Thursday, September 21, 2023

A Simple GitHub CI/CD Demo

Introduction

In the world of software development, continuous integration and continuous deployment (CI/CD) have become essential practices. They enable developers to automate the building, testing, and deployment of their code, resulting in faster development cycles and more reliable software. GitHub, one of the most popular version control platforms, provides robust support for CI/CD workflows through its GitHub Actions feature. In this article, we'll take a hands-on approach to explore CI/CD on GitHub by creating a simple Python project and setting up a GitHub Actions workflow.

About CI/CD

Before we dive into the practical demonstration, let's briefly discuss what CI/CD is and why it's important. CI/CD stands for Continuous Integration and Continuous Deployment. It's a set of practices and tools that allow developers to automate the process of integrating code changes into a shared repository (Continuous Integration) and deploying those changes to production or other environments (Continuous Deployment). CI/CD promotes collaboration, reduces manual errors, and accelerates software delivery.

Our Main Goal

Each time we push the changes to the repository on Github, we will run a test program to check if the newly uploaded program is free of any bugs or errors.

Creating a Simple Python Program

Our journey begins with the creation of a repository on GitHub, I named it ci_cd_demo then we create a straightforward Python program called app.py. This program will serve as our application under development.

1
2
3
4
5
6
def add(a, b):
    return a + b

if __name__ == "__main__":
    result = add(4, 5)
    print(f"Result: {result}")

Creating a Unit Test for app.py

To ensure the correctness of our code, we'll create a unit test for app.py. We'll call it test_app.py.

1
2
3
4
5
6
import app

def test_add():
    assert app.add(3, 5) == 8
    assert app.add(0, 0) == 0
    assert app.add(-1, 1) == 0


Setting Up GitHub Workflow

The heart of our CI/CD demo is the GitHub Actions workflow. First we create a directory on our GitHub repository called .github/workflows .Then  we will create a YAML file called ci-cd.yml. This file defines the steps that GitHub should follow when certain events occur, in our case, whenever a push event is detected, it will check first if the main branch has chhanges to it, if it does, it will confirm the changes again and run the test_app.py.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
name: Push Code and Run Tests

on:
  push:
    branches:
      - main  # Change this to your main branch name

jobs:
  push-code-and-test:
    name: Push code and run tests
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Check for Changes
        run: |
          # Check if there are changes in the working directory
          if [ -n "$(git status --porcelain)" ]; then
            git config user.name "bclme"
            git config user.email "blas_lomibao@yahoo.com"           
            git add .
            git commit -m "Pushing latest code"
          else
            echo "No changes to commit."
          fi

      - name: Debug Repository Contents
        run: |
          ls -R

      - name: Run Tests
        run: |
          # Run your tests here
          python test_app.py

Checking the Workflow

To check if our workflow is functioning correctly, we navigate to the "Actions" menu in our GitHub repository. We should see our workflow listed there, and if everything is set up correctly, the workflow logs should indicate that the setup has no errors.



Creating an Error for Testing

As a final step, let's introduce an error intentionally. We'll edit app.py to have a syntax error and push it to the repository. This will trigger our CI/CD workflow, and we can observe how it handles the error in the logs.

Conclusion

CI/CD is a powerful practice that can streamline your development process and enhance the quality of your software. With GitHub Actions, setting up CI/CD pipelines has become more accessible than ever. In this demo, we've seen how to create a simple Python project, write unit tests, and set up a basic CI/CD workflow on GitHub. By embracing these practices, you'll be well on your way to delivering software more efficiently and reliably.

For a more detailed article about this topic, please become my patron.

Saturday, September 16, 2023

The SIEM Project: 02 - Verifying CVE Vulnerability in Affected Software Part 2

 This is a continuation of my previous post, if you have not read it yet, you may check it here

Item 4: Check for Updates/Patches

Visit the official website of the software vendor (e.g., Microsoft for Windows) and look for security updates or patches related to the CVE. Most vendors provide a list of security bulletins or advisories.

My Approach:

Since I am developing a siem software, my main goal is to scan my Windows 10 OS for installed patches. Then as I have chosen a particular CVE already, I will check if my OS is still vulnerable by checking the affected Windows patch or perhaps the required patch that addresses the mentioned vulnerability in the CVE. I would do this by going to the url found in the CVE Reference field as mentioned on the first part of my siem project post, if you have not read it yet, you may check it here.

