Beispiel #1
0
def filter_logic(unlisted, timeSelect, startDate, endDate,
                 timeTypeSelect, cvssSelect, cvss, rejectedSelect, limit, skip):
    query = []
    # retrieving lists
    if rejectedSelect == "hide":
        exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
        query.append({'summary': re.compile(exp)})
    # cvss logic
    if cvssSelect != "all":
        if cvssSelect == "above":
            query.append({'cvss': {'$gt': float(cvss)}})
        if cvssSelect == "equals":
            query.append({'cvss': float(cvss)})
        if cvssSelect == "below":
            query.append({'cvss': {'$lt': float(cvss)}})
    # date logic
    if timeSelect != "all":
        startDate = convertDateToDBFormat(startDate)
        endDate = convertDateToDBFormat(endDate)
        if timeSelect == "from":
            query.append({timeTypeSelect: {'$gt': startDate}})
        if timeSelect == "until":
            query.append({timeTypeSelect: {'$lt': endDate}})
        if timeSelect == "between":
            query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
        if timeSelect == "outside":
            query.append({'$or': [{timeTypeSelect: {'$lt': startDate}}, {timeTypeSelect: {'$gt': endDate}}]})
    return dbLayer.getCVEs(limit=limit, skip=skip, query=query)
Beispiel #2
0
def filter_logic(unlisted, timeSelect, startDate, endDate,
                 timeTypeSelect, cvssSelect, cvss, rejectedSelect, limit, skip):
    query = []
    # retrieving lists
    if rejectedSelect == "hide":
        exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
        query.append({'summary': re.compile(exp)})
    # cvss logic
    if cvssSelect != "all":
        if cvssSelect == "above":
            query.append({'cvss': {'$gt': float(cvss)}})
        if cvssSelect == "equals":
            query.append({'cvss': float(cvss)})
        if cvssSelect == "below":
            query.append({'cvss': {'$lt': float(cvss)}})
    # date logic
    if timeSelect != "all":
        startDate = convertDateToDBFormat(startDate)
        endDate = convertDateToDBFormat(endDate)
        if timeSelect == "from":
            query.append({timeTypeSelect: {'$gt': startDate}})
        if timeSelect == "until":
            query.append({timeTypeSelect: {'$lt': endDate}})
        if timeSelect == "between":
            query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
        if timeSelect == "outside":
            query.append({'$or': [{timeTypeSelect: {'$lt': startDate}}, {timeTypeSelect: {'$gt': endDate}}]})
    return dbLayer.getCVEs(limit=limit, skip=skip, query=query)
Beispiel #3
0
def filter_logic(f, limit, skip):
    query = []
    # retrieving lists
    if f['blacklistSelect'] == "on":
        regexes = db.getRules('blacklist')
        if len(regexes) != 0:
            exp = "^(?!" + "|".join(regexes) + ")"
            query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
                                  {'vulnerable_configuration': {'$exists': False}},
                                  {'vulnerable_configuration': []}
                                  ]})
    if f['whitelistSelect'] == "hide":
        regexes = db.getRules('whitelist')
        if len(regexes) != 0:
            exp = "^(?!" + "|".join(regexes) + ")"
            query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
                                  {'vulnerable_configuration': {'$exists': False}},
                                  {'vulnerable_configuration': []}
                                  ]})
    if f['unlistedSelect'] == "hide":
        wlregexes = compile(db.getRules('whitelist'))
        blregexes = compile(db.getRules('blacklist'))
        query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}},
                              {'vulnerable_configuration': {'$in': blregexes}}]})
    if f['rejectedSelect'] == "hide":
        exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
        query.append({'summary': re.compile(exp)})

    # plugin filters
    query.extend(plugManager.doFilter(f, current_user=current_user))

    # cvss logic
    if f['cvssSelect'] == "above":    query.append({'cvss': {'$gt': float(f['cvss'])}})
    elif f['cvssSelect'] == "equals": query.append({'cvss': float(f['cvss'])})
    elif f['cvssSelect'] == "below":  query.append({'cvss': {'$lt': float(f['cvss'])}})
    
