def listManagement(self, vendor=None, product=None):
try:
if product is None:
# no product selected yet, so same function as /browse can be used
if vendor:
vendor = urllib.parse.quote_plus(vendor).lower()
browseList = query.getBrowseList(vendor)
vendor = browseList["vendor"]
product = browseList["product"]
version = None
else:
# product selected, product versions required
version = query.getVersionsOfProduct(
urllib.parse.quote_plus(product).lower())
return render_template('listmanagement.html',
vendor=vendor,
product=product,
version=version)
except redisExceptions.ConnectionError:
return render_template('error.html',
status={
'except': 'redis-connection',
'info': {
'host':
Configuration.getRedisHost(),
'port':
Configuration.getRedisPort()
}
})
def main():
while(True):
sys.stdout.flush()
flag = input("enter start or exit\n")
if(flag=='exit'):
break
playsound('./Data/audio/welcomeGreeting.mp3')
try:
query = Query.getQuery()
except:
print("ERROR : Seems like you are offline")
Query.handleQuery(query)
def print_cve_counts_by_month_to_excel(product, keyword, cvss_lower_bound, access_complexity):
csv_out = csv.writer(sys.stdout, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL)
csv_out.writerow(["YEAR-MONTH", "CVES"])
results = query.product_search(product_pattern=product, keyword_pattern=keyword, cvss_lower_bound=cvss_lower_bound, access_complexity=access_complexity)
year = '1997'
month = '01'
dates = []
for item in results:
date = dateutil.parser.parse(item['Published'])
dates.append(date)
dates.sort()
counter = 1
if len(dates) > 0:
date = dates.pop(0)
year = date.year
month = date.month
for date in dates:
if year == date.year and month == date.month:
counter += 1
else:
csv_out.writerow([str(year)+'-'+str(month), counter])
counter = 1
year = date.year
month = date.month
csv_out.writerow([str(year)+'-'+str(month), counter])
def api_browse(self, vendor=None):
if vendor:
vendor = urllib.parse.quote_plus(vendor).lower()
browseList = query.getBrowseList(vendor)
if isinstance(browseList, dict):
return browseList
else:
return {}
def api_browse(self, vendor=None):
if vendor:
vendor = urllib.parse.quote_plus(vendor).lower()
browseList = query.getBrowseList(vendor)
if isinstance(browseList, dict):
return browseList
else:
return {}
def listManagement(self, vendor=None, product=None):
try:
if product is None:
# no product selected yet, so same function as /browse can be used
if vendor:
vendor = urllib.parse.quote_plus(vendor).lower()
browseList = query.getBrowseList(vendor)
vendor = browseList["vendor"]
product = browseList["product"]
version = None
else:
# product selected, product versions required
version = query.getVersionsOfProduct(urllib.parse.quote_plus(product).lower())
return render_template('listmanagement.html', vendor=vendor, product=product, version=version)
except redisExceptions.ConnectionError:
return render_template('error.html',
status={'except':'redis-connection',
'info':{'host':Configuration.getRedisHost(),'port':Configuration.getRedisPort()}})
def dump_fixes(product, regex):
results = query.product_search(product_pattern=product)
csv_out = csv.writer(sys.stdout, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL)
csv_out.writerow(["CVE", "LINK"])
for record in results:
cve_id = record["id"]
pattern = re.compile(".*" + regex + ".*", re.IGNORECASE)
for reference in record["references"]:
if pattern.match(reference):
