def _enhance(self, scan):
cvesp = cves.last(rankinglookup=False,
namelookup=False,
vfeedlookup=True,
capeclookup=False)
for system in scan['systems']:
cpe = system['cpes'] if 'cpes' in system else None
if cpe:
cpes = []
for c in cpe:
c = c.lower()
cpes.append({
'cpe':
c,
'cves': [
cvesp.getcve(x['id'])
for x in db.cvesForCPE(toStringFormattedCPE(c))
]
})
system['cpes'] = cpes
for service in system['services']:
if 'cpe' in service:
service['cves'] = db.cvesForCPE(service['cpe'])
scan['enhanced'] = {"time": int(datetime.now().strftime('%s'))}
return scan
def search(vendor=None, product=None):
search = vendor + ":" + product
cve = db.cvesForCPE(search)
return render_template('search.html',
vendor=vendor,
product=product,
cve=cve)
def apiCVEFor(cpe):
cpe=urllib.parse.unquote_plus(cpe)
cpe=toStringFormattedCPE(cpe)
r = []
cvesp = cves.last(rankinglookup=False, namelookup=False, vfeedlookup=True, capeclookup=False)
for x in db.cvesForCPE(cpe):
r.append(cvesp.getcve(x['id']))
return json.dumps(r)
def cvesForCPE(cpe):
cpe = tk.toStringFormattedCPE(cpe)
data = []
if cpe:
cvesp = cves.last(rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False)
for x in db.cvesForCPE(cpe):
data.append(cvesp.getcve(x['id']))
return cves
def cvesForCPE(cpe):
cpe = tk.toStringFormattedCPE(cpe)
data = []
if cpe:
cvesp = cves.last(rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False)
for x in db.cvesForCPE(cpe):
data.append(cvesp.getcve(x['id']))
return data
def search_product(prod):
for item in db.cvesForCPE(prod, lax=relaxSearch, vulnProdSearch=vulnerableProductSearch):
if not last_ndays:
print_job(item)
else:
date_n_days_ago = datetime.now() - timedelta(days=last_ndays)
if item['Published'] > date_n_days_ago:
print_job(item)
def _enhance(self, scan):
cvesp = cves.last(rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False)
for system in scan['systems']:
cpe=system['cpes'] if 'cpes' in system else None
if cpe:
cpes=[]
for c in cpe:
c=c.lower()
cpes.append({'cpe':c, 'cves':[cvesp.getcve(x['id'])
for x in db.cvesForCPE(toStringFormattedCPE(c))]})
system['cpes']=cpes
for service in system['services']:
if 'cpe' in service:
service['cves']=db.cvesForCPE(service['cpe'])
scan['enhanced']={"time": int(datetime.now().strftime('%s'))}
return scan
def apiCVEFor(cpe):
cpe=urllib.parse.unquote_plus(cpe)
cpe=toStringFormattedCPE(cpe)
r = []
cvesp = cves.last(rankinglookup=False, namelookup=False, vfeedlookup=True, capeclookup=False)
for x in dbLayer.cvesForCPE(cpe):
r.append(cvesp.getcve(x['id']))
return json.dumps(r)
def apiCVEFor(cpe):
cpe=urllib.parse.unquote_plus(cpe)
cpe=toStringFormattedCPE(cpe)
if not cpe: cpe='None'
r = []
cvesp = cves.last(rankinglookup=False, namelookup=False, reflookup=True, capeclookup=False)
for x in dbLayer.cvesForCPE(cpe):
r.append(cvesp.getcve(x['id']))
return json.dumps(r, default=json_util.default)
def search_product(prod):
ret = db.cvesForCPE(prod, lax=relaxSearch, vulnProdSearch=vulnerableProductSearch)
for item in ret['results']:
if not last_ndays:
print_job(item)
else:
date_n_days_ago = datetime.now() - timedelta(days=last_ndays)
if item['Published'] > date_n_days_ago:
print_job(item)
def cvesForCPE(cpe):
cpe = tk.toStringFormattedCPE(cpe)
data = []
if cpe:
cvesp = cves.last(rankinglookup=False,
namelookup=False,
via4lookup=True,
capeclookup=False)
r = db.cvesForCPE(cpe)
for x in r["results"]:
data.append(cvesp.getcve(x["id"]))
return data
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
try:
for item in db.getFreeText(vFreeSearch):
printCVE_json(item, indent=2)
except:
sys.exit("Free text search not enabled on the database!")