    # date logic
    if f['timeSelect'] != "all":
        print(f["timeSelect"])
        startDate = convertDateToDBFormat(f['startDate'])
        endDate = convertDateToDBFormat(f['endDate'])
        if f['timeSelect'] == "from":
            query.append({f['timeTypeSelect']: {'$gt': startDate}})
        if f['timeSelect'] == "until":
            query.append({f['timeTypeSelect']: {'$lt': endDate}})
        if f['timeSelect'] == "between":
            query.append({f['timeTypeSelect']: {'$gt': startDate, '$lt': endDate}})
        if f['timeSelect'] == "outside":
            query.append({'$or': [{f['timeTypeSelect']: {'$lt': startDate}}, {f['timeTypeSelect']: {'$gt': endDate}}]})
    cve=db.getCVEs(limit=limit, skip=skip, query=query)
    # marking relevant records
    if f['whitelistSelect'] == "on":   cve = whitelist_mark(cve)
    if f['blacklistSelect'] == "mark": cve = blacklist_mark(cve)
    plugManager.mark(cve, current_user=current_user)
    cve = list(cve)
    return cve
Beispiel #4
0
def filter_logic(unlisted, timeSelect, startDate, endDate, timeTypeSelect,
                 cvssSelect, cvss, rejectedSelect, limit, skip):
    collection = db.cves
    query = []
    # retrieving lists
    if rejectedSelect == "hide":
        exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
        query.append({'summary': re.compile(exp)})
    # cvss logic
    if cvssSelect != "all":
        if cvssSelect == "above":
            query.append({'cvss': {'$gt': float(cvss)}})
        if cvssSelect == "equals":
            query.append({'cvss': float(cvss)})
        if cvssSelect == "below":
            query.append({'cvss': {'$lt': float(cvss)}})
    # date logic
    if timeSelect != "all":
        startDate = convertDateToDBFormat(startDate)
        endDate = convertDateToDBFormat(endDate)
        if timeSelect == "from":
            query.append({timeTypeSelect: {'$gt': startDate}})
        if timeSelect == "until":
            query.append({timeTypeSelect: {'$lt': endDate}})
        if timeSelect == "between":
            query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
        if timeSelect == "outside":
            query.append({
                '$or': [{
                    timeTypeSelect: {
                        '$lt': startDate
                    }
                }, {
                    timeTypeSelect: {
                        '$gt': endDate
                    }
                }]
            })
    if len(query) == 0:
        cve = collection.find().sort("Modified", -1).limit(limit).skip(skip)
    elif len(query) == 1:
        cve = collection.find(query[0]).sort("Modified",
                                             -1).limit(limit).skip(skip)
    else:
        cve = collection.find({
            '$and': query
        }).sort("Modified", -1).limit(limit).skip(skip)
    # marking relevant records
    cve = list(cve)
    return cve
Beispiel #5
0
def filter_logic(unlisted, timeSelect, startDate, endDate,
                 timeTypeSelect, cvssSelect, cvss, rejectedSelect, limit, skip):
    collection = db.cves
    query = []
    # retrieving lists
    if rejectedSelect == "hide":
        exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
        query.append({'summary': re.compile(exp)})
    # cvss logic
    if cvssSelect != "all":
        if cvssSelect == "above":
            query.append({'cvss': {'$gt': float(cvss)}})
        if cvssSelect == "equals":
            query.append({'cvss': float(cvss)})
        if cvssSelect == "below":
            query.append({'cvss': {'$lt': float(cvss)}})
    # date logic
    if timeSelect != "all":
        startDate = convertDateToDBFormat(startDate)
        endDate = convertDateToDBFormat(endDate)
        if timeSelect == "from":
            query.append({timeTypeSelect: {'$gt': startDate}})
        if timeSelect == "until":
            query.append({timeTypeSelect: {'$lt': endDate}})
        if timeSelect == "between":
            query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
        if timeSelect == "outside":
            query.append({'$or': [{timeTypeSelect: {'$lt': startDate}}, {timeTypeSelect: {'$gt': endDate}}]})
    if len(query) == 0:
        cve = collection.find().sort("Modified", -1).limit(limit).skip(skip)
    elif len(query) == 1:
        cve = collection.find(query[0]).sort("Modified", -1).limit(limit).skip(skip)
    else:
        cve = collection.find({'$and': query}).sort("Modified", -1).limit(limit).skip(skip)
    # marking relevant records
    cve = list(cve)
    return cve
Beispiel #6
0
def filter_logic(blacklist, whitelist, unlisted, timeSelect, startDate, endDate,
                 timeTypeSelect, cvssSelect, cvss, rejectedSelect, hideSeen, limit, skip):
    query = []
    # retrieving lists
    if blacklist == "on":
        regexes = dbLayer.getRules('blacklist')
        if len(regexes) != 0:
            exp = "^(?!" + "|".join(regexes) + ")"
            query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
                                  {'vulnerable_configuration': {'$exists': False}},
                                  {'vulnerable_configuration': []}
                                  ]})
    if whitelist == "hide":
        regexes = dbLayer.getRules('whitelist')
        if len(regexes) != 0:
            exp = "^(?!" + "|".join(regexes) + ")"
            query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
                                  {'vulnerable_configuration': {'$exists': False}},
                                  {'vulnerable_configuration': []}
                                  ]})
    if unlisted == "hide":
        wlregexes = compile(dbLayer.getRules('whitelist'))
        blregexes = compile(dbLayer.getRules('blacklist'))
        query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}},
                              {'vulnerable_configuration': {'$in': blregexes}}]})
    if rejectedSelect == "hide":
        exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
        query.append({'summary': re.compile(exp)})

