def generate_full_query(self, f): query = self.generate_minimal_query(f) if current_user.is_authenticated: if f["blacklistSelect"] == "on": regexes = getRules("blacklist") if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({ "$or": [ { "vulnerable_configuration": re.compile(exp) }, { "vulnerable_configuration": { "$exists": False } }, { "vulnerable_configuration": [] }, ] }) if f["whitelistSelect"] == "hide": regexes = getRules("whitelist") if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({ "$or": [ { "vulnerable_configuration": re.compile(exp) }, { "vulnerable_configuration": { "$exists": False } }, { "vulnerable_configuration": [] }, ] }) if f["unlistedSelect"] == "hide": wlregexes = tk_compile(getRules("whitelist")) blregexes = tk_compile(getRules("blacklist")) query.append({ "$or": [ { "vulnerable_configuration": { "$in": wlregexes } }, { "vulnerable_configuration": { "$in": blregexes } }, ] }) return query
def markCPEs(cve): blacklist = tk_compile(getRules("blacklist")) whitelist = tk_compile(getRules("whitelist")) for conf in cve["vulnerable_configuration"]: conf["list"] = "none" conf["match"] = "none" for w in whitelist: if w.match(conf["id"]): conf["list"] = "white" conf["match"] = w for b in blacklist: if b.match(conf["id"]): conf["list"] = "black" conf["match"] = b return cve
def list_mark(listed, cveList): if listed not in ["white", "black"]: return list(cveList) items = tk_compile(getRules(listed + "list")) # check the cpes (full or partially) in the black/whitelist for i, cve in enumerate( list(cveList) ): # the list() is to ensure we don't have a pymongo cursor object for c in cve["vulnerable_configuration"]: if any(regex.match(c) for regex in items): cveList[i][listed + "listed"] = "yes" return cveList