sys.exit(0)
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
for item in db.cvesForCPE(vSearch, lax=relaxSearch):
if not last_ndays:
if csvOutput:
printCVE_csv(item)
elif htmlOutput:
printCVE_html(item)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item)
elif xmlOutput:
printCVE_xml(item)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item)
def is_number(s):
try:
ret = float(s)
return ret
except ValueError:
return False
if pyReq:
with open(pyReq, 'r') as f:
for req in requirements.parse(f):
lib = req.name
specs = req.specs
# get vulnerable versions
vulns = {}
for item in db.cvesForCPE(lib):
if 'vulnerable_configuration' in item:
for entry in item['vulnerable_configuration']:
vulns[vuln_config(entry)] = ["CVE: " + item['id'], "DATE: " + str(item['Published']),
"CVSS: " + str(item['cvss']), item['summary']]
#check if any of those is allowed according to specs
found = False
for vuln in vulns.keys():
sp = vuln.split(':')
ind = -1
num = sp[ind]
#if the last token is not a number or float then it must be e.g., 'alpha' while the
#version number or float must be the second to last, and so on
while not is_number(num) and abs(ind) > len(sp):
ind -= 1
num = sp[ind]
def apisearch(vendor=None, product=None):
if vendor is None or product is None:
return jsonify({})
search = vendor + ":" + product
return json.dumps(db.cvesForCPE(search), default=json_util.default)
def api_search(self, vendor=None, product=None):
if not (vendor and product): return {}
search = vendor + ":" + product
# Not using query.cvesForCPE, because that one gives too much info
#return json.dumps(db.cvesForCPE(search), default=json_util.default)
return db.cvesForCPE(search)
def searchcve(cpe=None):
if cpe is None:
return False
cve = dbLayer.cvesForCPE(cpe)
return cve
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
try:
for item in db.getFreeText(vFreeSearch):
printCVE_json(item, indent=2)
except:
sys.exit("Free text search not enabled on the database!")
sys.exit(0)
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
for item in db.cvesForCPE(vSearch, lax=relaxSearch, vulnProdSearch=vulnerableProductSearch):
if not last_ndays:
if csvOutput:
printCVE_csv(item)
elif htmlOutput:
printCVE_html(item)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item)
elif xmlOutput:
printCVE_xml(item)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item)
sys.exit(0)
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
try:
for item in db.getFreeText(vFreeSearch):
printCVE_json(item, indent=2)
except:
sys.exit("Free text search not enabled on the database!")
sys.exit(0)
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
for item in db.cvesForCPE(vSearch):
if not last_ndays:
if csvOutput:
printCVE_csv(item)
elif htmlOutput:
printCVE_html(item)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item)
elif xmlOutput:
printCVE_xml(item)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item)
def api_search(self, vendor=None, product=None):
if not (vendor and product): return {}
search = vendor + ":" + product
# Not using query.cvesForCPE, because that one gives too much info
#return json.dumps(db.cvesForCPE(search), default=json_util.default)
return db.cvesForCPE(search)
def search_func(args, output=sys.__stdout__):
"Implement main cve-search function."
# set output pipe
# output is set back to sys.__stdout__ at the end of
# the function
sys.stdout = output
# init control variables
csvOutput = 0
htmlOutput = 0
jsonOutput = 0
xmlOutput = 0
last_ndays = 0
nlimit = 0
# init various variables :-)
vSearch = ""
vOutput = ""
vFreeSearch = ""
summary_text = ""
vSearch = args["p"]
cveSearch = [x.upper() for x in args["c"]] if args["c"] else None
vOutput = args["o"]
vFreeSearch = args["f"]
sLatest = args["l"]
namelookup = args["n"]
rankinglookup = args["r"]
capeclookup = args["a"]
last_ndays = args["t"]
summary_text = args["s"]
nlimit = args["i"]
cves = CVEs.last(rankinglookup=rankinglookup,
namelookup=namelookup,
capeclookup=capeclookup)
