def generate_full_query(self, f):
query = self.generate_minimal_query(f)
if current_user.is_authenticated():
if f['blacklistSelect'] == "on":
regexes = db.getRules('blacklist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({
'$or': [{
'vulnerable_configuration': re.compile(exp)
}, {
'vulnerable_configuration': {
'$exists': False
}
}, {
'vulnerable_configuration': []
}]
})
if f['whitelistSelect'] == "hide":
regexes = db.getRules('whitelist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({
'$or': [{
'vulnerable_configuration': re.compile(exp)
}, {
'vulnerable_configuration': {
'$exists': False
}
}, {
'vulnerable_configuration': []
}]
})
if f['unlistedSelect'] == "hide":
wlregexes = tk.compile(db.getRules('whitelist'))
blregexes = tk.compile(db.getRules('blacklist'))
query.append({
'$or': [{
'vulnerable_configuration': {
'$in': wlregexes
}
}, {
'vulnerable_configuration': {
'$in': blregexes
}
}]
})
return query
def markCPEs(self, cve):
blacklist = tk.compile(db.getRules('blacklist'))
whitelist = tk.compile(db.getRules('whitelist'))
for conf in cve['vulnerable_configuration']:
conf['list'] = 'none'
conf['match'] = 'none'
for w in whitelist:
if w.match(conf['id']):
conf['list'] = 'white'
conf['match'] = w
for b in blacklist:
if b.match(conf['id']):
conf['list'] = 'black'
conf['match'] = b
return cve
def markCPEs(self, cve):
blacklist = tk.compile(db.getRules('blacklist'))
whitelist = tk.compile(db.getRules('whitelist'))
for conf in cve['vulnerable_configuration']:
conf['list'] = 'none'
conf['match'] = 'none'
for w in whitelist:
if w.match(conf['id']):
conf['list'] = 'white'
conf['match'] = w
for b in blacklist:
if b.match(conf['id']):
conf['list'] = 'black'
conf['match'] = b
return cve
def list_mark(self, listed, cveList):
if listed not in ['white', 'black']: return list(cves)
items = tk.compile(db.getRules(listed+'list'))
# check the cpes (full or partially) in the black/whitelist
for i, cve in enumerate(list(cveList)): # the list() is to ensure we don't have a pymongo cursor object
for c in cve['vulnerable_configuration']:
if any(regex.match(c) for regex in items):
cveList[i][listed+'listed'] = 'yes'
return cveList
def list_mark(self, listed, cveList):
if listed not in ['white', 'black']: return list(cves)
items = tk.compile(db.getRules(listed+'list'))
# check the cpes (full or partially) in the black/whitelist
for i, cve in enumerate(list(cveList)): # the list() is to ensure we don't have a pymongo cursor object
for c in cve['vulnerable_configuration']:
if any(regex.match(c) for regex in items):
cveList[i][listed+'listed'] = 'yes'
return cveList
def generate_full_query(self, f):
query = self.generate_minimal_query(f)
if current_user.is_authenticated():
if f['blacklistSelect'] == "on":
regexes = db.getRules('blacklist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
{'vulnerable_configuration': {'$exists': False}},
{'vulnerable_configuration': []} ]})
if f['whitelistSelect'] == "hide":
regexes = db.getRules('whitelist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
{'vulnerable_configuration': {'$exists': False}},
{'vulnerable_configuration': []} ]})
if f['unlistedSelect'] == "hide":
wlregexes = tk.compile(db.getRules('whitelist'))
blregexes = tk.compile(db.getRules('blacklist'))
query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}},
{'vulnerable_configuration': {'$in': blregexes}}]})
return query