csv_out.writerow([record["id"], reference])
def api_browse(self, vendor=None):
if vendor:
vendor = urllib.parse.quote_plus(vendor).lower()
try:
browseList = query.getBrowseList(vendor)
except redisExceptions.ConnectionError:
raise(APIError("Server could not connect to the browsing repository", 503))
if isinstance(browseList, dict):
return browseList
else:
return {}
def print_fix_links(product, regex):
results = query.product_search(product_pattern=product)
for record in results:
cve_id = record["id"]
references = ""
pattern = re.compile(".*" + regex + ".*", re.IGNORECASE)
print("----------------\n%s" % cve_id)
for reference in record["references"]:
if pattern.match(reference):
references += reference + "\n"
print("----------------\n%s----------------\n" % references)
def api_browse(self, vendor=None):
if vendor:
vendor = urllib.parse.quote_plus(vendor).lower()
try:
browseList = query.getBrowseList(vendor)
except redisExceptions.ConnectionError:
raise(APIError("Server could not connect to the browsing repository", 503))
if isinstance(browseList, dict):
return browseList
else:
return {}
def browse(self, vendor=None):
try:
if vendor is not None:
vendor = urllib.parse.quote_plus(vendor).lower()
browseList = query.getBrowseList(vendor)
vendor = browseList["vendor"]
product = browseList["product"]
return render_template('browse.html', product=product, vendor=vendor, minimal=self.minimal)
except redisExceptions.ConnectionError:
return render_template('error.html', minimal=self.minimal,
status={'except':'redis-connection',
'info':{'host':Configuration.getRedisHost(),'port':Configuration.getRedisPort()}})
def generate_full_query(self, f):
query = self.generate_minimal_query(f)
if current_user.is_authenticated():
if f['blacklistSelect'] == "on":
regexes = db.getRules('blacklist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({
'$or': [{
'vulnerable_configuration': re.compile(exp)
}, {
'vulnerable_configuration': {
'$exists': False
}
}, {
'vulnerable_configuration': []
}]
})
if f['whitelistSelect'] == "hide":
regexes = db.getRules('whitelist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({
'$or': [{
'vulnerable_configuration': re.compile(exp)
}, {
'vulnerable_configuration': {
'$exists': False
}
}, {
'vulnerable_configuration': []
}]
})
if f['unlistedSelect'] == "hide":
wlregexes = tk.compile(db.getRules('whitelist'))
blregexes = tk.compile(db.getRules('blacklist'))
query.append({
'$or': [{
'vulnerable_configuration': {
'$in': wlregexes
}
}, {
'vulnerable_configuration': {
'$in': blregexes
}
}]
})
return query
def print_cve_counts_by_year_to_excel(product, keyword, cvss_lower_bound):
csv_out = csv.writer(sys.stdout, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL)
csv_out.writerow(["YEAR", "CVES"])
results = query.product_search(product_pattern=product, keyword_pattern=keyword, cvss_lower_bound=cvss_lower_bound)
year = '1997'
dates = []
for item in results:
date = dateutil.parser.parse(item['Published'])
dates.append(date)
dates.sort()
counter = 1
if len(dates) > 0:
year = dates.pop(0).year
for date in dates:
if year == date.year:
counter += 1
else:
csv_out.writerow([year, counter])
counter = 1
year = date.year
csv_out.writerow([year, counter])
def affected_versions_distribution(seed_cpe, results, cvss_lower_bound):
versions = {}
pattern = re.compile(r".*%s.*" % seed_cpe)
for r in results:
for cpe in r["vulnerable_configuration"]:
if pattern.match(cpe):
versions[cpe] = 0
results = query.product_search(product_pattern=seed_cpe, cvss_lower_bound=cvss_lower_bound)
for r in results:
for cpe in r["vulnerable_configuration"]:
for v in versions:
if v == cpe:
versions[cpe] = versions[cpe] + 1
csv_out = csv.writer(sys.stdout, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL)
csv_out.writerow(["VERSION", "AFFECTED_BY"])
od = collections.OrderedDict(sorted(versions.items()))
for k,v in od.items():
versions_list = k
csv_out.writerow([k,v])
def browse(self, vendor=None):
try:
if vendor is not None:
vendor = urllib.parse.quote_plus(vendor).lower()
browseList = query.getBrowseList(vendor)
vendor = browseList["vendor"]
product = browseList["product"]
return render_template('browse.html',
product=product,
vendor=vendor,
minimal=self.minimal)
except redisExceptions.ConnectionError:
return render_template('error.html',
minimal=self.minimal,
status={
'except': 'redis-connection',
'info': {
'host':
Configuration.getRedisHost(),
'port':
Configuration.getRedisPort()
}
})
def generate_full_query(self, f):
query = self.generate_minimal_query(f)
if current_user.is_authenticated():
if f['blacklistSelect'] == "on":
regexes = db.getRules('blacklist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
{'vulnerable_configuration': {'$exists': False}},
{'vulnerable_configuration': []} ]})
if f['whitelistSelect'] == "hide":
regexes = db.getRules('whitelist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
{'vulnerable_configuration': {'$exists': False}},
{'vulnerable_configuration': []} ]})
if f['unlistedSelect'] == "hide":
wlregexes = tk.compile(db.getRules('whitelist'))
blregexes = tk.compile(db.getRules('blacklist'))
query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}},
{'vulnerable_configuration': {'$in': blregexes}}]})
return query
def generate_minimal_query(self, f):
query = []
# retrieving lists
if f['rejectedSelect'] == "hide":
exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
query.append({'summary': re.compile(exp)})
# cvss logic
if f['cvssSelect'] == "above": query.append({'cvss': {'$gt': float(f['cvss'])}})
elif f['cvssSelect'] == "equals": query.append({'cvss': float(f['cvss'])})
elif f['cvssSelect'] == "below": query.append({'cvss': {'$lt': float(f['cvss'])}})
# date logic
if f['timeSelect'] != "all":
if f['startDate']:
startDate = parse_datetime(f['startDate'], ignoretz=True, dayfirst=True)
if f['endDate']:
endDate = parse_datetime(f['endDate'], ignoretz=True, dayfirst=True)
if f['timeSelect'] == "from":
query.append({f['timeTypeSelect']: {'$gt': startDate}})
elif f['timeSelect'] == "until":
query.append({f['timeTypeSelect']: {'$lt': endDate}})
elif f['timeSelect'] == "between":
query.append({f['timeTypeSelect']: {'$gt': startDate, '$lt': endDate}})
elif f['timeSelect'] == "outside":
query.append({'$or': [{f['timeTypeSelect']: {'$lt': startDate}}, {f['timeTypeSelect']: {'$gt': endDate}}]})
return query
def api_cvesFor(self, cpe):
cpe = urllib.parse.unquote_plus(cpe)
return query.cvesForCPE(cpe)
keyword_whitelist=[...],
store_whitelist=[...],
keyword_blacklist=[...],
store_blacklist=[...],
max_distance=<number>
)
Add any queries that should be used to filter the results to the
`ACTIVE_QUERIES` array at the bottom of the file. For a notification
to be sent, the item must match at least one of the queries.
