Beispiel #1
0
 def listManagement(self, vendor=None, product=None):
     try:
         if product is None:
             # no product selected yet, so same function as /browse can be used
             if vendor:
                 vendor = urllib.parse.quote_plus(vendor).lower()
             browseList = query.getBrowseList(vendor)
             vendor = browseList["vendor"]
             product = browseList["product"]
             version = None
         else:
             # product selected, product versions required
             version = query.getVersionsOfProduct(
                 urllib.parse.quote_plus(product).lower())
         return render_template('listmanagement.html',
                                vendor=vendor,
                                product=product,
                                version=version)
     except redisExceptions.ConnectionError:
         return render_template('error.html',
                                status={
                                    'except': 'redis-connection',
                                    'info': {
                                        'host':
                                        Configuration.getRedisHost(),
                                        'port':
                                        Configuration.getRedisPort()
                                    }
                                })
Beispiel #2
0
def main():
    while(True):
        sys.stdout.flush()
        flag  = input("enter start or exit\n")
        if(flag=='exit'):
            break
        playsound('./Data/audio/welcomeGreeting.mp3')
        try:
            query = Query.getQuery()
        except:
            print("ERROR : Seems like you are offline")
        
        Query.handleQuery(query)
Beispiel #3
0
def print_cve_counts_by_month_to_excel(product, keyword, cvss_lower_bound, access_complexity):
    csv_out = csv.writer(sys.stdout, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL)
    csv_out.writerow(["YEAR-MONTH", "CVES"])
    results = query.product_search(product_pattern=product, keyword_pattern=keyword, cvss_lower_bound=cvss_lower_bound, access_complexity=access_complexity)
    year = '1997'
    month = '01'
    dates = []
    for item in results:
        date = dateutil.parser.parse(item['Published'])
        dates.append(date)
    dates.sort()
    counter = 1
    if len(dates) > 0:
        date = dates.pop(0)
        year = date.year
        month = date.month
        for date in dates:
            if year == date.year and month == date.month:
                counter += 1
            else:
                csv_out.writerow([str(year)+'-'+str(month), counter])
                counter = 1
                year = date.year
                month = date.month
        csv_out.writerow([str(year)+'-'+str(month), counter])
Beispiel #4
0
 def api_browse(self, vendor=None):
   if vendor:
     vendor = urllib.parse.quote_plus(vendor).lower()
   browseList = query.getBrowseList(vendor)
   if isinstance(browseList, dict):
     return browseList
   else:
     return {}
Beispiel #5
0
 def api_browse(self, vendor=None):
     if vendor:
         vendor = urllib.parse.quote_plus(vendor).lower()
     browseList = query.getBrowseList(vendor)
     if isinstance(browseList, dict):
         return browseList
     else:
         return {}
Beispiel #6
0
 def listManagement(self, vendor=None, product=None):
   try:
     if product is None:
       # no product selected yet, so same function as /browse can be used
       if vendor:
         vendor = urllib.parse.quote_plus(vendor).lower()
       browseList = query.getBrowseList(vendor)
       vendor = browseList["vendor"]
       product = browseList["product"]
       version = None
     else:
       # product selected, product versions required
       version = query.getVersionsOfProduct(urllib.parse.quote_plus(product).lower())
     return render_template('listmanagement.html', vendor=vendor, product=product, version=version)
   except redisExceptions.ConnectionError:
     return render_template('error.html',
                            status={'except':'redis-connection',
                                    'info':{'host':Configuration.getRedisHost(),'port':Configuration.getRedisPort()}})
Beispiel #7
0
def dump_fixes(product, regex):
    results = query.product_search(product_pattern=product)
    csv_out = csv.writer(sys.stdout, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL)
    csv_out.writerow(["CVE", "LINK"])
    for record in results:
        cve_id = record["id"]
        pattern = re.compile(".*" + regex + ".*", re.IGNORECASE) 
        for reference in record["references"]:
            if pattern.match(reference):
                csv_out.writerow([record["id"], reference])
Beispiel #8
0
 def api_browse(self, vendor=None):
   if vendor:
     vendor = urllib.parse.quote_plus(vendor).lower()
   try:
     browseList = query.getBrowseList(vendor)
   except redisExceptions.ConnectionError:
     raise(APIError("Server could not connect to the browsing repository", 503))
   if isinstance(browseList, dict):
     return browseList
   else:
     return {}
Beispiel #9
0
def print_fix_links(product, regex):
    results = query.product_search(product_pattern=product)
    for record in results:
        cve_id = record["id"]
        references = ""
        pattern = re.compile(".*" + regex + ".*", re.IGNORECASE) 
        print("----------------\n%s" % cve_id)
        for reference in record["references"]:
            if pattern.match(reference):
                references += reference + "\n"
        print("----------------\n%s----------------\n" % references)
Beispiel #10
0
 def api_browse(self, vendor=None):
   if vendor:
     vendor = urllib.parse.quote_plus(vendor).lower()
   try:
     browseList = query.getBrowseList(vendor)
   except redisExceptions.ConnectionError:
     raise(APIError("Server could not connect to the browsing repository", 503))
   if isinstance(browseList, dict):
     return browseList
   else:
     return {}
Beispiel #11
0
 def browse(self, vendor=None):
   try:
     if vendor is not None:
       vendor = urllib.parse.quote_plus(vendor).lower()
     browseList = query.getBrowseList(vendor)
     vendor = browseList["vendor"]
     product = browseList["product"]
     return render_template('browse.html', product=product, vendor=vendor, minimal=self.minimal)
   except redisExceptions.ConnectionError:
     return render_template('error.html', minimal=self.minimal,
                             status={'except':'redis-connection',
                                     'info':{'host':Configuration.getRedisHost(),'port':Configuration.getRedisPort()}})
Beispiel #12
0
 def generate_full_query(self, f):
     query = self.generate_minimal_query(f)
     if current_user.is_authenticated():
         if f['blacklistSelect'] == "on":
             regexes = db.getRules('blacklist')
             if len(regexes) != 0:
                 exp = "^(?!" + "|".join(regexes) + ")"
                 query.append({
                     '$or': [{
                         'vulnerable_configuration': re.compile(exp)
                     }, {
                         'vulnerable_configuration': {
                             '$exists': False
                         }
                     }, {
                         'vulnerable_configuration': []
                     }]
                 })
         if f['whitelistSelect'] == "hide":
             regexes = db.getRules('whitelist')
             if len(regexes) != 0:
                 exp = "^(?!" + "|".join(regexes) + ")"
                 query.append({
                     '$or': [{
                         'vulnerable_configuration': re.compile(exp)
                     }, {
                         'vulnerable_configuration': {
                             '$exists': False
                         }
                     }, {
                         'vulnerable_configuration': []
                     }]
                 })
         if f['unlistedSelect'] == "hide":
             wlregexes = tk.compile(db.getRules('whitelist'))
             blregexes = tk.compile(db.getRules('blacklist'))
             query.append({
                 '$or': [{
                     'vulnerable_configuration': {
                         '$in': wlregexes
                     }
                 }, {
                     'vulnerable_configuration': {
                         '$in': blregexes
                     }
                 }]
             })
     return query
Beispiel #13
0
def print_cve_counts_by_year_to_excel(product, keyword, cvss_lower_bound):
    csv_out = csv.writer(sys.stdout, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL)
    csv_out.writerow(["YEAR", "CVES"])
    results = query.product_search(product_pattern=product, keyword_pattern=keyword, cvss_lower_bound=cvss_lower_bound)
    year = '1997'
    dates = []
    for item in results:
        date = dateutil.parser.parse(item['Published'])
        dates.append(date)
    dates.sort()
    counter = 1
    if len(dates) > 0:
        year = dates.pop(0).year
        for date in dates:
            if year == date.year:
                counter += 1
            else:
                csv_out.writerow([year, counter])
                counter = 1
                year = date.year
        csv_out.writerow([year, counter])
Beispiel #14
0
def affected_versions_distribution(seed_cpe, results, cvss_lower_bound):
    versions = {}
    pattern = re.compile(r".*%s.*" % seed_cpe)
    for r in results:
        for cpe in r["vulnerable_configuration"]:
            if pattern.match(cpe):
                versions[cpe] = 0

    results = query.product_search(product_pattern=seed_cpe, cvss_lower_bound=cvss_lower_bound)
    for r in results:
        for cpe in r["vulnerable_configuration"]:
            for v in versions:
                if v == cpe:
                    versions[cpe] = versions[cpe] + 1

    csv_out = csv.writer(sys.stdout, delimiter=',', quotechar='|', quoting=csv.QUOTE_MINIMAL)
    csv_out.writerow(["VERSION", "AFFECTED_BY"])
    od = collections.OrderedDict(sorted(versions.items()))
    for k,v in od.items():
        versions_list = k
        csv_out.writerow([k,v])
Beispiel #15
0
 def browse(self, vendor=None):
     try:
         if vendor is not None:
             vendor = urllib.parse.quote_plus(vendor).lower()
         browseList = query.getBrowseList(vendor)
         vendor = browseList["vendor"]
         product = browseList["product"]
         return render_template('browse.html',
                                product=product,
                                vendor=vendor,
                                minimal=self.minimal)
     except redisExceptions.ConnectionError:
         return render_template('error.html',
                                minimal=self.minimal,
                                status={
                                    'except': 'redis-connection',
                                    'info': {
                                        'host':
                                        Configuration.getRedisHost(),
                                        'port':
                                        Configuration.getRedisPort()
                                    }
                                })
Beispiel #16
0
 def generate_full_query(self, f):
   query = self.generate_minimal_query(f)
   if current_user.is_authenticated():
       if f['blacklistSelect'] == "on":
           regexes = db.getRules('blacklist')
           if len(regexes) != 0:
               exp = "^(?!" + "|".join(regexes) + ")"
               query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
                                     {'vulnerable_configuration': {'$exists': False}},
                                     {'vulnerable_configuration': []} ]})
       if f['whitelistSelect'] == "hide":
           regexes = db.getRules('whitelist')
           if len(regexes) != 0:
               exp = "^(?!" + "|".join(regexes) + ")"
               query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
                                     {'vulnerable_configuration': {'$exists': False}},
                                     {'vulnerable_configuration': []} ]})
       if f['unlistedSelect'] == "hide":
           wlregexes = tk.compile(db.getRules('whitelist'))
           blregexes = tk.compile(db.getRules('blacklist'))
           query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}},
                                 {'vulnerable_configuration': {'$in': blregexes}}]})
   return query
Beispiel #17
0
  def generate_minimal_query(self, f):
    query = []
    # retrieving lists
    if f['rejectedSelect'] == "hide":
      exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
      query.append({'summary': re.compile(exp)})

    # cvss logic
    if   f['cvssSelect'] == "above":  query.append({'cvss': {'$gt': float(f['cvss'])}})
    elif f['cvssSelect'] == "equals": query.append({'cvss': float(f['cvss'])})
    elif f['cvssSelect'] == "below":  query.append({'cvss': {'$lt': float(f['cvss'])}})

    # date logic
    if f['timeSelect'] != "all":
      if f['startDate']:
        startDate = parse_datetime(f['startDate'], ignoretz=True, dayfirst=True)
      if f['endDate']:
        endDate   = parse_datetime(f['endDate'],   ignoretz=True, dayfirst=True)

      if   f['timeSelect'] == "from":
        query.append({f['timeTypeSelect']: {'$gt': startDate}})
      elif f['timeSelect'] == "until":
        query.append({f['timeTypeSelect']: {'$lt': endDate}})
      elif f['timeSelect'] == "between":
        query.append({f['timeTypeSelect']: {'$gt': startDate, '$lt': endDate}})
      elif f['timeSelect'] == "outside":
        query.append({'$or': [{f['timeTypeSelect']: {'$lt': startDate}}, {f['timeTypeSelect']: {'$gt': endDate}}]})
    return query
Beispiel #18
0
 def api_cvesFor(self, cpe):
     cpe = urllib.parse.unquote_plus(cpe)
     return query.cvesForCPE(cpe)
Beispiel #19
0
    keyword_whitelist=[...],
    store_whitelist=[...],
    keyword_blacklist=[...],
    store_blacklist=[...],
    max_distance=<number>
)

Add any queries that should be used to filter the results to the
`ACTIVE_QUERIES` array at the bottom of the file. For a notification
to be sent, the item must match at least one of the queries.
"""

from lib import Query

meat = Query(
    keyword_whitelist=["Kød"],
    store_blacklist=["Lyngby", "Tingbjerg", "LIDL - Dyssegaard"]
)

favourite = Query(
    store_whitelist=[
    "LIDL - Bagsværd",
    "LIDL - Kbh. Brønshøj",
    "Netto - Sydfrontvej 2",
    "Det Grønne Køkken",
    "Wiloo",
    "Frederiksdal - Virum",
    ]
)

nearby = Query(
    store_whitelist=["Netto", "LIDL", ],
Beispiel #20
0
   
    cves = CVEs.last(rankinglookup=rankinglookup, namelookup=namelookup, capeclookup=capeclookup)
    printer = CVEFilePrinter(cves=cves, rankinglookup=rankinglookup, namelookup=namelookup, capeclookup=capeclookup)

