def test_list_cves_paginated(app, create_cves): old = app.config["CVES_PER_PAGE"] app.config["CVES_PER_PAGE"] = 3 create_cves([ "CVE-2018-18074", "CVE-2020-9392", "CVE-2020-26116", "CVE-2020-27781", "CVE-2019-17052", ]) with app.test_request_context(): cves = CveController.list_items() assert sorted([cve.cve_id for cve in cves]) == [ "CVE-2019-17052", "CVE-2020-26116", "CVE-2020-27781", ] cves = CveController.list_items({"page": 2}) assert sorted([cve.cve_id for cve in cves]) == [ "CVE-2018-18074", "CVE-2020-9392", ] with pytest.raises(NotFound): cves = CveController.list_items({"page": 3}) app.config["CVES_PER_PAGE"] = old
def cve_associate_tags(cve_id): cve = CveController.get({"cve_id": cve_id}) new_tags = request.form.getlist("tags") # Check if all tags are declared by the user user_tags = [ t.name for t in UserTagController.list_items({"user_id": current_user.id}) ] for new_tag in new_tags: if new_tag not in user_tags: abort(404) # Update the CVE tags cve_tag = CveTag.query.filter_by(user_id=current_user.id, cve_id=cve.id).first() if not cve_tag: cve_tag = CveTag(user_id=current_user.id, cve_id=cve.id) cve_tag.tags = new_tags db.session.add(cve_tag) db.session.commit() flash("The CVE tags have been updated.", "success") return redirect(url_for("main.cve", cve_id=cve_id))
def cve(cve_id): cve = CveController.get({"cve_id": cve_id}) vendors = convert_cpes(cve.json["configurations"]) cwes = get_cwes_details( cve.json["cve"]["problemtype"]["problemtype_data"][0]["description"]) # Get the user tags user_tags = [] if current_user.is_authenticated: user_tags = UserTagController.list_items({"user_id": current_user.id}) # We have to pass an encoded list of tags for the modal box cve_tags_encoded = json.dumps([t.name for t in cve.tags]) events = Event.query.filter_by(cve_id=cve.id).order_by( Event.created_at.desc()) events_by_time = [(time, list(evs)) for time, evs in ( itertools.groupby(events, operator.attrgetter("created_at")))] return render_template( "cve.html", cve=cve, cve_dumped=json.dumps(cve.json), vendors=vendors, cwes=cwes, user_tags=user_tags, cve_tags_encoded=cve_tags_encoded, events_by_time=events_by_time, )
def cve_change(cve_id, change_id): cve = CveController.get({"cve_id": cve_id}) if not is_valid_uuid(change_id): abort(404) change = Change.query.filter_by(cve_id=cve.id, id=change_id).first() if not change: abort(404) previous = (Change.query.filter( Change.created_at < change.created_at).filter( Change.cve == change.cve).order_by( Change.created_at.desc()).first()) previous_json = {} if previous: previous_json = previous.json differ = CustomHtmlHTML() diff = differ.make_table( fromlines=json.dumps(previous_json, sort_keys=True, indent=2).split("\n"), tolines=json.dumps(change.json, sort_keys=True, indent=2).split("\n"), context=True, ) return render_template("change.html", change=change, diff=diff)
def test_filtered_by_cwe(app, create_cves, args, result): create_cves([ "CVE-2018-18074", "CVE-2020-9392", "CVE-2020-26116", "CVE-2020-27781" ]) with app.test_request_context(): cves = CveController.list_items(args) assert sorted([cve.cve_id for cve in cves]) == result
def cves(): objects, metas, pagination = CveController.list(request.args) return render_template( "cves.html", cves=objects, vendor=metas.get("vendor"), product=metas.get("product"), pagination=pagination, )
def test_metas(app, create_cves): create_cves(["CVE-2018-18074", "CVE-2020-9392", "CVE-2020-26116", "CVE-2020-27781"]) with app.test_request_context(): cves, metas, _ = CveController.list() assert len(cves.items) == 4 assert metas == {"vendor": None, "product": None, "tag": None} cves, metas, _ = CveController.list({"vendor": "python"}) assert len(cves.items) == 1 assert metas["vendor"].name == "python" cves, metas, _ = CveController.list( {"vendor": "redhat", "product": "ceph_storage"} ) assert len(cves.items) == 1 assert metas["vendor"].name == "redhat" assert metas["product"].name == "ceph_storage"
def cve(cve_id): cve = CveController.get({"cve_id": cve_id}) vendors = convert_cpes(cve.json["configurations"]) cwes = get_cwes_details( cve.json["cve"]["problemtype"]["problemtype_data"][0]["description"]) return render_template("cve.html", cve=cve, cve_dumped=json.dumps(cve.json), vendors=vendors, cwes=cwes)
def test_filtered_by_tags(app, create_cve, create_user): cve_2018_18074 = create_cve("CVE-2018-18074") cve_2020_9392 = create_cve("CVE-2020-9392") cve_2020_26116 = create_cve("CVE-2020-26116") create_cve("CVE-2020-27781") user = create_user() user.tags = [ UserTag(name="tag1", description="foo", color="#fff"), UserTag(name="tag2", description="foo", color="#fff"), ] db.session.add(CveTag(user_id=user.id, cve_id=cve_2018_18074.id, tags=["tag1"])) db.session.add( CveTag(user_id=user.id, cve_id=cve_2020_9392.id, tags=["tag1", "tag2"]) ) db.session.add(CveTag(user_id=user.id, cve_id=cve_2020_26116.id, tags=["tag2"])) db.session.commit() # Tag is not in user's list of tags with pytest.raises(NotFound): CveController.list_items({"user_id": user.id, "tag": "notfound"}) with app.test_request_context(): cves = CveController.list_items() assert sorted([cve.cve_id for cve in cves]) == [ "CVE-2018-18074", "CVE-2020-26116", "CVE-2020-27781", "CVE-2020-9392", ] cves = CveController.list_items({"user_id": user.id, "tag": "tag1"}) assert sorted([cve.cve_id for cve in cves]) == [ "CVE-2018-18074", "CVE-2020-9392", ] cves = CveController.list_items({"user_id": user.id, "tag": "tag2"}) assert sorted([cve.cve_id for cve in cves]) == [ "CVE-2020-26116", "CVE-2020-9392", ]
def test_list_cves(app, create_cves): create_cves(["CVE-2018-18074", "CVE-2020-9392", "CVE-2020-26116", "CVE-2020-27781"]) with app.test_request_context(): cves = CveController.list_items() assert len(cves) == 4 assert sorted([cve.cve_id for cve in cves]) == [ "CVE-2018-18074", "CVE-2020-26116", "CVE-2020-27781", "CVE-2020-9392", ]
def cves(): args = request.args user_tags = [] if current_user.is_authenticated: args = {**request.args, "user_id": current_user.id} user_tags = UserTagController.list_items({"user_id": current_user.id}) objects, metas, pagination = CveController.list(args) return render_template( "cves.html", cves=objects, vendor=metas.get("vendor"), product=metas.get("product"), tag=metas.get("tag"), user_tags=user_tags, pagination=pagination, )
def get(self, name): VendorController.get({"name": name}) return CveController.list_items({**request.args, "vendor": name})
def get(self, id): return CveController.get({"cve_id": id})
def get(self): return CveController.list_items(request.args)
def get(self, id): CweController.get({"cwe_id": id}) return CveController.list_items({**request.args, "cwe": id})
def test_vendors_products_not_found(app): with app.test_request_context(): with pytest.raises(NotFound): CveController.list_items({"vendor": "foo"}) with pytest.raises(NotFound): CveController.list_items({"vendor": "foo", "product": "bar"})
def test_filtered_by_vendors_products(app, create_cves, args, result): create_cves(["CVE-2019-8075", "CVE-2019-17052", "CVE-2020-27781"]) with app.test_request_context(): cves = CveController.list_items(args) assert sorted([cve.cve_id for cve in cves]) == result
def get(self, vendor, product): ProductController.get({"vendor": vendor, "product": product}) return CveController.list_items( {**request.args, "vendor": vendor, "product": product} )