Esempi in Python per Vulnerability

Esempio n. 1

File: routes.py Progetto: yarbs/vulncode-db

def update_proposal(vuln: Vulnerability, form: VulnerabilityDetailsForm):
    vuln.make_reviewable()
    db.session.add(vuln)
    db.session.commit()

    flash("Your proposal was sent for review. You can monitor progress in your Proposals Section.",
          "success")

Esempio n. 2

File: test_vulnerability.py Progetto: chapering/vulncode-db

    def generate_testdata(self):
        def generate_commit_data():
            return VulnerabilityGitCommits(
                commit_link='https://github.com/0WN3R/REP0',
                commit_hash='F00D',
                repo_name='REP0',
                repo_owner='0WN3R',
            )

        self.vuln1 = Vulnerability(cve_id='CVE-1337',
                                   commits=[generate_commit_data()],
                                   comment="Test comment.",
                                   date_created=datetime.date.today())
        self.nvd1 = Nvd(cve_id='CVE-1337',
                        published_date=datetime.date.today(),
                        descriptions=[])
        self.vuln2 = Vulnerability(
            cve_id='CVE-1339',
            commits=[generate_commit_data()],
            date_created=datetime.date.today(),
            comment="Test comment2.",
        )

        self.vulns = [self.vuln1, self.vuln2]

        self.vuln_view1 = vuln.VulnerabilityView(self.vuln1,
                                                 self.nvd1,
                                                 preview=True)
        self.vuln_view2 = vuln.VulnerabilityView(self.vuln1,
                                                 None,
                                                 preview=True)
        self.vuln_view3 = vuln.VulnerabilityView(None, self.nvd1, preview=True)

Esempio n. 3

def update_proposal(vuln: Vulnerability, form: VulnerabilityDetailsForm):
    form.populate_obj(vuln)

    try:
        new_products = update_products(vuln)
    except InvalidProducts as ex:
        flash_error(ex.args[0])
        return None

    with db.session.no_autoflush:
        changes = vuln.model_changes()
    # ignore metadata
    clean_vulnerability_changes(changes)
    if not changes:
        flash_error("No changes detected. "
                    "Please modify the entry first to propose a change")
        return None
    log.debug("Detected changes: %r", changes)

    vuln.make_reviewable()
    db.session.add(vuln)
    db.session.commit()

    flash(
        "Your proposal is in the review queue. "
        "You can monitor progress in your Proposals Section.",
        "success",
    )
    return new_products

Esempio n. 4

File: details.py Progetto: a1kaid/vulncode-db

 def _fetch_by_id(self):
     if self.vcdb_id:
         self._vulnerability = Vulnerability.get_by_id(self.vcdb_id)
     elif self.cve_id:
         if not self.is_cve_id(self.cve_id):
             raise InvalidIdentifierException(
                 "Please provide a valid CVE ID.")
         self._vulnerability = Vulnerability.get_by_cve_id(self.cve_id)

Esempio n. 5

def add_proposal(vuln: Vulnerability, view: VulnerabilityView,
                 form: VulnerabilityDetailsForm) -> Optional[Vulnerability]:
    """
    Attempts to create a proposal entry which is basically a copy of an existing Vulnerability entry.
    :param vuln:
    :param view:
    :param form:
    :return: A new Vulnerability copy of the existing entry.
    """
    vuln_clone = vuln.copy()
    form.populate_obj(vuln_clone)

    try:
        update_products(vuln_clone)
    except InvalidProducts as e:
        flash_error(e.args[0])
        return None

    with db.session.no_autoflush:
        changes = vuln.diff(vuln_clone)
    # ignore metadata
    changes.pop('date_modified', None)
    changes.pop('date_created', None)
    changes.pop('creator', None)
    changes.pop('state', None)
    changes.pop('version', None)
    changes.pop('prev_version', None)
    changes.pop('reviewer_id', None)
    changes.pop('reviewer', None)
    changes.pop('review_feedback', None)
    changes.pop('id', None)
    if not changes:
        flash_error(
            "No changes detected. Please modify the entry first to propose a change"
        )
        return None
    logging.debug("Detected changes: %r", changes)

    vuln_clone.version = None
    vuln_clone.prev_version = vuln.version
    vuln_clone.state = VulnerabilityState.READY
    vuln_clone.creator = g.user
    # Reset any previous feedback data.
    vuln_clone.reviewer_id = None
    vuln_clone.review_feedback = None

    db.session.add(vuln_clone)
    db.session.commit()
    if not vuln_clone.vcdb_id:
        # TODO: Improve this hack to assign a new vcdb_id here.
        #       Currently, we are just piggy backing on the auto increment of the primary key to ensure uniqueness.
        #       This will likely be prone to race conditions.
        vuln_clone.vcdb_id = vuln_clone.id
        db.session.add(vuln_clone)
        db.session.commit()

    flash("Your proposal will be reviewed soon.", "success")
    return vuln_clone

Esempio n. 6

File: routes.py Progetto: sbs2001/vulncode-db

def update_proposal(vuln: Vulnerability, form: VulnerabilityDetailsForm):
    form.populate_obj(vuln)
    vuln.make_reviewable()
    db.session.add(vuln)
    db.session.commit()

    flash(
        "Your proposal is in the review queue. You can monitor progress in your Proposals Section.",
        "success")

