New cmdline tool using Red Hat's new Security Data API: rhsecapi
Summary
makes it easy to interface with the Red Hat Security Data API -- even from behind a proxy. From the rpm description:rhsecapi
Leverage Red Hat's Security Data API to find CVEs by various attributes (date, severity, scores, package, IAVA, etc). Retrieve customizable details about found CVEs or about specific CVE ids input on cmdline. Parse arbitrary stdin for CVE ids and generate a customized report, optionally sending it straight to pastebin. Searches are done via a single instantaneous http request and CVE retrieval is parallelized, utilizing multiple threads at once. Python requests is used for all remote communication, so proxy support is baked right in. BASH intelligent tab-completion is supported via optional Python argcomplete module. Python2 tested on RHEL6, RHEL7, & Fedora but since it doesn't integrate with RHN/RHSM/yum/Satellite, it can be used on any internet-connected machine. Feedback, feature requests, and code contributions welcome.
Jump to ...
- Simple CVE retrieval
- Installation
- Abbreviated usage
- BASH intelligent tab-completion
- Field display
- Find CVEs
- Working with IAVAs
- Advanced: find unresolved CVEs for a specific package in a specific product
- Full help page
- Working with backend rhsda library
Simple CVE retrieval
Specify as many CVEs on cmdline as needed; certain details are printed to stderr -- e.g., in the following, the first 3 lines of output were sent to stderr
$ rhsecapi CVE-2013-4113 CVE-2014-3669 CVE-2004-0230 CVE-2015-4642 [NOTICE ] rhsda: Found 4 CVEs on cmdline [NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 3 of 4 CVE-2013-4113 SEVERITY : Critical Impact DATE : 2013-07-11 BUGZILLA : 983689 FIXED_RELEASES : Red Hat Enterprise Linux 5: [php-5.1.6-40.el5_9] via RHSA-2013:1049 (2013-07-12) Red Hat Enterprise Linux 5: [php53-5.3.3-13.el5_9.1] via RHSA-2013:1050 (2013-07-12) Red Hat Enterprise Linux 6: [php-5.3.3-23.el6_4] via RHSA-2013:1049 (2013-07-12) Red Hat Enterprise Linux Extended Lifecycle Support 3: [php-4.3.2-56.ent] via RHSA-2013:1063 (2013-07-15) Red Hat Enterprise Linux Extended Lifecycle Support 4: [php-4.3.9-3.37.el4] via RHSA-2013:1063 (2013-07-15) Red Hat Enterprise Linux EUS (v. 5.6 server): [php-5.1.6-27.el5_6.5] via RHSA-2013:1061 (2013-07-15) Red Hat Enterprise Linux EUS (v. 5.6 server): [php53-5.3.3-1.el5_6.3] via RHSA-2013:1062 (2013-07-15) Red Hat Enterprise Linux Extended Update Support 6.2: [php-5.3.3-3.el6_2.10] via RHSA-2013:1061 (2013-07-15) Red Hat Enterprise Linux Extended Update Support 6.3: [php-5.3.3-14.el6_3.1] via RHSA-2013:1061 (2013-07-15) Red Hat Enterprise Linux Long Life (v. 5.3 server): [php-5.1.6-23.4.el5_3] via RHSA-2013:1061 (2013-07-15) FIX_STATES : Not affected: Red Hat Enterprise Linux 7 [php] CVE-2014-3669 SEVERITY : Moderate Impact DATE : 2014-09-18 BUGZILLA : 1154500 FIXED_RELEASES : Red Hat Enterprise Linux 5: [php53-5.3.3-26.el5_11] via RHSA-2014:1768 (2014-10-30) Red Hat Enterprise Linux 5: [php-5.1.6-45.el5_11] via