def searchText():
search = request.form.get('search')
try:
cve=dbLayer.getFreeText(search)
except:
return render_template('error.html', status={'except':'textsearch-not-enabled'}, minimal=True)
return render_template('search.html', cve=cve, minimal=True)
def searchText():
search = request.form.get('search')
try:
cve=dbLayer.getFreeText(search)
except:
return render_template('error.html', status={'except':'textsearch-not-enabled'})
return render_template('search.html', cve=cve)
def searchText():
search = request.form.get("search")
try:
cve = db.getFreeText(search)
except:
return render_template("error.html", status={"except": "textsearch-not-enabled"})
return render_template("search.html", cve=cve)
def searchText():
search = request.form.get('search')
try:
cve = db.getFreeText(search)
except Exception as e:
print(e)
return render_template('error.html',
status={'except': 'textsearch-not-enabled'})
return render_template('search.html', cve=cve)
elif xmlOutput:
printCVE_xml(item)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item)
if htmlOutput:
print("</body></html>")
sys.exit(0)
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
try:
for item in db.getFreeText(vFreeSearch):
printCVE_json(item, indent=2)
except:
sys.exit("Free text search not enabled on the database!")
sys.exit(0)
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
for item in db.cvesForCPE(vSearch):
if not last_ndays:
if csvOutput:
printCVE_csv(item)
elif htmlOutput:
printCVE_html(item)
# bson straight from the MongoDB db - converted to JSON default
printCVE_xml(item)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item)
if htmlOutput:
print("</body></html>")
sys.exit(0)
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
try:
for item in db.getFreeText(vFreeSearch):
printCVE_json(item, indent=2)
except:
sys.exit("Free text search not enabled on the database!")
sys.exit(0)
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
for item in db.cvesForCPE(vSearch, lax=relaxSearch):
if not last_ndays:
if csvOutput:
printCVE_csv(item)
elif htmlOutput:
printCVE_html(item)
def search_func(args, output=sys.__stdout__):
"Implement main cve-search function."
# set output pipe
# output is set back to sys.__stdout__ at the end of
# the function
sys.stdout = output
# init control variables
csvOutput = 0
htmlOutput = 0
jsonOutput = 0
xmlOutput = 0
last_ndays = 0
nlimit = 0
# init various variables :-)
vSearch = ""
vOutput = ""
vFreeSearch = ""
summary_text = ""
vSearch = args["p"]
cveSearch = [x.upper() for x in args["c"]] if args["c"] else None
vOutput = args["o"]
vFreeSearch = args["f"]
sLatest = args["l"]
namelookup = args["n"]
rankinglookup = args["r"]
capeclookup = args["a"]
last_ndays = args["t"]
summary_text = args["s"]
nlimit = args["i"]
cves = CVEs.last(rankinglookup=rankinglookup,
namelookup=namelookup,
capeclookup=capeclookup)
# replace special characters in vSearch with encoded version.
# Basically cuz I'm to lazy to handle conversion on DB creation ...
if vSearch:
vSearch = re.sub(r"\(", "%28", vSearch)
vSearch = re.sub(r"\)", "%29", vSearch)
# define which output to generate.
if vOutput == "csv":
csvOutput = 1
elif vOutput == "html":
htmlOutput = 1
elif vOutput == "xml":
xmlOutput = 1
r = Element("cve-search")
elif vOutput == "json":
jsonOutput = 1
elif vOutput == "cveid":
cveidOutput = 1
else:
cveidOutput = False
# Print first line of html output
if htmlOutput and args["p"] is not None:
print("<html><body><h1>CVE search " + args["p"] + " </h1>")
elif htmlOutput and args["c"] is not None:
print("<html><body><h1>CVE-ID " + str(args["c"]) + " </h1>")
# search default is ascending mode
sorttype = 1
if sLatest:
sorttype = -1
if cveSearch:
results = db.getCVEs(cves=cveSearch)
for index, item in enumerate(results):
if csvOutput:
printCVE_csv(item, namelookup, rankinglookup, cves)
elif htmlOutput:
printCVE_html(item, rankinglookup, cves)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item, namelookup, rankinglookup, capeclookup,
cves)
if index != len(results) - 1:
print(",", end="")
elif xmlOutput:
printCVE_xml(item, rankinglookup, cves, r)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item, namelookup, rankinglookup, cves)
if htmlOutput:
print("</body></html>")
