30 lines
1.1 KiB
Bash
30 lines
1.1 KiB
Bash
|
#!/usr/bin/env bash
|
|||
|
echo "CVE;Вердиткт;Критичность уязвимости;Вектор атаки;Комментарий" > cve-out.csv
|
|||
|
MAX_CVE=$(wc -l cve-in | grep -o [0-9]*)
|
|||
|
for CVE in $(cat cve-in)
|
|||
|
do
|
|||
|
let "CURRENT_CVE++"
|
|||
|
CURL_CVE=$(curl -s https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=$CVE)
|
|||
|
ATTACK_VECTOR=$(echo $CURL_CVE | grep -o '"accessVector":"[^"]*' | egrep -o '[^"]*$')
|
|||
|
BASE_SCORE=$(printf "%.0f" $(echo $CURL_CVE | egrep -o '"baseScore":[0-9]?[0-9]\.[0-9]' \
|
|||
|
| egrep -o '[0-9]?[0-9]\.[0-9]' | head -1))
|
|||
|
DESCRIPTION=$(echo $CURL_CVE | grep -o '"value":"[^"]*' | egrep -o '[^"]*$')
|
|||
|
if [[ "$ATTACK_VECTOR" == *"PHYSICAL"* ]]
|
|||
|
then
|
|||
|
VERDICT="НЕ ОБНОВЛЯТЬ!"
|
|||
|
elif [[ "$BASE_SCORE" -le 3 ]]
|
|||
|
then
|
|||
|
VERDICT="НЕ ОБНОВЛЯТЬ!"
|
|||
|
elif [[ "$BASE_SCORE" -gt 7 ]]
|
|||
|
then
|
|||
|
VERDICT="ОБНОВЛЯТЬ!"
|
|||
|
elif [[ "$ATTACK_VECTOR" != *"LOCAL"* ]]
|
|||
|
then
|
|||
|
VERDICT="ОБНОВЛЯТЬ!"
|
|||
|
else
|
|||
|
VERDICT="НЕ ОБНОВЛЯТЬ!"
|
|||
|
fi
|
|||
|
echo "$CVE;$VERDICT;$BASE_SCORE;$ATTACK_VECTOR;$DESCRIPTION" >> cve-out.csv
|
|||
|
echo "$CURRENT_CVE/$MAX_CVE - $CVE"
|
|||
|
sleep 20
|
|||
|
done
|