# CSAF-Tool
The CSAF-Tool generates a [CSAF 2.0 file](https://www.csaf.io) including product tree and vulnerabilities associated with products
specified in the product tree. It can also be used to generate a human-readable output of a CSAF document.
## Installation
To install use the following command:
`pip install csaf-tool`
Alternatively, just clone the repo and install dependencies using the following command:
`pip install -U -r requirements.txt`
The tool requires Python 3 (3.7+). It is recommended to use a virtual python environment especially
if you are using different versions of python. `virtualenv` is a tool for setting up virtual python environments which
allows you to have all the dependencies for the tool set up in a single environment, or have different environments set
up for testing using different versions of Python.
## Usage
```
usage: csaf-tool [-h] [-g] [-i INPUT_FILE] [-p PRODUCT] [-v VULNERABILITIES] [-t TITLE] [--header HEADER] [--id ID] [-C CONFIG] [-o OUTPUT_FILE] [-V]
CSAF-tool generates a CSAF 2.0 file including product tree and vulnerabilities associated with products specified in the product tree.
options:
-h, --help show this help message and exit
-C CONFIG, --config CONFIG
name of config file
-V, --version show program's version number and exit
Input:
-g, --generate generate CSAF file
-i INPUT_FILE, --input-file INPUT_FILE
CSAF filename to be analysed
-p PRODUCT, --product PRODUCT
product tree
-v VULNERABILITIES, --vulnerabilities VULNERABILITIES
list of vulnerabilities
-t TITLE, --title TITLE
CSAF title
--header HEADER CSAF heading
--id ID CSAF document identifier
Output:
-o OUTPUT_FILE, --output-file OUTPUT_FILE
CSAF filename
```
## Operation
The CSAF tool can be used as a command line tool to generate or analyse a CSAF document. It can also be used as a Python library
to programmatically generate a CSAF document.
### CSAF Generation using command line
The `--generate` option is used to indicate that a CSAF file is to be produced.
The following parameters are mandatory:
1. The `--product` option is used to specify the products to be included in the CSAF product tree. The file
is a CSV file and consists of one entry per line per product which specifies the product name, the name of the vendor and the release.
Multiple releases of a product should be specified as separate entries. The first line of the file contains the
header `product,vendor,release`. The following is an example product file.
```
product,vendor,release
product_1,AVendor,1.1
product_1,AVendor,1.2
product_1,AVendor,2.0
product_2,AVendor1,1
product_3,AVendor,2022H2
```
2. The `--vulnerabilities` option is used to specify the vulnerabilities to be included in the CSAF document. The file
is a CSV file and consists of one entry per line per vulnerability which specifies the product name, the release of the product,
the identity of the vulnerability (e.g. CVE number), a brief description of the vulnerability, the status of the vulnerability (one of
"mitigation", "no_fix_planned", "none_available", "vendor_fix" or "workaround") and an associated comment. Multiple vulnerabilities for a product should be specified as separate entries. The first line of the file contains the
header `product,release,id,description,status,comment`. The following is an example vulnerabilities file.
```
product,release,id,description,status,comment
product_1,1.1,CVE-2020-1234,This is a simple description,vendor_fix,Customers should upgrade to the latest version of the product
product_1,1.1,CVE-2020-9876,This is another vulnerabilty description,none_available,Still under investigation
```
3. The `--output-file` option is used to specify the filename for the generated CSAF document.
The `--header` option is used to specify a title for the document generated by the tool. It is recommended that this is
sufficiently unique to distinguish it from similar documents.
The `--title` option is used to provide a brief summary note of the document generated by the tool.
The `--id` option is used to provide a unique document identifier for the document. If this is not provided a default
identifier of _**CSAF-Document-YYYYMMDDHHMMSS**_ is used.
The `--config` option is used to specify the [configuration file](#configuration-file) to be used.
This is required when the `--generate` option is specified and is used to specify static information included
in the CSAF document. If this is not specified, a default filename of _**csaf.ini**_ in the current directory shall be assumed.