Esempio n. 7

File: vulnerability.py Progetto: tai-euler/vulncode-db

def getVulnerability(filter_by):
    if not isinstance(filter_by, dict):
        current_app.logger.error('Received invalid filter.')
        return None

    if 'cve_id' in filter_by:
        vulnerability = Vulnerability.get_by_cve_id(filter_by['cve_id'])
    elif 'commit_hash' in filter_by:
        vulnerability = Vulnerability.get_by_commit_hash(
            filter_by['commit_hash'])
    else:
        current_app.logger.error('Invalid filter option received.')
        return None
    return vulnerability

Esempio n. 8

File: vulnerability.py Progetto: sbs2001/vulncode-db

def get_vulnerability(filter_by):
    if not isinstance(filter_by, dict):
        current_app.logger.error("Received invalid filter.")
        return None

    if "cve_id" in filter_by:
        vulnerability = Vulnerability.get_by_cve_id(filter_by["cve_id"])
    elif "commit_hash" in filter_by:
        vulnerability = Vulnerability.get_by_commit_hash(
            filter_by["commit_hash"])
    else:
        current_app.logger.error("Invalid filter option received.")
        return None
    return vulnerability

Esempio n. 9

def add_proposal(vuln: Vulnerability, form: VulnerabilityDetailsForm):
    vuln_clone = vuln.copy()
    form.populate_obj(vuln_clone)

    vuln_clone.version = None
    vuln_clone.prev_version = vuln.version
    vuln_clone.state = VulnerabilityState.READY
    vuln_clone.creator = g.user
    # Reset any previous feedback data.
    vuln_clone.reviewer_id = None
    vuln_clone.review_feedback = None

    db.session.add(vuln_clone)
    db.session.commit()
    if not vuln_clone.vcdb_id:
        # TODO: Improve this hack to assign a new vcdb_id here.
        #       Currently, we are just piggy backing on the auto increment of the primary key to ensure uniqueness.
        #       This will likely be prone to race conditions.
        vuln_clone.vcdb_id = vuln_clone.id
        db.session.add(vuln_clone)
        db.session.commit()

    flash(
        "Your proposal will be reviewed soon. You can monitor progress in your Proposals Section.",
        "success")

Esempio n. 10

 def _fetch_by_id(self):
     if self.vuln_id:
         logging.debug("Loading vuln by vulnid %r", self.vuln_id)
         self._vulnerability = Vulnerability.get_by_id(self.vuln_id)
     elif self.vcdb_id:
         logging.debug("Loading vuln by vcdbid %r", self.vcdb_id)
         self._vulnerability = Vulnerability.get_by_vcdb_id(self.vcdb_id)
     elif self.cve_id:
         logging.debug("Loading vuln by cveid %r", self.cve_id)
         logging.warning(
             "No identifier available to load vulnerability entry")
         if not self.is_cve_id(self.cve_id):
             raise InvalidIdentifierException(
                 "Please provide a valid CVE ID.")
         self._vulnerability = Vulnerability.get_by_cve_id(self.cve_id)
     else:
         logging.warning(
             "No identifier available to load vulnerability entry")

Esempio n. 11

def update_proposal(vuln: Vulnerability, form: VulnerabilityDetailsForm):
    form.populate_obj(vuln)

    try:
        new_products = update_products(vuln)
    except InvalidProducts as e:
        flash_error(e.args[0])
        return None

    with db.session.no_autoflush:
        changes = vuln.model_changes()
    # ignore metadata
    changes.pop('date_modified', None)
    changes.pop('date_created', None)
    changes.pop('creator', None)
    changes.pop('state', None)
    changes.pop('version', None)
    changes.pop('prev_version', None)
    changes.pop('reviewer_id', None)
    changes.pop('reviewer', None)
    changes.pop('review_feedback', None)
    changes.pop('id', None)
    if not changes:
        flash_error(
            "No changes detected. Please modify the entry first to propose a change"
        )
        return None
    log.debug('Detected changes: %r', changes)

    vuln.make_reviewable()
    db.session.add(vuln)
    db.session.commit()

    flash(
        "Your proposal is in the review queue. You can monitor progress in your Proposals Section.",
        "success")
    return new_products

Esempio n. 12

File: routes.py Progetto: threatintel-c/vulncode-db

def add_proposal(vuln: Vulnerability = None):
    # Conditions for creating a proposal:
    """
    - Need to be logged in.
    - No pending open proposals by the same user.
    - Proposals can only be made for currently PUBLISHED entries only.
    """
    # Detach the vulnerability object to allow duplication and modification later.
    db.session.expunge(vuln)
    make_transient(vuln)

    vuln.id = None
    vuln.version = None
    vuln.state = VulnerabilityState.NEW
    vuln.prev_version = vuln.version
    vuln.creator_id = 1
    # TODO: Clone all relationship objects like VulnerabilityGitCommits here, too!
    db.session.add(vuln)
    db.session.commit()

    profile_url = url_for("profile.view_proposals")
    flash(
        "Proposal send for review. You can always see progress in your proposals."
        + profile_url, "success")