RHSA-2014:1824 (2014-11-06) Red Hat Enterprise Linux 6: [php-5.3.3-40.el6_6] via RHSA-2014:1767 (2014-10-30) Red Hat Enterprise Linux 7: [php-5.4.16-23.el7_0.3] via RHSA-2014:1767 (2014-10-30) Red Hat Enterprise Linux Extended Update Support 6.5: [php-5.3.3-27.el6_5.3] via RHSA-2015:0021 (2015-01-08) Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): [php54-php-5.4.16-22.el6] via RHSA-2014:1765 (2014-10-30) Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 6): [php55-php-5.5.6-13.el6] via RHSA-2014:1766 (2014-10-30) Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): [php54-php-5.4.16-22.el7] via RHSA-2014:1765 (2014-10-30) Red Hat Software Collections 1 for Red Hat Enterprise Linux Server (v. 7): [php55-php-5.5.6-13.el7] via RHSA-2014:1766 (2014-10-30) CVE-2004-0230 BUGZILLA : No Bugzilla data Too new or too old? See: https://bugzilla.redhat.com/show_bug.cgi?id=CVE_legacy CVE-2015-4642 Not present in Red Hat CVE database Try https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4642
A
--product$ rhsecapi CVE-2013-4113 CVE-2014-3669 CVE-2004-0230 CVE-2015-4642 --product eus [NOTICE ] rhsda: Found 4 CVEs on cmdline [NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 3 of 4 [NOTICE ] rhsda: Results matching spotlight-product option: 2 of 4 CVE-2013-4113 SEVERITY : Critical Impact DATE : 2013-07-11 BUGZILLA : 983689 FIXED_RELEASES matching 'eus' : Red Hat Enterprise Linux EUS (v. 5.6 server): [php-5.1.6-27.el5_6.5] via RHSA-2013:1061 (2013-07-15) Red Hat Enterprise Linux EUS (v. 5.6 server): [php53-5.3.3-1.el5_6.3] via RHSA-2013:1062 (2013-07-15) Red Hat Enterprise Linux Extended Update Support 6.2: [php-5.3.3-3.el6_2.10] via RHSA-2013:1061 (2013-07-15) Red Hat Enterprise Linux Extended Update Support 6.3: [php-5.3.3-14.el6_3.1] via RHSA-2013:1061 (2013-07-15) CVE-2014-3669 SEVERITY : Moderate Impact DATE : 2014-09-18 BUGZILLA : 1154500 FIXED_RELEASES matching 'eus' : Red Hat Enterprise Linux Extended Update Support 6.5: [php-5.3.3-27.el6_5.3] via RHSA-2015:0021 (2015-01-08)
A
--urls-u$ rhsecapi CVE-2013-4113 CVE-2014-3669 CVE-2004-0230 CVE-2015-4642 --product eus --urls 2>/dev/null CVE-2013-4113 (https://access.redhat.com/security/cve/CVE-2013-4113) SEVERITY : Critical Impact (https://access.redhat.com/security/updates/classification) DATE : 2013-07-11 BUGZILLA : https://bugzilla.redhat.com/show_bug.cgi?id=983689 FIXED_RELEASES matching 'eus' : Red Hat Enterprise Linux EUS (v. 5.6 server): [php-5.1.6-27.el5_6.5] via https://access.redhat.com/errata/RHSA-2013:1061 (2013-07-15) Red Hat Enterprise Linux EUS (v. 5.6 server): [php53-5.3.3-1.el5_6.3] via https://access.redhat.com/errata/RHSA-2013:1062 (2013-07-15) Red Hat Enterprise Linux Extended Update Support 6.2: [php-5.3.3-3.el6_2.10] via https://access.redhat.com/errata/RHSA-2013:1061 (2013-07-15) Red Hat Enterprise Linux Extended Update Support 6.3: [php-5.3.3-14.el6_3.1] via https://access.redhat.com/errata/RHSA-2013:1061 (2013-07-15) CVE-2014-3669 (https://access.redhat.com/security/cve/CVE-2014-3669) SEVERITY : Moderate Impact (https://access.redhat.com/security/updates/classification) DATE : 2014-09-18 BUGZILLA : https://bugzilla.redhat.com/show_bug.cgi?id=1154500 FIXED_RELEASES matching 'eus' : Red Hat Enterprise Linux Extended Update Support 6.5: [php-5.3.3-27.el6_5.3] via https://access.redhat.com/errata/RHSA-2015:0021 (2015-01-08)
CVEs can also be extracted from stdin with
-0--stdin--countFirst example: pasting newline-separated CVEs with shell heredoc redirection
$ rhsecapi --extract-stdin --count> CVE-2016-5630 > CVE-2016-5631 > CVE-2016-5632 > CVE-2016-5633 > CVE-2016-5634 > CVE-2016-5635 > EOF [NOTICE ] rhsda: Found 6 CVEs on stdin [WARNING] rhsda: Stdin redirection suppresses term-width auto-detection; setting WIDTH to 70 [NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 6 of 6
Second example: piping in file(s) with
cat| somefile$ cat scan-results.csv | rhsecapi --stdin "(CVE-2015-7501), (CVE-2015-5178, CVE-2015-5188, CVE-2015-5220) and (CVE-2013-4517, CVE-2013-6440, CVE-2014-0018)" --count [NOTICE ] rhsda: Found 7 CVEs on cmdline [NOTICE ] rhsda: Found 150 CVEs on stdin; 698 duplicates removed [WARNING] rhsda: Stdin redirection suppresses term-width auto-detection; setting WIDTH to 70 [NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 155 of 157
The CVE retrieval process is multi-threaded; with CPUcount = 2, it defaults to 4 threads; otherwise, it defaults to
CPUcount * 2$ grep processor /proc/cpuinfo | wc -l
4
$ rhsecapi --help | grep -A1 threads
-t, --threads THREDS Set number of concurrent worker threads to allow when
making CVE queries (default on this system: 8)
$ time rhsecapi --q-empty --q-pagesize 48 --extract-cves >/dev/null
[NOTICE ] rhsda: 48 CVEs found with search query
[NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 48 of 48
real 0m3.872s
user 0m0.825s
sys 0m0.055s
Installation
-
Option 1 for RHEL6, RHEL7, Fedora: Install rsaw's yum repo and then rhsecapi rpm
- If you don't already have rsaw's yum repo due to xsos or upvm or something else, set it up with the following command:
yum install http://people.redhat.com/rsawhill/rpms/latest-rsawaroha-release.rpm - Install rhsecapi:
yum install rhsecapi - Execute:
rhsecapi
- If you don't already have rsaw's yum repo due to xsos or upvm or something else, set it up with the following command:
-
Option 2: Download latest release from github and run it
- Go to Releases
- Download and extract the latest release
- Optional:
mkdir -p ~/bin; ln -sv /PATH/TO/rhsecapi.py ~/bin/rhsecapi - Execute:
rhsecapi
Abbreviated usage
$ rhsecapi -h
usage: rhsecapi [--q-before YYYY-MM-DD] [--q-after YYYY-MM-DD] [--q-bug BZID]
[--q-advisory RHSA] [--q-severity IMPACT]
[--q-product PRODUCT] [--q-package PKG] [--q-cwe CWEID]
[--q-cvss SCORE] [--q-cvss3 SCORE] [--q-empty]
[--q-pagesize PAGESZ] [--q-pagenum PAGENUM] [--q-raw RAWQUERY]
[-i YYYY-?-NNNN] [-x] [-0] [-f FIELDS | -a | -m] [-p PRODUCT]
[-j] [-u] [-w [WIDTH]] [-c] [-l {debug,info,notice,warning}]
[-t THREDS] [-P] [-E [DAYS]] [--dryrun] [-h] [--help]
[CVE-YYYY-NNNN [CVE-YYYY-NNNN ...]]
Run rhsecapi --help for full help page
VERSION:
rhsecapi v1.0.0_rc10 last mod 2017/01/05
See to report bugs or RFEs
BASH intelligent tab-completion
$ rhsecapi --[TabTab] --all-fields --json --q-after --q-package --threads --count --loglevel --q-before --q-pagenum --urls --dryrun --most-fields --q-bug --q-pagesize --wrap --extract-cves --pastebin --q-cvss --q-product --fields --pexpire --q-cvss3 --q-raw --help --product --q-cwe --q-severity --iava --q-advisory --q-empty --stdin
Field display
Add some fields to the defaults with
--fields +field[,field]...--fields$ rhsecapi CVE-2016-6302 --fields +CWE,cvss3 --loglevel info [NOTICE ] rhsda: Found 1 CVEs on cmdline [INFO ] rhsda: Using 1 worker threads [INFO ] rhsda: Getting https://access.redhat.com/labs/securitydataapi/cve/CVE-2016-6302.json [NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 1 of 1 CVE-2016-6302 SEVERITY : Moderate Impact DATE : 2016-08-23 CWE : CWE-190->CWE-125 CVSS3 : 5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) BUGZILLA : 1369855 FIXED_RELEASES : Red Hat Enterprise Linux 6: [openssl-1.0.1e-48.el6_8.3] via RHSA-2016:1940 (2016-09-27) Red Hat Enterprise Linux 7: [openssl-1:1.0.1e-51.el7_2.7] via RHSA-2016:1940 (2016-09-27) FIX_STATES : Affected: Red Hat JBoss Core Services 1 [openssl] Affected: Red Hat JBoss EAP 6 [openssl] Will not fix: Red Hat JBoss EWS 1 [openssl] Will not fix: Red Hat JBoss EWS 2 [openssl] Affected: Red Hat JBoss Web Server 3.0 [openssl] Not affected: Red Hat Enterprise Linux 5 [openssl097a] Not affected: Red Hat Enterprise Linux 5 [openssl] Not affected: Red Hat Enterprise Linux 6 [openssl098e] Not affected: Red Hat Enterprise Linux 7 [OVMF] Not affected: Red Hat Enterprise Linux 7 [openssl098e]
Remove some fields from the list of all fields with
--fields ^field[,field]...$ rhsecapi CVE-2016-6302 -f ^FIXED_reLEASES,fIx_sTaTes,DETAILS -l info [NOTICE ] rhsda: Found 1 CVEs on cmdline [INFO ] rhsda: Using 1 worker threads [INFO ] rhsda: Getting https://access.redhat.com/labs/securitydataapi/cve/CVE-2016-6302.json [NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 1 of 1 CVE-2016-6302 SEVERITY : Moderate Impact DATE : 2016-08-23 CWE : CWE-190->CWE-125 CVSS : 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSS3 : 5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) BUGZILLA : 1369855 UPSTREAM_FIX : openssl 1.0.1u, openssl 1.0.2i REFERENCES : https://www.openssl.org/news/secadv/20160922.txt
Note that there are also two presets:
--all-fields--most-fields$ rhsecapi CVE-2016-6302 --loglevel debug --most-fields 2>&1 | grep fields [DEBUG ] rhsda: Requested fields string: 'MOST' [DEBUG ] rhsda: Enabled fields: 'threat_severity, public_date, iava, cwe, cvss, cvss3, bugzilla, upstream_fix, affected_release, package_state' $ rhsecapi CVE-2016-6302 --loglevel debug --all-fields 2>&1 | grep fields [DEBUG ] rhsda: Requested fields string: 'ALL' [DEBUG ] rhsda: Enabled fields: 'threat_severity, public_date, iava, cwe, cvss, cvss3, bugzilla, acknowledgement, details, statement, mitigation, upstream_fix, references, affected_release, package_state'
Find CVEs
The
--q-xxx--extract-cves-xEmpty search: list CVEs by public-date
