// These are mongo shell routines to upgrade the database // load these in mongo shell to run appropriate routines // WARNING: Make backups of all data before running these. // WARNING: These routines can make irreversable changes to data. // WARNING: Use with caution. these scripts have not been well tested console.log('WARNING: This is a mongo shell script'); console.log('WARNING: This is not a nodejs script'); print('These are mongo shell routines to upgrade the database') print('load these in mongo shell to run appropriate routines') print('WARNING: Make backups of all data before running these.'); print('WARNING: These routines can make irreversable changes to data.'); var smap = { "internally found": "INTERNAL", "seen in production": "USER", "researcher reported": "EXTERNAL", "third party source": "EXTERNAL" } var statemap = { "drafting": "DRAFT", "review-ready": "REVIEW", "publish-ready": "READY", "published": "PUBLIC", "deferred": "RESERVED", "rejected": "REJECTED", "merged": "MERGED_TO" } var phases = { DRAFT: "Current", REVIEW: "Current", READY: "Current", PUBLIC: "Past", RESERVED: "Future", REPLACED_BY: "Other", REJECTED: "Deleted", SPLIT_FROM: "Other", MERGED_TO: "Other" }; function upgradeDocv002to003(doc) { if (doc.cve) { print('Found ' + doc.cve.CVE_data_meta.ID); var source = {}; var DCCP = doc.cve.CNA_private; if (DCCP) { delete DCCP.merge_with; if (DCCP.defect) { source.defect = DCCP.defect; } delete DCCP.defect; if (DCCP.advisoryID) { source.advisory = DCCP.advisoryID; } delete DCCP.advisoryID if (DCCP.metadata && DCCP.metadata.source) { source.discovery = smap[DCCP.metadata.source]; } doc.cve.source = source; delete DCCP.metadata; if (DCCP.bundle) { delete DCCP.bundle; } if (doc.cve.CVE_data_meta.DATE_PUBLIC) { DCCP.publish = {} DCCP.publish.ym = doc.cve.CVE_data_meta.DATE_PUBLIC.substr(0, 7); DCCP.publish.year = doc.cve.CVE_data_meta.DATE_PUBLIC.substr(0, 4); DCCP.publish.month = doc.cve.CVE_data_meta.DATE_PUBLIC.substr(5, 2); } //if(DCCP.share_with_CVE) { // delete DCCP.share_with_CVE; //} if (DCCP.merge_with) { delete DCCP.merge_with; } if (DCCP.state) { doc.cve.CVE_data_meta.STATE = statemap[DCCP.state]; delete DCCP.state; } } // change this code to copy over advisory id from URL to source.advisory field. /* if (doc.cve.references && doc.cve.references.reference_data) { var jsa = doc.cve.references.reference_data[0].url.match(/JSA\d+/); if (jsa) { if (!doc.cve.source.advisory) { doc.cve.source.advisory = jsa[0]; } } } */ if (doc.cve.affects && doc.cve.affects.vendor && doc.cve.affects.vendor.vendor_data) { for (var vi in doc.cve.affects.vendor.vendor_data) { var v = doc.cve.affects.vendor.vendor_data[vi]; //print(v.vendor_name); if (v.product && v.product.product_data) { for (var pi in v.product.product_data) { var p = v.product.product_data[pi]; //print(p.product_name); if (p.version && p.version.version_data) { for (var vri in p.version.version_data) { var vr = p.version.version_data[vri]; //print(vr.version_value); var k = vr.version_value.match(/(.*)\s+prior\s+to\s+(.