Merge pull request #17 from krystianbajno/feature/github-advisories

Fixed github advisories source

README.md

@@ -31,7 +31,6 @@ python3 cveseeker.py cve-2024 --critical --high --medium --low # include critica
 - [www.cisa.gov - KEV](https://www.cisa.gov/known-exploited-vulnerabilities-catalog) (IMPLEMENTED)
 - [www.rapid7.com](https://www.rapid7.com) (WIP)
 - [cve.mitre.org](https://cve.mitre.org/cve/search_cve_list.html) (WIP)
-- [github.com](https://github.com)  (WIP)
 - [github.com PoC](https://github.com/nomi-sec/PoC-in-GitHub)  (IMPLEMENTED)
 - [github.com advisories](https://github.com/advisories) (IMPLEMENTED)
 - [github.com/trickest/cve](https://github.com/search?q=repo%3Atrickest%2Fcve%20cve-2024&type=code) (IMPLEMENTED)

services/api/sources/github_advisories.py

@@ -63,6 +63,7 @@ def search(self, keywords: List[str], max_results) -> List[Vulnerability]:
                 break
 
         self.session.close()
+
         return vulnerabilities
 
     def process_advisory_element(self, element):
@@ -72,15 +73,16 @@ def process_advisory_element(self, element):
                 return None
             title = title_tag.text.strip()
             advisory_href = title_tag['href']
+
             advisory_url = f"https://github.com{advisory_href}"
             advisory_id = advisory_href.strip('/').split('/')[-1]
 
             severity_span = element.find('span', class_='Label')
             base_severity = severity_span.text.strip() if severity_span else DEFAULT_VALUES['base_severity']
-
+            
             cve_span = element.find('span', class_='text-bold')
             cve_id = cve_span.text.strip() if cve_span else None
-
+            
             mt1_div = element.find('div', class_='mt-1')
             package_name = None
             if mt1_div:
@@ -138,21 +140,14 @@ def process_advisory_element(self, element):
             vulnerability_id = cve_id if cve_id and cve_id != DEFAULT_VALUES['id'] else advisory_id
 
             cvss_score = DEFAULT_VALUES['base_score']
-            cvss_metrics = {}
+
             severity_section = advisory_soup.find('h3', text='Severity')
             if severity_section:
                 severity_container = severity_section.find_next('div')
                 if severity_container:
                     score_span = severity_container.find('span', class_='Button-label')
                     if score_span:
                         cvss_score = score_span.text.strip()
-                    metrics_div = severity_container.find('div', class_='d-flex flex-column mt-2 p-2 border rounded-2')
-                    if metrics_div:
-                        metric_items = metrics_div.find_all('div', class_='d-flex p-1 flex-justify-between')
-                        for item in metric_items:
-                            metric_name = item.contents[0].strip()
-                            metric_value = item.find('div').text.strip()
-                            cvss_metrics[metric_name] = metric_value
 
             weaknesses = []
             weaknesses_section = advisory_soup.find('h3', text='Weaknesses')
@@ -177,9 +172,9 @@ def process_advisory_element(self, element):
                 base_severity=base_severity,
                 description=description,
                 vulnerable_components=vulnerable_components,
-                cvss_metrics=cvss_metrics,
                 weaknesses=weaknesses,
             )
+
             return vulnerability
 
         except Exception as e:

services/vulnerability_intelligence/enrichment/enrichment/github_poc.py

@@ -1,6 +1,7 @@
 import httpx
 import logging
 from typing import Dict
+from dateutil import parser as dateutil_parser
 
 def fetch_github_poc_data(cve: str) -> Dict:
     year = cve.split('-')[1]
@@ -26,7 +27,7 @@ def fetch_github_poc_data(cve: str) -> Dict:
 
                 data['github_url'] = entry["html_url"]
                 data['github_description'] = entry["description"]
-                data['github_date'] = entry["updated_at"]
+                data['github_date'] = dateutil_parser.parse(entry["created_at"]).strftime('%Y-%m-%d')
                 data['github_tags'].extend(entry["topics"])
                 data['github_stars'] = entry["stargazers_count"]