$ rhsecapi --loglevel info --q-empty [INFO ] rhsda: Getting https://access.redhat.com/labs/securitydataapi/cve.json [NOTICE ] rhsda: 1000 CVEs found with search query CVE ID PUB DATE BUGZILLA SEVERITY CVSS2 CVSS3 RHSAS PKGS CVE-2016-9685 2016-12-01 1396941 low 2.1 3.8 0 0 CVE-2016-9079 2016-12-01 1400376 important 6.8 7.3 0 0 CVE-2016-5402 2016-11-30 1357559 important 8.5 8.8 1 1 CVE-2016-8734 2016-11-29 1397403 moderate 3.5 4.4 0 0 ... (output truncated for brevity of this README)
Customize how many results to see and print; add URLs. The
--q-empty--q-xxx$ rhsecapi --loglevel info --q-pagesize 4 --q-pagenum 3 --urls [INFO ] rhsda: Getting https://access.redhat.com/labs/securitydataapi/cve.json?per_page=4&page=3 [NOTICE ] rhsda: 4 CVEs found with search query CVE ID PUB DATE BUGZILLA SEVERITY CVSS2 CVSS3 RHSAS PKGS https://access.redhat.com/security/cve/CVE-2016-8653 2016-11-25 https://bugzilla.redhat.com/show_bug.cgi?id=1398524 moderate 5.0 5.3 0 0 https://access.redhat.com/security/cve/CVE-2016-8648 2016-11-24 https://bugzilla.redhat.com/show_bug.cgi?id=1395077 moderate 6.5 7.2 0 0 https://access.redhat.com/security/cve/CVE-2016-6817 2016-11-22 https://bugzilla.redhat.com/show_bug.cgi?id=1397474 important 5.0 7.5 0 0 https://access.redhat.com/security/cve/CVE-2016-9382 2016-11-22 https://bugzilla.redhat.com/show_bug.cgi?id=1392933 moderate 4.6 7.5 0 0
Use
-x--extract-cves$ rhsecapi --q-empty --q-pagesize 1 --extract-cves --most-fields --wrap [NOTICE ] rhsda: 1 CVEs found with search query [NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 1 of 1 CVE-2016-9685 SEVERITY : Low Impact DATE : 2016-12-01 CWE : CWE-772 CVSS : 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N) CVSS3 : 3.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N) BUGZILLA : 1396941 FIX_STATES : Will not fix: Red Hat Enterprise MRG 2 [realtime-kernel] New: Red Hat Enterprise Linux 6 [kernel] Will not fix: Red Hat Enterprise Linux 7 [kernel-rt] Will not fix: Red Hat Enterprise Linux 7 [kernel]
Find by attributes
Can combine multiple
--q-xxx$ rhsecapi --q-package rhev-hypervisor6 --q-after 2014-10-01 [NOTICE ] rhsda: 6 CVEs found with search query CVE ID PUB DATE BUGZILLA SEVERITY CVSS2 CVSS3 RHSAS PKGS CVE-2015-3456 2015-05-13 1218611 important 6.5 9 8 CVE-2015-0235 2015-01-27 1183461 critical 6.8 5 10 CVE-2014-3611 2014-10-21 1144878 important 5.5 5 5 CVE-2014-3645 2014-10-21 1144835 moderate 4.7 4 4 CVE-2014-3646 2014-10-21 1144825 moderate 4.7 4 4 CVE-2014-3567 2014-10-15 1152961 moderate 4.3 3 3
Other possibilities:
$ rhsecapi --q-[TabTab] --q-advisory --q-bug --q-cwe --q-pagenum --q-raw --q-after --q-cvss --q-empty --q-pagesize --q-severity --q-before --q-cvss3 --q-package --q-product
Narrowing it down ...
$ rhsecapi --q-package rhev-hypervisor6 --q-after 2014-12-01 --q-severity critical --loglevel info --extract-cves --product hypervisor [INFO ] rhsda: Getting https://access.redhat.com/labs/securitydataapi/cve.json?after=2014-12-01&severity=critical&package=rhev-hypervisor6 [NOTICE ] rhsda: 1 CVEs found with search query [INFO ] rhsda: Using 1 worker threads [INFO ] rhsda: Getting https://access.redhat.com/labs/securitydataapi/cve/CVE-2015-0235.json [NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 1 of 1 [NOTICE ] rhsda: Results matching spotlight-product option: 1 of 1 CVE-2015-0235 SEVERITY : Critical Impact DATE : 2015-01-27 BUGZILLA : 1183461 FIXED_RELEASES matching 'hypervisor' : RHEV Hypervisor for RHEL-6: [rhev-hypervisor6-6.6-20150123.1.el6ev] via RHSA-2015:0126 (2015-02-04)
Working with IAVAs
IAVAs can be retrieved instantly ...
$ rhsecapi --iava 2016-A-0287 -i 2016-A-0309 --urls [NOTICE ] rhsda: Valid Red Hat IAVA results retrieved: 2 of 2 [NOTICE ] rhsda: Number of CVEs mapped from retrieved IAVAs: 5 2016-A-0287 (https://access.redhat.com/labs/securitydataapi/iava?number=2016-A-0287) TITLE : Multiple Vulnerabilities in Oracle Enterprise Manager SEVERITY : CAT I ID : 140611 CVES : CVE-2015-7940 (https://access.redhat.com/security/cve/CVE-2015-7940) CVE-2016-2107 (https://access.redhat.com/security/cve/CVE-2016-2107) CVE-2016-4979 (https://access.redhat.com/security/cve/CVE-2016-4979) CVE-2016-5604 (https://access.redhat.com/security/cve/CVE-2016-5604) 2016-A-0309 (https://access.redhat.com/labs/securitydataapi/iava?number=2016-A-0309) TITLE : ISC BIND Remote Denial of Service Vulnerability SEVERITY : CAT I ID : 140634 CVES : CVE-2016-8864 (https://access.redhat.com/security/cve/CVE-2016-8864)
Each of the mapped CVEs can be looked up by simply adding the
-x--extract-cves--product$ rhsecapi --iava 2016-A-0287 -i 2016-A-0309 --urls --extract-cves --product 'linux 6' [NOTICE ] rhsda: Valid Red Hat IAVA results retrieved: 2 of 2 [NOTICE ] rhsda: Number of CVEs mapped from retrieved IAVAs: 5 [NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 4 of 5 [NOTICE ] rhsda: Results matching spotlight-product option: 3 of 5 CVE-2016-8864 (https://access.redhat.com/security/cve/CVE-2016-8864) SEVERITY : Important Impact (https://access.redhat.com/security/updates/classification) DATE : 2016-11-01 BUGZILLA : https://bugzilla.redhat.com/show_bug.cgi?id=1389652 FIXED_RELEASES matching 'linux 6' : Red Hat Enterprise Linux 6: [bind-32:9.8.2-0.47.rc1.el6_8.3] via https://access.redhat.com/errata/RHSA-2016:2141 (2016-11-02) CVE-2016-2107 (https://access.redhat.com/security/cve/CVE-2016-2107) SEVERITY : Moderate Impact (https://access.redhat.com/security/updates/classification) DATE : 2016-05-03 BUGZILLA : https://bugzilla.redhat.com/show_bug.cgi?id=1331426 FIXED_RELEASES matching 'linux 6' : Red Hat Enterprise Linux 6: [openssl-1.0.1e-48.el6_8.1] via https://access.redhat.com/errata/RHSA-2016:0996 (2016-05-10) FIX_STATES matching 'linux 6' : Not affected: Red Hat Enterprise Linux 6 [openssl098e] CVE-2016-4979 (https://access.redhat.com/security/cve/CVE-2016-4979) SEVERITY : Moderate Impact (https://access.redhat.com/security/updates/classification) DATE : 2016-07-05 BUGZILLA : https://bugzilla.redhat.com/show_bug.cgi?id=1352476 FIX_STATES matching 'linux 6' : Not affected: Red Hat Enterprise Linux 6 [httpd]
Advanced: find unresolved CVEs for a specific package in a specific product
-
Question:
Are there any unresolved CVEs for the glibc package in RHEL6?
-
Recipe:
- Start with a package search ()
--q-package glibc - Extract the CVEs (or
--extract-cves)-x - Use spotlight-product option to narrow results ()
--product 'linux 6'- Note: this option treats input as a case-insensitive extended regex and matches it against two product fields in the json data; see entry for
--help--product
- Note: this option treats input as a case-insensitive extended regex and matches it against two product fields in the json data; see
- Restrict field display to exclude the field, e.g.,
FIXED_RELEASESOR specify customized list that includes-f ^releasesand notFIX_STATES(e.g.,FIXED_RELEASES)-f severity,date,cvss,states- Note: fields parsed by /
--fieldsare case-insensitive and there are multiple synonymous aliases for the RELASES & STATES fields; see-fentry for--help--fields
- Note: fields parsed by
- Start with a package search (
-
Example:
$ rhsecapi --q-package glibc --extract-cves --product 'linux 6' -f bugzilla,fix_states,severity,cvss [NOTICE ] rhsda: 41 CVEs found with search query [NOTICE ] rhsda: Valid Red Hat CVE results retrieved: 41 of 41 [NOTICE ] rhsda: Results matching spotlight-product option: 8 of 41 CVE-2010-0830 SEVERITY : Low Impact CVSS : 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P) BUGZILLA : 599056 FIX_STATES matching 'linux 6' : Not affected: Red Hat Enterprise Linux 6 [glibc] CVE-2015-5277 SEVERITY : Important Impact CVSS : 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P) BUGZILLA : 1262914 FIX_STATES matching 'linux 6' : Not affected: Red Hat Enterprise Linux 6 [glibc] CVE-2016-3075 SEVERITY : Low Impact CVSS : 3.7 (AV:L/AC:H/Au:N/C:P/I:P/A:P) BUGZILLA : 1321866 FIX_STATES matching 'linux 6' : Will not fix: Red Hat Enterprise Linux 6 [compat-glibc] Will not fix: Red Hat Enterprise Linux 6 [glibc] CVE-2014-8121 SEVERITY : Low Impact CVSS : 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P) BUGZILLA : 1165192 FIX_STATES matching 'linux 6' : Fix deferred: Red Hat Enterprise Linux 6 [glibc] CVE-2015-1473 SEVERITY : Low Impact CVSS : 2.6 (AV:L/AC:H/Au:N/C:P/I:N/A:P) BUGZILLA : 1209105 FIX_STATES matching 'linux 6' : Not affected: Red Hat Enterprise Linux 6 [glibc] CVE-2015-1472 SEVERITY : Low Impact CVSS : 2.6 (AV:L/AC:H/Au:N/C:P/I:N/A:P) BUGZILLA : 1188235 FIX_STATES matching 'linux 6' : Not affected: Red Hat Enterprise Linux 6 [glibc] CVE-2010-0296 SEVERITY : Low Impact CVSS : 4.3 (AV:L/AC:L/Au:S/C:P/I:P/A:P) BUGZILLA : 559579 FIX_STATES matching 'linux 6' : Not affected: Red Hat Enterprise Linux 6 [glibc] CVE-2009-5029 SEVERITY : Moderate Impact CVSS : 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P) BUGZILLA : 761245 FIX_STATES matching 'linux 6' : Affected: Red Hat Enterprise Linux 6 [compat-glibc]
Full help page
$ rhsecapi --help
usage: rhsecapi [--q-before YYYY-MM-DD] [--q-after YYYY-MM-DD] [--q-bug BZID]
[--q-advisory RHSA] [--q-severity IMPACT]
[--q-product PRODUCT] [--q-package PKG] [--q-cwe CWEID]
[--q-cvss SCORE] [--q-cvss3 SCORE] [--q-empty]
[--q-pagesize PAGESZ] [--q-pagenum PAGENUM] [--q-raw RAWQUERY]
[-i YYYY-?-NNNN] [-x] [-0] [-f FIELDS | -a | -m] [-p PRODUCT]
[-j] [-u] [-w [WIDTH]] [-c] [-l {debug,info,notice,warning}]
[-t THREDS] [-P] [-E [DAYS]] [--dryrun] [-h] [--help]
[CVE-YYYY-NNNN [CVE-YYYY-NNNN ...]]
Make queries against the Red Hat Security Data API
Original announcement: https://access.redhat.com/blogs/766093/posts/2387601
Docs: https://access.redhat.com/documentation/en/red-hat-security-data-api/
FIND CVES BY ATTRIBUTE:
--q-before YYYY-MM-DD
Narrow down results to before a certain time period
--q-after YYYY-MM-DD Narrow down results to after a certain time period
--q-bug BZID Narrow down results by Bugzilla ID (specify one or
more, e.g.: '1326598,1084875')
--q-advisory RHSA Narrow down results by errata advisory (specify one or
more, e.g.: 'RHSA-2016:0614,RHSA-2016:0610')
--q-severity IMPACT Narrow down results by severity rating (specify one of
'low', 'moderate', 'important', or 'critical')
--q-product PRODUCT Narrow down results by product name via case-
insensitive regex (e.g.: 'linux 7' or openstack
platform [89]'); the API checks this against the
'FIXED_RELEASES' field so will only match CVEs where
PRODUCT matches the 'product_name' of some released
errata
--q-package PKG Narrow down results by package name (e.g.: 'samba' or
'thunderbird')
--q-cwe CWEID Narrow down results by CWE ID (specify one or more,
e.g.: '295,300')
--q-cvss SCORE Narrow down results by CVSS base score (e.g.: '8.0')
--q-cvss3 SCORE Narrow down results by CVSSv3 base score (e.g.: '5.1')
--q-empty Allow performing an empty search; when used with no
other --q-xxx options, this will return the first 1000
of the most recent CVEs (subject to below PAGESZ &
PAGENUM)
--q-pagesize PAGESZ Set a cap on the number of results that will be
returned (default: 1000)
--q-pagenum PAGENUM Select what page number to return (default: 1); only
