follow-cvelist.py optional ansi colors

oh2fih · oh2fih · commit 22fd0f0e8b83 · 2024-07-27T11:47:52.000+03:00
diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@ Miscellaneous scripts for different purposes. Mostly unrelated to each other.
 | Email | [`mail-prepender.sh`](bin/mail-prepender.sh)<br>Shell (bash) | Prepends (to stdin/stdout) email header strings given in as flags `i`, `I`, `a`, or `A`; after possible mbox `From` & `Return-Path` header lines. Intended as a limited `formail` replacement that ignores the nyanses of the flags and simply prepends the valid (RFC 5322, 2.2) non-empty headers keeping the other headers as is. Flags `x` & `X` are implemented. Any other flags are ignored. |
 | Git | [`git-find-commits-by-file-hash.sh`](bin/git-find-commits-by-file-hash.sh)<br>Shell (bash) | Search Git repository history for commits with SHA-256 checksum of a file. Answers the question "Has this version of this file ever been committed as the file on this path of this Git repository?" and shows a summary (`git show --stat`) of the matching commit(s). The `path` should be relative to the repository root.<br>`git-find-commits-by-file-hash.sh sha256sum path`|
 | Infosec | [`netcat-proxy.sh`](bin/netcat-proxy.sh)<br>Shell (sh) | Creates a simple persistent TCP proxy with netcat & named pipes.<br>`netcat-proxy.sh listenport targethost targetport` |
-| Infosec | [`follow-cvelist.py`](bin/follow-cvelist.py)<br>Python 3 | Follow changes (commits) in CVEProject / [cvelistV5](https://github.com/CVEProject/cvelistV5). Requires git. Working directory must be the root of the cvelistV5 repository.<br>`follow-cvelist.py [-h] [--interval s] [--commits N]`|
+| Infosec | [`follow-cvelist.py`](bin/follow-cvelist.py)<br>Python 3 | Follow changes (commits) in CVEProject / [cvelistV5](https://github.com/CVEProject/cvelistV5). Requires git. Working directory must be the root of the cvelistV5 repository.<br>`follow-cvelist.py [-h] [-i s] [-c N] [-a]`|
 | Infosec | [`partialpassword.sh`](bin/partialpassword.sh)<br>Shell (bash) | Creates a new wordlist from a wordlist by replacing all ambiguous characters with all their possible combinations.<br>`partialpassword.sh input.txt output.txt O0 [Il1 ...]` |
 | Infosec | [`duplicate-ssh-hostkeys.sh`](bin/duplicate-ssh-hostkeys.sh)<br>Shell (bash) | Find duplicate SSH host keys in a CIDR range. Examine your network for shared host keys that could potentially be dangerous.<br>`duplicate-ssh-hostkeys.sh CIDR [HostKeyAlgorithm ...]` |
 | Infosec<br>Automation | [`make-mac-prefixes.py`](bin/make-mac-prefixes.py)<br>Python 3 | Processes registered MAC address prefixes from [IEEE MA-L Assignments (CSV)](https://standards.ieee.org/products-programs/regauth/) (stdin) to Nmap's [`nmap-mac-prefixes`](https://github.com/nmap/nmap/blob/master/nmap-mac-prefixes)  (stdout) with a few additional unregistered OUIs.<br>`curl https://standards-oui.ieee.org/oui/oui.csv \| make-mac-prefixes.py > nmap-mac-prefixes` |
diff --git a/bin/follow-cvelist.py b/bin/follow-cvelist.py
@@ -3,11 +3,12 @@
 # ------------------------------------------------------------------------------
 # Follow changes (commits) in CVEProject / cvelistV5
 #
-# Usage: follow-cvelist.py [-h] [-i s] [-c N]
+# Usage: follow-cvelist.py [-h] [-i s] [-c N] [-a]
 #
 #  -h, --help          show this help message and exit
 #  -i s, --interval s  pull interval in seconds
 #  -c N, --commits N   amount of commits to include in the initial print
+#  -a, --ansi          add ansi colors to the output (default: False)
 #
 # Requires git. Working directory must be the root of the cvelistV5 repository.
 #
@@ -50,7 +51,7 @@ def main(args):
     )
     print(f"{''.ljust(os.get_terminal_size()[0], '-')}", file=sys.stderr)
 
-    monitor(get_cursor(args.commits), args.interval)
+    monitor(args)
 
 
 def interrupt_handler(signum, frame):
@@ -69,18 +70,23 @@ def check_interrupt():
         sys.exit(0)
 
 
-def monitor(cursor: str, interval: int):
+def monitor(agrs):
     """Monitors cvelistV5 commits and prints changed CVEs"""
+    cursor = get_cursor(args.commits)
+
     while True:
         pull()
         new_cursor = get_cursor()
 
         if new_cursor != cursor:
-            print_changes(new_cursor, cursor)
+            if args.ansi:
+                print_changes_color(new_cursor, cursor)
+            else:
+                print_changes(new_cursor, cursor)
 
         cursor = new_cursor
 
-        for x in range(interval):
+        for x in range(args.interval):
             check_interrupt()
             time.sleep(1)
 
@@ -103,6 +109,58 @@ def get_cursor(offset: int = 0) -> str:
 def print_changes(current_commit: str, past_commit: str):
     """Print summary of changed CVE"""
     lines = []
+    width = os.get_terminal_size()[0]
+
+    for file in changed_files(current_commit, past_commit):
+        type = re.split(r"\t+", file.decode("utf-8").strip())[0]
+        path = re.split(r"\t+", file.decode("utf-8").strip())[1]
+
+        # Skip delta files
+        if "delta" in path:
+            continue
+
+        if type == "D":
+            print(f"Deleted: {Path(path).stem}", file=sys.stderr)
+        else:
+            current = json_at_commit(path, current_commit)
+            modified = current["cveMetadata"]["dateUpdated"]
+            modified = re.sub(r"\..*", "", modified)
+            modified = re.sub(r"T", " ", modified)
+            cve = current["cveMetadata"]["cveId"]
+
+            if type == "M":
+                past = json_at_commit(path, past_commit)
+                past_cvss = cvss31score(past)
+            else:
+                past_cvss = "   "
+
+            current_cvss = cvss31score(current)
+
+            if current_cvss == 0.0:
+                current_cvss = "   "
+            if past_cvss == 0.0:
+                past_cvss = "   "
+
+            if current_cvss != past_cvss:
+                cvss = f"{past_cvss} → {current_cvss}"
+            else:
+                cvss = f"{current_cvss}"
+
+            summary = re.sub(r"\n", " ", generate_summary(current))
+
+            lines.append(
+                f"{modified.ljust(20)} {cve.ljust(15)} {cvss.ljust(10)} {summary}"
+            )
+
+    lines.sort()
+
+    for line in lines:
+        print(line[:width])
+
+
+def print_changes_color(current_commit: str, past_commit: str):
+    """Print summary of changed CVE with ANSI colors"""
+    lines = []
 
     # adjust screen width to the ansi colors in CVSS
     width = os.get_terminal_size()[0] + 21
@@ -330,5 +388,12 @@ def check_positive(value: int):
         help="amount of commits to include in the initial print",
         default=30,
     )
+    argParser.add_argument(
+        "-a",
+        "--ansi",
+        action="store_true",
+        help="add ansi colors to the output",
+        default=False,
+    )
     args = argParser.parse_args()
     main(args)
