def search_product(prod): if strict_vendor_product: search = prod.split(":") search = (search[0], search[1]) ret = cvesForCPE(search, lax=relaxSearch, vulnProdSearch=vulnerableProductSearch, strict_vendor_product=True) else: ret = cvesForCPE(prod, lax=relaxSearch, vulnProdSearch=vulnerableProductSearch) for item in ret["results"]: if not last_ndays: print_job(item) else: date_n_days_ago = datetime.now() - timedelta(days=last_ndays) if item["Published"] > date_n_days_ago: print_job(item)
def search(vendor=None, product=None): search = (vendor, product) cve = cvesForCPE(search, strict_vendor_product=True) return render_template("search.html", vendor=vendor, product=product, cve=cve)
def api_search(self, vendor=None, product=None): if not (vendor and product): return {} search = vendor + ":" + product # Not using query.cvesForCPE, because that one gives too much info # return json.dumps(db.cvesForCPE(search), default=json_util.default) return cvesForCPE(search)
def search(self, vendor=None, product=None): search = vendor + ":" + product cve = cvesForCPE(search) return render_template("search.html", vendor=vendor, product=product, cve=cve, minimal=self.minimal)
def search_product(prod): ret = cvesForCPE(prod, lax=relaxSearch, vulnProdSearch=vulnerableProductSearch) for item in ret["results"]: if not last_ndays: print_job(item) else: date_n_days_ago = datetime.now() - timedelta(days=last_ndays) if item["Published"] > date_n_days_ago: print_job(item)
def qcvesForCPE(cpe, limit=0): cpe = toStringFormattedCPE(cpe) data = [] if cpe: cvesp = CveHandler( rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False ) r = cvesForCPE(cpe, limit=limit) for x in r["results"]: data.append(cvesp.getcve(x["id"])) return data
def search_entity(cpe=None): cve = cvesForCPE(cpe) vendor = cpe.split(':')[3] try: product = cpe.split(':')[4] except IndexError: product = '' return render_template("search_entity.html", cve=cve, vendor=vendor, product=product)
def fetch_freetext_search(): search = "" if request.values.get("search"): search = request.values.get("search") vendor = "" if request.values.get("vendor"): vendor = request.values.get("vendor") product = "" if request.values.get("product"): product = request.values.get("product") if search != "": result = getSearchResults(search) cve = {"data": result["data"], "total": len(result["data"])} elif vendor != "" and product != "": search = (vendor, product) result = cvesForCPE(search, strict_vendor_product=True) cve = {"data": result["results"], "total": len(result["results"])} else: return make_response(jsonify(False), 400) # errors = result["errors"] if "errors" in result else [] return make_response(jsonify(cve), 200)
def is_number(s): try: ret = float(s) return ret except ValueError: return False if pyReq: with open(pyReq, "r") as f: for req in requirements.parse(f): lib = req.name specs = req.specs # get vulnerable versions vulns = {} for item in cvesForCPE(lib): if "vulnerable_configuration" in item: for entry in item["vulnerable_configuration"]: vulns[vuln_config(entry)] = [ "CVE: " + item["id"], "DATE: " + str(item["Published"]), "CVSS: " + str(item["cvss"]), item["summary"], ] # check if any of those is allowed according to specs found = False for vuln in vulns.keys(): sp = vuln.split(":") ind = -1 num = sp[ind] # if the last token is not a number or float then it must be e.g., 'alpha' while the