def __init__(self):
self.keyword = None
self.top_contributors = []
# TODO: Look into neabling this once public contributions are enabled.
# self.fetch_top_contributors()
has_annotations_col = Vulnerability.has_annotations
vcdb_entries = db.session.query(Vulnerability, Nvd,
has_annotations_col)
vcdb_entries = vcdb_entries.filter(
Vulnerability.state == VulnerabilityState.PUBLISHED)
vcdb_entries = vcdb_entries.outerjoin(
Nvd, Vulnerability.cve_id == Nvd.cve_id)
vcdb_entries = vcdb_entries.options(default_nvd_view_options)
vcdb_entries = vcdb_entries.from_self()
vcdb_entries = vcdb_entries.order_by(
desc(has_annotations_col),
asc(Vulnerability.date_created),
desc(Vulnerability.id),
)
self.vcdb_entries = vcdb_entries
nvd_entries = db.session.query(Nvd)
nvd_entries = nvd_entries.outerjoin(Vulnerability,
Nvd.cve_id == Vulnerability.cve_id)
nvd_entries = nvd_entries.options(default_nvd_view_options)
nvd_entries = nvd_entries.filter(Vulnerability.cve_id.is_(None))
nvd_entries = nvd_entries.order_by(desc(Nvd.published_date),
desc(Nvd.id))
self.nvd_entries = nvd_entries
self.keyword = request.args.get("keyword", None, type=str)
apply_filter = None
if self.keyword:
# TODO: Make the filtering work with fulltext search as well.
if VulnerabilityDetails.is_cve_id(self.keyword):
apply_filter = or_(False, Nvd.cve_id == self.keyword)
elif VulnerabilityDetails.is_vcdb_id(self.keyword):
apply_filter = or_(False, Vulnerability.id == self.keyword)
else:
escaped_keyword = self.keyword.replace("%", "")
# escaped_keyword = re.sub('[\W]+', ' ', self.keyword)
# Attention: We can't use FullText search here because of some
# buggy Mysql 5.7 behavior (using FullText on Join results seems
# is doing bad things. We might need to apply the filter before
# joining below.
# apply_filter = or_(
# FullTextSearch(escaped_keyword, Nvd,
# FullTextMode.BOOLEAN),
# FullTextSearch(escaped_keyword, Vulnerability,
# FullTextMode.BOOLEAN))
apply_filter = or_(
Nvd.descriptions.any(
Description.value.like("%" + escaped_keyword + "%")),
Vulnerability.comment.like("%" + escaped_keyword + "%"),
)
# TODO: add product search support.
# apply_filter = or_(apply_filter, Cpe.product == keyword)
if apply_filter is not None:
self.vcdb_entries = self.vcdb_entries.filter(apply_filter)
self.nvd_entries = self.nvd_entries.filter(apply_filter)
per_page = 7
vcdb_bookmarked_page = parse_pagination_param("vcdb_p")
# Replace a sqlakeyset function to support our use case.
# TODO: File a PR for this?
sqlakeyset.paging.value_from_thing = custom_value_from_thing
self.vcdb_pagination = get_page(self.vcdb_entries,
per_page,
page=vcdb_bookmarked_page)
self.vcdb_pagination = VulnViewTypesetPaginationObjectWrapper(
self.vcdb_pagination.paging)
num_vuln_entries = db.session.query(func.count(
Vulnerability.id)).scalar()
self.vcdb_pagination.set_total(num_vuln_entries)
nvd_bookmarked_page = parse_pagination_param("nvd_p")
self.nvd_pagination = get_page(self.nvd_entries,
per_page,
page=nvd_bookmarked_page)
self.nvd_pagination = VulnViewTypesetPaginationObjectWrapper(
self.nvd_pagination.paging)
num_nvd_entries = db.session.query(func.count(Nvd.id)).scalar()
num_unique_nvd_estimate = num_nvd_entries - num_vuln_entries
self.nvd_pagination.set_total(num_unique_nvd_estimate)
def __init__(self):
self.keyword = None
# TODO: Look into neabling this once public contributions are enabled.
# self.top_contributors = []
# self.fetch_top_contributors()
vcdb_entries = db.session.query(Vulnerability, Nvd)
vcdb_entries = vcdb_entries.outerjoin(
Nvd, Vulnerability.cve_id == Nvd.cve_id)
vcdb_entries = vcdb_entries.options(default_nvd_view_options)
vcdb_entries = vcdb_entries.order_by(
asc(Vulnerability.date_created), desc(Vulnerability.id))
self.vcdb_entries = vcdb_entries
nvd_entries = db.session.query(Nvd)
nvd_entries = nvd_entries.outerjoin(Vulnerability,
Nvd.cve_id == Vulnerability.cve_id)
nvd_entries = nvd_entries.options(default_nvd_view_options)
nvd_entries = nvd_entries.filter(Vulnerability.cve_id.is_(None))
nvd_entries = nvd_entries.order_by(
desc(Nvd.published_date), desc(Nvd.id))
self.nvd_entries = nvd_entries
self.keyword = request.args.get("keyword", None, type=str)
apply_filter = None
if self.keyword:
# TODO: Make the filtering work with fulltext search as well.
if VulnerabilityDetails.is_cve_id(self.keyword):
apply_filter = or_(False, Nvd.cve_id == self.keyword)
elif VulnerabilityDetails.is_vcdb_id(self.keyword):
apply_filter = or_(False, Vulnerability.id == self.keyword)
else:
escaped_keyword = self.keyword.replace("%", "")
# escaped_keyword = re.sub('[\W]+', ' ', self.keyword)
# Attention: We can't use FullText search here because of some buggy
# Mysql 5.7 behavior (using FullText on Join results seems is doing bad
# things. We might need to apply the filter before joining below.
# apply_filter = or_(
# FullTextSearch(escaped_keyword, Nvd, FullTextMode.BOOLEAN),
# FullTextSearch(escaped_keyword, Vulnerability, FullTextMode.BOOLEAN))
apply_filter = or_(
Nvd.descriptions.any(
Description.value.like("%" + escaped_keyword + "%")),
Vulnerability.comment.like("%" + escaped_keyword + "%"),
)
# TODO: add product search support.
# apply_filter = or_(apply_filter, Cpe.product == keyword)
if apply_filter is not None:
self.vcdb_entries = self.vcdb_entries.filter(apply_filter)
self.nvd_entries = self.nvd_entries.filter(apply_filter)
per_page = 7
vcdb_page = request.args.get("vcdb_p", 1, type=int)
self.vcdb_pagination = self.vcdb_entries.paginate(
vcdb_page, per_page=per_page)
self.vcdb_pagination = VulnViewSqlalchemyPaginationObjectWrapper(
self.vcdb_pagination)
def filter_pagination_param(param):
filtered = re.sub('[^a-zA-Z\d\- <>:~]', '', param)
return filtered
nvd_bookmarked_page = request.args.get('nvd_p', None)
if nvd_bookmarked_page:
nvd_bookmarked_page = filter_pagination_param(nvd_bookmarked_page)
nvd_bookmarked_page = unserialize_bookmark(nvd_bookmarked_page)
self.nvd_pagination = get_page(
self.nvd_entries, per_page, page=nvd_bookmarked_page)
self.nvd_pagination = VulnViewTypesetPaginationObjectWrapper(
self.nvd_pagination.paging)
num_nvd_entries = db.session.query(Nvd).count()
num_vuln_entries = db.session.query(Vulnerability).count()
num_unique_nvd_estimate = num_nvd_entries - num_vuln_entries
self.nvd_pagination.set_total(num_unique_nvd_estimate)