CertfrTracker 1.0.1

This is the 'light' version of CertfrTracker-CLI, it only handles the scrapping of CertFr and the comparison system. You will have to provide the inventory system.

CertfrTracker

This package is under GNU License project.

inventory model (the data you'll provide to CertfrTracker) :

To use the CertfrTracker package you will need 3 differents array containing for each : "the name of your components", "their versions", "a starting date for the comparing system to begin with".

example :

• technos = [ Drupal, Apache, PHP]

• versions = [ 1.3.4, 2.4.49-Alpha, 8.1.8]

• dates = [ "JJ-MM-AAAA", "JJ-MM-AAAA", "JJ-MM-AAAA" ]

All the Arrays must have the same length.

output model (the data that will be sent back to you by CertfrTracker) :

Here is how the data is organised when CertfrTracker send back it's outptut :

It's an array of "Plain Object" containing all this variables for each indexes :

alert_id        # id of the Alert                               | String | CVE-2022-1234, CERTFR-2022-ALE-004, CERTFR-2022-AVI-004
techno          # Name of the Techno                            | String | ex: Apache, Postgresql, Openjdk
version         # Version of the Techno                         | String | ex: 1.2.3, 1.2, 1.2.3-beta
status          # Nature of Alert                               | String | Open or Applicable
score           # CVSS or NVD Score                             | Float  | between 1 and 10
publish_date    # Publish Date                                  | String | ex: "2020-06-21
update_date     # Update Date                                   | String | ex: "2020-06-21
description     # Alert Description                             | String
source          # url of the alert                              | string
details         # external that could provide more informations | string

How to use CertfrTracker Package ?

first of all you'll need to install the package :

pip install CertfrTracker

then, to use this package :

# import
from certfrtracker import Router

# initiate the class
certfr_tracker = Router()
# you can specify verbose output like this :
certfr_tracker = Router(verbose=True)
# you can also specify the path to the database by doing this :
certfr_tracker = Router(db_file="my_file.db")

# update the database
certfr_tracker.get_certfr_data("NextAlert")
certfr_tracker.get_certfr_data("NextAvis")

# comparing alerts with complete inventory 
technos = [ "Drupal", "Apache", "PHP"]
versions = [ "1.3.4", "2.4.49-Alpha", "8.1.8"]
_dates = [ "01-01-2014", "01-01-2014", "01-01-2014" ]
reports = certfr_tracker.compare_inventory_with_alerts(technos=technos, versions=versions, dates=_dates)

# comparings alerts with one technology
reports = []
techno = "Drupal"
verrsion = "1.3.4"
_date = "01-01-2014"
reports += certfr_tracker.compare_one_techno_with_alerts(techno=techno, version=version, date=_date)

# destroy the class instanciation
del certfr_tracker