def cve(cve_id):
cvesp = CveHandler(
rankinglookup=True,
namelookup=True,
via4lookup=True,
capeclookup=True,
subscorelookup=True,
)
cve = cvesp.getcve(cveid=cve_id.upper())
if cve is None:
return render_template("error.html",
status={
"except": "cve-not-found",
"info": {
"cve": cve_id
}
})
if app.config["WebInterface"]:
cve = markCPEs(cve)
plugManager.onCVEOpen(cve_id, **pluginArgs)
pluginData = plugManager.cvePluginInfo(cve_id, **pluginArgs)
return render_template("cve.html", cve=cve, plugins=pluginData)
else:
return render_template("cve.html", cve=cve)
def watchlist_cve(cveid):
entity = request.args.get('entity')
product = request.args.get('product')
cvesp = CveHandler(
rankinglookup=True,
namelookup=True,
via4lookup=True,
capeclookup=True,
subscorelookup=True,
)
cve = cvesp.getcve(cveid=cveid.upper())
if cve is None:
return render_template("error.html",
status={
"except": "cve-not-found",
"info": {
"cve": cveid
}
})
wcve = getWatchlistCVE(cveid, entity, product)
if wcve and 'comment' in wcve:
comment = wcve['comment']
else:
comment = None
return render_template("watchlistCve.html",
cve=cve,
entity=entity,
product=product,
comment=comment)
def api_cve(self, cveid):
cvesp = CveHandler(
rankinglookup=True, namelookup=True, via4lookup=True, capeclookup=True
)
cve = cvesp.getcve(cveid=cveid.upper())
if not cve:
raise (APIError("cve not found", 404))
return cve
def qcvesForCPE(cpe, limit=0):
cpe = toStringFormattedCPE(cpe)
data = []
if cpe:
cvesp = CveHandler(
rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False
)
r = cvesForCPE(cpe, limit=limit)
for x in r["results"]:
data.append(cvesp.getcve(x["id"]))
return data
def cve(self, cveid):
cveid = cveid.upper()
cvesp = CveHandler(
rankinglookup=True,
namelookup=True,
via4lookup=True,
capeclookup=True,
subscorelookup=True,
)
cve = cvesp.getcve(cveid=cveid)
if cve is None:
return render_template("error.html",
status={
"except": "cve-not-found",
"info": {
"cve": cveid
}
})
cve = self.markCPEs(cve)
self.plugManager.onCVEOpen(cveid, **self.pluginArgs)
pluginData = self.plugManager.cvePluginInfo(cveid, **self.pluginArgs)
return render_template("cve.html", cve=cve, plugins=pluginData)
def cve(cve_id):
cvesp = CveHandler(
rankinglookup=True,
namelookup=True,
via4lookup=True,
capeclookup=True,
subscorelookup=True,
)
cve = cvesp.getcve(cveid=cve_id.upper())
if cve is None:
return (
render_template(
"error.html",
status={"except": "cve-not-found", "info": {"cve": cve_id}},
),
404,
)
if app.config["WebInterface"]:
cve = markCPEs(cve)
return render_template("cve.html", cve=cve)
else:
return render_template("cve.html", cve=cve)
runPath = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(runPath, ".."))
from lib.CVEs import CveHandler
from lib.DatabaseLayer import getCVEIDs
argParser = argparse.ArgumentParser(description='Dump database in JSON format')
argParser.add_argument('-r', default=False, action='store_true', help='Include ranking value')
argParser.add_argument('-v', default=False, action='store_true', help='Include via4 map')
argParser.add_argument('-c', default=False, action='store_true', help='Include CAPEC information')
argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)')
args = argParser.parse_args()
rankinglookup = args.r
via4lookup = args.v
capeclookup = args.c
cves = CveHandler(rankinglookup=rankinglookup, via4lookup=via4lookup, capeclookup=capeclookup)
for cveid in getCVEIDs(limit=args.l):
item = cves.getcve(cveid=cveid)
if 'cvss' in item:
if type(item['cvss']) == str:
item['cvss'] = float(item['cvss'])
date_fields = ['cvss-time', 'Modified', 'Published']
for field in date_fields:
if field in item:
item[field] = str(item[field])
print(json.dumps(item, sort_keys=True, default=json_util.default))
with ix.searcher() as searcher:
if not args.o:
query = QueryParser("content", ix.schema).parse(" ".join(args.q))
else:
query = QueryParser("content",
schema=ix.schema,
group=qparser.OrGroup).parse(" ".join(args.q))
results = searcher.search(query, limit=None)
for x in results:
if not args.f:
print(x["path"])
else:
print(
json.dumps(
cves.getcve(x["path"]),
sort_keys=True,
default=json_util.default,
))
if args.t and not args.f:
print(" -- " + x["title"])
elif args.m:
xr = ix.searcher().reader()
for x in xr.most_frequent_terms("content", number=args.m):
sys.stdout.write(str(int(x[0])))
sys.stdout.write(",")
sys.stdout.write(x[1].decode("utf-8"))
sys.stdout.write("\n")
elif args.l and not args.g:
xr = ix.searcher().reader()
for x in xr.lexicon("content"):
