Beispiel #1
0
    def get_entry_info(self, entry):
        """Parse the top level entry object in the XML file
        Args:
            entry (lxml.etree._Element): This is an lxml Element
        Returns:
            Dictionary
            {
                "cvss_vector": [
                    {
                        "metric": "Access Vector",
                        "value": "Network"
                    },
                    {
                        "metric": "Access Complexity",
                        "value": "Medium"
                    }
                ],
                "cve_sev": "Medium",
                "cve_id": "CVE-2009-5138",
                "cvss_base_score": "5.8",
                "cvss_exploit_subscore": "8.6",
                "cvss_version": "2.0",
                "cvss_impact_subscore": "4.9",
                "cvss_score": "5.8"
            }
        """
        data = {}
        attrib = entry.attrib
        data[CveKey.CveId] = attrib.get(CVEStrings.CVE_NAME)
        data[CveKey.CveSev] = attrib.get(CVEStrings.CVE_SEVERITY)
        data[CveKey.CvePublishedDate] = (r.epoch_time(
            timestamp_verifier(
                date_parser(attrib.get(CVEStrings.CVE_PUBLISHED_DATE)))))
        data[CveKey.CveModifiedDate] = (r.epoch_time(
            timestamp_verifier(
                date_parser(attrib.get(CVEStrings.CVE_MODIFIED_DATE)))))
        data[CveKey.CvssScore] = (attrib.get(CVEStrings.CVSS_SCORE))
        data[CveKey.CvssBaseScore] = (attrib.get(CVEStrings.CVSS_BASE_SCORE))
        data[CveKey.CvssImpactSubScore] = (attrib.get(
            CVEStrings.CVSS_IMPACT_SUBSCORE))
        data[CveKey.CvssExploitSubScore] = (attrib.get(
            CVEStrings.CVSS_EXPLOIT_SUBSCORE))
        data[CveKey.CvssVector] = (self._parse_vectors(
            attrib.get(CVEStrings.CVSS_VECTOR)))
        data[CveKey.CvssVersion] = (attrib.get(CVEStrings.CVSS_VERSION))

        return (data)
Beispiel #2
0
    def get_entry_info(self, entry):
        """Parse the top level entry object in the XML file
        Args:
            entry (lxml.etree._Element): This is an lxml Element
        Returns:
            Dictionary
            {
                "cvss_vector": [
                    {
                        "metric": "Access Vector",
                        "value": "Network"
                    },
                    {
                        "metric": "Access Complexity",
                        "value": "Medium"
                    }
                ],
                "cve_sev": "Medium",
                "cve_id": "CVE-2009-5138",
                "cvss_base_score": "5.8",
                "cvss_exploit_subscore": "8.6",
                "cvss_version": "2.0",
                "cvss_impact_subscore": "4.9",
                "cvss_score": "5.8"
            }
        """
        data = {}
        attrib = entry.attrib
        data[CveKey.CveId] = attrib.get(CVEStrings.CVE_NAME)
        data[CveKey.CveSev] = attrib.get(CVEStrings.CVE_SEVERITY)
        data[CveKey.CvePublishedDate] = r.epoch_time(
            timestamp_verifier(date_parser(attrib.get(CVEStrings.CVE_PUBLISHED_DATE)))
        )
        data[CveKey.CveModifiedDate] = r.epoch_time(
            timestamp_verifier(date_parser(attrib.get(CVEStrings.CVE_MODIFIED_DATE)))
        )
        data[CveKey.CvssScore] = attrib.get(CVEStrings.CVSS_SCORE)
        data[CveKey.CvssBaseScore] = attrib.get(CVEStrings.CVSS_BASE_SCORE)
        data[CveKey.CvssImpactSubScore] = attrib.get(CVEStrings.CVSS_IMPACT_SUBSCORE)
        data[CveKey.CvssExploitSubScore] = attrib.get(CVEStrings.CVSS_EXPLOIT_SUBSCORE)
        data[CveKey.CvssVector] = self._parse_vectors(attrib.get(CVEStrings.CVSS_VECTOR))
        data[CveKey.CvssVersion] = attrib.get(CVEStrings.CVSS_VERSION)

        return data
Beispiel #3
0
def store_package_info_in_db(username,
                             customer_name,
                             uri,
                             method,
                             size,
                             md5,
                             operating_system,
                             uuid,
                             name,
                             severity,
                             arch,
                             major_version,
                             minor_version,
                             release_date=0.0,
                             vendor_name=None,
                             description=None,
                             cli_options=None,
                             support_url=None,
                             kb=None,
                             conn=None):