The following program scans the patches I have installed on my OS:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
import wmi

# Connect to the Windows Management Instrumentation (WMI) service
c = wmi.WMI()

# Query for installed Windows updates
installed_updates = c.Win32_QuickFixEngineering()

# Print information about each update
for update in installed_updates:
    print(f"Description: {update.Description}")
    print(f"HotFixID: {update.HotFixID}")
    print(f"InstalledOn: {update.InstalledOn}")
    print(f"InstalledBy: {update.InstalledBy}")
    print("\n")

# Close the WMI connection
c = None

Now that I know already the patches installed, what I need to do is to get the patch that needs to be installed to address the vulnerability as indicated in the CVE. This is the hard part, the information I need is found on a Microsoft URL, see screenshot below:


To retrieve this information, I have prepared the following code snippet:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
import requests

# Replace 'CVE-2015-2426' with the specific CVE you are interested in
cve_id = 'CVE-2015-2426'
base_url = 'https://services.nvd.nist.gov/rest/json/cve/1.0/'

# Fetch CVE data
response = requests.get(f'{base_url}/{cve_id}')
cve_data = response.json()

# Check if the CVE data contains CVE items
if 'CVE_Items' in cve_data['result']:
    cve_items = cve_data['result']['CVE_Items']
    
    # Initialize lists to store the URLs with "Third Party Advisory" and "VDB Entry" tags
    third_party_advisory_urls = []
    vdb_entry_urls = []
    
    # Iterate through the CVE items
    for cve_item in cve_items:
        references = cve_item['cve']['references']['reference_data']
        for reference in references:
            tags = reference.get('tags', [])
            if 'Vendor Advisory' in tags and 'Patch' in tags:
                print(reference['url'])
 

And if I navigate through the resulting url, I will get the KB Number see the picture below which is also the patch number or KB Number:

So I got the the list of patches(KB numbers) installed on my OS and selected the CVE to be examined and was able to identify the KB number. And that is it for now, I will create the code snippet that retrieves the KB Number in the resulting URL gathered from the chosen CVE on my next post and more...



Tuesday, September 12, 2023

The Marvel of Protein Synthesis: Unraveling the Central Dogma of Biology

 The process of creating a protein from a DNA sequence is a fundamental and fascinating journey in the world of biology, and it goes by the name of protein synthesis. Let's take a closer look at how this captivating process unfolds:

Transcription: Our adventure begins inside the cell nucleus, where the DNA resides. During transcription, a special enzyme known as RNA polymerase steps in. It takes on the role of reading the DNA sequence of a gene and crafts a matching RNA molecule, which we call messenger RNA or mRNA. This is where the DNA's double helix temporarily unwinds, and the RNA molecule is formed by pairing RNA bases (adenine, uracil, cytosine, and guanine) with their counterparts from DNA (adenine pairs with uracil, cytosine pairs with guanine).

mRNA Processing: As our newly minted mRNA exits the nucleus, it often undergoes a bit of grooming. Think of it as getting dressed up for its grand appearance in the cytoplasm. It gets a fashionable 5' cap and a stylish 3' poly-A tail. These fashionable additions not only protect the mRNA but also help it get noticed and translated by the cellular machinery.

Translation: Now, our processed mRNA makes its way into the bustling cytoplasm, where it encounters the ribosomes. During translation, these ribosomes read the mRNA sequence in groups of three nucleotides known as codons. Each codon is like a secret code for a specific amino acid. Here comes the fun part: transfer RNA or tRNA swoops in, carrying amino acids and their own set of codes, called anti-codons. These codes match up perfectly with the mRNA codons, thanks to the magic of complementary base pairing.

Amino Acid Assembly: With the help of tRNA, our amino acids gather around the mRNA like eager partygoers. They assemble in a specific order dictated by the mRNA codons. Picture the ribosome as the life of the party; it's the one catalyzing the formation of bonds between these amino acids. This leads to the creation of a growing polypeptide chain.

Protein Folding: As our polypeptide chain is born, it embarks on a remarkable journey of self-discovery. It begins to fold itself into a unique three-dimensional structure. This final shape is crucial because it determines the protein's function. Protein folding is an intricate dance, carefully choreographed and often requiring the assistance of chaperone molecules to ensure everything falls into place.