relevant when there are more than PAGESZ results
--q-raw RAWQUERY Narrow down results by RAWQUERY (e.g.: '--q-raw a=x
--q-raw b=y'); this allows passing arbitrary params
(e.g. something new that is unknown to rhsecapi)
RETRIEVE SPECIFIC IAVAS:
-i, --iava YYYY-?-NNNN
Retrieve notice details for an IAVA number; specify
option multiple times to retrieve multiple IAVAs at
once (use below --extract-cves option to lookup mapped
CVEs)
RETRIEVE SPECIFIC CVES:
CVE-YYYY-NNNN Retrieve a CVE or list of CVEs (e.g.:
'CVE-2016-5387'); note that case-insensitive regex-
matching is done -- extra characters & duplicate CVEs
will be discarded
-x, --extract-cves Extract CVEs from search query (as initiated by at
least one of the --q-xxx options or the --iava option)
-0, --stdin Extract CVEs from stdin (CVEs will be matched by case-
insensitive regex 'CVE-[0-9]{4}-[0-9]{4,}' and
duplicates will be discarded); note that terminal
width auto-detection is not possible in this mode and
WIDTH defaults to '70' (but can be overridden with '--
width')
CVE DISPLAY OPTIONS:
-f, --fields FIELDS Customize field display via comma-separated case-
insensitive list (default: threat_severity,
public_date, bugzilla, affected_release,
package_state); see --all-fields option for full list
of official API-provided fields; shorter field
aliases: threat_severity → severity, public_date →
date, affected_release → fixed_releases or fixed or
releases, package_state → fix_states or states;
optionally prepend FIELDS with plus (+) sign to add
fields to the default (e.g., '-f +iava,cvss3') or a
caret (^) to remove fields from all-fields (e.g., '-f
^mitigation,severity')
-a, --all-fields Display all supported fields (currently:
threat_severity, public_date, iava, cwe, cvss, cvss3,
bugzilla, acknowledgement, details, statement,
mitigation, upstream_fix, references,
affected_release, package_state)
-m, --most-fields Display all fields mentioned above except the heavy-
text ones -- (excludes: acknowledgement, details,
statement, mitigation, references)
-p, --product PRODUCT
Spotlight a particular PRODUCT via case-insensitive
regex; this hides CVEs where 'FIXED_RELEASES' or
'FIX_STATES' don't have an item with 'cpe' (e.g.
'cpe:/o:redhat:enterprise_linux:7') or 'product_name'
(e.g. 'Red Hat Enterprise Linux 7') matching PRODUCT;
this also hides all items in 'FIXED_RELEASES' &
'FIX_STATES' that don't match PRODUCT
-j, --json Print full & raw JSON output
-u, --urls Print URLs for all relevant fields
GENERAL OPTIONS:
-w, --wrap [WIDTH] Change wrap-width of long fields (acknowledgement,
details, statement, mitigation, references) in non-
json output (default: wrapping WIDTH equivalent to
TERMWIDTH-2 unless using '--pastebin' where default
WIDTH is '168'; specify '0' to disable wrapping; WIDTH
defaults to '70' if option is used but WIDTH is
omitted)
-c, --count Exit after printing CVE counts
-l, --loglevel {debug,info,notice,warning}
Configure logging level threshold; lower from the
default of 'notice' to see extra details printed to
stderr
-t, --threads THREDS Set number of concurrent worker threads to allow when
making CVE queries (default on this system: 8)
-P, --pastebin Send output to Fedora Project Pastebin
(paste.fedoraproject.org) and print only URL to stdout
-E, --pexpire [DAYS] Set time in days after which paste will be deleted
(defaults to '28'; specify '0' to disable expiration;
DAYS defaults to '1' if option is used but DAYS is
omitted)
--dryrun Skip CVE retrieval; this option only makes sense in
concert with --stdin, for the purpose of quickly
getting a printable list of CVE ids from stdin
-h Show short usage summary and exit
--help Show this help message and exit
VERSION:
rhsecapi v1.0.0_rc10 last mod 2017/01/05
See to report bugs or RFEs
Responses