def resolve_vuls_by_cwe(self, info, **kwargs):
if _validate_jwt(info.context['request'].headers):
if 'cwe' in kwargs:
if isinstance(kwargs['cwe'], int):
return list(Vulnerability.objects(cwe=kwargs['cwe']))
else:
raise Exception("Unauthorized to perform action")
def mutate(self, info, **kwargs):
if _validate_jwt(info.context['request'].headers):
vuln_attributes = kwargs.get('vuln', {})
if not vuln_attributes:
raise Exception("You need to specify a vuln key")
else:
if not all(k in vuln_attributes for k in ("name", "tool", "description", "project", "scan")):
raise Exception("Mandatory fields not in Vulnerability Definition")
else:
try:
ref_project = Proj.objects.get(name=vuln_attributes.get('project'))
ref_scan = Scan.objects.get(name=vuln_attributes.get('scan'))
new_vuln = Vulnerability(name=vuln_attributes['name'], tool=vuln_attributes['tool'],
description=vuln_attributes['description'],
cwe=vuln_attributes.get('cwe', 0),
observation=vuln_attributes.get('observation', ''),
severity=vuln_attributes.get('severity', 1), project=ref_project,
remediation=vuln_attributes.get('remediation', '')
).save()
ref_scan.update(add_to_set__vulnerabilities=new_vuln.id)
except DoesNotExist:
return "Project OR Target or Scan not found"
except Exception as e:
return e.args
return CreateVulnerability(vulnerability=new_vuln)
else:
raise Exception("Unauthorized to perform action")
def read_vulnerabilities(directory):
vulnerabilities_by_cve_id = {}
try:
filenames = os.listdir(directory)
except Exception:
_logger.error("Could not read vulnerabilities from directory '%s'", directory)
return None
for filename in filenames:
absolute_filename = os.path.join(directory, filename)
try:
with open(absolute_filename) as fp:
features = json.load(fp).get('Layer', {}).get('Features', [])
for feature in features:
vulnerabilities = feature.get('Vulnerabilities', [])
for vulnerability in vulnerabilities:
vulnerability = Vulnerability(vulnerability)
if vulnerability.cve_id not in vulnerabilities_by_cve_id:
vulnerabilities_by_cve_id[vulnerability.cve_id] = vulnerability
except Exception:
_logger.error("Could not read vulnerabilities from '%s'", absolute_filename)
return None
return vulnerabilities_by_cve_id.values()
def vulnerability_generate(index: int) -> None:
# noinspection PyTypeChecker
vulnerability = Vulnerability.create_or_update(
{'name': 'vulnerability_%s' % index})[0]
print('\t%s: Upserted' % vulnerability.name)