Settings¶
CveXplore by default looks for an .env file in ${HOME}/.cvexplore folder. If certain values need to be
overwritten you can do it either there or pass them directly as environment variables.
On Windows, you would need to set the environment variable PYTHONUTF8=1 for Python.
That will solve many `UnicodeEncodeError`s, e.g., while populating/updating the database.
The following config variables are the configuration settings for CveXplore. There are more environment variable available for configuring database & backend, documented on their own sections.
General¶
-
USER_HOME_DIR : str =
'${HOME}/.cvexplore'¶ Directory to use as main directory for storing data, config files and sources initialization files.
-
SOURCES : dict =
{'cwe': 'https://cwe.mitre.org/data/xml/cwec_latest.xml.zip', 'capec': 'https://capec.mitre.org/data/xml/capec_latest.xml', 'via4': 'https://www.cve-search.org/feeds/via4.json', 'epss': 'https://epss.cyentia.com/epss_scores-current.csv.gz'}¶ Dictionary of external source URLs used for populating the database (in addition to NVD API).
NIST NVD API¶
-
NVD_NIST_API_KEY : None =
None¶ You can populate CveXplore without an API key, but it will limit the amount of parallel requests made to the NIST API.
Request an API key from https://nvd.nist.gov/developers/request-an-api-key
Downloads¶
-
DOWNLOAD_SEM_FACTOR : float =
0.0¶ This factor determines the amount of simultaneous requests made towards the NIST API; The set amount of client requests (30) get divided with the sem factor, so the lower it is set, the more simultaneous requests are made.
If set, should be set
>=0.6.
-
DOWNLOAD_SLEEP_MIN : float =
0.5¶ Minimum time randomized sleep between (aiohttp) requests to NVD API.
-
DOWNLOAD_SLEEP_MAX : float =
2.5¶ Minimum time randomized sleep between (aiohttp) requests to NVD API.
-
DOWNLOAD_BATCH_RANGE : None =
None¶ Count of requests made in the time window of
36seconds.See https://nvd.nist.gov/general/news/API-Key-Announcement
Defaults to
45ifNVD_NIST_API_KEYis set, and to5without.
Proxy¶
A HTTP proxy can be used for database population & updates.
As CveXplore is using both urllib3 and aiohttp for the connections, the proxy needs to be configured twice in forms supported by each.
-
HTTP_PROXY_DICT : dict =
{}¶ Dictionary of proxies used for HTTP & HTTPS connections.
This is used by urllib3 connections for both NVD API and other sources.
E.g.,
{ "http": "http://proxy.example.com:8080", "https": "http://proxy.example.com:8080" }
-
HTTP_PROXY_STRING : str =
''¶ String presentation of the proxy.
This is used by aiohttp for multiple asynchronous request to NVD API.
E.g.,
http://proxy.example.com:8080
Logging¶
-
LOGGING_LEVEL : str =
'DEBUG'¶ Short name of the maximum severity level of messages to be logged in log files.
DEBUG > INFO ( > NOTICE > WARNING > ERR > CRIT > ALERT > EMERG )
-
SYSLOG_LEVEL : str =
'DEBUG'¶ Short name of the maximum severity level of messages to be logged in syslog.
DEBUG > INFO ( > NOTICE > WARNING > ERR > CRIT > ALERT > EMERG )See https://www.rfc-editor.org/rfc/rfc5424.html#section-6.2.1
-
GELF_SYSLOG : bool =
True¶ GELF format allows for additional fields to be submitted with each log record; Key values of this dict should start with underscores; e.g. {“_environment”: “SPECIAL”} would append an environment field with the value of ‘SPECIAL’ to each log record.
-
GELF_SYSLOG_ADDITIONAL_FIELDS : dict =
{}¶ See https://github.com/keeprocking/pygelf?tab=readme-ov-file#static-fields