def generate_full_query(self, f): query = self.generate_minimal_query(f) if current_user.is_authenticated(): if f['blacklistSelect'] == "on": regexes = db.getRules('blacklist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({ '$or': [{ 'vulnerable_configuration': re.compile(exp) }, { 'vulnerable_configuration': { '$exists': False } }, { 'vulnerable_configuration': [] }] }) if f['whitelistSelect'] == "hide": regexes = db.getRules('whitelist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({ '$or': [{ 'vulnerable_configuration': re.compile(exp) }, { 'vulnerable_configuration': { '$exists': False } }, { 'vulnerable_configuration': [] }] }) if f['unlistedSelect'] == "hide": wlregexes = tk.compile(db.getRules('whitelist')) blregexes = tk.compile(db.getRules('blacklist')) query.append({ '$or': [{ 'vulnerable_configuration': { '$in': wlregexes } }, { 'vulnerable_configuration': { '$in': blregexes } }] }) return query
def markCPEs(self, cve): blacklist = tk.compile(db.getRules('blacklist')) whitelist = tk.compile(db.getRules('whitelist')) for conf in cve['vulnerable_configuration']: conf['list'] = 'none' conf['match'] = 'none' for w in whitelist: if w.match(conf['id']): conf['list'] = 'white' conf['match'] = w for b in blacklist: if b.match(conf['id']): conf['list'] = 'black' conf['match'] = b return cve
def markCPEs(self, cve): blacklist = tk.compile(db.getRules('blacklist')) whitelist = tk.compile(db.getRules('whitelist')) for conf in cve['vulnerable_configuration']: conf['list'] = 'none' conf['match'] = 'none' for w in whitelist: if w.match(conf['id']): conf['list'] = 'white' conf['match'] = w for b in blacklist: if b.match(conf['id']): conf['list'] = 'black' conf['match'] = b return cve
def list_mark(self, listed, cveList): if listed not in ['white', 'black']: return list(cves) items = tk.compile(db.getRules(listed+'list')) # check the cpes (full or partially) in the black/whitelist for i, cve in enumerate(list(cveList)): # the list() is to ensure we don't have a pymongo cursor object for c in cve['vulnerable_configuration']: if any(regex.match(c) for regex in items): cveList[i][listed+'listed'] = 'yes' return cveList
def list_mark(self, listed, cveList): if listed not in ['white', 'black']: return list(cves) items = tk.compile(db.getRules(listed+'list')) # check the cpes (full or partially) in the black/whitelist for i, cve in enumerate(list(cveList)): # the list() is to ensure we don't have a pymongo cursor object for c in cve['vulnerable_configuration']: if any(regex.match(c) for regex in items): cveList[i][listed+'listed'] = 'yes' return cveList
def generate_full_query(self, f): query = self.generate_minimal_query(f) if current_user.is_authenticated(): if f['blacklistSelect'] == "on": regexes = db.getRules('blacklist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if f['whitelistSelect'] == "hide": regexes = db.getRules('whitelist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if f['unlistedSelect'] == "hide": wlregexes = tk.compile(db.getRules('whitelist')) blregexes = tk.compile(db.getRules('blacklist')) query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}}, {'vulnerable_configuration': {'$in': blregexes}}]}) return query