sys.stdout = sys.__stdout__
return 1
# Basic freetext search (in vulnerability summary).
# Full-text indexing is more efficient to search across all CVEs.
if vFreeSearch:
try:
results = db.getFreeText(vFreeSearch)
for index, item in enumerate(results):
if jsonOutput:
printCVE_json(item,
namelookup,
rankinglookup,
capeclookup,
cves,
indent=2)
if index != len(results) - 1:
print(",", end="")
else:
printCVE_human(item, namelookup, rankinglookup, cves)
except:
sys.exit("Free text search not enabled on the database!")
sys.stdout = sys.__stdout__
return 1
# Search Product (best to use CPE notation, e.g. cisco:ios:12.2
if vSearch:
results = db.cvesForCPE(vSearch)
for index, item in enumerate(results):
if not last_ndays:
if csvOutput:
printCVE_csv(item, namelookup, rankinglookup, cves)
elif htmlOutput:
printCVE_html(item, rankinglookup, cves)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item, namelookup, rankinglookup, capeclookup,
cves)
if index != len(results) - 1:
print(",", end="")
elif xmlOutput:
printCVE_xml(item, rankinglookup, cves, r)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item, namelookup, rankinglookup, cves)
else:
date_n_days_ago = datetime.now() - timedelta(days=last_ndays)
if item["Published"] > date_n_days_ago:
if csvOutput:
printCVE_csv(item, namelookup, rankinglookup, cves)
elif htmlOutput:
printCVE_html(item, rankinglookup, cves)
# bson straight from the MongoDB db - converted to JSON default
# representation
elif jsonOutput:
printCVE_json(item, namelookup, rankinglookup,
capeclookup, cves)
elif xmlOutput:
printCVE_xml(item, rankinglookup, cves, r)
elif cveidOutput:
printCVE_id(item)
else:
printCVE_human(item, namelookup, rankinglookup, cves)
if htmlOutput:
print("</body></html>")
sys.stdout = sys.__stdout__
return 1
# Search text in summary
if summary_text:
import lib.CVEs as cves
l = cves.last(rankinglookup=rankinglookup,
namelookup=namelookup,
capeclookup=capeclookup)
for cveid in db.getCVEIDs(limit=nlimit):
item = l.getcve(cveid=cveid)
if "cvss" in item:
if type(item["cvss"]) == str:
item["cvss"] = float(item["cvss"])
date_fields = ["cvss-time", "Modified", "Published"]
for field in date_fields:
if field in item:
item[field] = str(item[field])
if summary_text.upper() in item["summary"].upper():
if not last_ndays:
if vOutput:
printCVE_id(item)
else:
print(
json.dumps(item,
sort_keys=True,
default=json_util.default))
else:
date_n_days_ago = datetime.now() - timedelta(
days=last_ndays)
# print(item['Published'])
# print(type (item['Published']))
# print("Last n day " +str(last_ndays))
try:
if (datetime.strptime(item["Published"],
"%Y-%m-%d %H:%M:%S.%f") >
date_n_days_ago):
if vOutput:
printCVE_id(item)
else:
print(
json.dumps(item,
sort_keys=True,
default=json_util.default))
except:
pass
if htmlOutput:
print("</body></html>")
sys.stdout = sys.__stdout__
return 1
if xmlOutput:
# default encoding is UTF-8. Should this be detected on the terminal?
s = tostring(r).decode("utf-8")
print(s)
sys.stdout = sys.__stdout__
return 1
else:
sys.stdout = sys.__stdout__
return 0
sys.stdout = sys.__stdout__
return 1