If the filename cannot be found, default values shall be used in the generation of the document.
Example usage:
```
csaf-tool --generate --product product.csv --vulnerabilities vulnerability.csv --id "Avendor-advisory-0004" --title "Technical summary" --header "Product backdoor identified" --output-file "test-csaf.json"
```
There is no output unless an error is detected due to missing parameters e.g.
```
[ERROR] Vulnerabilties filename not specified
```
#### Configuration File
A configuration file is used to specify a number of fixed parameters to be used in the generation of the CSAF document. The following is an example file.
```
# CSAF configuration file
[publisher]
# This is a comment which is ignored
category = vendor
name = Organisation
url = https://psirt.example.com
```
Comments are indicated by lines starting with '#'. All content is ignored.
The options are grouped into a single section **publisher**.
The following options are supported:
- *category* is used to specify the type of organisation publishing the CSAF document. Valid values for this are
"coordinator", "discoverer", "other", "translator", "user" or "vendor"
- *name* is used to specify the name of organisation publishing the CSAF document.
- *url* is used to specify a URL under the control of the organisation publishing the CSAF document.
### CSAF Analysis using command line
The `--input-file` option is used to specify the name of the CSAF document to be analysed by the tool.
Other parameters will be ignored.
Example usage:
```
csaf-tool --input-file test_pv.json
```
Sample output
```
1 ⨯
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ CSAF HEADER │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Item ┃ Details ┃
┡━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ CSAF Version │ 2.0 │
│ Title │ Product backdoor identified │
│ Category │ csaf_vex │
│ Date │ 2022-12-09T15-58-39Z │
│ Technical summary │ Auto generated CSAF document │
│ Publisher │ Organisation https://psirt.example.com │
│ Generator │ csaf-tool version 0.1.0 │
│ Id │ CSAF-Document-20221209155839 │
│ Revision 1 2022-12-09T15-58-39Z │ Initial version │
│ Status │ final │
│ Version │ 1 │
└─────────────────────────────────┴────────────────────────────────────────┘
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ PRODUCT TREE │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
┏━━━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━━┳━━━━━━━━━┓
┃ Family ┃ Product ┃ Vendor ┃ Release ┃
┡━━━━━━━━╇━━━━━━━━━━━╇━━━━━━━━━━╇━━━━━━━━━┩
│ │ product_1 │ AVendor │ 1.1 │
│ │ product_1 │ AVendor │ 1.2 │
│ │ product_1 │ AVendor │ 2.0 │
│ │ product_2 │ AVendor1 │ 1 │
│ │ product_3 │ AVendor │ 2022H2 │
└────────┴───────────┴──────────┴─────────┘
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ VULNERABILITIES │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ VULNERABILITY CVE-2020-1234 │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
┏━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Item ┃ Details ┃
┡━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ CVE ID │ CVE-2020-1234 │
│ CVE description │ This is a simple description │
└─────────────────┴──────────────────────────────┘
KNOWN_AFFECTED
--------------
┏━━━━━━━━━━━┳━━━━━━━━━┓
┃ Product ┃ Release ┃
┡━━━━━━━━━━━╇━━━━━━━━━┩
│ product_1 │ 1.1 │
└───────────┴─────────┘
Remediations
------------
VENDOR_FIX : Customers should upgrade to the latest version of the product
┏━━━━━━━━━━━┳━━━━━━━━━┓
┃ Product ┃ Release ┃
┡━━━━━━━━━━━╇━━━━━━━━━┩
│ product_1 │ 1.1 │
└───────────┴─────────┘
╭────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ VULNERABILITY CVE-2020-9876 │
╰────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
┏━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Item ┃ Details ┃
┡━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ CVE ID │ CVE-2020-9876 │
│ CVE description │ This is another vulnerabilty description │
└─────────────────┴──────────────────────────────────────────┘
KNOWN_AFFECTED
--------------
┏━━━━━━━━━━━┳━━━━━━━━━┓
┃ Product ┃ Release ┃
┡━━━━━━━━━━━╇━━━━━━━━━┩
│ product_1 │ 1.1 │
└───────────┴─────────┘
Remediations
------------
NONE_AVAILABLE : Still under investigation
┏━━━━━━━━━━━┳━━━━━━━━━┓
┃ Product ┃ Release ┃
┡━━━━━━━━━━━╇━━━━━━━━━┩
│ product_1 │ 1.1 │
└───────────┴─────────┘
```
An error message is reported if the specified file is not found.