Post-Translational Modifications: After this intricate folding, many proteins undergo further transformations. It's like adding the final touches to a masterpiece. Chemical groups may be attached, or specific segments might be cleaved. These modifications can fine-tune a protein's activity or guide it to precise locations within the cell.

Protein Function: Our fully formed and modified protein is now ready to shine in its role within the cell. Proteins are the versatile actors in the cellular drama, playing roles as enzymes, structural support, messengers, transporters, and much more.

In essence, this journey from DNA to protein involves the captivating steps of transcription, mRNA processing, translation, amino acid assembly, protein folding, post-translational modifications, and finally, the fulfillment of specific functions by the protein. It's often referred to as the 'central dogma' of molecular biology and is a story central to life itself.

Translating this phenomena into python code using a rand DNA sequence is not an easy task, here is the code:


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
from Bio.Seq import Seq
from Bio.SeqUtils import seq1
from Bio.PDB import Polypeptide
import MDAnalysis as mda
import numpy as np
import nglview as nv

# Step 1: Generate a random DNA sequence (simplified)
gene_sequence = Seq("ATGCTAGCTAGCTAGCTAGCTAGCTAG")

# Step 2: Transcription (DNA to mRNA)
mRNA = gene_sequence.transcribe()

# Step 3: Translation (mRNA to protein sequence)
protein_sequence = mRNA.translate()

# Display the sequences
print("Gene Sequence: ", gene_sequence)
print("mRNA Sequence: ", mRNA)
print("Protein Sequence: ", protein_sequence)

# Step 4: Create a simple 3D structure for the protein (simplified)
# We will create a random structure for this example.
num_atoms = len(protein_sequence) * 10  # Simplified: 10 atoms per amino acid
coordinates = np.random.rand(num_atoms, 3) * 10.0  # Random coordinates

# Create a simple PDB file with atom names and residue IDs
pdb_filename = "protein.pdb"
with open(pdb_filename, "w") as pdb_file:
    for i in range(num_atoms):
        x, y, z = coordinates[i]
        pdb_file.write(f"ATOM  {i + 1:5}  N   ALA A   1    {x:8.3f}{y:8.3f}{z:8.3f}  1.00  0.00\n")

# Load the PDB file with MDAnalysis
u = mda.Universe(pdb_filename)

# Step 5: Visualization of the protein structure using NGLView
view = nv.show_mdanalysis(u)
view.add_representation("ball+stick", selection="all")
view.center()

# Display the 3D visualization
view

And here is the image created:


Take a look at the TED Video, they create new proteins:


Python Program obtaining a DNA and Protein sequence from GenBank and UniProt:


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
from Bio import Entrez, SeqIO, ExPASy, SwissProt

# Define your email address (required for accessing GenBank)
Entrez.email = "mh1369080@gmail.com"

# Function to fetch DNA sequence from GenBank using an accession number
def fetch_dna_from_genbank(accession):
    try:
        handle = Entrez.efetch(db="nucleotide", id=accession, rettype="gb", retmode="text")
        record = SeqIO.read(handle, "genbank")
        handle.close()
        return record.seq
    except Exception as e:
        print(f"Error: {e}")
        return None

# Function to fetch protein sequence from UniProt using a UniProt ID
def fetch_protein_from_uniprot(uniprot_id):
    try:
        handle = ExPASy.get_sprot_raw(uniprot_id)
        record = SwissProt.read(handle)
        handle.close()

        # Extract protein sequence from the UniProt record
        protein_sequence = record.sequence
        return protein_sequence
    except Exception as e:
        print(f"Error: {e}")
        return None

# Example usage:
genbank_accession = "NM_001301717"  # Replace with your GenBank accession number
uniprot_id = "P02769"  # Replace with your UniProt ID

# Fetch DNA sequence from GenBank
dna_sequence = fetch_dna_from_genbank(genbank_accession)
if dna_sequence:
    print(f"DNA Sequence from GenBank ({genbank_accession}):")
    print(dna_sequence)

# Fetch protein sequence from UniProt
protein_sequence = fetch_protein_from_uniprot(uniprot_id)
if protein_sequence:
    print(f"Protein Sequence from UniProt ({uniprot_id}):")
    print(protein_sequence)

Monday, September 11, 2023

Exploring Protein Structures with Python: A Step-by-Step Guide using MDAnalysis and NGLView

 Introduction

In the world of bioinformatics and structural biology, understanding the three-dimensional structure of proteins is crucial for unraveling their functions and mechanisms. Protein structures can provide invaluable insights into drug discovery, disease mechanisms, and a wide range of biological processes.