    if current_user.is_authenticated():
      if hideSeen == "hide":
        query.append({'id': {"$nin":dbLayer.seenCVEs(current_user.get_id())}})

    # cvss logic
    if cvssSelect != "all":
        if cvssSelect == "above":
            query.append({'cvss': {'$gt': float(cvss)}})
        if cvssSelect == "equals":
            query.append({'cvss': float(cvss)})
        if cvssSelect == "below":
            query.append({'cvss': {'$lt': float(cvss)}})
    # date logic
    if timeSelect != "all":
        startDate = convertDateToDBFormat(startDate)
        endDate = convertDateToDBFormat(endDate)
        if timeSelect == "from":
            query.append({timeTypeSelect: {'$gt': startDate}})
        if timeSelect == "until":
            query.append({timeTypeSelect: {'$lt': endDate}})
        if timeSelect == "between":
            query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
        if timeSelect == "outside":
            query.append({'$or': [{timeTypeSelect: {'$lt': startDate}}, {timeTypeSelect: {'$gt': endDate}}]})
    cve=dbLayer.getCVEs(limit=limit, skip=skip, query=query)
    # marking relevant records
    if whitelist == "on":
        cve = whitelist_mark(cve)
    if blacklist == "mark":
        cve = blacklist_mark(cve)
    seen_mark(cve)
    bookmarked_mark(cve)
    cve = list(cve)
    return cve
Beispiel #7
0
def filter_logic(blacklist, whitelist, unlisted, timeSelect, startDate,
                 endDate, timeTypeSelect, cvssSelect, cvss, rejectedSelect,
                 hideSeen, limit, skip):
    query = []
    # retrieving lists
    if blacklist == "on":
        regexes = db.getRules('blacklist')
        if len(regexes) != 0:
            exp = "^(?!" + "|".join(regexes) + ")"
            query.append({
                '$or': [{
                    'vulnerable_configuration': re.compile(exp)
                }, {
                    'vulnerable_configuration': {
                        '$exists': False
                    }
                }, {
                    'vulnerable_configuration': []
                }]
            })
    if whitelist == "hide":
        regexes = db.getRules('whitelist')
        if len(regexes) != 0:
            exp = "^(?!" + "|".join(regexes) + ")"
            query.append({
                '$or': [{
                    'vulnerable_configuration': re.compile(exp)
                }, {
                    'vulnerable_configuration': {
                        '$exists': False
                    }
                }, {
                    'vulnerable_configuration': []
                }]
            })
    if unlisted == "hide":
        wlregexes = compile(db.getRules('whitelist'))
        blregexes = compile(db.getRules('blacklist'))
        query.append({
            '$or': [{
                'vulnerable_configuration': {
                    '$in': wlregexes
                }
            }, {
                'vulnerable_configuration': {
                    '$in': blregexes
                }
            }]
        })
    if rejectedSelect == "hide":
        exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
        query.append({'summary': re.compile(exp)})

