def enum_exploits(self):
""" list information from different sources related to exploits and PoCs """
# init local list
signatures = []
# count
self.cur.execute(
"SELECT count(id) FROM exploits_db WHERE (source = '{tn}') and cve_id=? order by id".format(tn=self.source),
self.query)
self.count = self.cur.fetchone()
self.cur.execute(
"SELECT * FROM exploits_db WHERE (source = '{tn}') and cve_id=? order by id".format(tn=self.source),
self.query)
data = self.cur.fetchall()
for i in range(0, self.count[0]):
# setting exploit information
sig_id = data[i][1]
title = data[i][2]
file = data[i][3]
url = data[i][4]
# formatting the response
response = {"id": sig_id, "parameters": {"title": title, "file": file, "url": url}}
signatures.append(response)
return utility.check_list_data(signatures)
def enum_bulletins(self):
""" list information from different sources related to advisories and bulletins"""
signatures = []
# count
self.cur.execute(
"SELECT count(id) FROM advisory_db WHERE (source = '{tn}') and cve_id=? order by id"
.format(tn=self.source), self.query)
self.count = self.cur.fetchone()
self.cur.execute(
"SELECT * FROM advisory_db WHERE (source = '{tn}') and cve_id=?".
format(tn=self.source), self.query)
data = self.cur.fetchall()
# only sources with valid data
for i in range(0, self.count[0]):
# setting advisories information
type = data[i][0]
sig_id = data[i][2]
url = data[i][3]
# formatting the response
response = {
"id": sig_id,
"parameters": {
"class": type,
"url": url
}
}
signatures.append(response)
return utility.check_list_data(signatures)
def enum_rules(self):
""" list information from different sources related to IPS and IDS"""
signatures = []
# count
self.cur.execute(
"SELECT count(id) FROM detection_db WHERE (source = '{tn}') and cve_id=?"
.format(tn=self.source), self.query)
self.count = self.cur.fetchone()
self.cur.execute(
"SELECT * FROM detection_db WHERE (source = '{tn}') and cve_id=?".
format(tn=self.source), self.query)
data = self.cur.fetchall()
for i in range(0, self.count[0]):
# setting rules information
sig_id = data[i][1]
family = data[i][2]
title = data[i][3]
url = data[i][4]
# formatting the response
response = {
"id": sig_id,
"parameters": {
"class": family,
"title": title,
"url": url
}
}
signatures.append(response)
return utility.check_list_data(signatures)
def enum_wasc(self):
""" return WASC identifiers from WASC database"""
# init local list
wasc_list = []
self.cur.execute("SELECT count(wasc_id) FROM wasc_db WHERE cwe_id='%s' " % self.cwe_id)
count = self.cur.fetchone()
self.cur.execute("SELECT wasc_id,title,link FROM wasc_db WHERE cwe_id='%s' " % self.cwe_id)
data = self.cur.fetchall()
for i in range(0, count[0]):
# setting wasc data
wasc_id = data[i][0]
title = data[i][1]
url = data[i][2]
# formatting the response
response = {"id": wasc_id, "parameters": {"title": title, "url": url}}
wasc_list.append(response)
return utility.check_list_data(wasc_list)
def enum_category(self):
""" return categories identifiers such Top 25 and OWASP Top etc .."""
# init local list
category_list = []
self.cur.execute("SELECT cwe_id,title,link,relations FROM cwe_db where class = 'category' and relations like ?",
('%' + self.cwe_id + '%',))
for data in self.cur.fetchall():
# setting category data
category_id = data[0]
title = data[1]
url = data[2]
relations = data[3].split(',')
# listing only categories for the exact CWE id
if self.cwe_id in relations:
# formatting the response
response = {"id": category_id, "parameters": {"title": title, "url": url}}
category_list.append(response)
return utility.check_list_data(category_list)
def enum_capec(self):
""" return extra CAPEC data from CAPEC database """
# init local list
capec_list = []
# Splitting identifiers
capecs = self.capec.split(",")
if (len(capecs[0])) != 0:
for capec_id in capecs:
self.cur.execute("SELECT title,link,attack_id FROM capec_db WHERE capec_id='%s' " % capec_id)
data = self.cur.fetchall()
# setting capec data
title = data[0][0]
url = data[0][1]
attack_id = data[0][2]
# formatting the response
response = {"id": capec_id, "parameters": {"title": title, "attack_id": attack_id, "url": url}}
capec_list.append(response)
return utility.check_list_data(capec_list)