```
[ERROR] CSAF filename not found
```
### CSAF Generation using the csaf library
The following example shows the generation of a CSAF document.
```
from csaf.generator import CSAFGenerator
csaf_gen = CSAFGenerator("csaf.ini")
# Define header information
csaf_gen.set_title("Test CSAF document")
csaf_gen.set_header_title("Example VEX Document Use Case 1 - Affected")
# Define product tree
csaf_gen.add_product(product_name = "product1", vendor = "Avendor", release = 1 )
csaf_gen.add_product(product_name = "product1", vendor = "Avendor", release = 2 )
csaf_gen.add_product(product_name = "product1", vendor = "Avendor", release = 3 )
csaf_gen.add_product(product_name = "product2", vendor = "Avendor1", release = 1.0 )
csaf_gen.add_product(product_name = "product2", vendor = "Avendor1", release = 1.1 )
csaf_gen.add_product(product_name = "product3", vendor = "Avendor", release = 1 )
csaf_gen.add_product(product_name = "product3", vendor = "Avendor", release = 2 )
csaf_gen.add_product(product_name = "product3", vendor = "Avendor", release = 3 )
# Add vulnerabilities
csaf_gen.add_vulnerability(product_name = "product2", release = 1.1, id="CVE-2020-1234", description="A simple example", status="vendor_fix", comment="Upgrade product to latest version.")
csaf_gen.add_vulnerability(product_name = "product2", release = 1.1, id="CVE-2020-9876", description="Another simple example", status="none_available", comment="Still under review.")
# Generate the CSAF
csaf_gen.generate_csaf()
# And publish to file
csaf_gen.publish_csaf("test_csaf.json")
```
### CSAF Analysis using the csaf library
The following code sample can be used to analyse a CSAF file. It can be used to confirm that the CSAF file conforms with the CSAF specification
```
from csaf.analyser import CSAFAnalyser
try:
csaf_filename = "test_csaf.json"
csaf = CSAFAnalyser(csaf_filename)
print (f"Is {csaf_filename} a valid CSAF document : {csaf.validate()}")
csaf.analyse()
except FileNotFoundError:
print ("[ERROR] CSAF filename not found")
```
## Licence
Licenced under the MIT Licence.
## Feedback and Contributions
Bugs and feature requests can be made via GitHub Issues.
Raw data
{
"_id": null,
"home_page": "https://github.com/anthonyharrison/csaf",
"name": "csaf-tool",
"maintainer": "Anthony Harrison",
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": "anthony.p.harrison@gmail.com",
"keywords": "security, tools, CSAF, CSAF 2.0, VexDevSecOps, vulnerabilities",
"author": "Anthony Harrison",
"author_email": "anthony.p.harrison@gmail.com",
"download_url": null,
"platform": null,
"description": "# CSAF-Tool\n\nThe CSAF-Tool generates a [CSAF 2.0 file](https://www.csaf.io) including product tree and vulnerabilities associated with products\nspecified in the product tree. It can also be used to generate a human-readable output of a CSAF document.\n\n## Installation\n\nTo install use the following command:\n\n`pip install csaf-tool`\n\nAlternatively, just clone the repo and install dependencies using the following command:\n\n`pip install -U -r requirements.txt`\n\nThe tool requires Python 3 (3.7+). It is recommended to use a virtual python environment especially\nif you are using different versions of python. `virtualenv` is a tool for setting up virtual python environments which\nallows you to have all the dependencies for the tool set up in a single environment, or have different environments set\nup for testing using different versions of Python.\n\n## Usage\n\n```\nusage: csaf-tool [-h] [-g] [-i INPUT_FILE] [-p PRODUCT] [-v VULNERABILITIES] [-t TITLE] [--header HEADER] [--id ID] [-C CONFIG] [-o OUTPUT_FILE] [-V]\n\nCSAF-tool generates a CSAF 2.0 file including product tree and vulnerabilities associated with products specified in the product tree.