def cve(cve_id):
cvesp = CveHandler(
rankinglookup=True,
namelookup=True,
via4lookup=True,
capeclookup=True,
subscorelookup=True,
)
cve = cvesp.getcve(cveid=cve_id.upper())
if cve is None:
return render_template("error.html",
status={
"except": "cve-not-found",
"info": {
"cve": cve_id
}
})
if app.config["WebInterface"]:
cve = markCPEs(cve)
plugManager.onCVEOpen(cve_id, **pluginArgs)
pluginData = plugManager.cvePluginInfo(cve_id, **pluginArgs)
return render_template("cve.html", cve=cve, plugins=pluginData)
else:
return render_template("cve.html", cve=cve)
def api_last(self, limit=None):
limit = limit if limit else 30
cvesp = CveHandler(
rankinglookup=True, namelookup=True, via4lookup=True, capeclookup=True
)
cve = cvesp.get(limit=limit)
return cve
def watchlist_cve(cveid):
entity = request.args.get('entity')
product = request.args.get('product')
cvesp = CveHandler(
rankinglookup=True,
namelookup=True,
via4lookup=True,
capeclookup=True,
subscorelookup=True,
)
cve = cvesp.getcve(cveid=cveid.upper())
if cve is None:
return render_template("error.html",
status={
"except": "cve-not-found",
"info": {
"cve": cveid
}
})
wcve = getWatchlistCVE(cveid, entity, product)
if wcve and 'comment' in wcve:
comment = wcve['comment']
else:
comment = None
return render_template("watchlistCve.html",
cve=cve,
entity=entity,
product=product,
comment=comment)
def api_cve(self, cveid):
cvesp = CveHandler(
rankinglookup=True, namelookup=True, via4lookup=True, capeclookup=True
)
cve = cvesp.getcve(cveid=cveid.upper())
if not cve:
raise (APIError("cve not found", 404))
return cve
def qcvesForCPE(cpe, limit=0):
cpe = toStringFormattedCPE(cpe)
data = []
if cpe:
cvesp = CveHandler(
rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False
)
r = cvesForCPE(cpe, limit=limit)
for x in r["results"]:
data.append(cvesp.getcve(x["id"]))
return data
def cve(self, cveid):
cveid = cveid.upper()
cvesp = CveHandler(
rankinglookup=True,
namelookup=True,
via4lookup=True,
capeclookup=True,
subscorelookup=True,
)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return render_template("error.html",
status={
"except": "cve-not-found",
"info": {
"cve": cveid
}
})
cve = self.markCPEs(cve)
self.plugManager.onCVEOpen(cveid, **self.pluginArgs)
pluginData = self.plugManager.cvePluginInfo(cveid, **self.pluginArgs)
return render_template("cve.html", cve=cve, plugins=pluginData)
def cve(cve_id):
cvesp = CveHandler(
rankinglookup=True,
namelookup=True,
via4lookup=True,
capeclookup=True,
subscorelookup=True,
)
cve = cvesp.getcve(cveid=cve_id.upper())
if cve is None:
return (
render_template(
"error.html",
status={"except": "cve-not-found", "info": {"cve": cve_id}},
),
404,
)
if app.config["WebInterface"]:
cve = markCPEs(cve)
return render_template("cve.html", cve=cve)
else:
return render_template("cve.html", cve=cve)
runPath = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(runPath, ".."))
from lib.CVEs import CveHandler
from lib.DatabaseLayer import getCVEIDs
argParser = argparse.ArgumentParser(description='Dump database in JSON format')
argParser.add_argument('-r', default=False, action='store_true', help='Include ranking value')
argParser.add_argument('-v', default=False, action='store_true', help='Include via4 map')
argParser.add_argument('-c', default=False, action='store_true', help='Include CAPEC information')
argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)')
args = argParser.parse_args()
rankinglookup = args.r
via4lookup = args.v
capeclookup = args.c
cves = CveHandler(rankinglookup=rankinglookup, via4lookup=via4lookup, capeclookup=capeclookup)
for cveid in getCVEIDs(limit=args.l):
item = cves.getcve(cveid=cveid)
if 'cvss' in item:
if type(item['cvss']) == str:
item['cvss'] = float(item['cvss'])
date_fields = ['cvss-time', 'Modified', 'Published']
for field in date_fields:
if field in item:
item[field] = str(item[field])
print(json.dumps(item, sort_keys=True, default=json_util.default))
)
argParser.add_argument("-c",
default=False,
action="store_true",
help="Display CAPEC values")
args = argParser.parse_args()
if args.l:
last_items = args.l
else:
last_items = 10
ref = "http://adulau.github.com/cve-search/"
cvelist = CveHandler(rankinglookup=args.r,
namelookup=args.n,
capeclookup=args.c)
if not (args.f == "html"):
from feedformatter import Feed
feed = Feed()
feed.feed["title"] = ("cve-search Last " + str(last_items) +
" CVE entries generated on " +
str(datetime.datetime.now()))
feed.feed["link"] = "http://adulau.github.com/cve-search/"
feed.feed[
"author"] = "Generated with cve-search available at http://adulau.github.com/cve-search/"
feed.feed["description"] = ""
else:
vSearch = args.p
relaxSearch = args.lax
strict_vendor_product = args.strict_vendor_product
vulnerableProductSearch = args.vulnProdSearch
cveSearch = [x.upper() for x in args.c] if args.c else None
vOutput = args.o
vFreeSearch = args.f
sLatest = args.l
namelookup = args.n
rankinglookup = args.r
capeclookup = args.a
last_ndays = args.t
summary_text = args.s
nlimit = args.i
cves = CveHandler(rankinglookup=rankinglookup, namelookup=namelookup, capeclookup=capeclookup)
def print_job(item):
if csvOutput:
printCVE_csv(item)
elif htmlOutput:
printCVE_html(item)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item)
elif xmlOutput:
printCVE_xml(item)
elif cveidOutput:
printCVE_id(item)
)
argParser.add_argument("-v", action="store_true", default=False, help="Verbose logging")
argParser.add_argument(
"-l",
default=5,
help="Number of last entries to index (Default: 5) - 0 to index all documents",
)
argParser.add_argument(
"-n",
action="store_true",
default=False,
help="lookup complete cpe (Common Platform Enumeration) name for vulnerable configuration to add in the index",
)
args = argParser.parse_args()
c = CveHandler(namelookup=args.n)
indexpath = Configuration.getIndexdir()
schema = Schema(
title=TEXT(stored=True), path=ID(stored=True, unique=True), content=TEXT
)
if not os.path.exists(indexpath):
os.mkdir(indexpath)
if not exists_in(indexpath):
ix = create_in(indexpath, schema)
else:
ix = open_dir(indexpath)
"-n",
action="store_true",
help=
"lookup complete cpe (Common Platform Enumeration) name for vulnerable configuration",
)
argParser.add_argument("-r",
action="store_true",
help="lookup ranking of vulnerable configuration")
args = argParser.parse_args()
if not args.q and not args.l and not args.g and not args.m:
argParser.print_help()
exit(1)
if args.f or args.t:
cves = CveHandler(rankinglookup=args.r, namelookup=args.n)
if args.q:
with ix.searcher() as searcher:
if not args.o:
query = QueryParser("content", ix.schema).parse(" ".join(args.q))
else:
query = QueryParser("content",
schema=ix.schema,
group=qparser.OrGroup).parse(" ".join(args.q))
results = searcher.search(query, limit=None)
for x in results:
if not args.f:
print(x["path"])
else:
