Solved: Re: How to iterate the return value from OpenVul api

angelest · ‎07-30-2019

Quite new to python and openVul, need advise how to iterate the advisory so I can put into a dictionary.

When I try to iterate it gives error 'TypeError: argument of type 'AdvisoryIOS' is not iterable'

sample iteration code.

for adv in advisories:

print(adv) --> this will print <openVulnQuery._library.advisory.AdvisoryIOS object at 0x00000000057B04E0>

adv_dict = dict()

adv_dict["cves"] = adv["cves"] if "cves" in adv else "Unknown"

adv_dict["sir"] = adv["sir"] if "sir" in adv else "Unknown"

adv_dict["advisory_id"] = adv["advisoryId"] if "advisoryId" in adv else "Unknown"

adv_dict["advisory_title"] = adv["advisoryTitle"] if "advisoryTitle" in adv else "Unknown"

adv_dict["bug_ids"] = adv["bugIDs"] if "bugIDs" in adv else "Unknown"

adv_dict["iosRelease"] = adv["iosRelease"] if "iosRelease" in adv else "Unknown"

API Return Value.

<openVulnQuery._library.advisory.AdvisoryIOS object at 0x00000000057B04E0>

advisory_id:'cisco-sa-20190612-iosxe-csrf'

advisory_title:'Cisco IOS XE Software Web UI Cross-Site Request Forgery Vulnerability'

bug_ids:['CSCuy98103']

cves:['CVE-2019-1904']

cvrfUrl:'https://tools.cisco.com/security/center/contentxml/CiscoSecurityAdvisory/cisco-sa-20190612-iosxe-csrf/cvrf/cisco-sa-20190612-iosxe-csrf_cvrf.xml'

cvss_base_score:'8.8'

cwe:['CWE-352']

first_fixed:['']

first_published:'2019-06-12T16:00:00-0700'

ios_release:['3.16.1S']

last_updated:'2019-07-16T15:51:20-0700'

product_names:['Cisco IOS XE Softwa...3.2.11aSG', 'Cisco IOS XE Softwa...e 3.15.0S', 'Cisco IOS XE Softwa...e 3.15.1S', 'Cisco IOS XE Softwa...e 3.15.2S', 'Cisco IOS XE Softwa... 3.15.1cS', 'Cisco IOS XE Softwa...e 3.15.3S', 'Cisco IOS XE Softwa...e 3.15.4S', 'Cisco IOS XE Softwa...e 3.5.9SQ', 'Cisco IOS XE Softwa...e 3.16.0S', 'Cisco IOS XE Softwa...e 3.16.1S', 'Cisco IOS XE Softwa... 3.16.0aS', 'Cisco IOS XE Softwa... 3.16.1aS', 'Cisco IOS XE Softwa...e 3.16.2S', 'Cisco IOS XE Softwa... 3.16.2aS', ...]

publication_url:'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190612-iosxe-csrf'

sir:'High'

Summary:'A vulnerability in the web-based UI (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\nThe vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device.\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.\nThis advisory is available at the following link: \n<a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190612-iosxe-csrf">https://tools.cisco.com/security/center...

Seb Rupik · ‎07-30-2019

Hi there,

AdvisoryIOS is an object not a dictionary. You are trying to reference its variables as if they were dictionary keys.

https://github.com/CiscoPSIRT/openVulnAPI/blob/master/openVulnQuery/openVulnQuery/_library/advisory.py

Since the variables are always present in the object you don't need to validate them before adding them to adv_dict. Your code should look like:

advs = []

for adv in advisories:
    print(adv)
    adv_dict = dict()
    adv_dict["cves"] = adv.cves
    adv_dict["sir"] = adv.sir
    adv_dict["advisory_id"] = adv.advisory_id  
    adv_dict["advisory_title"] = adv.advisory_title
    adv_dict["bug_ids"] = adv.bug_ids
    adv_dict["iosRelease"] = adv.ios_release

    advs.append(adv_dict)

return advs

cheers,

Seb.

View solution in original post

angelest · ‎07-30-2019

Hi Seb,

Thanks its working...

View solution in original post

Seb Rupik · ‎07-30-2019

Wasn't my answer the solution to this question? ;)

View solution in original post

Seb Rupik · ‎07-30-2019

Hi there,

AdvisoryIOS is an object not a dictionary. You are trying to reference its variables as if they were dictionary keys.

https://github.com/CiscoPSIRT/openVulnAPI/blob/master/openVulnQuery/openVulnQuery/_library/advisory.py

Since the variables are always present in the object you don't need to validate them before adding them to adv_dict. Your code should look like:

advs = []

for adv in advisories:
    print(adv)
    adv_dict = dict()
    adv_dict["cves"] = adv.cves
    adv_dict["sir"] = adv.sir
    adv_dict["advisory_id"] = adv.advisory_id  
    adv_dict["advisory_title"] = adv.advisory_title
    adv_dict["bug_ids"] = adv.bug_ids
    adv_dict["iosRelease"] = adv.ios_release

    advs.append(adv_dict)

return advs

cheers,

Seb.

angelest · ‎07-30-2019

Hi Seb,

Thanks its working...

Seb Rupik · ‎07-30-2019

Wasn't my answer the solution to this question? ;)