"""
from lib import Query
meat = Query(
keyword_whitelist=["Kød"],
store_blacklist=["Lyngby", "Tingbjerg", "LIDL - Dyssegaard"]
)
favourite = Query(
store_whitelist=[
"LIDL - Bagsværd",
"LIDL - Kbh. Brønshøj",
"Netto - Sydfrontvej 2",
"Det Grønne Køkken",
"Wiloo",
"Frederiksdal - Virum",
]
)
nearby = Query(
store_whitelist=["Netto", "LIDL", ],
cves = CVEs.last(rankinglookup=rankinglookup, namelookup=namelookup, capeclookup=capeclookup)
printer = CVEFilePrinter(cves=cves, rankinglookup=rankinglookup, namelookup=namelookup, capeclookup=capeclookup)
if args.p:
if args.y:
try:
date = args.y
datetime.strptime(date, '%Y')
date = date_parser.parse(date+'-01-01').isoformat()
except ValueError:
print('ERROR: wrong year format')
sys.exit(0)
if args.t:
(total, hits) = query.count_keywords(product_pattern=args.p, cvss_lower_bound=cvss_lower_bound, start_year=date)
print("TOTAL: %i" % total)
print ("-------------------------------------------------\n")
for (category, count) in hits.items():
print("%s ==> %i" % (category, count))
print ("-------------------------------------------------\n")
elif args.k:
results = query.product_search(product_pattern=args.p, keyword_pattern=args.k,
cvss_lower_bound=cvss_lower_bound, sort_type=sort_type, start_year=date)
printer.print_txt(results)
else:
results = query.product_search(product_pattern=args.p, cvss_lower_bound=cvss_lower_bound, sort_type=sort_type, start_year=date)
if args.o == "csv":
printer.print_csv(results, args.v)
if args.o == "html":
printer.print_html(results, args.p)
def generate_minimal_query(self, f):
query = []
# retrieving lists
if f['rejectedSelect'] == "hide":
exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
query.append({'summary': re.compile(exp)})
# cvss logic
if f['cvssSelect'] == "above":
query.append({'cvss': {'$gt': float(f['cvss'])}})
elif f['cvssSelect'] == "equals":
query.append({'cvss': float(f['cvss'])})
elif f['cvssSelect'] == "below":
query.append({'cvss': {'$lt': float(f['cvss'])}})
# date logic
if f['timeSelect'] != "all":
if f['startDate']:
startDate = parse_datetime(f['startDate'],
ignoretz=True,
dayfirst=True)
if f['endDate']:
endDate = parse_datetime(f['endDate'],
ignoretz=True,
dayfirst=True)
if f['timeSelect'] == "from":
query.append({f['timeTypeSelect']: {'$gt': startDate}})
elif f['timeSelect'] == "until":
query.append({f['timeTypeSelect']: {'$lt': endDate}})
elif f['timeSelect'] == "between":
query.append(
{f['timeTypeSelect']: {
'$gt': startDate,
'$lt': endDate
}})
elif f['timeSelect'] == "outside":
query.append({
'$or': [{
f['timeTypeSelect']: {
'$lt': startDate
}
}, {
f['timeTypeSelect']: {
'$gt': endDate
}
}]
})
return query
def api_summary_cvefor(self, cpe):
cpe = urllib.parse.unquote_plus(cpe)
return query.summarycvesForCPE(cpe)
def api_cvesFor(self, cpe): cpe = urllib.parse.unquote_plus(cpe) cves = query.cvesForCPE(cpe) return cves
start_year = args.b if args.b else 1997
end_year = args.e if args.e else 2050
start_year = date_parser.parse(str(start_year) + '-01-01').isoformat()
end_year = date_parser.parse(str(end_year+1) + '-01-01').isoformat()
cves = CVEs.last(rankinglookup='', namelookup='', capeclookup='')
printer = CVEFilePrinter(cves=cves, rankinglookup='', namelookup='', capeclookup='')
if args.p:
if args.d:
# print_distinct_cves_to_excel(product, keyword, cvss_lower_bound)
dump_fixes(product, keyword)
elif args.y:
print_cve_counts_by_year_to_excel(product, keyword, cvss_lower_bound)
elif args.m:
access_complexity = args.c if args.c != None else ".*"
print_cve_counts_by_month_to_excel(product, keyword, cvss_lower_bound, access_complexity)
elif args.t:
(total, hits) = query.count_keywords(product_pattern=args.p, cvss_lower_bound=cvss_lower_bound, start_year=start_year, end_year=end_year)
print_summary(total, hits)
elif args.l:
print_fix_links(product=product, regex=keyword)
else:
results = query.product_search(product_pattern=product, keyword_pattern=keyword, cvss_lower_bound=cvss_lower_bound, start_year=start_year, end_year=end_year)
if args.v:
affected_versions_distribution(product, results, cvss_lower_bound)
else:
printer.print_txt(results)