    PKG_FILE = TMP_DIR + uuid + '/' + name
    URL_PATH = 'https://localhost/packages/tmp/' + uuid + '/'
    url = URL_PATH + name

    if os.path.exists(PKG_FILE):
        if (isinstance(release_date, str)
                or isinstance(release_date, unicode)):

            orig_release_date = release_date
            if (len(release_date.split('-')) == 3
                    or len(release_date.split('/')) == 3):
                release_date = (r.epoch_time(date_parser(release_date)))

            else:
                release_date = (r.epoch_time(timestamp_verifier(release_date)))

        data_to_store = {
            CustomAppsKey.Name: name,
            CustomAppsPerAgentKey.Dependencies: [],
            CustomAppsKey.RvSeverity: severity,
            CustomAppsKey.VendorSeverity: severity,
            CustomAppsKey.ReleaseDate: release_date,
            CustomAppsKey.VendorName: vendor_name,
            CustomAppsKey.Description: description,
            CustomAppsKey.MajorVersion: major_version,
            CustomAppsKey.MinorVersion: minor_version,
            CustomAppsKey.Version: major_version + '.' + minor_version,
            CustomAppsKey.OsCode: operating_system,
            CustomAppsKey.Kb: kb,
            CustomAppsKey.Hidden: 'no',
            CustomAppsKey.CliOptions: cli_options,
            CustomAppsKey.Arch: arch,
            CustomAppsKey.RebootRequired: 'possible',
            CustomAppsKey.SupportUrl: support_url,
            CustomAppsKey.Customers: [customer_name],
            CustomAppsPerAgentKey.Update: PackageCodes.ThisIsNotAnUpdate,
            CustomAppsKey.FilesDownloadStatus:
            PackageCodes.FileCompletedDownload,
            CustomAppsKey.AppId: uuid
        }
        file_data = ([{
            FilesKey.FileUri: url,
            FilesKey.FileSize: int(size),
            FilesKey.FileHash: md5,
            FilesKey.FileName: name
        }])
        try:
            updated = (r.table(AppCollections.CustomApps).insert(
                data_to_store, upsert=True).run(conn))

            add_custom_app_to_agents(username,
                                     customer_name,
                                     uri,
                                     method,
                                     file_data,
                                     app_id=uuid)

            data_to_store['release_date'] = orig_release_date
            results = (GenericResults(username, uri, method).object_created(
                uuid, 'custom_app', data_to_store))
            logger.info(results)

        except Exception as e:
            results = (GenericResults(username, uri, method).something_broke(
                uuid, 'custom_app', e))
            logger.exception(e)
    else:
        results = (GenericResults(username, uri,
                                  method).file_doesnt_exist(name, e))
        logger.info(results)

    return (results)
Beispiel #4
0
def store_package_info_in_db(
        username, customer_name, uri, method,
        size, md5, operating_system,
        uuid, name, severity, arch, major_version,
        minor_version, release_date=0.0,
        vendor_name=None, description=None,
        cli_options=None, support_url=None,
        kb=None, conn=None):

    PKG_FILE = TMP_DIR + uuid + '/' + name
    URL_PATH = 'https://localhost/packages/tmp/' + uuid + '/'
    url = URL_PATH + name

    if os.path.exists(PKG_FILE):
        if (isinstance(release_date, str) or
            isinstance(release_date, unicode)):

            orig_release_date = release_date
            if (len(release_date.split('-')) == 3 or len(release_date.split('/')) == 3):
                release_date = (
                    r
                    .epoch_time(date_parser(release_date))
                )

            else:
                release_date = (
                    r
                    .epoch_time(
                        timestamp_verifier(release_date)
                    )
                )

        data_to_store = {
            CustomAppsKey.Name: name,
            CustomAppsPerAgentKey.Dependencies: [],
            CustomAppsKey.RvSeverity: severity,
            CustomAppsKey.VendorSeverity: severity,
            CustomAppsKey.ReleaseDate: release_date,
            CustomAppsKey.VendorName: vendor_name,
            CustomAppsKey.Description: description,
            CustomAppsKey.MajorVersion: major_version,
            CustomAppsKey.MinorVersion: minor_version,
            CustomAppsKey.Version: major_version + '.' + minor_version,
            CustomAppsKey.OsCode: operating_system,
            CustomAppsKey.Kb: kb,
            CustomAppsKey.Hidden: 'no',
            CustomAppsKey.CliOptions: cli_options,
            CustomAppsKey.Arch: arch,
            CustomAppsKey.RebootRequired: 'possible',
            CustomAppsKey.SupportUrl: support_url,
            CustomAppsKey.Customers: [customer_name],
            CustomAppsPerAgentKey.Update: PackageCodes.ThisIsNotAnUpdate,
            CustomAppsKey.FilesDownloadStatus: PackageCodes.FileCompletedDownload,
            CustomAppsKey.AppId: uuid
        }
        file_data = (
            [
                {
                    FilesKey.FileUri: url,
                    FilesKey.FileSize: int(size),
                    FilesKey.FileHash: md5,
                    FilesKey.FileName: name
                }
            ]
        )
        try:
            updated = (
                r
                .table(AppCollections.CustomApps)
                .insert(data_to_store, conflict="replace")
                .run(conn)
            )

            add_custom_app_to_agents(
                username, customer_name,
                uri, method, file_data,
                app_id=uuid
            )

            data_to_store['release_date'] = orig_release_date
            results = (
                GenericResults(
                    username, uri, method
                ).object_created(uuid, 'custom_app', data_to_store)
            )
            logger.info(results)

        except Exception as e:
            results = (
                GenericResults(
                    username, uri, method
                ).something_broke(uuid, 'custom_app', e)
            )
            logger.exception(e)
    else:
        results = (
            GenericResults(
                username, uri, method
            ).file_doesnt_exist(name)
        )
        logger.info(results)

    return(results)