*)/i); if (k) { vr.version_name = k[1]; vr.affected = "<"; vr.version_value = k[2]; } } } } } } } if (doc.cve.credit) var newCredit = []; for (ci in doc.cve.credit) { var c = doc.cve.credit[ci]; if (typeof c === 'string' || c instanceof String) { newCredit.push({ lang: "eng", value: c }); } else { newCredit.push(c); } } if (doc.cve.solution instanceof String || typeof doc.cve.solution === 'string') { var solution = [{ lang: "eng", "value": doc.cve.solution }]; doc.cve.solution = solution; } if (doc.cve.exploit instanceof String || typeof doc.cve.exploit === 'string') { var exploit = [{ lang: "eng", "value": doc.cve.exploit }]; doc.cve.exploit = exploit; } doc.body = doc.cve; delete doc.cve; } return doc; } function upgrade() { var counter = 0, total = 0; var cves = db.collection('cves'); var cvesn = db.collection('cvesnew'); console.log("Connected successfully to server"); cves.find({}).forEach(function (doc) { if (doc) { total++; if (doc.cve) { var id = doc.cve.CVE_data_meta.ID; var ndoc = upgradeDocv002to003(doc); delete ndoc.id; cvesn.save(ndoc).then((result) => { console.log('Updated ' + id); counter++; }); } } else { console.log('Looked at ' + total + ' documents'); db.close() } }); } function setupYM(){ db.getCollection('cves').find().forEach(function(doc){ s = {}; if(doc.body.CVE_data_meta.DATE_PUBLIC) { s["body.CNA_private.publish.ym"] = doc.body.CVE_data_meta.DATE_PUBLIC.substr(0,7); s["body.CNA_private.publish.year"] = doc.body.CVE_data_meta.DATE_PUBLIC.substr(0,4); s["body.CNA_private.publish.month"] = doc.body.CVE_data_meta.DATE_PUBLIC.substr(5,2); } s["body.CNA_private.phase"] = phases[doc.body.CVE_data_meta.STATE]; db.getCollection('cves').update({_id:doc._id}, {$set: s}); }); } function setupYMsa() { db.getCollection('sas').find().forEach(function(doc){ s = {}; if(doc.body.DATE_PUBLIC) { s["body.CNA_private.publish.ym"] = doc.body.DATE_PUBLIC.substr(0,7); s["body.CNA_private.publish.year"] = doc.body.DATE_PUBLIC.substr(0,4); s["body.CNA_private.publish.month"] = doc.body.DATE_PUBLIC.substr(5,2); } s["body.CNA_private.phase"] = phases[doc.body.STATE]; db.getCollection('sas').update({_id:doc._id}, {$set: s}); }); } // upgrades mongo ids that uses to CVE ID to ObjectIDs. // This is necessary for comments feature to work function idUpgrade() { db.getCollection('cves').find({"_id" : /CVE-/}).forEach(function(doc) { doc._id; var oldId = doc._id; 'removing ' + oldId; db.getCollection('cves').remove({ _id: oldId }); delete doc._id; res = db.getCollection('cves').insertOne(doc); db.getCollection('cvehistories').update({docid: oldId},{$set:{'parent_id': res.insertedId}}); }); } /* function refnameadd(d) { for (r of d.body.references.references_data) { r.name = r.url; r.refsource = 'CONFIRM'; r.name = r.url; } delete d._id; return d; } */ function calc(d) { if (d.body.CVE_data_meta.DATE_PUBLIC > "") { dt = d.body.CVE_data_meta.DATE_PUBLIC; if (!d.body.CNA_private.publish) { d.body.CNA_private.publish = {}; } d.body.CNA_private.publish.year = dt.substr(0,4); d.body.CNA_private.publish.ym = dt.substr(0,7); d.body.CNA_private.publish.month = dt.substr(5,2); } return d; } function sacalc(d) { if (d.body.DATE_PUBLIC > "") { dt = d.body.DATE_PUBLIC; if (!d.body.CNA_private.publish) { d.body.CNA_private.publish = {}; } d.body.CNA_private.publish.year = dt.substr(0,4); d.body.CNA_private.publish.ym = dt.substr(0,7); d.body.CNA_private.publish.month = dt.substr(5,2); } return d; } function severityLevel(score) { var s = parseFloat(score); if(isNaN(s) || s < 0) { return '-'; } if(s == 0.0) { return 'NONE' } else if(s <= 3.9) { return 'LOW' } else if(s <= 6.9) { return 'MEDIUM' } else if(s <= 8.9) { return 'HIGH' } else if(s <= 10.0) { return 'CRITICAL' } else { return '-'; } };