# replace special characters in vSearch with encoded version.
# Basically cuz I'm to lazy to handle conversion on DB creation ...
if vSearch:
vSearch = re.sub(r"\(", "%28", vSearch)
vSearch = re.sub(r"\)", "%29", vSearch)
# define which output to generate.
if vOutput == "csv":
csvOutput = 1
elif vOutput == "html":
htmlOutput = 1
elif vOutput == "xml":
xmlOutput = 1
r = Element("cve-search")
elif vOutput == "json":
jsonOutput = 1
elif vOutput == "cveid":
cveidOutput = 1
else:
cveidOutput = False
# Print first line of html output
if htmlOutput and args["p"] is not None:
print("<html><body><h1>CVE search " + args["p"] + " </h1>")
elif htmlOutput and args["c"] is not None:
print("<html><body><h1>CVE-ID " + str(args["c"]) + " </h1>")
# search default is ascending mode
sorttype = 1
if sLatest:
sorttype = -1
if cveSearch:
results = db.getCVEs(cves=cveSearch)
for index, item in enumerate(results):
if csvOutput:
printCVE_csv(item, namelookup, rankinglookup, cves)
elif htmlOutput:
printCVE_html(item, rankinglookup, cves)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item, namelookup, rankinglookup, capeclookup,
cves)
if index != len(results) - 1:
print(",", end="")
elif xmlOutput:
printCVE_xml(item, rankinglookup, cves, r)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item, namelookup, rankinglookup, cves)
if htmlOutput:
print("</body></html>")
sys.stdout = sys.__stdout__
return 1
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
try:
results = db.getFreeText(vFreeSearch)
for index, item in enumerate(results):
if jsonOutput:
printCVE_json(item,
namelookup,
rankinglookup,
capeclookup,
cves,
indent=2)
if index != len(results) - 1:
print(",", end="")
else:
printCVE_human(item, namelookup, rankinglookup, cves)
except:
sys.exit("Free text search not enabled on the database!")
sys.stdout = sys.__stdout__
return 1
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
results = db.cvesForCPE(vSearch)
for index, item in enumerate(results):
if not last_ndays:
if csvOutput:
printCVE_csv(item, namelookup, rankinglookup, cves)
elif htmlOutput:
printCVE_html(item, rankinglookup, cves)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item, namelookup, rankinglookup, capeclookup,
cves)
if index != len(results) - 1:
print(",", end="")
elif xmlOutput:
printCVE_xml(item, rankinglookup, cves, r)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item, namelookup, rankinglookup, cves)
else:
date_n_days_ago = datetime.now() - timedelta(days=last_ndays)
if item["Published"] > date_n_days_ago:
if csvOutput:
printCVE_csv(item, namelookup, rankinglookup, cves)
elif htmlOutput:
printCVE_html(item, rankinglookup, cves)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item, namelookup, rankinglookup,
capeclookup, cves)
elif xmlOutput:
printCVE_xml(item, rankinglookup, cves, r)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item, namelookup, rankinglookup, cves)
if htmlOutput:
print("</body></html>")
sys.stdout = sys.__stdout__
return 1
# Search text in summary
if summary_text:
import lib.CVEs as cves
l = cves.last(rankinglookup=rankinglookup,
namelookup=namelookup,
capeclookup=capeclookup)
for cveid in db.getCVEIDs(limit=nlimit):
item = l.getcve(cveid=cveid)
if "cvss" in item:
if type(item["cvss"]) == str:
item["cvss"] = float(item["cvss"])
date_fields = ["cvss-time", "Modified", "Published"]
for field in date_fields:
if field in item:
item[field] = str(item[field])
if summary_text.upper() in item["summary"].upper():
if not last_ndays:
if vOutput:
printCVE_id(item)
else:
print(
json.dumps(item,
sort_keys=True,
default=json_util.default))
else:
date_n_days_ago = datetime.now() - timedelta(
days=last_ndays)
# print(item['Published'])
# print(type (item['Published']))
# print("Last n day " +str(last_ndays))
try:
if (datetime.strptime(item["Published"],
"%Y-%m-%d %H:%M:%S.%f") >
date_n_days_ago):
if vOutput:
printCVE_id(item)
else:
print(
json.dumps(item,
sort_keys=True,
default=json_util.default))
except:
pass
if htmlOutput:
print("</body></html>")
sys.stdout = sys.__stdout__
return 1
if xmlOutput:
# default encoding is UTF-8. Should this be detected on the terminal?
s = tostring(r).decode("utf-8")
print(s)
sys.stdout = sys.__stdout__
return 1
else:
sys.stdout = sys.__stdout__
return 0
sys.stdout = sys.__stdout__
return 1
print("</body></html>")
sys.exit(0)
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
try:
for item in db.getFreeText(vFreeSearch):
printCVE_json(item, indent=2)
except:
sys.exit("Free text search not enabled on the database!")