    if current_user.is_authenticated():
        if hideSeen == "hide":
            query.append({'id': {"$nin": db.seenCVEs(current_user.get_id())}})

    # cvss logic
    if cvssSelect != "all":
        if cvssSelect == "above":
            query.append({'cvss': {'$gt': float(cvss)}})
        if cvssSelect == "equals":
            query.append({'cvss': float(cvss)})
        if cvssSelect == "below":
            query.append({'cvss': {'$lt': float(cvss)}})
    # date logic
    if timeSelect != "all":
        startDate = convertDateToDBFormat(startDate)
        endDate = convertDateToDBFormat(endDate)
        if timeSelect == "from":
            query.append({timeTypeSelect: {'$gt': startDate}})
        if timeSelect == "until":
            query.append({timeTypeSelect: {'$lt': endDate}})
        if timeSelect == "between":
            query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
        if timeSelect == "outside":
            query.append({
                '$or': [{
                    timeTypeSelect: {
                        '$lt': startDate
                    }
                }, {
                    timeTypeSelect: {
                        '$gt': endDate
                    }
                }]
            })
    cve = db.getCVEs(limit=limit, skip=skip, query=query)
    # marking relevant records
    if whitelist == "on":
        cve = whitelist_mark(cve)
    if blacklist == "mark":
        cve = blacklist_mark(cve)
    seen_mark(cve)
    bookmarked_mark(cve)
    cve = list(cve)
    return cve
Beispiel #8
0
def filter_logic(blacklist, whitelist, unlisted, timeSelect, startDate,
                 endDate, timeTypeSelect, cvssSelect, cvss, rejectedSelect,
                 hideSeen, limit, skip):
    collection = db.cves
    query = []
    # retrieving lists
    if blacklist == "on":
        regexes = getBlacklistRules()
        if len(regexes) != 0:
            exp = "^(?!" + "|".join(regexes) + ")"
            query.append({
                '$or': [{
                    'vulnerable_configuration': re.compile(exp)
                }, {
                    'vulnerable_configuration': {
                        '$exists': False
                    }
                }, {
                    'vulnerable_configuration': []
                }]
            })
    if whitelist == "hide":
        regexes = getWhitelistRules()
        if len(regexes) != 0:
            exp = "^(?!" + "|".join(regexes) + ")"
            query.append({
                '$or': [{
                    'vulnerable_configuration': re.compile(exp)
                }, {
                    'vulnerable_configuration': {
                        '$exists': False
                    }
                }, {
                    'vulnerable_configuration': []
                }]
            })
    if unlisted == "hide":
        wlregexes = getWhitelistRegexes()
        blregexes = getBlacklistRegexes()
        query.append({
            '$or': [{
                'vulnerable_configuration': {
                    '$in': wlregexes
                }
            }, {
                'vulnerable_configuration': {
                    '$in': blregexes
                }
            }]
        })
    if rejectedSelect == "hide":
        exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
        query.append({'summary': re.compile(exp)})

    if current_user.is_authenticated():
        if hideSeen == "hide":
            query.append({'id': {"$nin": getSeenCVEs()}})