    if args.p:
        if args.y:
            try:
                date = args.y
                datetime.strptime(date, '%Y')
                date = date_parser.parse(date+'-01-01').isoformat()
            except ValueError:
                print('ERROR: wrong year format')
                sys.exit(0)
        if args.t:
            (total, hits) = query.count_keywords(product_pattern=args.p, cvss_lower_bound=cvss_lower_bound, start_year=date)
            print("TOTAL: %i" % total)
            print ("-------------------------------------------------\n")
            for (category, count) in hits.items():
                print("%s ==> %i" % (category, count))
            print ("-------------------------------------------------\n")
        elif args.k:
            results = query.product_search(product_pattern=args.p, keyword_pattern=args.k, 
                                           cvss_lower_bound=cvss_lower_bound, sort_type=sort_type, start_year=date)
            printer.print_txt(results)
        else:
            results = query.product_search(product_pattern=args.p, cvss_lower_bound=cvss_lower_bound, sort_type=sort_type, start_year=date)
            if args.o == "csv":
                printer.print_csv(results, args.v)
            if args.o == "html":
                printer.print_html(results, args.p)
Beispiel #21
0
    def generate_minimal_query(self, f):
        query = []
        # retrieving lists
        if f['rejectedSelect'] == "hide":
            exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
            query.append({'summary': re.compile(exp)})

        # cvss logic
        if f['cvssSelect'] == "above":
            query.append({'cvss': {'$gt': float(f['cvss'])}})
        elif f['cvssSelect'] == "equals":
            query.append({'cvss': float(f['cvss'])})
        elif f['cvssSelect'] == "below":
            query.append({'cvss': {'$lt': float(f['cvss'])}})

        # date logic
        if f['timeSelect'] != "all":
            if f['startDate']:
                startDate = parse_datetime(f['startDate'],
                                           ignoretz=True,
                                           dayfirst=True)
            if f['endDate']:
                endDate = parse_datetime(f['endDate'],
                                         ignoretz=True,
                                         dayfirst=True)

            if f['timeSelect'] == "from":
                query.append({f['timeTypeSelect']: {'$gt': startDate}})
            elif f['timeSelect'] == "until":
                query.append({f['timeTypeSelect']: {'$lt': endDate}})
            elif f['timeSelect'] == "between":
                query.append(
                    {f['timeTypeSelect']: {
                         '$gt': startDate,
                         '$lt': endDate
                     }})
            elif f['timeSelect'] == "outside":
                query.append({
                    '$or': [{
                        f['timeTypeSelect']: {
                            '$lt': startDate
                        }
                    }, {
                        f['timeTypeSelect']: {
                            '$gt': endDate
                        }
                    }]
                })
        return query
Beispiel #22
0
 def api_summary_cvefor(self, cpe):
     cpe = urllib.parse.unquote_plus(cpe)
     return query.summarycvesForCPE(cpe)
Beispiel #23
0
 def api_cvesFor(self, cpe):
   cpe  = urllib.parse.unquote_plus(cpe)
   cves = query.cvesForCPE(cpe)
   return cves
Beispiel #24
0
    start_year = args.b if args.b else 1997
    end_year = args.e if args.e else 2050
    start_year = date_parser.parse(str(start_year) + '-01-01').isoformat()
    end_year = date_parser.parse(str(end_year+1) + '-01-01').isoformat()

    cves = CVEs.last(rankinglookup='', namelookup='', capeclookup='')
    printer = CVEFilePrinter(cves=cves, rankinglookup='', namelookup='', capeclookup='')

    if args.p:
        if args.d:
            # print_distinct_cves_to_excel(product, keyword, cvss_lower_bound)
            dump_fixes(product, keyword)
        elif args.y:
            print_cve_counts_by_year_to_excel(product, keyword, cvss_lower_bound)
        elif args.m:
            access_complexity = args.c if args.c != None else ".*"
            print_cve_counts_by_month_to_excel(product, keyword, cvss_lower_bound, access_complexity)
        elif args.t:
            (total, hits) = query.count_keywords(product_pattern=args.p, cvss_lower_bound=cvss_lower_bound, start_year=start_year, end_year=end_year)
            print_summary(total, hits)
        elif args.l:
            print_fix_links(product=product, regex=keyword)
        else:
            results = query.product_search(product_pattern=product, keyword_pattern=keyword, cvss_lower_bound=cvss_lower_bound, start_year=start_year, end_year=end_year)
            if args.v:
                affected_versions_distribution(product, results, cvss_lower_bound)
            else:
                printer.print_txt(results)