def get(self, limit=5, skip=0):
entries = []
for item in getCVEs(limit=limit, skip=skip,
collection=self.collection)["results"]:
if not self.namelookup and not self.rankinglookup:
entries.append(item)
elif self.namelookup or self.rankinglookup:
if "vulnerable_configuration" in item:
vulconf = []
ranking = []
for conf in item["vulnerable_configuration"]:
vulconf.append(self.getcpe(cpeid=conf))
if self.rankinglookup:
rank = self.getranking(cpeid=conf)
if rank and rank not in ranking:
ranking.append(rank)
item["vulnerable_configuration"] = vulconf
if self.rankinglookup:
item["ranking"] = ranking
if "ranking" in item:
if len(item["ranking"]) == 0:
del item["ranking"]
if "cwe" in item and self.capeclookup:
if item["cwe"].lower() != "unknown":
item["capec"] = self.getcapec(
cweid=(item["cwe"].split("-")[1]))
entries.append(item)
return entries
def getFilterSettingsFromPost(r):
filters = dict(request.form)
errors = False
# retrieving data
try:
cve = filter_logic(filters, r)
except Exception:
cve = getCVEs(limit=config_args["pageLength"], skip=r)
errors = True
return {"filters": filters, "cve": cve, "errors": errors}
def filter_logic(filters, skip, limit=None):
query = generate_full_query(filters)
limit = limit if limit else config_args["pageLength"]
cve = getCVEs(limit=limit, skip=skip, query=query)
# marking relevant records
if current_user.is_authenticated:
if filters["whitelistSelect"] == "on":
cve["results"] = list_mark("white", cve["results"])
if filters["blacklistSelect"] == "mark":
cve["results"] = list_mark("black", cve["results"])
return cve
def filter_logic(self, filters, skip, limit=None):
query = self.generate_full_query(filters)
limit = limit if limit else self.args["pageLength"]
cve = getCVEs(limit=limit, skip=skip, query=query)
# marking relevant records
if current_user.is_authenticated:
if filters["whitelistSelect"] == "on":
cve["results"] = self.list_mark("white", cve["results"])
if filters["blacklistSelect"] == "mark":
cve["results"] = self.list_mark("black", cve["results"])
self.plugManager.mark(cve, **self.pluginArgs)
return cve
def listManagementAdd():
# this functionality is broken; needs further investigation....
post_data = dict(request.json)
redisdb = config.getRedisVendorConnection()
# retrieve the separate item parts
item = post_data["item"]
listType = post_data["list"]
pattern = re.compile("^[a-z:/0-9.~_%-]+$")
if pattern.match(item):
item = item.split(":")
added = False
if len(item) == 1:
# only vendor, so a check on cpe type is needed
if redisdb.sismember("t:/o", item[0]):
if addCPEToList("cpe:/o:" + item[0], listType):
added = True
if redisdb.sismember("t:/a", item[0]):
if addCPEToList("cpe:/a:" + item[0], listType):
added = True
if redisdb.sismember("t:/h", item[0]):
if addCPEToList("cpe:/h:" + item[0], listType):
added = True
elif 4 > len(item) > 1:
# cpe type can be found with a mongo regex query
result = getCVEs(query={"cpe_2_2": {"$regex": item[1]}})["results"]
if len(result) != 0:
prefix = ((result[0])["cpe_2_2"])[:7]
if len(item) == 2:
if addCPEToList(prefix + item[0] + ":" + item[1],
listType):
added = True
if len(item) == 3:
if addCPEToList(
prefix + item[0] + ":" + item[1] + ":" + item[2],
listType):
added = True
status = "added_to_list" if added else "could_not_add_to_list"
else:
status = "invalid_cpe"
j = {"status": status, "listType": listType}
return jsonify(j)
def listManagementAdd(self):
# retrieve the separate item parts
item = request.args.get("item", type=str)
listType = request.args.get("list", type=str)
pattern = re.compile("^[a-z:/0-9.~_%-]+$")
if pattern.match(item):
item = item.split(":")
added = False
if len(item) == 1:
# only vendor, so a check on cpe type is needed
if self.redisdb.sismember("t:/o", item[0]):
if self.addCPEToList("cpe:/o:" + item[0], listType):
added = True
if self.redisdb.sismember("t:/a", item[0]):
if self.addCPEToList("cpe:/a:" + item[0], listType):
added = True
if self.redisdb.sismember("t:/h", item[0]):
if self.addCPEToList("cpe:/h:" + item[0], listType):
added = True
elif 4 > len(item) > 1:
# cpe type can be found with a mongo regex query
result = getCVEs(query={"cpe_2_2": {
"$regex": item[1]
}})["results"]
if result.count() != 0:
prefix = ((result[0])["cpe_2_2"])[:7]
if len(item) == 2:
if self.addCPEToList(prefix + item[0] + ":" + item[1],
listType):
added = True
if len(item) == 3:
if self.addCPEToList(
prefix + item[0] + ":" + item[1] + ":" +
item[2], listType):
added = True
status = "added_to_list" if added else "could_not_add_to_list"
else:
status = "invalid_cpe"
j = {"status": status, "listType": listType}
return jsonify(j)
def lastentries(limit=5, namelookup=False, rankinglookup=True):
entries = []
for item in getCVEs(limit)["results"]:
if not namelookup and rankinglookup is not True:
entries.append(item)
else:
if "vulnerable_configuration" in item:
vulconf = []
ranking = []
for conf in item["vulnerable_configuration"]:
if namelookup:
vulconf.append(lookupcpe(cpeid=conf))
else:
vulconf.append(conf)
if rankinglookup:
rank = findranking(cpe=conf)
if rank and rank not in ranking:
ranking.append(rank)
item["vulnerable_configuration"] = vulconf
if rankinglookup and len(ranking) > 0:
item["ranking"] = ranking
entries.append(item)
return entries
for ra in ranking:
for e in ra:
for i in e:
print("{}: {}".format(i, str(e[i])))
print("\n\n")
# Search in summary text
def search_in_summary(item):
print(item["summary"])
# if args.a in str(item['summary']):
# printCVE_json(item)
if cveSearch:
for item in getCVEs(cves=cveSearch)["results"]:
print_job(item)
if htmlOutput:
print("</body></html>")
sys.exit(0)
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
try:
for item in getFreeText(vFreeSearch):
printCVE_json(item, indent=2)
except:
sys.exit("Free text search not enabled on the database!")
sys.exit(0)
def filter_logic(self, filters, skip, limit=None):
query = self.generate_minimal_query(filters)
limit = limit if limit else self.args["pageLength"]
return getCVEs(limit=limit, skip=skip, query=query)
# check modification date
date = False
if icve is not None and icpeo is not None:
# Go check date
if icve >= icpeo:
print("Not modified")
sys.exit(0)
else:
date = True
# only get collection of new CVE's
collections = []
if date:
collections = getCVEsNewerThan(icve)["results"]
else:
collections = getCVEs()["results"]
# check cpes for cves and parse and store missing cpes in cpeother
batch = []
# skip on empty collections
col = list(collections)
if not col:
print("Empty collections, import skipped")
sys.exit(2)
for item in tqdm(col):
for cpeentry in item["vulnerable_configuration"]:
checkdup = getAlternativeCPE(cpeentry)
if checkdup and len(checkdup) <= 0:
entry = getCPE(cpeentry)
if entry and len(entry.count) <= 0:
