Skip to content

Instantly share code, notes, and snippets.

@SteveSimpson

SteveSimpson/exercise1.php

Created June 28, 2018 22:16
Show Gist options
  • Save SteveSimpson/c5e59675c04ad58c796e81486f127826 to your computer and use it in GitHub Desktop.
Save SteveSimpson/c5e59675c04ad58c796e81486f127826 to your computer and use it in GitHub Desktop.
Download ZIP
exercise1.php
Raw
exercise1.php
<?php
$numberOfDays = 7; // 90 in production, 7 days should be good for testing
/*
1. Using the Red Hat Security API at https://access.redhat.com/labs/securitydataapi/ , write code that creates a report containing all Red Hat security advisories for the past 90 days. This report should include:
- the RHSA identifier (e.g. RHSA-2018:1944)
- the advisory release date
- the CVEs related to the advisory
- the CWE associated with each CVE
You don't need to spend a lot of time trying to make the output beautiful.
*/
// GET /cvrf.json
// GET /cvrf/<RHSA_ID>.json
$rhapi = "https://access.redhat.com/labs/securitydataapi/";
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
// curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); // don't do this if you want to stay secure, if you want to test the code and don't want to waste time fixing CA's on your system then's its OK
// curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // don't do this if you want to stay secure, if you want to test the code and don't want to waste time fixing CA's on your system then's its OK
function getCwe($ch, $cve) {
$rhapi = "https://access.redhat.com/labs/securitydataapi/";
$cveUrl = $rhapi . "cve/" . $cve . ".json";
curl_setopt($ch, CURLOPT_URL, $cveUrl);
$cveJson = curl_exec($ch);
$cve = json_decode($cveJson);
//echo "<pre>\n\n";
//print_r($cve);
//echo "</pre>\n";
//die();
return isset($cve->cwe) ? $cve->cwe : "no cwe data";
}
$page = 1;
$count = 1; // just an initial value to start the loop
//loop through pages - as of writing this may not be necessary 273 issues w/ 1000 per page, probably safe to just get one, but everybody likes to see a nice while loop
while ($count > 0) {
$listUrl = $rhapi . "cvrf.json?after=" . date('Y-m-d', strtotime("$numberOfDays days ago") ) . "&page=" . $page;
curl_setopt($ch, CURLOPT_URL, $listUrl);
$issueListJson = curl_exec($ch);
$issueList = json_decode($issueListJson);
// echo "<pre>\n\n";
// print_r($issueList);
// echo "</pre>\n";
foreach ($issueList as $item) {
echo "RHSA Identifier: " . $item->RHSA . "<br />\n";
echo "Advisory Release Date: " . $item->released_on . "<br />\n";
echo "CVE / CWE: <br /><ul>";
if (count($item->CVEs)) {
foreach ($item->CVEs as $cve) {
echo "<li>" . $cve . " - " . getCwe($ch, $cve) . "</li>";
}
} else {
echo "<li>no cve data</li>";
}
echo "</ul><hr />\n";
}
$count = count($issueList);
$page++;
}
/**
OUTPUT:
RHSA Identifier: RHSA-2018:2114
Advisory Release Date: 2018-06-28T16:03:00+00:00
CVE / CWE:
no cve data
RHSA Identifier: RHSA-2018:2113
Advisory Release Date: 2018-06-28T14:55:00+00:00
CVE / CWE:
CVE-2017-7762 - CWE-290
CVE-2018-12359 - CWE-120
CVE-2018-12360 - CWE-416
CVE-2018-12362 - CWE-190->CWE-120
CVE-2018-12363 - CWE-416
CVE-2018-12364 - CWE-829
CVE-2018-12365 - CWE-552
CVE-2018-12366 - CWE-125
CVE-2018-5156 - CWE-120
CVE-2018-5188 - CWE-120
CVE-2018-6126 - no cwe data
RHSA Identifier: RHSA-2018:2112
Advisory Release Date: 2018-06-28T14:54:00+00:00
CVE / CWE:
CVE-2017-7762 - CWE-290
CVE-2018-12359 - CWE-120
CVE-2018-12360 - CWE-416
CVE-2018-12362 - CWE-190->CWE-120
CVE-2018-12363 - CWE-416
CVE-2018-12364 - CWE-829
CVE-2018-12365 - CWE-552
CVE-2018-12366 - CWE-125
CVE-2018-5156 - CWE-120
CVE-2018-5188 - CWE-120
CVE-2018-6126 - no cwe data
RHSA Identifier: RHSA-2018:2102
Advisory Release Date: 2018-06-27T23:18:00+00:00
CVE / CWE:
CVE-2018-1059 - CWE-200
RHSA Identifier: RHSA-2018:2091
Advisory Release Date: 2018-06-27T18:05:00+00:00