sys.exit(0)
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
for item in db.cvesForCPE(vSearch):
if csvOutput:
printCVE_csv(item)
elif htmlOutput:
printCVE_html(item)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item)
elif xmlOutput:
printCVE_xml(item)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item)
def apisearch(vendor=None, product=None):
if vendor is None or product is None:
return (jsonify({}))
search = vendor + ":" + product
return (json.dumps(dbLayer.cvesForCPE(search)))
def api_search(self, vendor=None, product=None):
if vendor is None or product is None: return jsonify({})
search = vendor + ":" + product
# Not using query.cvesForCPE, because that one gives too much info
#return json.dumps(db.cvesForCPE(search), default=json_util.default)
return db.cvesForCPE(search)
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
try:
for item in db.getFreeText(vFreeSearch):
printCVE_json(item, indent=2)
except:
sys.exit("Free text search not enabled on the database!")
sys.exit(0)
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
for item in db.cvesForCPE(vSearch,
lax=relaxSearch,
vulnProdSearch=vulnerableProductSearch):
if not last_ndays:
if csvOutput:
printCVE_csv(item)
elif htmlOutput:
printCVE_html(item)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item)
elif xmlOutput:
printCVE_xml(item)
elif cveidOutput:
printCVE_id(item)
else:
def api_search(self, vendor=None, product=None):
if vendor is None or product is None: return jsonify({})
search = vendor + ":" + product
# Not using query.cvesForCPE, because that one gives too much info
#return json.dumps(db.cvesForCPE(search), default=json_util.default)
return db.cvesForCPE(search)
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
try:
for item in db.getFreeText(vFreeSearch):
printCVE_json(item, indent=2)
except:
sys.exit("Free text search not enabled on the database!")
sys.exit(0)
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
for item in db.cvesForCPE(vSearch, lax=relaxSearch):
if not last_ndays:
if csvOutput:
printCVE_csv(item)
elif htmlOutput:
printCVE_html(item)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item)
elif xmlOutput:
printCVE_xml(item)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item)
def apisearch(vendor=None, product=None):
if vendor is None or product is None:
return (jsonify({}))
search = vendor + ":" + product
return (json.dumps(dbLayer.cvesForCPE(search)))
def is_number(s):
try:
ret = float(s)
return ret
except ValueError:
return False
if pyReq:
with open(pyReq, 'r') as f:
for req in requirements.parse(f):
lib = req.name
specs = req.specs
# get vulnerable versions
vulns = {}
for item in db.cvesForCPE(lib):
if 'vulnerable_configuration' in item:
for entry in item['vulnerable_configuration']:
vulns[vuln_config(entry)] = [
"CVE: " + item['id'],
"DATE: " + str(item['Published']),
"CVSS: " + str(item['cvss']), item['summary']
]
#check if any of those is allowed according to specs
found = False
for vuln in vulns.keys():
sp = vuln.split(':')
ind = -1
num = sp[ind]
#if the last token is not a number or float then it must be e.g., 'alpha' while the
#version number or float must be the second to last, and so on
def apisearch(vendor=None, product=None):
if vendor is None or product is None:
return jsonify({})
search = vendor + ":" + product
return json.dumps(dbLayer.cvesForCPE(search), default=json_util.default)
def search(self, vendor=None, product=None):
search = vendor + ":" + product
cve = db.cvesForCPE(search)
return render_template('search.html', vendor=vendor, product=product, cve=cve, minimal=self.minimal)
def search(vendor=None, product=None):
search = vendor + ":" + product
cve = dbLayer.cvesForCPE(search)
return render_template('search.html', vendor=vendor, product=product, cve=cve)
def searchcve(cpe=None):
if cpe is None:
return False
cve = dbLayer.cvesForCPE(cpe)
return cve
