Discovery & Visualization of Security Vulnerabilities — Part 2
Now that we have all the tools installed, let’s go to the visualization part of this two part post.
Table of Contents
- Get by CVE id
- Get by Product
- Finding All the weaknesses
- Get by Software Name and Security Weakness
- Graphql
- Install Graphiql
- Get by CVE id
- Get by Product
- Final Words
Get by CVE id
We can get a CVE and all its related nodes by CVE id like below. The query matches every CVE node with name CVE-2019-9977
, its related CWE, CVSS2, CVSS3 along side of related product name and version.
MATCH (n:CVE {name: 'CVE-2019-9977'}), (n)-->(w:CWE), (n)-->(c2:CVSS2), (n)-->(c3:CVSS3), (n)-->(v:ProductVersion)-->(p:Product) RETURN n, w, c2, c3, v, p
Get by Product
We can get vulnerability information about a specific software, for example let’s find out vulnerabilities of python 2.7.16
.
MATCH (c:CVE)-->(v:ProductVersion {version_value: "2.7.16"})-->(p:Product {name: "python"}), (c)-->(v3:CVSS3) RETURN p, v, c, v3
You can execute following query, If you are going to use requests
library of python in the next project and you want to know that what versions of this library has security vulnerability.
MATCH (c:CVE)-->(v:ProductVersion)-->(p:Product {name: "requests"})-->(o:Vendor {name: "python-requests"}), (c)-->(v3:CVSS3) RETURN p, v, c, v3, o
Finding All the weaknesses
If you want to find out all the weaknesses that affects memory, run following cypher query.
MATCH (w:CWE {affected_resources: "::Memory::"}) RETURN w.name, w.title, w.affected_resources
Get by Software Name and Security Weakness
Let’s find out security vulnerabilities of Photoshop CC 2017.1.1 (18.1.1
) that affect memory.
MATCH (c:CVE)-->(w:CWE {name: "CWE-416"}), (c)-->(v:ProductVersion {version_value: "18.1.1"})-->(p:Product {name: "photoshop"}), (c)-->(v3:CVSS3) RETURN v, c, p, w, v3
Graphql
With neo4j-graphql plugin installed, we can query by Graphql instead of Cypher query language.
First we need to make sure that Graphql model schemas imported into Neo4j by running this Cypher query in dashboard and getting the schema graph.
CALL graphql.schema()
Install Graphiql
Install Graphiql If you’re not having any tools for querying a graphql endpoint. With this tool we can connect to a graphql endpoint and run queries.
Use http://localhost:7474/graphql/
as endpoint url and start querying the data.
Following I write some of the above Cypher queries in Graphql.
Get by CVE id
Get by Product
Final Words
I hope this two part post can help you be familiar with Neo4j, Cypher, Graphql and also help you get better understanding of what vulnerabilities are. As it did for me too while writing it.