The NIST utility is used for functionality based around NIST DB Queries, and is primarily used to create URLs for the API based queries.
In order to use the URLs generated by netutils.nist.get_nist_urls*, you will need an api key provided by NIST here. This key will need to be passed in as an additional header in your request in the form of {"apiKey": "<key_value>"} as stated by NIST in their Getting Started section.
The largest caveat in this functionality is the consistency of the URL values needed to obtain the CVE information. NIST NVD has specific parameters that can be used for standardization, however this does not mean that entries are standardized. Manually combing through a large amount of CPE Vendor submissions has shown that there are variations in how CPE Vendor data is presented.
For this reason, for certain Vendor/OS combinations, a custom URL needs to be built.
-
Cisco IOS CPE String -
cpe:2.3:o:cisco:ios:15.5\\(2\\)s1c:*15.5\\(2\\)s1c:*- As seen here, Cisco uses CPE strings that do not include the:delimiter, which can be queried using escape characters in the search string. This is the format of ALL "generic" OS/Other platforms that do not have their own custom NIST URL builder when querying NIST.- Default URL Output -
'https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:cisco:ios:15.5\\(2\\)s1c:*'
-
Juniper JunOS CPE String -
cpe:2.3:o:juniper:junos:10.2:r2:*:*:*:*:*:*10.2:r2:*:*:*:*:*:*- As noted here, one of the provided URLs to query for this Juniper JunOS OS platform includes additional values that follow NIST delimiter structures. In the case where the parser provides multiple URLs, they will both be evaluated and the CVE from both will be added and associated.- Custom URL Output -
['https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:juniper:junos:10.2r2:*:*:*:*:*:*:*', 'https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:juniper:junos:10.2:r2:*:*:*:*:*:*']
There are vendor and OS that are widely used in the industry and others that are not. For the widely adopted options, the netutils.lib_mapper will contain the mappings and requests can be made via the repo to update them if something is missing that you believe should be supported there.
For the options that are not widely adopted there is the ability to use your own custom NIST driver value that will be used in the creation of the query URL.
Here are a few examples showing how to use this in your python code.
from netutils.nist import get_nist_urls
# Get NIST URL for the Cisco IOS object
get_nist_urls("cisco_ios", "15.5(2)S1c")
# ['https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:cisco:ios:15.5\\(2\\)s1c:*']
# Get NIST URL for the Cisco IOS object using a custom NIST driver value
get_nist_urls("cisco_ios", "15.5(2)S1c", "cisco:not_ios")
# ['https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:cisco:not_ios:15.5\\(2\\)s1c:*']
# Get NIST URL(s) for the Juniper JunOS object
get_nist_urls("juniper_junos", "10.2R2.11")
# ['https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:juniper:junos:10.2r2:*:*:*:*:*:*:*', 'https://services.nvd.nist.gov/rest/json/cves/2.0?virtualMatchString=cpe:2.3:o:juniper:junos:10.2:r2:*:*:*:*:*:*']Currently known OS/Other Platform types that require a custom NIST URL:
- Juniper JunOS