def search_product(prod):
if strict_vendor_product:
search = prod.split(":")
search = (search[0], search[1])
ret = cvesForCPE(search, lax=relaxSearch, vulnProdSearch=vulnerableProductSearch, strict_vendor_product=True)
else:
ret = cvesForCPE(prod, lax=relaxSearch, vulnProdSearch=vulnerableProductSearch)
for item in ret["results"]:
if not last_ndays:
print_job(item)
else:
date_n_days_ago = datetime.now() - timedelta(days=last_ndays)
if item["Published"] > date_n_days_ago:
print_job(item)
def search(vendor=None, product=None):
search = (vendor, product)
cve = cvesForCPE(search, strict_vendor_product=True)
return render_template("search.html",
vendor=vendor,
product=product,
cve=cve)
def api_search(self, vendor=None, product=None):
if not (vendor and product):
return {}
search = vendor + ":" + product
# Not using query.cvesForCPE, because that one gives too much info
# return json.dumps(db.cvesForCPE(search), default=json_util.default)
return cvesForCPE(search)
def search(self, vendor=None, product=None):
search = vendor + ":" + product
cve = cvesForCPE(search)
return render_template("search.html",
vendor=vendor,
product=product,
cve=cve,
minimal=self.minimal)
def search_product(prod):
ret = cvesForCPE(prod, lax=relaxSearch, vulnProdSearch=vulnerableProductSearch)
for item in ret["results"]:
if not last_ndays:
print_job(item)
else:
date_n_days_ago = datetime.now() - timedelta(days=last_ndays)
if item["Published"] > date_n_days_ago:
print_job(item)
def qcvesForCPE(cpe, limit=0):
cpe = toStringFormattedCPE(cpe)
data = []
if cpe:
cvesp = CveHandler(
rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False
)
r = cvesForCPE(cpe, limit=limit)
for x in r["results"]:
data.append(cvesp.getcve(x["id"]))
return data
def search_entity(cpe=None):
cve = cvesForCPE(cpe)
vendor = cpe.split(':')[3]
try:
product = cpe.split(':')[4]
except IndexError:
product = ''
return render_template("search_entity.html",
cve=cve,
vendor=vendor,
product=product)
def fetch_freetext_search():
search = ""
if request.values.get("search"):
search = request.values.get("search")
vendor = ""
if request.values.get("vendor"):
vendor = request.values.get("vendor")
product = ""
if request.values.get("product"):
product = request.values.get("product")
if search != "":
result = getSearchResults(search)
cve = {"data": result["data"], "total": len(result["data"])}
elif vendor != "" and product != "":
search = (vendor, product)
result = cvesForCPE(search, strict_vendor_product=True)
cve = {"data": result["results"], "total": len(result["results"])}
else:
return make_response(jsonify(False), 400)
# errors = result["errors"] if "errors" in result else []
return make_response(jsonify(cve), 200)
def is_number(s):
try:
ret = float(s)
return ret
except ValueError:
return False
if pyReq:
with open(pyReq, "r") as f:
for req in requirements.parse(f):
lib = req.name
specs = req.specs
# get vulnerable versions
vulns = {}
for item in cvesForCPE(lib):
if "vulnerable_configuration" in item:
for entry in item["vulnerable_configuration"]:
vulns[vuln_config(entry)] = [
"CVE: " + item["id"],
"DATE: " + str(item["Published"]),
"CVSS: " + str(item["cvss"]),
item["summary"],
]
# check if any of those is allowed according to specs
found = False
for vuln in vulns.keys():
sp = vuln.split(":")
ind = -1
num = sp[ind]
# if the last token is not a number or float then it must be e.g., 'alpha' while the