Example #1
0
def test_get_cwes_details():
    db.session.add(
        Cwe(cwe_id="CWE-1", name="Name of CWE-1", description="Description of CWE-1")
    )
    db.session.add(
        Cwe(cwe_id="CWE-2", name="Name of CWE-2", description="Description of CWE-2")
    )
    db.session.commit()

    cwes = get_cwes_details(
        [{"lang": "en", "value": "CWE-1"}, {"lang": "en", "value": "CWE-2"}]
    )
    assert cwes == {"CWE-1": "Name of CWE-1", "CWE-2": "Name of CWE-2"}

    cwes = get_cwes_details(
        [
            {"lang": "en", "value": "CWE-1"},
            {"lang": "en", "value": "CWE-1"},
            {"lang": "en", "value": "CWE-2"},
        ]
    )
    assert cwes == {"CWE-1": "Name of CWE-1", "CWE-2": "Name of CWE-2"}

    cwes = get_cwes_details([{"lang": "en", "value": "CWE-3"}])
    assert cwes == {"CWE-3": None}
Example #2
0
def cve(cve_id):
    cve = CveController.get({"cve_id": cve_id})

    vendors = convert_cpes(cve.json["configurations"])
    cwes = get_cwes_details(
        cve.json["cve"]["problemtype"]["problemtype_data"][0]["description"])

    # Get the user tags
    user_tags = []
    if current_user.is_authenticated:
        user_tags = UserTagController.list_items({"user_id": current_user.id})

    # We have to pass an encoded list of tags for the modal box
    cve_tags_encoded = json.dumps([t.name for t in cve.tags])

    events = Event.query.filter_by(cve_id=cve.id).order_by(
        Event.created_at.desc())

    events_by_time = [(time, list(evs)) for time, evs in (
        itertools.groupby(events, operator.attrgetter("created_at")))]

    return render_template(
        "cve.html",
        cve=cve,
        cve_dumped=json.dumps(cve.json),
        vendors=vendors,
        cwes=cwes,
        user_tags=user_tags,
        cve_tags_encoded=cve_tags_encoded,
        events_by_time=events_by_time,
    )
Example #3
0
def cve(cve_id):
    cve = CveController.get({"cve_id": cve_id})

    vendors = convert_cpes(cve.json["configurations"])
    cwes = get_cwes_details(
        cve.json["cve"]["problemtype"]["problemtype_data"][0]["description"])

    return render_template("cve.html",
                           cve=cve,
                           cve_dumped=json.dumps(cve.json),
                           vendors=vendors,
                           cwes=cwes)
Example #4
0
def cve(cve_id):
    q = Cve.query

    # Search the CVE
    cve = q.filter_by(cve_id=cve_id).first()

    if not cve:
        return redirect(url_for("main.cves"))

    # Nested dict of vendors and their products
    vendors = convert_cpes(cve.json["configurations"])
    cwes = get_cwes_details(
        cve.json["cve"]["problemtype"]["problemtype_data"][0]["description"])

    return render_template("cve.html",
                           cve=cve,
                           cve_dumped=json.dumps(cve.json),
                           vendors=vendors,
                           cwes=cwes)