\n\noptions:\n -h, --help show this help message and exit\n -C CONFIG, --config CONFIG\n name of config file\n -V, --version show program's version number and exit\n\nInput:\n -g, --generate generate CSAF file\n -i INPUT_FILE, --input-file INPUT_FILE\n CSAF filename to be analysed\n -p PRODUCT, --product PRODUCT\n product tree\n -v VULNERABILITIES, --vulnerabilities VULNERABILITIES\n list of vulnerabilities\n -t TITLE, --title TITLE\n CSAF title\n --header HEADER CSAF heading\n --id ID CSAF document identifier\n\n\nOutput:\n -o OUTPUT_FILE, --output-file OUTPUT_FILE\n CSAF filename\n```\n\n## Operation\n\nThe CSAF tool can be used as a command line tool to generate or analyse a CSAF document. It can also be used as a Python library\nto programmatically generate a CSAF document.\n\n### CSAF Generation using command line\n\nThe `--generate` option is used to indicate that a CSAF file is to be produced.\n\nThe following parameters are mandatory:\n\n1. The `--product` option is used to specify the products to be included in the CSAF product tree. The file\nis a CSV file and consists of one entry per line per product which specifies the product name, the name of the vendor and the release.\nMultiple releases of a product should be specified as separate entries. The first line of the file contains the\nheader `product,vendor,release`. The following is an example product file.\n\n```\nproduct,vendor,release\nproduct_1,AVendor,1.1\nproduct_1,AVendor,1.2\nproduct_1,AVendor,2.0\nproduct_2,AVendor1,1\nproduct_3,AVendor,2022H2\n\n```\n\n2. The `--vulnerabilities` option is used to specify the vulnerabilities to be included in the CSAF document. The file\nis a CSV file and consists of one entry per line per vulnerability which specifies the product name, the release of the product,\nthe identity of the vulnerability (e.g. CVE number), a brief description of the vulnerability, the status of the vulnerability (one of\n\"mitigation\", \"no_fix_planned\", \"none_available\", \"vendor_fix\" or \"workaround\") and an associated comment. Multiple vulnerabilities for a product should be specified as separate entries. The first line of the file contains the\nheader `product,release,id,description,status,comment`. The following is an example vulnerabilities file.\n\n```\nproduct,release,id,description,status,comment\nproduct_1,1.1,CVE-2020-1234,This is a simple description,vendor_fix,Customers should upgrade to the latest version of the product\nproduct_1,1.1,CVE-2020-9876,This is another vulnerabilty description,none_available,Still under investigation\n```\n\n3. The `--output-file` option is used to specify the filename for the generated CSAF document.\n\nThe `--header` option is used to specify a title for the document generated by the tool. It is recommended that this is\nsufficiently unique to distinguish it from similar documents.\n\nThe `--title` option is used to provide a brief summary note of the document generated by the tool.\n\nThe `--id` option is used to provide a unique document identifier for the document. If this is not provided a default\nidentifier of _**CSAF-Document-YYYYMMDDHHMMSS**_ is used.\n\nThe `--config` option is used to specify the [configuration file](#configuration-file) to be used.\nThis is required when the `--generate` option is specified and is used to specify static information included\nin the CSAF document. If this is not specified, a default filename of _**csaf.ini**_ in the current directory shall be assumed.\nIf the filename cannot be found, default values shall be used in the generation of the document.\n\nExample usage:\n\n```\ncsaf-tool --generate --product product.csv --vulnerabilities vulnerability.csv --id \"Avendor-advisory-0004\" --title \"Technical summary\" --header \"Product backdoor identified\" --output-file \"test-csaf.json\"\n```\n\nThere is no output unless an error is detected due to missing parameters e.g.\n\n```\n[ERROR] Vulnerabilties filename not specified\n```\n\n#### Configuration File\n\nA configuration file is used to specify a number of fixed parameters to be used in the generation of the CSAF document. The following is an example file.