsoft:office:2011::mac')

License:

    Apache v2.0 License
    Copyright 2015-2016 Martin Simon
    Copyright 2015-2016 Kai Renken
    Copyright 2016 Raphaël Vinot

     Licensed under the Apache License, Version 2.0 (the "License");
     you may not use this file except in compliance with the License.
     You may obtain a copy of the License at

         http://www.apache.org/licenses/LICENSE-2.0

     Unless required by applicable law or agreed to in writing, software
     distributed under the License is distributed on an "AS IS" BASIS,
     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     See the License for the specific language governing permissions and
     limitations under the License.

pycvesearch's People

Contributors

Stargazers

Watchers

pycvesearch's Issues

Are there any other public API sites?

Hi,

Are there any public API sites other than https://cve.circl.lu?

JSONDecodeError while browsing the vendor

Code

from pycvesearch import CVESearch
cve = CVESearch()
cve.search('microsoft/office')

Complete Error

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/terabyte/.pyenv/versions/3.7.5/lib/python3.7/site-packages/pycvesearch/core.py", line 40, in search
    return data.json()
  File "/home/terabyte/.pyenv/versions/3.7.5/lib/python3.7/site-packages/requests/models.py", line 897, in json
    return complexjson.loads(self.text, **kwargs)
  File "/home/terabyte/.pyenv/versions/3.7.5/lib/python3.7/json/__init__.py", line 348, in loads
    return _default_decoder.decode(s)
  File "/home/terabyte/.pyenv/versions/3.7.5/lib/python3.7/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/home/terabyte/.pyenv/versions/3.7.5/lib/python3.7/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

Socket networking problem with updated version of cvefor method

The fix Alexandre provided for the previous issue with the same method worked just for a while. Now my output is a new error which you can find below. I'm using the Python wrapper of cve-search (PyCVESearch) for remote requests on cve.circl.lu, shall I update any module in Python3 or through pip?

EDIT: now Python APIs (specially cvefor method) work, but response to cvefor requests is very very very slow (cve.cvefor('cpe:2.3:o:canonical:ubuntu_linux:16.04:*') lasts something like 25/30 minutes to output a JSON object). Quite difficult to handle and I'm using them into my master thesis.

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 137, in _new_conn
    (self.host, self.port), self.timeout, **extra_kw)
  File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 91, in create_connection
    raise err
  File "/usr/lib/python3/dist-packages/urllib3/util/connection.py", line 81, in create_connection
    sock.connect(sa)
OSError: [Errno 101] Network is unreachable

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 560, in urlopen
    body=body, headers=headers)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 787, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 217, in connect
    conn = self._new_conn()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 146, in _new_conn
    self, "Failed to establish a new connection: %s" % e)
requests.packages.urllib3.exceptions.NewConnectionError: <requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f6dd95f6320>: Failed to establish a new connection: [Errno 101] Network is unreachable

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 376, in send
    timeout=timeout
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 610, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 283, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
requests.packages.urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='cve.circl.lu', port=443): Max retries exceeded with url: /api/cvefor/cpe:/a:microsoft:office:2011::mac (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f6dd95f6320>: Failed to establish a new connection: [Errno 101] Network is unreachable',))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.6/dist-packages/pycvesearch/core.py", line 76, in cvefor
    data = self._http_get('cvefor', query=param)
  File "/usr/local/lib/python3.6/dist-packages/pycvesearch/core.py", line 26, in _http_get
    return self.session.get(url, timeout=self.timeout)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 492, in get
    return self.request('GET', url, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 480, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 588, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 437, in send
    raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='cve.circl.lu', port=443): Max retries exceeded with url: /api/cvefor/cpe:/a:microsoft:office:2011::mac (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f6dd95f6320>: Failed to establish a new connection: [Errno 101] Network is unreachable',))

I can't import it from python.

Hi!

When I try import from python (from pycvesearch import CVESearch
) I get the following error:

"Unresolved import: CVESearch"

Can you help me please?

Thankss!!!! :)

JSONDecodeError doing "cve.search('microsoft/office')"

python 3.9 - running example gives exception

Traceback (most recent call last):
  File "/Users/drace/opt/miniconda3/envs/mloperator/lib/python3.9/site-packages/requests/models.py", line 971, in json
    return complexjson.loads(self.text, **kwargs)
  File "/Users/drace/opt/miniconda3/envs/mloperator/lib/python3.9/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "/Users/drace/opt/miniconda3/envs/mloperator/lib/python3.9/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/Users/drace/opt/miniconda3/envs/mloperator/lib/python3.9/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/drace/opt/miniconda3/envs/mloperator/lib/python3.9/site-packages/pycvesearch/core.py", line 41, in search
    return data.json()
  File "/Users/drace/opt/miniconda3/envs/mloperator/lib/python3.9/site-packages/requests/models.py", line 975, in json
    raise RequestsJSONDecodeError(e.msg, e.doc, e.pos)
requests.exceptions.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
>>> ```

Unicode error during setup.py install

Hello,

I'm getting the following error when executing:

python3 setup.py install

error:
Traceback (most recent call last): File "setup.py", line 15, in <module> long_description=open('README.md', 'r').read(), File "/usr/lib/python3.5/encodings/ascii.py", line 26, in decode return codecs.ascii_decode(input, self.errors)[0] UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 1315: ordinal not in range(128)

It looks like the offending character is in this author's name found in README.md:

Locally removing that line resolves the installation issue for me

cvefor API does not work

Is there any kind of problem related to cvefor APIs of the pycvesearch Python module? If I forward a request using the cvefor method, the response is blank. Why? Until last week the module worked perfectly.

Question about CPE2.2

Is there a way to get CPE version 2.2 from the ares.CVESearch().id('CVE-ID') ?

The cvss version build-in is not the newest one: v3.0, and the cvss score is too high to reference.

Maybe you can add more cvss data source:)

Update the docs with latest changes

hi ,
i have followed the docs to utilise this lib , which is per documentation but getting error as we need to pass url while initializing

>>> from pycvesearch import CVESearch
>>> cve = CVESearch()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: CVESearch.__init__() missing 1 required positional argument: 'base_url'
>>>

Versions : pycvesearch==1.0.1

search function is broken

al other function's are working but search is crashing because a json decoding fault
raise JSONDecodeError("Expecting value", s, err.value) from None

returns nothing for 'CVE-2024-23328'

from pycvesearch import CVESearch

cve = CVESearch('https://cve.circl.lu')
mycve = cve.id('CVE-2024-23328')
print(mycve)

The above code returns nothing. It shows information on most of the CVEs. However, it does not return any information on some of the CVEs. Could you have a look at where the problem is in the above code or a bug in your repo?

how to use base_url ?

sorry i have to ask, how to set the base_url to a custom url ?

404 Error

I have used the following setup:

from pycvesearch import CVESearch

cve = CVESearch()
cvelist = cve.search("microsoft/office")
print(cvelist)

And the command line shows

<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
<hr>
<address>Apache Server at cve.circl.lu Port 443</address>
</body></html>

Type Error

Error

Traceback (most recent call last):
  File "\path\To\File\<filename>.py", line 2, in <module>
    cve = CVESearch()
TypeError: __init__() missing 1 required positional argument: 'base_url'

Code :

from pycvesearch import CVESearch
cve = CVESearch()
cve.id('CVE-2014-0160')

How I Installed it :

pip install pycvesearch

Its a Example Code From The README.MD , But Its not working?
My System Is : Windows 10