CVE / CWE:
CVE-2018-1000156 - CWE-77
RHSA Identifier: RHSA-2018:2092
Advisory Release Date: 2018-06-27T18:05:00+00:00
CVE / CWE:
CVE-2018-1000156 - CWE-77
RHSA Identifier: RHSA-2018:2093
Advisory Release Date: 2018-06-27T18:05:00+00:00
CVE / CWE:
CVE-2018-1000156 - CWE-77
RHSA Identifier: RHSA-2018:2094
Advisory Release Date: 2018-06-27T18:05:00+00:00
CVE / CWE:
CVE-2018-1000156 - CWE-77
RHSA Identifier: RHSA-2018:2095
Advisory Release Date: 2018-06-27T18:05:00+00:00
CVE / CWE:
CVE-2018-1000156 - CWE-77
RHSA Identifier: RHSA-2018:2096
Advisory Release Date: 2018-06-27T18:05:00+00:00
CVE / CWE:
CVE-2018-1000156 - CWE-77
RHSA Identifier: RHSA-2018:2097
Advisory Release Date: 2018-06-27T18:05:00+00:00
CVE / CWE:
CVE-2018-1000156 - CWE-77
RHSA Identifier: RHSA-2018:2013
Advisory Release Date: 2018-06-27T17:48:00+00:00
CVE / CWE:
CVE-2018-1070 - CWE-20
CVE-2018-10843 - CWE-20
CVE-2018-1085 - CWE-592
RHSA Identifier: RHSA-2018:2089
Advisory Release Date: 2018-06-27T14:46:00+00:00
CVE / CWE:
CVE-2018-7489 - CWE-20
RHSA Identifier: RHSA-2018:2090
Advisory Release Date: 2018-06-27T14:46:00+00:00
CVE / CWE:
CVE-2018-7489 - CWE-20
RHSA Identifier: RHSA-2018:2088
Advisory Release Date: 2018-06-27T14:33:00+00:00
CVE / CWE:
CVE-2018-7489 - CWE-20
RHSA Identifier: RHSA-2018:2071
Advisory Release Date: 2018-06-27T09:35:00+00:00
CVE / CWE:
CVE-2018-1072 - CWE-532
CVE-2018-1075 - CWE-532
RHSA Identifier: RHSA-2018:2079
Advisory Release Date: 2018-06-27T09:35:00+00:00
CVE / CWE:
CVE-2018-10855 - CWE-532
RHSA Identifier: RHSA-2018:2060
Advisory Release Date: 2018-06-27T08:13:00+00:00
CVE / CWE:
CVE-2018-3639 - CWE-200
RHSA Identifier: RHSA-2018:2037
Advisory Release Date: 2018-06-26T18:20:00+00:00
CVE / CWE:
CVE-2018-10856 - CWE-250
RHSA Identifier: RHSA-2018:2038
Advisory Release Date: 2018-06-26T18:20:00+00:00
CVE / CWE:
CVE-2018-1059 - CWE-200
RHSA Identifier: RHSA-2018:2022
Advisory Release Date: 2018-06-26T17:05:00+00:00
CVE / CWE:
CVE-2018-10855 - CWE-532
RHSA Identifier: RHSA-2018:2020
Advisory Release Date: 2018-06-26T16:39:00+00:00
CVE / CWE:
CVE-2018-9159 - CWE-22
RHSA Identifier: RHSA-2018:1967
Advisory Release Date: 2018-06-26T15:04:00+00:00
CVE / CWE:
CVE-2018-3639 - CWE-200
RHSA Identifier: RHSA-2018:2006
Advisory Release Date: 2018-06-26T15:04:00+00:00
CVE / CWE:
CVE-2018-3639 - CWE-200
RHSA Identifier: RHSA-2018:1965
Advisory Release Date: 2018-06-26T15:00:00+00:00
CVE / CWE:
CVE-2017-11600 - CWE-125
CVE-2018-3639 - CWE-200
RHSA Identifier: RHSA-2018:1979
Advisory Release Date: 2018-06-26T15:00:00+00:00
CVE / CWE:
CVE-2018-1080 - CWE-284
RHSA Identifier: RHSA-2018:1997
Advisory Release Date: 2018-06-26T15:00:00+00:00
CVE / CWE:
CVE-2018-3639 - CWE-200
RHSA Identifier: RHSA-2018:2001
Advisory Release Date: 2018-06-26T15:00:00+00:00
CVE / CWE:
CVE-2018-3639 - CWE-200
RHSA Identifier: RHSA-2018:2003
Advisory Release Date: 2018-06-26T15:00:00+00:00
CVE / CWE:
CVE-2017-11600 - CWE-125
CVE-2018-3639 - CWE-200
RHSA Identifier: RHSA-2018:1974
Advisory Release Date: 2018-06-25T14:45:00+00:00
CVE / CWE:
CVE-2018-2783 - no cwe data
CVE-2018-2790 - CWE-347
CVE-2018-2794 - CWE-502
CVE-2018-2795 - CWE-770
CVE-2018-2796 - CWE-770
CVE-2018-2797 - CWE-770
CVE-2018-2798 - CWE-770
CVE-2018-2799 - CWE-770
CVE-2018-2800 - no cwe data
RHSA Identifier: RHSA-2018:1975
Advisory Release Date: 2018-06-25T14:45:00+00:00
CVE / CWE:
CVE-2018-2783 - no cwe data
CVE-2018-2790 - CWE-347
CVE-2018-2794 - CWE-502
CVE-2018-2795 - CWE-770
CVE-2018-2796 - CWE-770
CVE-2018-2797 - CWE-770
CVE-2018-2798 - CWE-770
CVE-2018-2799 - CWE-770
CVE-2018-2800 - no cwe data
RHSA Identifier: RHSA-2018:1972
Advisory Release Date: 2018-06-25T14:07:00+00:00
CVE / CWE:
CVE-2018-1101 - CWE-266
CVE-2018-1104 - CWE-20
CVE-2018-7750 - CWE-287
*/
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment