def cveInfos(cve_id):
infos = getUnregisteredCveInfos(cve_id)
if infos['cve_weakness'] != "N/A":
weakness_nb = infos['cve_weakness'].split("-")[1]
return render_template('result.html',
back_path="../../vuln-mgmt",
cve_id=infos['cve_id'],
cve_summary=infos['cve_description'],
cve_dbs=infos['cve_dbs'],
cve_date=infos['cve_date'],
cve_score=infos['cve_score'],
cve_status=infos['cve_status'],
cve_cpe=infos['cve_cpe'],
cve_sources=infos['cve_sources'],
cve_av=infos['cve_av'],
cve_ac=infos['cve_ac'],
cve_pr=infos['cve_pr'],
cve_ui=infos['cve_ui'],
cve_scope=infos['cve_scope'],
cve_confid=infos['cve_confid'],
cve_integrity=infos['cve_integrity'],
cve_avail=infos['cve_avail'],
cve_expa=infos['cve_expa'],
cve_weakness=infos['cve_weakness'],
weakness_nb=weakness_nb,
back="../../")
def search():
cve = ""
if request.method == 'POST':
if request.form['cve'] != "" and request.form['cve'] != " ":
try:
cve = request.form['cve'].upper()
infos = getUnregisteredCveInfos(cve)
if infos['cve_weakness'] != "N/A":
weakness_nb = infos['cve_weakness'].split("-")[1]
return render_template('result.html',
back_path="search",
cve_id=infos['cve_id'],
cve_summary=infos['cve_description'],
cve_dbs=infos['cve_dbs'],
cve_date=infos['cve_date'],
cve_score=infos['cve_score'],
cve_status=infos['cve_status'],
cve_cpe=infos['cve_cpe'],
cve_sources=infos['cve_sources'],
cve_av=infos['cve_av'],
cve_ac=infos['cve_ac'],
cve_pr=infos['cve_pr'],
cve_ui=infos['cve_ui'],
cve_scope=infos['cve_scope'],
cve_confid=infos['cve_confid'],
cve_integrity=infos['cve_integrity'],
cve_avail=infos['cve_avail'],
cve_expa=infos['cve_expa'],
cve_weakness=infos['cve_weakness'],
weakness_nb=weakness_nb,
back="../")
except Exception as e:
cve = request.form['cve'].upper()
flash(
"""This CVE does not exist or the data is not available on the API. Please check manually on """,
"danger")
nvd_link = "https://nvd.nist.gov/vuln/detail/" + cve
return render_template('search.html', nvd_link=nvd_link)
else:
flash("""Please enter a value.""", "warning")
return render_template('search.html')
else:
return render_template('search.html')
con.commit()
print(
"\nUpdating affected products and CVSS score related to your CVE list...")
con = get_db_connection()
cur = con.cursor()
req = cur.execute("SELECT CVE_ID FROM CVE_DATA")
indb_cve_list = []
changelog = []
for tup in req:
for cve in tup:
indb_cve_list.append(cve)
for cve in indb_cve_list:
try:
try:
before_update = getRegisteredCveInfos(cve, full=True)
after_update = getUnregisteredCveInfos(cve)
except:
continue
for cpe in before_update['cve_cpe']:
if cpe == '':
before_update['cve_cpe'].remove(cpe)
for item in before_update.keys():
if item == "cve_score":
if str(after_update[item]) != str(before_update[item]):
writeCveTypeLog(
"cve_updater", cve, "update", "N/A",
str(after_update[item]), "N/A", "N/A", "N/A", "N/A",
"The CVSS Score was changed from {} to {}.".format(
str(before_update[item]), str(after_update[item])))
changelog.append(
cve +