This article introduces a step-by-step guide to visualizing protein structures using Python, specifically leveraging the MDAnalysis library for structural analysis and NGLView for interactive 3D visualization. These Python tools are essential for researchers and scientists working in the field of structural biology.

Here is the expected protein view:


Brief Introduction to MDAnalysis

MDAnalysis is a powerful Python library designed for the analysis of molecular dynamics (MD) simulations and structural biology data. It offers a comprehensive set of tools to manipulate, analyze, and visualize biomolecular structures and trajectories. While it is widely used for MD simulations, MDAnalysis can also be employed to work with static protein structures from various sources, including the Protein Data Bank (PDB).

Brief Introduction to NGLView

NGLView is an interactive molecular visualization library for Jupyter Notebook and Jupyter Lab. It provides a user-friendly interface for visualizing molecular structures in 3D. NGLView is particularly useful when you need to explore protein structures interactively and gain a better understanding of their spatial arrangement.

Step 1: Importing Required Libraries

In the first step, we import the necessary Python libraries, including MDAnalysis and NGLView. We also specify the PDB code for the protein of interest. For this example, let's assume we want to visualize the protein with the PDB code "1L2Y." You can replace this with the PDB code of your choice.

1
2
3
4
5
import MDAnalysis as mda
import urllib.request

# Define the PDB code for the protein of interest
pdb_code = "1L2Y"  # Change this to the PDB code you want to visualize

Step 2: Downloading the Protein Structure

Next, we construct the URL for the PDB file associated with our chosen protein using the PDB code. We then download the PDB file using Python's urllib library. This step retrieves the protein structure data that we will later visualize.

1
2
3
4
5
# Define the URL for the PDB file
pdb_url = f"https://files.rcsb.org/download/{pdb_code}.pdb"

# Download the PDB file
urllib.request.urlretrieve(pdb_url, f"{pdb_code}.pdb")

Step 3: Loading the Protein Structure

Now that we have downloaded the PDB file, we use MDAnalysis to load the protein structure. The mda.Universe function is used for this purpose. It creates a representation of the protein structure that can be further analyzed and visualized.

1
2
# Load the protein structure using MDAnalysis
protein = mda.Universe(f"{pdb_code}.pdb")

Step 4: Visualizing the Protein Structure

To visualize the protein structure interactively, we utilize the NGLView library. We import the nglview module and create an NGLView widget using the nv.show_mdanalysis function. This widget will allow us to view the 3D structure of the protein directly within our Jupyter Notebook or Jupyter Lab environment.

1
2
3
4
5
# Visualize the protein structure using NGLView
import nglview as nv

# Create an NGLView widget
view = nv.show_mdanalysis(protein)

Step 5: Displaying the Widget

Finally, we display the NGLView widget, which renders the protein structure in an interactive 3D viewer. You can explore the structure, zoom in on specific regions, and gain a deeper understanding of the protein's spatial arrangement.

1
2
# Display the widget
view

Conclusion

In this step-by-step guide, we have demonstrated how to retrieve, load, and interactively visualize protein structures using Python, MDAnalysis, and NGLView. These powerful tools empower researchers to explore the world of structural biology and gain insights that can drive advancements in various scientific fields, from drug discovery to understanding complex biological processes.



Wednesday, September 6, 2023

The SIEM Project: 02 - Verifying CVE Vulnerability in Affected Software

In my previous post (if you haven't read it yet, you can find it here), , I successfully retrieved details about a CVE that was randomly selected using specific search parameters. Now that we have comprehensive information about this CVE, it's time to confirm whether the software currently installed on my PC is still vulnerable. The software in question is my Windows 10 operating system.

In my example, the CVE was published in 2013, which predates the release of Windows 10 by two years. Windows 10 made its debut in 2015. To proceed, I need to adjust my original code to fetch CVEs published from 2020 up to the present year. Unfortunately, the search parameters don't provide this filtering option, so I'll need to filter the results myself.

