cuqmbr/rss-bridge
1
0
Fork 0
mirror of https://github.com/RSS-Bridge/rss-bridge.git synced 2025-04-05 00:59:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

[OpenCVEBridge] Rewrite for API change

Browse Source
This commit is contained in:
SqrtMinusOne 2025-03-14 21:26:29 +03:00
parent dee734d360
commit c27bf2c754
1 changed files with 290 additions and 119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

409
bridges/OpenCVEBridge.php
View File

@ -14,8 +14,8 @@ class OpenCVEBridge extends BridgeAbstract
'instance' => [ 'instance' => [
'name' => 'OpenCVE Instance', 'name' => 'OpenCVE Instance',
'required' => true, 'required' => true,
'defaultValue' => 'https://www.opencve.io', 'defaultValue' => 'https://app.opencve.io',
'exampleValue' => 'https://www.opencve.io' 'exampleValue' => 'https://app.opencve.io'
], ],
'login' => [ 'login' => [
'name' => 'Login', 'name' => 'Login',
@ -155,14 +155,14 @@ class OpenCVEBridge extends BridgeAbstract
$titlePrefix = '[' . $queryName . '] '; $titlePrefix = '[' . $queryName . '] ';
} }
foreach (json_decode($response) as $cveItem) { foreach (json_decode($response)->results as $cveItem) {
if (array_key_exists($cveItem->id, $fetchedIds)) { if (array_key_exists($cveItem->cve_id, $fetchedIds)) {
continue; continue;
} }
$fetchedIds[$cveItem->id] = true; $fetchedIds[$cveItem->cve_id] = true;
$item = [ $item = [
'uri' => $instance . '/cve/' . $cveItem->id, 'uri' => $instance . '/cve/' . $cveItem->cve_id,
'uid' => $cveItem->id, 'uid' => $cveItem->cve_id,
]; ];
if ($this->getInput('upd_timestamp') == 1) { if ($this->getInput('upd_timestamp') == 1) {
$item['timestamp'] = strtotime($cveItem->updated_at); $item['timestamp'] = strtotime($cveItem->updated_at);
@ -179,7 +179,7 @@ class OpenCVEBridge extends BridgeAbstract
$item['content'] = $content; $item['content'] = $content;
$item['title'] = $title; $item['title'] = $title;
} else { } else {
$item['content'] = $cveItem->summary . $this->getLinks($cveItem->id); $item['content'] = $cveItem->description . $this->getLinks($cveItem->cve_id);
$item['title'] = $this->getTitle($titlePrefix, $cveItem); $item['title'] = $this->getTitle($titlePrefix, $cveItem);
} }
$this->items[] = $item; $this->items[] = $item;
@ -193,17 +193,17 @@ class OpenCVEBridge extends BridgeAbstract
private function getTitle($titlePrefix, $cveItem) private function getTitle($titlePrefix, $cveItem)
{ {
$summary = $cveItem->summary; $summary = $cveItem->description;
$limit = $this->getInput('limit'); $limit = $this->getInput('limit');
if ($limit && mb_strlen($summary) > 100) { if ($limit && mb_strlen($summary) > 100) {
$summary = mb_substr($summary, 0, $limit) + '...'; $summary = mb_substr($summary, 0, $limit) + '...';
} }
return $titlePrefix . $cveItem->id . '. ' . $summary; return $titlePrefix . $cveItem->cve_id . '. ' . $summary;
} }
private function fetchContents($cveItem, $titlePrefix, $instance, $authHeader) private function fetchContents($cveItem, $titlePrefix, $instance, $authHeader)
{ {
$url = $instance . '/api/cve/' . $cveItem->id; $url = $instance . '/api/cve/' . $cveItem->cve_id;
$response = getContents($url, [$authHeader]); $response = getContents($url, [$authHeader]);
$datum = json_decode($response); $datum = json_decode($response);
@ -211,26 +211,36 @@ class OpenCVEBridge extends BridgeAbstract
$title = $this->getTitleFromDatum($datum, $titlePrefix); $title = $this->getTitleFromDatum($datum, $titlePrefix);
$result = self::CSS; $result = self::CSS;
$result .= '<h1>' . $cveItem->id . '</h1>'; $result .= '<h1>' . $cveItem->cve_id . '</h1>';
$result .= $this->getCVSSLabels($datum); $result .= $this->getCVSSLabels($datum);
$result .= '<p>' . $datum->summary . '</p>'; $result .= '<p>' . $datum->description . '</p>';
$result .= <<<EOD $result .= <<<EOD
<h3>Information:</h3> <h3>Information:</h3>
<p> <p>
<ul> <ul>
<li><b>Publication date</b>: {$datum->raw_nvd_data->published} <li><b>Created At</b>: {$datum->created_at}
<li><b>Last modified</b>: {$datum->raw_nvd_data->lastModified} <li><b>Updated At</b>: {$datum->updated_at}
<li><b>Last modified</b>: {$datum->raw_nvd_data->lastModified}
</ul> </ul>
</p> </p>
EOD; EOD;
$result .= $this->getV3Table($datum); if (isset($datum->metrics->cvssV4_0->data->vector)) {
$result .= $this->getV2Table($datum); $result .= $this->cvssV4VectorToTable($datum->metrics->cvssV4_0->data->vector);
}
$result .= $this->getLinks($datum->id); if (isset($datum->metrics->cvssV3_1->data->vector)) {
$result .= $this->getReferences($datum); $result .= $this->cvssV3VectorToTable($datum->metrics->cvssV3_1->data->vector);
}
if (isset($datum->metrics->cvssV3_0->data->vector)) {
$result .= $this->cvssV3VectorToTable($datum->metrics->cvssV3_0->data->vector);
}
if (isset($datum->metrics->cvssV2_0->data->vector)) {
$result .= $this->cvssV2VectorToTable($datum->metrics->cvssV2_0->data->vector);
}
$result .= $this->getLinks($datum->cve_id);
$result .= $this->getVendors($datum); $result .= $this->getVendors($datum);
return [$result, $title]; return [$result, $title];
@ -239,14 +249,20 @@ class OpenCVEBridge extends BridgeAbstract
private function getTitleFromDatum($datum, $titlePrefix) private function getTitleFromDatum($datum, $titlePrefix)
{ {
$title = $titlePrefix; $title = $titlePrefix;
if ($datum->cvss->v3) { if (isset($datum->metrics->cvssV4_0->data->score)) {
$title .= "[v3: {$datum->cvss->v3}] "; $title .= "[v4: {$datum->metrics->cvssV4_0->data->score}] ";
} }
if ($datum->cvss->v2) { if (isset($datum->metrics->cvssV3_1->data->score)) {
$title .= "[v2: {$datum->cvss->v2}] "; $title .= "[v3.1: {$datum->metrics->cvssV3_1->data->score}] ";
} }
$title .= $datum->id . '. '; if (isset($datum->metrics->cvssV3_0->data->score)) {
$titlePostfix = $datum->summary; $title .= "[v3: {$datum->metrics->cvssV3_0->data->score}] ";
}
if (isset($datum->metrics->cvssV2_0->data->score)) {
$title .= "[v2: {$datum->metrics->cvssV2_0->data->score}] ";
}
$title .= $datum->cve_id . '. ';
$titlePostfix = $datum->description;
$limit = $this->getInput('limit'); $limit = $this->getInput('limit');
if ($limit && mb_strlen($titlePostfix) > 100) { if ($limit && mb_strlen($titlePostfix) > 100) {
$titlePostfix = mb_substr($titlePostfix, 0, $limit) + '...'; $titlePostfix = mb_substr($titlePostfix, 0, $limit) + '...';
@ -257,64 +273,49 @@ class OpenCVEBridge extends BridgeAbstract
private function getCVSSLabels($datum) private function getCVSSLabels($datum)
{ {
$CVSSv2Text = 'n/a'; $cvss4 = '';
$CVSSv2Class = 'cvss-na-color'; $cvss31 = '';
if ($datum->cvss->v2) { $cvss3 = '';
$importance = ''; $cvss2 = '';
if ($datum->cvss->v2 >= 7) { if (isset($datum->metrics->cvssV4_0->data->score)) {
$importance = 'HIGH'; $cvss4 = $this->formatCVSSLabel($datum->metrics->cvssV4_0->data->score, '4.0', 9, 7, 4);
$CVSSv2Class = 'cvss-high-color'; }
} else if ($datum->cvss->v2 >= 4) { if (isset($datum->metrics->cvssV3_1->data->score)) {
$importance = 'MEDIUM'; $cvss31 = $this->formatCVSSLabel($datum->metrics->cvssV3_1->data->score, '3.1', 9, 7, 4);
$CVSSv2Class = 'cvss-medium-color'; }
} else { if (isset($datum->metrics->cvssV3_0->data->score)) {
$importance = 'LOW'; $cvss3 = $this->formatCVSSLabel($datum->metrics->cvssV3_0->data->score, '3.0', 9, 7, 4);
$CVSSv2Class = 'cvss-low-color'; }
} if (isset($datum->metrics->cvssV2_0->data->score)) {
$CVSSv2Text = sprintf('[%s] %.1f', $importance, $datum->cvss->v2); $cvss2 = $this->formatCVSSLabel($datum->metrics->cvssV2_0->data->score, '2.0', 99, 7, 4);
} }
$CVSSv2Item = "<div>CVSS v2: </div><div class=\"label {$CVSSv2Class}\">{$CVSSv2Text}</div>";
$CVSSv3Text = 'n/a'; return '<div class="labels-row">' . $cvss4 . $cvss31 . $cvss3 . $cvss2 . '</div>';
$CVSSv3Class = 'cvss-na-color';
if ($datum->cvss->v3) {
$importance = '';
if ($datum->cvss->v3 >= 9) {
$importance = 'CRITICAL';
$CVSSv3Class = 'cvss-crit-color';
} else if ($datum->cvss->v3 >= 7) {
$importance = 'HIGH';
$CVSSv3Class = 'cvss-high-color';
} else if ($datum->cvss->v3 >= 4) {
$importance = 'MEDIUM';
$CVSSv3Class = 'cvss-medium-color';
} else {
$importance = 'LOW';
$CVSSv3Class = 'cvss-low-color';
}
$CVSSv3Text = sprintf('[%s] %.1f', $importance, $datum->cvss->v3);
}
$CVSSv3Item = "<div>CVSS v3: </div><div class=\"label {$CVSSv3Class}\">{$CVSSv3Text}</div>";
return '<div class="labels-row">' . $CVSSv3Item . $CVSSv2Item . '</div>';
} }
private function getReferences($datum) private function formatCVSSLabel($score, $version, $critical_thr, $high_thr, $medium_thr)
{ {
if (count($datum->raw_nvd_data->references) == 0) { $text = 'n/a';
return ''; $class = 'cvss-na-color';
} if ($score) {
$res = '<h3>References:</h3> <p><ul>'; $importance = '';
foreach ($datum->raw_nvd_data->references as $ref) { if ($score >= $critical_thr) {
$item = '<li>'; $importance = 'CRITICAL';
if (isset($ref->tags) && count($ref->tags) > 0) { $class = 'cvss-crit-color';
$item .= '[' . implode(', ', $ref->tags) . '] '; } else if ($score >= $high_thr) {
$importance = 'HIGH';
$class = 'cvss-high-color';
} else if ($score >= $medium_thr) {
$importance = 'MEDIUM';
$class = 'cvss-medium-color';
} else {
$importance = 'LOW';
$class = 'cvss-low-color';
} }
$item .= "<a href=\"{$ref->url}\">{$ref->url}</a>"; $text = sprintf('[%s] %.1f', $importance, $score);
$item .= '<li>';
$res .= $item;
} }
$res .= '</p></ul>'; $item = "<div>CVSS {$version}: </div><div class=\"label {$class}\">{$text}</div>";
return $res; return $item;
} }
private function getLinks($id) private function getLinks($id)
@ -331,84 +332,253 @@ class OpenCVEBridge extends BridgeAbstract
EOD; EOD;
} }
private function getV3Table($datum) private function cvssV3VectorToTable($cvssVector)
{ {
$metrics = $datum->raw_nvd_data->metrics; $vectorComponents = [];
if (!isset($metrics->cvssMetricV31) || count($metrics->cvssMetricV31) == 0) { $parts = explode('/', $cvssVector);
return '';
if (!preg_match('/^CVSS:3\.[01]/', $parts[0])) {
return "Error: Not a valid CVSS v3.0 or v3.1 vector";
} }
$v3 = $metrics->cvssMetricV31[0];
$data = $v3->cvssData; for ($i = 1; $i < count($parts); $i++) {
return <<<EOD $component = explode(':', $parts[$i]);
<div class="cvss-table"> if (count($component) == 2) {
$vectorComponents[$component[0]] = $component[1];
}
}
$readableNames = [
'AV' => ['N' => 'Network', 'A' => 'Adjacent', 'L' => 'Local', 'P' => 'Physical'],
'AC' => ['L' => 'Low', 'H' => 'High'],
'PR' => ['N' => 'None', 'L' => 'Low', 'H' => 'High'],
'UI' => ['N' => 'None', 'R' => 'Required'],
'S' => ['U' => 'Unchanged', 'C' => 'Changed'],
'C' => ['N' => 'None', 'L' => 'Low', 'H' => 'High'],
'I' => ['N' => 'None', 'L' => 'Low', 'H' => 'High'],
'A' => ['N' => 'None', 'L' => 'Low', 'H' => 'High']
];
$data = new stdClass();
$data->attackVector = isset($readableNames['AV'][$vectorComponents['AV']]) ? $readableNames['AV'][$vectorComponents['AV']] : 'Unknown';
$data->attackComplexity = isset($readableNames['AC'][$vectorComponents['AC']]) ? $readableNames['AC'][$vectorComponents['AC']] : 'Unknown';
$data->privilegesRequired = isset($readableNames['PR'][$vectorComponents['PR']]) ? $readableNames['PR'][$vectorComponents['PR']] : 'Unknown';
$data->userInteraction = isset($readableNames['UI'][$vectorComponents['UI']]) ? $readableNames['UI'][$vectorComponents['UI']] : 'Unknown';
$data->scope = isset($readableNames['S'][$vectorComponents['S']]) ? $readableNames['S'][$vectorComponents['S']] : 'Unknown';
$data->confidentialityImpact = isset($readableNames['C'][$vectorComponents['C']]) ? $readableNames['C'][$vectorComponents['C']] : 'Unknown';
$data->integrityImpact = isset($readableNames['I'][$vectorComponents['I']]) ? $readableNames['I'][$vectorComponents['I']] : 'Unknown';
$data->availabilityImpact = isset($readableNames['A'][$vectorComponents['A']]) ? $readableNames['A'][$vectorComponents['A']] : 'Unknown';
$html = '<div class="cvss-table">
<h3>CVSS v3 details</h3> <h3>CVSS v3 details</h3>
<table> <table>
<tr> <tr>
<td>Impact score</td><td>{$v3->impactScore}</td> <td>Attack vector</td><td>' . $data->attackVector . '</td>
<td>Exploitability score</td><td>{$v3->exploitabilityScore}</td> <td>Confidentiality Impact</td><td>' . $data->confidentialityImpact . '</td>
</tr> </tr>
<tr> <tr>
<td>Attack vector</td><td>{$data->attackVector}</td> <td>Attack complexity</td><td>' . $data->attackComplexity . '</td>
<td>Confidentiality Impact</td><td>{$data->confidentialityImpact}</td> <td>Integrity Impact</td><td>' . $data->integrityImpact . '</td>
</tr> </tr>
<tr> <tr>
<td>Attack complexity</td><td>{$data->attackComplexity}</td> <td>Privileges Required</td><td>' . $data->privilegesRequired . '</td>
<td>Integrity Impact</td><td>{$data->integrityImpact}</td> <td>Availability Impact</td><td>' . $data->availabilityImpact . '</td>
</tr> </tr>
<tr> <tr>
<td>Privileges Required</td><td>{$data->privilegesRequired}</td> <td>User Interaction</td><td>' . $data->userInteraction . '</td>
<td>Availability Impact</td><td>{$data->availabilityImpact}</td> <td>Scope</td><td>' . $data->scope . '</td>
</tr>
<tr>
<td>User Interaction</td><td>{$data->userInteraction}</td>
<td>Scope</td><td>{$data->scope}</td>
</tr> </tr>
</table> </table>
</div> </div>';
EOD;
return $html;
} }
private function getV2Table($datum) private function cvssV2VectorToTable($cvssVector)
{ {
$metrics = $datum->raw_nvd_data->metrics; $vectorComponents = [];
if (!isset($metrics->cvssMetricV2) || count($metrics->cvssMetricV2) == 0) { $parts = explode('/', $cvssVector);
return '';
foreach ($parts as $part) {
$component = explode(':', $part);
if (count($component) == 2) {
$vectorComponents[$component[0]] = $component[1];
}
} }
$v2 = $metrics->cvssMetricV2[0];
$data = $v2->cvssData; $readableNames = [
return <<<EOD 'AV' => ['L' => 'Local', 'A' => 'Adjacent Network', 'N' => 'Network'],
<div class="cvss-table"> 'AC' => ['H' => 'High', 'M' => 'Medium', 'L' => 'Low'],
'Au' => ['M' => 'Multiple', 'S' => 'Single', 'N' => 'None'],
'C' => ['N' => 'None', 'P' => 'Partial', 'C' => 'Complete'],
'I' => ['N' => 'None', 'P' => 'Partial', 'C' => 'Complete'],
'A' => ['N' => 'None', 'P' => 'Partial', 'C' => 'Complete']
];
$metricValues = [
'AV' => ['L' => 0.395, 'A' => 0.646, 'N' => 1.0],
'AC' => ['H' => 0.35, 'M' => 0.61, 'L' => 0.71],
'Au' => ['M' => 0.45, 'S' => 0.56, 'N' => 0.704],
'C' => ['N' => 0, 'P' => 0.275, 'C' => 0.660],
'I' => ['N' => 0, 'P' => 0.275, 'C' => 0.660],
'A' => ['N' => 0, 'P' => 0.275, 'C' => 0.660]
];
$confImpact = isset($metricValues['C'][$vectorComponents['C']]) ? $metricValues['C'][$vectorComponents['C']] : 0;
$integImpact = isset($metricValues['I'][$vectorComponents['I']]) ? $metricValues['I'][$vectorComponents['I']] : 0;
$availImpact = isset($metricValues['A'][$vectorComponents['A']]) ? $metricValues['A'][$vectorComponents['A']] : 0;
$impact = 10.41 * (1 - (1 - $confImpact) * (1 - $integImpact) * (1 - $availImpact));
$av = isset($metricValues['AV'][$vectorComponents['AV']]) ? $metricValues['AV'][$vectorComponents['AV']] : 0;
$ac = isset($metricValues['AC'][$vectorComponents['AC']]) ? $metricValues['AC'][$vectorComponents['AC']] : 0;
$au = isset($metricValues['Au'][$vectorComponents['Au']]) ? $metricValues['Au'][$vectorComponents['Au']] : 0;
$exploitability = 20 * $av * $ac * $au;
$impact = round($impact, 1);
$exploitability = round($exploitability, 1);
$data = new stdClass();
$data->accessVector = isset($readableNames['AV'][$vectorComponents['AV']]) ? $readableNames['AV'][$vectorComponents['AV']] : 'Unknown';
$data->accessComplexity = isset($readableNames['AC'][$vectorComponents['AC']]) ? $readableNames['AC'][$vectorComponents['AC']] : 'Unknown';
$data->authentication = isset($readableNames['Au'][$vectorComponents['Au']]) ? $readableNames['Au'][$vectorComponents['Au']] : 'Unknown';
$data->confidentialityImpact = isset($readableNames['C'][$vectorComponents['C']]) ? $readableNames['C'][$vectorComponents['C']] : 'Unknown';
$data->integrityImpact = isset($readableNames['I'][$vectorComponents['I']]) ? $readableNames['I'][$vectorComponents['I']] : 'Unknown';
$data->availabilityImpact = isset($readableNames['A'][$vectorComponents['A']]) ? $readableNames['A'][$vectorComponents['A']] : 'Unknown';
$v2 = new stdClass();
$v2->impactScore = $impact;
$v2->exploitabilityScore = $exploitability;
$html = '<div class="cvss-table">
<h3>CVSS v2 details</h3> <h3>CVSS v2 details</h3>
<table> <table>
<tr> <tr>
<td>Impact score</td><td>{$v2->impactScore}</td> <td>Impact score</td><td>' . $v2->impactScore . '</td>
<td>Exploitability score</td><td>{$v2->exploitabilityScore}</td> <td>Exploitability score</td><td>' . $v2->exploitabilityScore . '</td>
</tr> </tr>
<tr> <tr>
<td>Access Vector</td><td>{$data->accessVector}</td> <td>Access Vector</td><td>' . $data->accessVector . '</td>
<td>Confidentiality Impact</td><td>{$data->confidentialityImpact}</td> <td>Confidentiality Impact</td><td>' . $data->confidentialityImpact . '</td>
</tr> </tr>
<tr> <tr>
<td>Access Complexity</td><td>{$data->accessComplexity}</td> <td>Access Complexity</td><td>' . $data->accessComplexity . '</td>
<td>Integrity Impact</td><td>{$data->integrityImpact}</td> <td>Integrity Impact</td><td>' . $data->integrityImpact . '</td>
</tr> </tr>
<tr> <tr>
<td>Authentication</td><td>{$data->authentication}</td> <td>Authentication</td><td>' . $data->authentication . '</td>
<td>Availability Impact</td><td>{$data->availabilityImpact}</td> <td>Availability Impact</td><td>' . $data->availabilityImpact . '</td>
</tr> </tr>
<tr>
</table> </table>
</div> </div>';
EOD;
return $html;
} }
function cvssV4VectorToTable($cvssVector)
{
$vectorComponents = [];
$parts = explode('/', $cvssVector);
if (!preg_match('/^CVSS:4\.0/', $parts[0])) {
return "Error: Not a valid CVSS v4.0 vector";
}
for ($i = 1; $i < count($parts); $i++) {
$component = explode(':', $parts[$i]);
if (count($component) == 2) {
$vectorComponents[$component[0]] = $component[1];
}
}
$readableNames = [
'AV' => ['N' => 'Network', 'A' => 'Adjacent', 'L' => 'Local', 'P' => 'Physical'],
'AC' => ['L' => 'Low', 'H' => 'High'],
'AT' => ['N' => 'None', 'P' => 'Present'],
'PR' => ['N' => 'None', 'L' => 'Low', 'H' => 'High'],
'UI' => ['N' => 'None', 'P' => 'Passive', 'A' => 'Active'],
'VC' => ['N' => 'None', 'L' => 'Low', 'H' => 'High'],
'VI' => ['N' => 'None', 'L' => 'Low', 'H' => 'High'],
'VA' => ['N' => 'None', 'L' => 'Low', 'H' => 'High'],
'SC' => ['N' => 'None', 'L' => 'Low', 'H' => 'High'],
'SI' => ['N' => 'None', 'L' => 'Low', 'H' => 'High'],
'SA' => ['N' => 'None', 'L' => 'Low', 'H' => 'High']
];
$data = new stdClass();
$data->attackVector = isset($readableNames['AV'][$vectorComponents['AV']]) ? $readableNames['AV'][$vectorComponents['AV']] : 'Unknown';
$data->attackComplexity = isset($readableNames['AC'][$vectorComponents['AC']]) ? $readableNames['AC'][$vectorComponents['AC']] : 'Unknown';
$data->privilegesRequired = isset($readableNames['PR'][$vectorComponents['PR']]) ? $readableNames['PR'][$vectorComponents['PR']] : 'Unknown';
$data->attackRequirements = isset($readableNames['AT'][$vectorComponents['AT']]) ? $readableNames['AT'][$vectorComponents['AT']] : 'Unknown';
$data->userInteraction = isset($readableNames['UI'][$vectorComponents['UI']]) ? $readableNames['UI'][$vectorComponents['UI']] : 'Unknown';
$data->confidentialityImpact = isset($readableNames['VC'][$vectorComponents['VC']]) ? $readableNames['VC'][$vectorComponents['VC']] : 'Unknown';
$data->integrityImpact = isset($readableNames['VI'][$vectorComponents['VI']]) ? $readableNames['VI'][$vectorComponents['VI']] : 'Unknown';
$data->availabilityImpact = isset($readableNames['VA'][$vectorComponents['VA']]) ? $readableNames['VA'][$vectorComponents['VA']] : 'Unknown';
$data->confidentialityImpactS = isset($readableNames['SC'][$vectorComponents['SC']]) ? $readableNames['SC'][$vectorComponents['SC']] : 'Unknown';
$data->integrityImpactS = isset($readableNames['SI'][$vectorComponents['SI']]) ? $readableNames['SI'][$vectorComponents['SI']] : 'Unknown';
$data->availabilityImpactS = isset($readableNames['SA'][$vectorComponents['SA']]) ? $readableNames['SA'][$vectorComponents['SA']] : 'Unknown';
$html = '<div class="cvss-table">
<h3>CVSS v4.0 details</h3>
<table>
<tr>
<td>Attack vector</td><td>' . $data->attackVector . '</td>
<td>Vulnerable System Confidentiality Impact</td><td>' . $data->confidentialityImpact . '</td>
</tr>
<tr>
<td>Attack complexity</td><td>' . $data->attackComplexity . '</td>
<td>Vulnerable System Integrity Impact</td><td>' . $data->integrityImpact . '</td>
</tr>
<tr>
<td>Privileges Required</td><td>' . $data->privilegesRequired . '</td>
<td>Vulnerable System Availability Impact</td><td>' . $data->availabilityImpact . '</td>
</tr>
<tr>
<td>Attack Requirements</td><td>' . $data->attackRequirements . '</td>
<td>Subsequent System Confidentiality Impact</td><td>' . $data->confidentialityImpactS . '</td>
</tr>
<tr>
<td>User Interaction</td><td>' . $data->userInteraction . '</td>
<td>Subsequent System Integrity Impact</td><td>' . $data->integrityImpactS . '</td>
</tr>
<tr>
<td></td><td></td>
<td>Subsequent System Avaliablity Impact</td><td>' . $data->availabilityImpactS . '</td>
</tr>
</table>
</div>';
return $html;
}
private function getVendors($datum) private function getVendors($datum)
{ {
if (count((array)$datum->vendors) == 0) { if (count((array)$datum->vendors) == 0) {
return ''; return '';
} }
$vendor_data = [];
foreach ($datum->vendors as $vendor_str) {
$pieces = explode('$PRODUCT$', $vendor_str);
if (count($pieces) == 1) {
$vendor = $pieces[0];
if (!array_key_exists($vendor, $vendor_data)) {
$vendor_data[$vendor] = [];
}
} else {
$vendor = $pieces[0];
$product = $pieces[1];
if (!array_key_exists($vendor, $vendor_data)) {
$vendor_data[$vendor] = [];
}
array_push($vendor_data[$vendor], $product);
}
}
$res = '<h3>Affected products</h3><p><ul>'; $res = '<h3>Affected products</h3><p><ul>';
foreach ($datum->vendors as $vendor => $products) { foreach ($vendor_data as $vendor => $products) {
$res .= "<li>{$vendor}"; $res .= "<li>{$vendor}";
if (count($products) > 0) { if (count($products) > 0) {
$res .= '<ul>'; $res .= '<ul>';
@ -420,5 +590,6 @@ class OpenCVEBridge extends BridgeAbstract
$res .= '</li>'; $res .= '</li>';
} }
$res .= '</ul></p>'; $res .= '</ul></p>';
return $res;
} }
} }