ContinuumIO/anaconda-cve

Name: anaconda-cve

Owner: Continuum Analytics, Inc.

Description: Compare vulnerabilities list available from NIST NVD against a conda environment and flag possible problems.

Created: 2017-08-07 16:32:00.0

Updated: 2017-09-21 22:53:15.0

Pushed: 2017-08-25 17:27:30.0

Homepage: null

Size: 52

Language: Python

GitHub Committers

UserMost Recent Commit# Commits

Other Committers

UserEmailMost Recent Commit# Commits

README

anaconda-cve

Compare vulnerabilities list available from NIST NVD against a conda environment and flag possible problems. This will run on Linux/Unix systems and on Windows, but needs to be run under Cygwin in the latter case. Usage:

vulnfinder.sh path-to-conda-environment path-to-nvd-json-file

For example:

./vulnfinder.sh /Applications/anaconda/anaconda/envs/py27 ./vuln.json

Or for Windows:

./vulnfinder.sh C:/Users/johnsmith/Anaconda2/py27 ./vuln.json

Note in this case the hybrid path – drive name plus Unix-y path separators.

The CSV file ignore.csv contains CVE codes which have been previously determined to be false positives and should not be investigated again.

The file ignore-words.txt contains a list of common words (one per line, not case sensitive) of words which occur so frequently in vulnerability descriptions that they should be ignored, even if they match the name of a module or package or library. (Likely false positives, in other words.)

vulnfinder.sh creates the lists of modules, packages, and libraries, then calls the little Python script vulndigester.py. For this script there is a command-line option to produce HTML rather than text output.

vulnfinder.py can be run by itself as well if you already have lists of modules, packages, and libraries.

vulnfinder.py -h

will explicate the various parameters and options:

e: vulndigester.py [-h] [--html] [--description]
                   [--ignore-words /path/to/word/list]
                   [--env /path/to/environment/root]
                   vfile pkgfile libfile modfile

k for vulnerabilities in lists of modules, packages, libraries

tional arguments:
ile                 JSON file from NVD
gfile               a list of packages in a Conda environment, one per
                    line
bfile               a list of libraries in a Conda environment, one per
                    line
dfile               a list of modules in a Conda environment, one per line

onal arguments:
, --help            show this help message and exit
html                HTML output rather than text
description, -d     Search language of descriptions as well as CPE codes
ignore-words /path/to/word/list, -i /path/to/word/list
                    File containing a list of words to ignore in
                    descriptions, one per line.
env /path/to/environment/root
                    Conda environment root
This work is supported by the National Institutes of Health's National Center for Advancing Translational Sciences, Grant Number U24TR002306. This work is solely the responsibility of the creators and does not necessarily represent the official views of the National Institutes of Health.