But before I dive into that, I've asked ChatGPT what is the proper way to implement the verification process, and it gave a more generalized processed not the specific ones, here is his reply:

Verifying if the affected software is still vulnerable to a given CVE (Common Vulnerabilities and Exposures) typically involves the following steps:

  1. Identify Affected Software: Determine the exact software and version that the CVE affects. You can usually find this information in the CVE description or on the NIST NVD (National Vulnerability Database) website.
  2. Check Software Version: Verify the version of the software currently installed on your system. You can typically find this information within the software itself or in system settings.
  3. CVE Details: Examine the details of the CVE, paying attention to the description and any information about patches or updates. CVE descriptions often include details about how the vulnerability can be exploited.
  4. Check for Updates/Patches: Visit the official website of the software vendor (e.g., Microsoft for Windows) and look for security updates or patches related to the CVE. Most vendors provide a list of security bulletins or advisories.
  5. Apply Updates: If updates or patches are available, download and apply them to your system. Make sure to follow the installation instructions provided by the vendor.
  6. Test Vulnerability: After applying the updates, it's a good practice to test whether the vulnerability still exists. Some vulnerabilities are complex and may not be completely mitigated by a single patch.
  7. Monitor Security Sources: Stay informed about security news and updates related to the software you're using. CVEs and security advisories are regularly published, and new vulnerabilities can emerge.
  8. Use Vulnerability Scanning Tools: Consider using vulnerability scanning tools or security software that can automatically check your system for known vulnerabilities, including those associated with CVEs.
  9. Regularly Update: Ensure that your software is regularly updated to the latest versions. Automated updates can help keep your system secure.
  10. Security Best Practices: Implement security best practices such as using strong passwords, enabling firewalls, and employing security software to reduce the overall attack surface.

Remember that security is an ongoing process, and it's essential to keep your software up to date and stay informed about potential vulnerabilities and patches. Additionally, some organizations have dedicated IT teams or security experts who handle vulnerability assessment and management.

The process he suggested was ok, but what I have in mind how to implement this process without human intervention. Here is what I plan to do in this article: 

Item 1: Identifying Affected Software 

To pinpoint the software and version impacted by the CVE, you can often locate this information within the CVE description or on the NIST NVD (National Vulnerability Database) website.

My Approach: 

To identify the affected software in this specific scenario, I'll automate the process. The relevant data can be found in the CVE's CPE (Common Platform Enumeration) field. As mentioned in my previous post, the affected software is typically represented as the fourth field in the CPE structure (e.g., cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*).

To identify the affected version, I'll examine the CVE's configuration field. This field is structured as a dictionary and contains the information listed in the CVE's reference URLs under the 'Known Affected Software Configurations' section. The program will search for all occurrences of 'windows_10' and retrieve the four alphanumeric characters following the colon after 'windows_10.' These characters will indicate the affected Windows 10 version. Common versions include 21h2, 1607, 1809, and 1909(4 characters is what I saw but to be sure get all the character found in btween the 2 colons).

Item 2: Verifying Software Version 

It's important to verify the version of the software currently installed on your system. This information is typically accessible within the software itself or in system settings.

My Approach: 

From the outset, I've identified that the software in question is Windows 10. In my actual SIEM (Security Information and Event Management) setup, I'll develop a program to identify all installed software and their respective versions on my PC. This comprehensive approach ensures that I have a clear understanding of the software landscape on my system.

To detect the Operating System installed on my pc(assuming I don't know yet), I will use the platform library and here is the code:

import platform
print('System: ' + platform.uname().system)
print('Release: ' + platform.uname().release)
print('Version: ' + platform.uname().version)

I could use the following program to list all installed programs on my pc. It just displays the installed software much like what you would see in  control panel Programs and Features Section:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
import os
import subprocess

# Run a PowerShell command to retrieve a list of installed software
powershell_command = 'Get-WmiObject -Class Win32_Product | Select-Object Name'
installed_software = []

try:
    result = subprocess.check_output(['powershell', '-WindowStyle', 'Hidden', '-Command', powershell_command], text=True)
    installed_software = result.strip().split('\n')[2:]  # Skip the header and extract software names
except subprocess.CalledProcessError as e:
    print(f"Error executing PowerShell command: {e}")

# Display the list of installed software
for software in installed_software:
    print(software)

And that's it, the remaining items mentioned by ChatGPT is out of coverage by my post's scenario except Item # 4 which I will be discussing in more details on my next post.

