def view_proposals(vendor: str = None, profile: str = None):
entries = db.session.query(Vulnerability, Nvd)
entries = entries.filter(Vulnerability.creator == g.user)
entries = entries.outerjoin(Vulnerability,
Nvd.cve_id == Vulnerability.cve_id)
entries = entries.order_by(desc(Nvd.id))
bookmarked_page = parse_pagination_param("proposal_p")
per_page = 10
entries_non_processed = entries.filter(~Vulnerability.state.in_(
[VulnerabilityState.ARCHIVED, VulnerabilityState.PUBLISHED]))
entries_full = entries_non_processed.options(default_nvd_view_options)
proposal_vulns = get_page(entries_full, per_page, page=bookmarked_page)
proposal_vulns = VulnViewTypesetPaginationObjectWrapper(
proposal_vulns.paging)
entries_processed = entries.filter(
Vulnerability.state.in_(
[VulnerabilityState.ARCHIVED, VulnerabilityState.PUBLISHED]))
bookmarked_page_processed = parse_pagination_param("proposal_processed_p")
entries_processed_full = entries_processed.options(
default_nvd_view_options)
proposal_vulns_processed = get_page(entries_processed_full,
per_page,
page=bookmarked_page_processed)
proposal_vulns_processed = VulnViewTypesetPaginationObjectWrapper(
proposal_vulns_processed.paging)
return render_template(
"profile/proposals_view.html",
proposal_vulns=proposal_vulns,
proposal_vulns_processed=proposal_vulns_processed,
)
def product_view(vendor: str = None, product: str = None):
sub_query = db.session.query(Cpe.nvd_json_id).filter(
and_(Cpe.vendor == vendor, Cpe.product == product)).distinct()
number_vulns = sub_query.count()
entries = db.session.query(Vulnerability, Nvd)
entries = entries.filter(Nvd.id.in_(sub_query)).with_labels()
entries = entries.outerjoin(Vulnerability,
Nvd.cve_id == Vulnerability.cve_id)
entries = entries.order_by(desc(Nvd.id))
bookmarked_page = parse_pagination_param("product_p")
per_page = 10
entries_full = entries.options(default_nvd_view_options)
product_vulns = get_page(entries_full, per_page, page=bookmarked_page)
product_vulns = VulnViewTypesetPaginationObjectWrapper(
product_vulns.paging)
entries_commits = get_entries_commits(entries)
repo_urls = get_unique_repo_urls(entries_commits)
return render_template("product/view.html",
vendor=vendor,
product=product,
product_vulns=product_vulns,
repo_urls=repo_urls,
number_vulns=number_vulns)
def get_pending_proposals_paged():
entries = db.session.query(Vulnerability, Nvd)
entries = entries.filter(
Vulnerability.state != VulnerabilityState.PUBLISHED)
entries = entries.outerjoin(Vulnerability,
Nvd.cve_id == Vulnerability.cve_id)
entries = entries.order_by(asc(Vulnerability.state), desc(Nvd.id))
bookmarked_page = parse_pagination_param("review_p")
per_page = 10
entries_full = entries.options(default_nvd_view_options)
review_vulns = get_page(entries_full, per_page, page=bookmarked_page)
review_vulns = VulnViewTypesetPaginationObjectWrapper(review_vulns.paging)
return review_vulns
def list(vendor: str = None, profile: str = None):
entries = db.session.query(Vulnerability, Nvd)
entries = entries.filter(
Vulnerability.state != VulnerabilityState.PUBLISHED)
entries = entries.outerjoin(Vulnerability,
Nvd.cve_id == Vulnerability.cve_id)
entries = entries.order_by(desc(Nvd.id))
bookmarked_page = parse_pagination_param("review_p")
per_page = 10
entries_full = entries.options(default_nvd_view_options)
review_vulns = get_page(entries_full, per_page, page=bookmarked_page)
review_vulns = VulnViewTypesetPaginationObjectWrapper(review_vulns.paging)
return render_template("review/list.html", review_vulns=review_vulns)
def view_proposals(vendor: str = None, profile: str = None):
entries = db.session.query(Vulnerability, Nvd)
entries = entries.filter(
Vulnerability.creator == g.user,
Vulnerability.state != VulnerabilityState.PUBLISHED)
entries = entries.outerjoin(Vulnerability,
Nvd.cve_id == Vulnerability.cve_id)
entries = entries.order_by(desc(Nvd.id))
#if existing_user_proposals:
# flash_error("No proposals exist so far.")
# return
bookmarked_page = parse_pagination_param("proposal_p")
per_page = 10
entries_full = entries.options(default_nvd_view_options)
proposal_vulns = get_page(entries_full, per_page, page=bookmarked_page)
proposal_vulns = VulnViewTypesetPaginationObjectWrapper(
proposal_vulns.paging)
return render_template("profile/proposals_view.html",
proposal_vulns=proposal_vulns)
def __init__(self):
self.keyword = None
self.top_contributors = []
# TODO: Look into neabling this once public contributions are enabled.
# self.fetch_top_contributors()
has_annotations_col = Vulnerability.has_annotations
vcdb_entries = db.session.query(Vulnerability, Nvd,
has_annotations_col)
vcdb_entries = vcdb_entries.filter(
Vulnerability.state == VulnerabilityState.PUBLISHED)
vcdb_entries = vcdb_entries.outerjoin(
Nvd, Vulnerability.cve_id == Nvd.cve_id)
vcdb_entries = vcdb_entries.options(default_nvd_view_options)
vcdb_entries = vcdb_entries.from_self()
vcdb_entries = vcdb_entries.order_by(
desc(has_annotations_col),
asc(Vulnerability.date_created),
desc(Vulnerability.id),
)
self.vcdb_entries = vcdb_entries
nvd_entries = db.session.query(Nvd)
nvd_entries = nvd_entries.outerjoin(Vulnerability,
Nvd.cve_id == Vulnerability.cve_id)
nvd_entries = nvd_entries.options(default_nvd_view_options)
nvd_entries = nvd_entries.filter(Vulnerability.cve_id.is_(None))
nvd_entries = nvd_entries.order_by(desc(Nvd.published_date),
desc(Nvd.id))
self.nvd_entries = nvd_entries
self.keyword = request.args.get("keyword", None, type=str)
apply_filter = None
if self.keyword:
# TODO: Make the filtering work with fulltext search as well.
if VulnerabilityDetails.is_cve_id(self.keyword):
apply_filter = or_(False, Nvd.cve_id == self.keyword)
elif VulnerabilityDetails.is_vcdb_id(self.keyword):
apply_filter = or_(False, Vulnerability.id == self.keyword)
else:
escaped_keyword = self.keyword.replace("%", "")
# escaped_keyword = re.sub('[\W]+', ' ', self.keyword)
# Attention: We can't use FullText search here because of some
# buggy Mysql 5.7 behavior (using FullText on Join results seems
# is doing bad things. We might need to apply the filter before
# joining below.
# apply_filter = or_(
# FullTextSearch(escaped_keyword, Nvd,
# FullTextMode.BOOLEAN),
# FullTextSearch(escaped_keyword, Vulnerability,
# FullTextMode.BOOLEAN))
apply_filter = or_(
Nvd.descriptions.any(
Description.value.like("%" + escaped_keyword + "%")),
Vulnerability.comment.like("%" + escaped_keyword + "%"),
)
# TODO: add product search support.
# apply_filter = or_(apply_filter, Cpe.product == keyword)
if apply_filter is not None:
self.vcdb_entries = self.vcdb_entries.filter(apply_filter)
self.nvd_entries = self.nvd_entries.filter(apply_filter)
per_page = 7
vcdb_bookmarked_page = parse_pagination_param("vcdb_p")
# Replace a sqlakeyset function to support our use case.
# TODO: File a PR for this?
sqlakeyset.paging.value_from_thing = custom_value_from_thing
self.vcdb_pagination = get_page(self.vcdb_entries,
per_page,
page=vcdb_bookmarked_page)
self.vcdb_pagination = VulnViewTypesetPaginationObjectWrapper(
self.vcdb_pagination.paging)
num_vuln_entries = db.session.query(func.count(
Vulnerability.id)).scalar()
self.vcdb_pagination.set_total(num_vuln_entries)
nvd_bookmarked_page = parse_pagination_param("nvd_p")
self.nvd_pagination = get_page(self.nvd_entries,
per_page,
page=nvd_bookmarked_page)
self.nvd_pagination = VulnViewTypesetPaginationObjectWrapper(
self.nvd_pagination.paging)
num_nvd_entries = db.session.query(func.count(Nvd.id)).scalar()
num_unique_nvd_estimate = num_nvd_entries - num_vuln_entries
self.nvd_pagination.set_total(num_unique_nvd_estimate)