\n\n```\n# CSAF configuration file\n[publisher]\n# This is a comment which is ignored\ncategory = vendor\nname = Organisation\nurl = https://psirt.example.com\n```\n\nComments are indicated by lines starting with '#'. All content is ignored.\n\nThe options are grouped into a single section **publisher**.\n\nThe following options are supported:\n\n- *category* is used to specify the type of organisation publishing the CSAF document. Valid values for this are\n\"coordinator\", \"discoverer\", \"other\", \"translator\", \"user\" or \"vendor\"\n\n- *name* is used to specify the name of organisation publishing the CSAF document.\n\n- *url* is used to specify a URL under the control of the organisation publishing the CSAF document.\n\n\n### CSAF Analysis using command line\n\nThe `--input-file` option is used to specify the name of the CSAF document to be analysed by the tool.\n\nOther parameters will be ignored.\n\nExample usage:\n\n```\ncsaf-tool --input-file test_pv.json\n```\n\nSample output\n\n```\n 1 \u2a2f\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 CSAF HEADER \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Item \u2503 Details \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 CSAF Version \u2502 2.0 \u2502\n\u2502 Title \u2502 Product backdoor identified \u2502\n\u2502 Category \u2502 csaf_vex \u2502\n\u2502 Date \u2502 2022-12-09T15-58-39Z \u2502\n\u2502 Technical summary \u2502 Auto generated CSAF document \u2502\n\u2502 Publisher \u2502 Organisation https://psirt.example.com \u2502\n\u2502 Generator \u2502 csaf-tool version 0.1.0 \u2502\n\u2502 Id \u2502 CSAF-Document-20221209155839 \u2502\n\u2502 Revision 1 2022-12-09T15-58-39Z \u2502 Initial version \u2502\n\u2502 Status \u2502 final \u2502\n\u2502 Version \u2502 1 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 PRODUCT TREE \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Family \u2503 Product \u2503 Vendor \u2503 Release \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 \u2502 product_1 \u2502 AVendor \u2502 1.1 \u2502\n\u2502 \u2502 product_1 \u2502 AVendor \u2502 1.2 \u2502\n\u2502 \u2502 product_1 \u2502 AVendor \u2502 2.0 \u2502\n\u2502 \u2502 product_2 \u2502 AVendor1 \u2502 1 \u2502\n\u2502 \u2502 product_3 \u2502 AVendor \u2502 2022H2 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 VULNERABILITIES \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 VULNERABILITY CVE-2020-1234 \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Item \u2503 Details \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 CVE ID \u2502 CVE-2020-1234 \u2502\n\u2502 CVE description \u2502 This is a simple description \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\nKNOWN_AFFECTED\n--------------\n\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Product \u2503 Release \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 product_1 \u2502 1.1 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\nRemediations\n------------\n\nVENDOR_FIX : Customers should upgrade to the latest version of the product\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Product \u2503 Release \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 product_1 \u2502 1.1 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 VULNERABILITY CVE-2020-9876 \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Item \u2503 Details \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 CVE ID \u2502 CVE-2020-9876 \u2502\n\u2502 CVE description \u2502 This is another vulnerabilty description \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\nKNOWN_AFFECTED\n--------------\n\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Product \u2503 Release \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 product_1 \u2502 1.1 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\nRemediations\n------------\n\nNONE_AVAILABLE : Still under investigation\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Product \u2503 Release \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 product_1 \u2502 1.1 \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n```\n\nAn error message is reported if the specified file is not found.