    # cvss logic
    if cvssSelect != "all":
        if cvssSelect == "above":
            query.append({'cvss': {'$gt': float(cvss)}})
        if cvssSelect == "equals":
            query.append({'cvss': float(cvss)})
        if cvssSelect == "below":
            query.append({'cvss': {'$lt': float(cvss)}})
    # date logic
    if timeSelect != "all":
        startDate = convertDateToDBFormat(startDate)
        endDate = convertDateToDBFormat(endDate)
        if timeSelect == "from":
            query.append({timeTypeSelect: {'$gt': startDate}})
        if timeSelect == "until":
            query.append({timeTypeSelect: {'$lt': endDate}})
        if timeSelect == "between":
            query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
        if timeSelect == "outside":
            query.append({
                '$or': [{
                    timeTypeSelect: {
                        '$lt': startDate
                    }
                }, {
                    timeTypeSelect: {
                        '$gt': endDate
                    }
                }]
            })
    if len(query) == 0:
        cve = collection.find().sort("Modified", -1).limit(limit).skip(skip)
    elif len(query) == 1:
        cve = collection.find(query[0]).sort("Modified",
                                             -1).limit(limit).skip(skip)
    else:
        cve = collection.find({
            '$and': query
        }).sort("Modified", -1).limit(limit).skip(skip)
    # marking relevant records
    if whitelist == "on":
        cve = whitelist_mark(cve)
    if blacklist == "mark":
        cve = blacklist_mark(cve)
    seen_mark(cve)
    cve = list(cve)
    return cve
Beispiel #9
0
def filter_logic(blacklist, whitelist, unlisted, timeSelect, startDate, endDate,
                 timeTypeSelect, cvssSelect, cvss, rejectedSelect, hideSeen, limit, skip):
    collection = db.cves
    query = []
    # retrieving lists
    if blacklist == "on":
        regexes = getBlacklistRules()
        if len(regexes) != 0:
            exp = "^(?!" + "|".join(regexes) + ")"
            query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
                                  {'vulnerable_configuration': {'$exists': False}},
                                  {'vulnerable_configuration': []}
                                  ]})
    if whitelist == "hide":
        regexes = getWhitelistRules()
        if len(regexes) != 0:
            exp = "^(?!" + "|".join(regexes) + ")"
            query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
                                  {'vulnerable_configuration': {'$exists': False}},
                                  {'vulnerable_configuration': []}
                                  ]})
    if unlisted == "hide":
        wlregexes = getWhitelistRegexes()
        blregexes = getBlacklistRegexes()
        query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}},
                              {'vulnerable_configuration': {'$in': blregexes}}]})
    if rejectedSelect == "hide":
        exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
        query.append({'summary': re.compile(exp)})

    if current_user.is_authenticated():
      if hideSeen == "hide":
        query.append({'id': {"$nin":getSeenCVEs()}})

    # cvss logic
    if cvssSelect != "all":
        if cvssSelect == "above":
            query.append({'cvss': {'$gt': float(cvss)}})
        if cvssSelect == "equals":
            query.append({'cvss': float(cvss)})
        if cvssSelect == "below":
            query.append({'cvss': {'$lt': float(cvss)}})
    # date logic
    if timeSelect != "all":
        startDate = convertDateToDBFormat(startDate)
        endDate = convertDateToDBFormat(endDate)
        if timeSelect == "from":
            query.append({timeTypeSelect: {'$gt': startDate}})
        if timeSelect == "until":
            query.append({timeTypeSelect: {'$lt': endDate}})
        if timeSelect == "between":
            query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
        if timeSelect == "outside":
            query.append({'$or': [{timeTypeSelect: {'$lt': startDate}}, {timeTypeSelect: {'$gt': endDate}}]})
    if len(query) == 0:
        cve = collection.find().sort("Modified", -1).limit(limit).skip(skip)
    elif len(query) == 1:
        cve = collection.find(query[0]).sort("Modified", -1).limit(limit).skip(skip)
    else:
        cve = collection.find({'$and': query}).sort("Modified", -1).limit(limit).skip(skip)
    # marking relevant records
    if whitelist == "on":
        cve = whitelist_mark(cve)
    if blacklist == "mark":
        cve = blacklist_mark(cve)
    seen_mark(cve)
    cve = list(cve)
    return cve