A Python client for the Global CVE Allocation System.

Navigation

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3), GNU General Public License v3 or later (GPLv3+) (GPL-3.0)
  • Author: Cédric Bonhomme
  • Tags GCVE , Vulnerability , CVE , CVD
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

A Python client for the Global CVE Allocation System

The Global CVE (GCVE) allocation system is a new, decentralized approach to vulnerability identification and numbering, designed to improve flexibility, scalability, and autonomy for participating entities.

This client can be integrated into software such as Vulnerability-Lookup to provide core GCVE functionalities by adhering to the Best Current Practices.
It can also be used as a standalone command-line tool.

Examples of usage

As a command line tool

First install the gcve client:

$ python -m pip install --user pipx
$ python -m pipx ensurepath

$ pipx install gcve
  installed package gcve 0.11.0, installed using Python 3.13.0
  These apps are now globally available
    - gcve
done!  🌟

Pulling the registry locally

$ gcve registry --pull
Pulling from registry…
Downloaded updated https://gcve.eu/dist/key/public.pem to .gcve/registry/public.pem
Downloaded updated https://gcve.eu/dist/gcve.json.sigsha512 to .gcve/registry/gcve.json.sigsha512
Downloaded updated https://gcve.eu/dist/gcve.json to .gcve/registry/gcve.json
Integrity check passed successfully.

Retrieving a GNA

Note: This operation is case sensitive.

$ gcve registry --get CIRCL
{
  "id": 1,
  "short_name": "CIRCL",
  "cpe_vendor_name": "circl",
  "full_name": "Computer Incident Response Center Luxembourg",
  "gcve_url": "https://vulnerability.circl.lu/",
  "gcve_api": "https://vulnerability.circl.lu/api/",
  "gcve_dump": "https://vulnerability.circl.lu/dumps/",
  "gcve_allocation": "https://vulnerability.circl.lu/",
  "gcve_sync_api": "https://vulnerability.circl.lu/"
}

$ gcve registry --get CIRCL | jq .id
1

Searching the Registry

Note: Search operations are case insensitive.

$ gcve registry --find cert
[
  {
    "id": 106,
    "full_name": "National Cyber Security Centre SK-CERT",
    "short_name": "SK-CERT",
    "gcve_url": "https://www.sk-cert.sk/"
  },
  {
    "id": 680,
    "short_name": "DFN-CERT",
    "full_name": "DFN-CERT Services GmbH",
    "gcve_url": "https://adv-archiv.dfn-cert.de/"
  }
]

As a library

Verifying the integrity of your local GNA directory copy

Python 3.13.0 (main, Oct 10 2024, 07:28:38) [GCC 12.2.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from typing import List
... from gcve.gna import GNAEntry
... from gcve.registry import (
...     update_registry_public_key,
...     update_registry_signature,
...     update_registry,
...     verify_registry_integrity,
...     load_registry,
... )
... 
>>> update_registry_public_key()
No changes  using cached .gcve/registry/public.pem.
False
>>> update_registry_signature()
No changes  using cached .gcve/registry/gcve.json.sigsha512.
False
>>> update_registry()
No changes  using cached .gcve/registry/gcve.json.
False
>>> if verify_registry_integrity():
...     gcve_data: List[GNAEntry] = load_registry()
...     
>>>

Generating new GCVE entries

Example with GCVE-1 entries (CIRCL namespace):

from typing import List
from gcve.gna import GNAEntry
from gcve import gcve_generator, get_gna_id_by_short_name, to_gcve_id
from gcve.gna import GNAEntry
from gcve.registry import update_registry, load_registry

# Retrieve the JSON Directory file available at GCVE.eu if it has changed
update_registry()
# Initializes the GNA entries
gcve_data = load_registry()

# If "CIRCL" found in the registry
if CIRCL_GNA_ID := get_gna_id_by_short_name("CIRCL", gcve_data):
    # Existing GCVE-O
    existing_gcves = {to_gcve_id(cve) for cve in vulnerabilitylookup.get_all_ids()}

    generator = gcve_generator(existing_gcves, CIRCL_GNA_ID)
    for _ in range(5):
        print(next(generator))

License

GCVE is licensed under GNU General Public License version 3.

Contact

Att: GCVE.EU
CIRCL - Computer Incident Response Center Luxembourg
c/o "Luxembourg House of Cybersecurity" g.i.e.
122, rue Adolphe Fischer
L-1521 Luxembourg
Grand-Duchy of Luxembourg

Project details

Verified details

These details have been verified by PyPI
Project links
Owner
GitHub Statistics

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GNU General Public License v3 (GPLv3), GNU General Public License v3 or later (GPLv3+) (GPL-3.0)
  • Author: Cédric Bonhomme
  • Tags GCVE , Vulnerability , CVE , CVD
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

This version

0.11.2

0.11.1

0.11.0

0.10.2

0.10.1

0.10.0

0.9.0

0.8.3

0.8.2

0.8.1

0.8.0

0.7.0

0.6.0

0.5.0

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

gcve-0.11.2.tar.gz (19.9 kB view details)

Uploaded Source

Built Distribution

gcve-0.11.2-py3-none-any.whl (21.4 kB view details)

Uploaded Python 3

File details

Details for the file gcve-0.11.2.tar.gz.

File metadata

  • Download URL: gcve-0.11.2.tar.gz
  • Upload date:
  • Size: 19.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for gcve-0.11.2.tar.gz
Algorithm Hash digest
SHA256 c1df654e018d3f6fee43d3b9ef65d63359f72cb003c39357b7baf4134c122c52
MD5 fd6ff7cfa8eb509c4dc03b41c34611cd
BLAKE2b-256 e9c6c808bf59316f3734ce3518afc724a4b02b399e0397aa4ccad5d8150511c9

See more details on using hashes here.

Provenance

The following attestation bundles were made for gcve-0.11.2.tar.gz:

Publisher: release.yml on gcve-eu/gcve

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file gcve-0.11.2-py3-none-any.whl.

File metadata

  • Download URL: gcve-0.11.2-py3-none-any.whl
  • Upload date:
  • Size: 21.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.12.9

File hashes

Hashes for gcve-0.11.2-py3-none-any.whl
Algorithm Hash digest
SHA256 328ea278807486e608e0e204e30ef62789ecf091e17f48e9c7187bf5ab4efeaf
MD5 dbb37a88731157182af78b17652649a4
BLAKE2b-256 d6aa1dd09f58f65a9c1dec49232341ee74bc9066e53bc09f73f4fe22de75e46c

See more details on using hashes here.

Provenance

The following attestation bundles were made for gcve-0.11.2-py3-none-any.whl:

Publisher: release.yml on gcve-eu/gcve

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page