#!/usr/bin/env bash
echo "CVE;Вердиткт;Критичность уязвимости;Вектор атаки;Комментарий" > cve-out.csv
MAX_CVE=$(wc -l cve-in | grep -o [0-9]*)
for CVE in $(cat cve-in)
do
  let "CURRENT_CVE++"
  CURL_CVE=$(curl -s https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=$CVE)
  ATTACK_VECTOR=$(echo $CURL_CVE | grep -o '"accessVector":"[^"]*' | egrep -o '[^"]*$')
  BASE_SCORE=$(printf "%.0f" $(echo $CURL_CVE | egrep -o '"baseScore":[0-9]?[0-9]\.[0-9]' \
  | egrep -o '[0-9]?[0-9]\.[0-9]' | head -1))
  DESCRIPTION=$(echo $CURL_CVE | grep -o '"value":"[^"]*' | egrep -o '[^"]*$')
  if [[ "$ATTACK_VECTOR" == *"PHYSICAL"* ]]
  then
    VERDICT="НЕ ОБНОВЛЯТЬ!"
  elif [[ "$BASE_SCORE" -le 3 ]]
  then
    VERDICT="НЕ ОБНОВЛЯТЬ!"
  elif [[ "$BASE_SCORE" -gt 7 ]]
  then
    VERDICT="ОБНОВЛЯТЬ!"
  elif [[ "$ATTACK_VECTOR" != *"LOCAL"* ]]
  then
    VERDICT="ОБНОВЛЯТЬ!"
  else
    VERDICT="НЕ ОБНОВЛЯТЬ!"
  fi
  echo "$CVE;$VERDICT;$BASE_SCORE;$ATTACK_VECTOR;$DESCRIPTION" >> cve-out.csv
  echo "$CURRENT_CVE/$MAX_CVE - $CVE"
  sleep 20
done