0.5.8

vehemont · Jul 19, 2022 · 3fb92c1 · 3fb92c1
1 parent 0128354
commit 3fb92c1
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 1 deletion.
diff --git a/HISTORY.md b/HISTORY.md
@@ -1,5 +1,17 @@
 Release History
 ===============
+0.5.8 (2022-07-19)
+-------------------
+**Bugfixes**
+
+- Update get.py and cve.py by @GamehunterKaan in https://github.com/vehemont/nvdlib/pull/5
+    - Removed exit() function that causes the program to abort. Modules shouldn't exit.
+- Updated cve.py `searchCVE` doc string to include the `cweId` parameter.
+
+**Improvements**
+
+- Updated cve.py to include the `sortPublished` parameter that is supposed to sort a CVE collection by published date, rather than the default modified date. In my testing, I have not been able to get this parameter working as expected, and I receive no changes in response with or without the `sortOrder=publishedDate` parameter.  
+I have decided to include the parameter since it is a valid API parameter. The NVD developer guide (https://nvd.nist.gov/developers/vulnerabilities) recommends to use this parameter to prevent missing CVEs when searching for large amounts of CVEs. 
 
 0.5.7 (2022-05-18)
 -------------------

diff --git a/nvdlib/cve.py b/nvdlib/cve.py
@@ -84,6 +84,7 @@ def searchCVE(
             cpeName=False,
             cpe_dict=False,
             cweId=False,
+            sortPublished=False,
             limit=False,
             key=False,
             verbose=False):
@@ -130,6 +131,13 @@ def searchCVE(
         find vulnerabilities having those score metrics. Partial vector strings are supported.
     :type cvssV2Metrics: str
 
+    :param cweId: -- Filter collection by CWE (Common Weakness Enumeration) ID. You can find a list at https://cwe.mitre.org/. A CVE can have multiple CWE IDs assigned to it.
+    :type cweId: str
+
+    :param sortPublished: -- Setting this parameter to true should sort the CVE collection by most recently published instead of the default of most recently modified.
+        **Warning**: YMMV. I have not been able to get this parameter to work as I expect. The NVD developer guide states to use this parameter when searching for large amounts of CVEs.
+    :type sortPublished: bool True
+
     :param cpeMatchString: -- Use cpeMatchString when you want a broader search against the applicability statements attached to the Vulnerabilities 
         (e.x. find all vulnerabilities attached to a specific product).
     :type cpeMatchString: str
@@ -168,6 +176,7 @@ def __buildCVECall(
             cpeName,
             cpe_dict,
             cweId,
+            sortPublished,
             limit,
             key):
 
@@ -259,6 +268,12 @@ def __buildCVECall(
         if cweId:
             parameters['cweId'] = cweId
 
+        if sortPublished:
+            if sortPublished == True:
+                parameters['sortOrder'] = 'publishedDate'
+            else:
+                raise TypeError("sortPublished parameter can only be boolean True.")
+
         if limit:
             if limit > 2000 or limit < 1:
                 raise ValueError('Limit parameter must be between 1 and 2000')
@@ -284,6 +299,7 @@ def __buildCVECall(
             cpeName,
             cpe_dict,
             cweId,
+            sortPublished,
             limit,
             key)
 

diff --git a/setup.py b/setup.py
@@ -7,7 +7,7 @@
 setup(
     name='nvdlib',
     packages=find_packages(include=['nvdlib']),
-    version='0.5.7',
+    version='0.5.8',
     install_requires = ['requests'],
     extras_require={
         "dev": [