def cveInfos(cve_id): infos = getUnregisteredCveInfos(cve_id) if infos['cve_weakness'] != "N/A": weakness_nb = infos['cve_weakness'].split("-")[1] return render_template('result.html', back_path="../../vuln-mgmt", cve_id=infos['cve_id'], cve_summary=infos['cve_description'], cve_dbs=infos['cve_dbs'], cve_date=infos['cve_date'], cve_score=infos['cve_score'], cve_status=infos['cve_status'], cve_cpe=infos['cve_cpe'], cve_sources=infos['cve_sources'], cve_av=infos['cve_av'], cve_ac=infos['cve_ac'], cve_pr=infos['cve_pr'], cve_ui=infos['cve_ui'], cve_scope=infos['cve_scope'], cve_confid=infos['cve_confid'], cve_integrity=infos['cve_integrity'], cve_avail=infos['cve_avail'], cve_expa=infos['cve_expa'], cve_weakness=infos['cve_weakness'], weakness_nb=weakness_nb, back="../../")
def search(): cve = "" if request.method == 'POST': if request.form['cve'] != "" and request.form['cve'] != " ": try: cve = request.form['cve'].upper() infos = getUnregisteredCveInfos(cve) if infos['cve_weakness'] != "N/A": weakness_nb = infos['cve_weakness'].split("-")[1] return render_template('result.html', back_path="search", cve_id=infos['cve_id'], cve_summary=infos['cve_description'], cve_dbs=infos['cve_dbs'], cve_date=infos['cve_date'], cve_score=infos['cve_score'], cve_status=infos['cve_status'], cve_cpe=infos['cve_cpe'], cve_sources=infos['cve_sources'], cve_av=infos['cve_av'], cve_ac=infos['cve_ac'], cve_pr=infos['cve_pr'], cve_ui=infos['cve_ui'], cve_scope=infos['cve_scope'], cve_confid=infos['cve_confid'], cve_integrity=infos['cve_integrity'], cve_avail=infos['cve_avail'], cve_expa=infos['cve_expa'], cve_weakness=infos['cve_weakness'], weakness_nb=weakness_nb, back="../") except Exception as e: cve = request.form['cve'].upper() flash( """This CVE does not exist or the data is not available on the API. Please check manually on """, "danger") nvd_link = "https://nvd.nist.gov/vuln/detail/" + cve return render_template('search.html', nvd_link=nvd_link) else: flash("""Please enter a value.""", "warning") return render_template('search.html') else: return render_template('search.html')
con.commit() print( "\nUpdating affected products and CVSS score related to your CVE list...") con = get_db_connection() cur = con.cursor() req = cur.execute("SELECT CVE_ID FROM CVE_DATA") indb_cve_list = [] changelog = [] for tup in req: for cve in tup: indb_cve_list.append(cve) for cve in indb_cve_list: try: try: before_update = getRegisteredCveInfos(cve, full=True) after_update = getUnregisteredCveInfos(cve) except: continue for cpe in before_update['cve_cpe']: if cpe == '': before_update['cve_cpe'].remove(cpe) for item in before_update.keys(): if item == "cve_score": if str(after_update[item]) != str(before_update[item]): writeCveTypeLog( "cve_updater", cve, "update", "N/A", str(after_update[item]), "N/A", "N/A", "N/A", "N/A", "The CVSS Score was changed from {} to {}.".format( str(before_update[item]), str(after_update[item]))) changelog.append( cve +