WindowsVulnScan icon indicating copy to clipboard operation
WindowsVulnScan copied to clipboard

Published 20 hours ago verified publisher icon chroblert

[bug] 更新CVEKB数据时提示impact、articleName找不到

Open s1g0day opened this issue 1 year ago • 0 comments

版本WindowsVulnScan/blob/master/version2/cve-check.py

错误信息

更新第20页
Exception in thread 7:
Traceback (most recent call last):
  File "D:\0_tools\python\3.10.5\lib\threading.py", line 1016, in _bootstrap_inner
    self.run()
  File "D:\WindowsVulnScan-master\version2\cve-check.py", line 43, in run
    self.result = self.func(self.args[0],)
  File "D:\WindowsVulnScan-master\version2\cve-check.py", line 193, in update_onepage_cvedb_database
    metaStr = result['product'] + KBName + result['cveNumber'] + result['impact']
KeyError: 'impact'
Exception in thread 10:
Traceback (most recent call last):
  File "D:\0_tools\python\3.10.5\lib\threading.py", line 1016, in _bootstrap_inner
    self.run()
  File "D:\WindowsVulnScan-master\version2\cve-check.py", line 43, in run
    self.result = self.func(self.args[0],)
  File "D:\WindowsVulnScan-master\version2\cve-check.py", line 189, in update_onepage_cvedb_database
    KBName += KBNode['articleName'] + ";" if (KBNode['articleName'] != None) and KBNode['articleName'].isdigit() else ""
KeyError: 'articleName'
i:21,pageCount-i:223,ThreadCount:10,PageCount:244
===============================
更新第21页

跑完后共报34个错误,逐个调试后发现部分数据中impact或articleName不存在,在原代码186行190行中,并未验证这两个值是否存在

186行
KBName += KBNode['articleName'] + ";" if (KBNode['articleName'] != None) and KBNode['articleName'].isdigit() else ""
190行
metaStr = result['product'] + KBName + result['cveNumber'] + result['impact']

修改后

    for result in resultList:
        KBName = ""
        impact = ""
        for KBNode in result['kbArticles']:
            KBName += KBNode['articleName'] + ";" if ("articleName" in KBNode) and (KBNode['articleName'] != None) and  KBNode['articleName'].isdigit() else ""
        if KBName == "":
            continue
        h1 = hashlib.md5()
        impact = result['impact'] + ";" if ('impact'in result) and (result['impact'] != None) else ""
        metaStr = result['product'] + KBName + result['cveNumber'] + impact
        h1.update(metaStr.encode('utf-8'))
        #hasPOC = check_POC_every_CVE(result['cveNumber'])
        # 收集到所有的KB后再搜索有没有公开的EXP
        hasPOC = ""
        sql = "INSERT OR IGNORE INTO "+TableName+" VALUES ('" + h1.hexdigest() + "','" + result['product'] + "','" + KBName + "','" + result['cveNumber'] + "','" + result['impact'] + "','" + hasPOC+"')"
        with lock:
            global insertSQL
            insertSQL.append(sql)

s1g0day avatar Mar 04 '23 10:03 s1g0day