Esempio n. 13

def add_proposal(vuln: Vulnerability, form: VulnerabilityDetailsForm):
    vuln_clone = vuln.copy()
    form.populate_obj(vuln_clone)

    vuln_clone.version = None
    vuln_clone.prev_version = vuln.version
    vuln_clone.state = VulnerabilityState.READY
    vuln_clone.creator = g.user

    db.session.add(vuln_clone)
    db.session.commit()

    flash(
        "Your proposal will be reviewed soon. You can monitor progress in your Proposals Section.",
        "success")

Esempio n. 14

File: vulnerability.py Progetto: tai-euler/vulncode-db

    def get_or_create_vulnerability(self):
        if self._vulnerability:
            return self._vulnerability

        default_cve_id = None
        if self._nvd_data is not None:
            default_cve_id = self._nvd_data.cve_id
        return Vulnerability(
            cve_id=default_cve_id,
            commits=[
                VulnerabilityGitCommits(commit_link=self.commit_link,
                                        repo_name=self.repo_name,
                                        repo_url=self.repo_url,
                                        commit_hash=self.commit_hash)
            ],
            comment='',
            creator=g.user,
        )

Esempio n. 15

File: crawl_patches.py Progetto: tai-euler/vulncode-db

def nvd_to_vcdb(nvd, commit_link):
    vcs_handler = get_vcs_handler(app, commit_link)
    if not vcs_handler:
        print("Can't parse Vcs link: {}".format(commit_link))
        #print(vars(nvd))
        return None

    vulnerability = Vulnerability(
        cve_id=nvd.cve_id,
        commits=[
            VulnerabilityGitCommits(commit_link=commit_link,
                                    commit_hash=vcs_handler.commit_hash,
                                    repo_name=vcs_handler.repo_name,
                                    repo_owner=vcs_handler.repo_owner,
                                    repo_url=vcs_handler.repo_url)
        ],
        comment='',
    )
    return vulnerability

Esempio n. 16

 def get_or_create_vulnerability(self) -> Vulnerability:
     if self._vulnerability:
         return self._vulnerability
     logging.debug('Vulnerability not found creating new instance')
     default_cve_id = None
     if self._nvd_data is not None:
         default_cve_id = self._nvd_data.cve_id
     default_vulnerability = Vulnerability(
         cve_id=default_cve_id,
         commits=[
             VulnerabilityGitCommits(
                 commit_link=self.commit_link,
                 repo_name=self.repo_name,
                 repo_url=self.repo_url,
                 commit_hash=self.commit_hash,
             )
         ],
         comment="",
         creator=g.user,
     )
     return default_vulnerability

Esempio n. 17

File: crawl_patches.py Progetto: yarbs/vulncode-db

def create_vcdb_entry(cve_id, commit_link=None):
    vuln_commits = []
    if commit_link:
        vcs_handler = get_vcs_handler(app, commit_link)
        if not vcs_handler:
            print(f"Can't parse Vcs link: {commit_link}")
            return None
        vuln_commit = VulnerabilityGitCommits(
            commit_link=commit_link,
            commit_hash=vcs_handler.commit_hash,
            repo_name=vcs_handler.repo_name,
            repo_owner=vcs_handler.repo_owner,
            repo_url=vcs_handler.repo_url,
        )
        vuln_commits.append(vuln_commit)

    vulnerability = Vulnerability(cve_id=cve_id,
                                  commits=vuln_commits,
                                  comment="",
                                  version=0,
                                  state=VulnerabilityState.PUBLISHED)
    return vulnerability

Esempio n. 18

File: crawl_patches.py Progetto: a1kaid/vulncode-db

def create_vcdb_entry(cve_id, commit_link=None):
    vuln_commits = []
    if commit_link:
        vcs_handler = get_vcs_handler(app, commit_link)
        if not vcs_handler:
            print("Can't parse Vcs link: {}".format(commit_link))
            return None
        vuln_commit = VulnerabilityGitCommits(
            commit_link=commit_link,
            commit_hash=vcs_handler.commit_hash,
            repo_name=vcs_handler.repo_name,
            repo_owner=vcs_handler.repo_owner,
            repo_url=vcs_handler.repo_url,
        )
        vuln_commits.append(vuln_commit)

    vulnerability = Vulnerability(
        cve_id=cve_id,
        commits=vuln_commits,
        comment="",
    )
    return vulnerability

Esempio n. 19

 def _fetch_by_commit_hash(self):
     if self._vulnerability or not self.commit_hash:
         return
     self._vulnerability = Vulnerability.get_by_commit_hash(
         self.commit_hash)