Sunday, September 3, 2023

The SIEM Project: 01 Retrieving CVE Information

Today, I am going to start my own personal project which is a simple SIEM. In my previous posts, I have already created small python programs that could be essential part of this project which are as follows:

  1. Python: Count Source IP Addresses from Captured Packets And Display on a Table
  2. A Simple Event Log Viewer in Python
  3. 2 Python Programs that are useful in Cyber Security

Moving on, I will have to start the project by retrieving information of a CVE(Common Vulnerabilities and Exposure). To achieve this, I will be using  the library NVDLIB. Check out the documentation and how to use the library here. The documentation may seem to be outdated at most scenarios. So in real world scenarios, it would be better to download the CVE list from the NIST website which is well over a million so that the query can be easily flexible because they often make changes to their API, but in my case, I will just use simple queries.

The scenario I am going to simulate is to select 3 CVE's related to Windows 10 which is my I am currently using. I will just display the CVE number, reference URL, description, the severity, vulnerability score index and the vector.

According to ChatGPT, CVE's are as follows:

CVEs (Common Vulnerabilities and Exposures) typically contain information about vulnerabilities in software or hardware systems, including information about the affected operating systems and their versions. However, the level of detail provided in a CVE entry may vary.

Here are the key elements you can find in a typical CVE entry related to affected operating systems:

  1. CVE Identifier (CVE-ID): A unique identifier assigned to the vulnerability.
  2. Description: A description of the vulnerability, its impact, and how it can be exploited.
  3. References: Links to additional resources, such as advisories or patches, related to the vulnerability.
  4. CVSS (Common Vulnerability Scoring System) Score: A numerical score that represents the severity of the vulnerability.
  5. Affected Software: Information about the software or hardware affected by the vulnerability. This can include:
    • Vendor Name: The name of the vendor or organization that created the affected software or hardware.
    • Product Name: The name of the specific product or software component.
    • Version(s): The version(s) of the software or hardware that are affected by the vulnerability.
    • Update Version(s): The version(s) of the software or hardware that have been fixed or patched.
  6. Vulnerable Configurations: Information about how the vulnerability can be exploited in different configurations.
  7. Vulnerability Type: The type or category of the vulnerability (e.g., buffer overflow, SQL injection, etc.).
  8. CWE (Common Weakness Enumeration) ID: An identifier from the CWE database that categorizes the type of weakness or vulnerability.
  9. Publication Date: The date when the CVE entry was published.

It's important to note that while CVE entries strive to provide accurate and detailed information, the level of detail may vary depending on the information available at the time of publication. Some CVE entries may provide specific details about affected operating systems and versions, while others may provide more general information about affected software components.

Security researchers, vendors, and organizations often collaborate to provide additional information and context for CVEs, such as patches or workarounds. When assessing the impact of a CVE, it's important to refer to additional resources and advisories provided by relevant vendors and security organizations.

The Python program is very short, all I have to de is define the search parameters(retrieve all Window 10 related CVE's) and just display the first 3. And here is the code:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
import nvdlib

r = nvdlib.searchCVE(cpeName = 'cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*')
print(len(r))
print(dir(r[0]))
x = 1
for r1 in r:
    if x <= 3:
        x +=1
        try:
            print(r1.id, str(r1.score[0]), r1.url)
            print(r1.v2severity + ' - ' + str(r1.v2score) + ' - ' + r1.v2vector)
            print(r1.descriptions[0].value)
        except:
            try:
                print(r1.v31severity + ' - ' + str(r1.v31score) + ' - ' + r1.v31vector)
                print(r1.descriptions[0].value)
            except:    
                print(dir(r1))

The search parameter is not very simple, it took me awhile to make it work, ChatGPT could not help me figure it out although it was able to explain the parts of the search parameter which is as follows:

In this CPE name:

  • cpe:2.3 indicates the CPE version.
  • o indicates that it is an operating system.
  • microsoft is the vendor (Microsoft).
  • windows_10 specifies the product (Windows 10).

The trailing * indicates that the CPE name is generic and does not specify a particular version or edition. The * is a wildcard character. And here is what ChatGPT suggested:

 cpe:2.3:o:microsoft:windows_10::version:1903:*

ChatGPT missed the '-' part, suggestion a version and it seems like the patch number which when missing('-'), the search parameter will not work and the versions and patch number doesn't seem to work as well, I figured that the search parameter can be found at the CVE NIST Details page, for example, CVE-2013-3900 can be found at NVD - CVE-2013-3900 (nist.gov) and check the section 'Known Affected Software Configurations', see screenshot below:


And furthermore, more information about CPE can be found at wikipedia

And that's all for now. Hire me if you have similar projects.