\n\n```\n[ERROR] CSAF filename not found\n```\n\n### CSAF Generation using the csaf library\n\nThe following example shows the generation of a CSAF document.\n\n```\nfrom csaf.generator import CSAFGenerator\n\ncsaf_gen = CSAFGenerator(\"csaf.ini\")\n# Define header information\ncsaf_gen.set_title(\"Test CSAF document\")\ncsaf_gen.set_header_title(\"Example VEX Document Use Case 1 - Affected\")\n\n# Define product tree\ncsaf_gen.add_product(product_name = \"product1\", vendor = \"Avendor\", release = 1 )\ncsaf_gen.add_product(product_name = \"product1\", vendor = \"Avendor\", release = 2 )\ncsaf_gen.add_product(product_name = \"product1\", vendor = \"Avendor\", release = 3 )\ncsaf_gen.add_product(product_name = \"product2\", vendor = \"Avendor1\", release = 1.0 )\ncsaf_gen.add_product(product_name = \"product2\", vendor = \"Avendor1\", release = 1.1 )\ncsaf_gen.add_product(product_name = \"product3\", vendor = \"Avendor\", release = 1 )\ncsaf_gen.add_product(product_name = \"product3\", vendor = \"Avendor\", release = 2 )\ncsaf_gen.add_product(product_name = \"product3\", vendor = \"Avendor\", release = 3 )\n\n# Add vulnerabilities \ncsaf_gen.add_vulnerability(product_name = \"product2\", release = 1.1, id=\"CVE-2020-1234\", description=\"A simple example\", status=\"vendor_fix\", comment=\"Upgrade product to latest version.\")\ncsaf_gen.add_vulnerability(product_name = \"product2\", release = 1.1, id=\"CVE-2020-9876\", description=\"Another simple example\", status=\"none_available\", comment=\"Still under review.\")\n\n# Generate the CSAF\ncsaf_gen.generate_csaf()\n# And publish to file\ncsaf_gen.publish_csaf(\"test_csaf.json\")\n```\n\n### CSAF Analysis using the csaf library\n\nThe following code sample can be used to analyse a CSAF file. It can be used to confirm that the CSAF file conforms with the CSAF specification\n\n```\nfrom csaf.analyser import CSAFAnalyser\n\ntry:\n csaf_filename = \"test_csaf.json\"\n csaf = CSAFAnalyser(csaf_filename)\n print (f\"Is {csaf_filename} a valid CSAF document : {csaf.validate()}\")\n csaf.analyse()\nexcept FileNotFoundError:\n print (\"[ERROR] CSAF filename not found\")\n```\n\n## Licence\n\nLicenced under the MIT Licence.\n\n## Feedback and Contributions\n\nBugs and feature requests can be made via GitHub Issues.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "CSAF generator and analyser",
"version": "0.3.1",
"project_urls": {
"Homepage": "https://github.com/anthonyharrison/csaf"
},
"split_keywords": [
"security",
" tools",
" csaf",
" csaf 2.0",
" vexdevsecops",
" vulnerabilities"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "36e0023a94d766217f022840a59dad9104f679bcf473a84ac5fa801265a5409f",
"md5": "2dcdafb29981151c1fe35edefc3f345c",
"sha256": "cd174b8a1c15465d8f952df7a349da759b0da5be0d9f000db3c63833a02577f2"
},
"downloads": -1,
"filename": "csaf_tool-0.3.1-py2.py3-none-any.whl",
"has_sig": false,
"md5_digest": "2dcdafb29981151c1fe35edefc3f345c",
"packagetype": "bdist_wheel",
"python_version": "py2.py3",
"requires_python": ">=3.7",
"size": 17596,
"upload_time": "2024-05-03T16:21:53",
"upload_time_iso_8601": "2024-05-03T16:21:53.386841Z",
"url": "https://files.pythonhosted.org/packages/36/e0/023a94d766217f022840a59dad9104f679bcf473a84ac5fa801265a5409f/csaf_tool-0.3.1-py2.py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-05-03 16:21:53",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "anthonyharrison",
"github_project": "csaf",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"tox": true,
"lcname": "csaf-tool"
}
JSON
