def setUp(self): self.db = DatabaseLayer(_db="cvedb_test") self.capec1 = CAPEC(id="10000", name="test_capec", summary="no summary", prerequisites="No prerequisites", solutions="There's no solution", weaknesses=["10000"]) self.cwe1 = CWE(id="10000", name="test_cwe", description="test cwe", status="testing", weakness='Testing') self.cpe1 = CPE(id="cpe:/a:test:test1", title="Test CPE 1", references=[]) self.cpe2 = CPE(id="cpe:2.3:a:test:test2", title="Test CPE 2", references=[]) self.cve1 = CVE(id="CVE-0001-0001", cvss=0.1, summary="Test Vulnerability", vulnerable_configuration=[self.cpe1, self.cpe2], published=datetime.datetime(2017, 1, 1), impact=Impact("None", "None", "None"), access=Access("Low", "None", "Local"), cwe=self.cwe1) self.db.CAPEC.upsert(self.capec1) self.db.CWE.upsert(self.cwe1) self.db.CPE.upsert([self.cpe1, self.cpe2]) self.db.CVE.upsert(self.cve1)
def setUp(self): self.db = DatabaseLayer(_db="cvedb_test") self.capec1 = CAPEC(id="10000", name="test_capec", summary="no summary", prerequisites="No prerequisites", solutions="There's no solution", weaknesses=[]) self.cwe1 = CWE(id="10000", name="test_cwe", description="test cwe", status="testing", weakness='Testing') self.cpe1 = CPE(id="cpe:/a:test:test1", title="Test CPE 1", references=[]) self.cpe2 = CPE(id="cpe:2.3:a:test:test2", title="Test CPE 2", references=[])
def cpe_regex(self, regex, alternative): data = list(self.colCPE.find({"id": {"$regex": regex}})) if alternative: data.extend(list(self.colCPEOTHER.find({"id": {"$regex": regex}}))) return [CPE(x) for x in self.sanitize(data)] or []
def cpe_getAllAlternative(self): return [CPE(x) for x in self.sanitize(self.colCPEOTHER.find())] or []
def cpe_getAll(self): return [CPE.fromDict(x) for x in self.sanitize(self.colCPE.find())] or []
def cpe_get(self, id): cpe = self.sanitize(self.colCPE.find_one({"id": id})) return CPE.fromDict(cpe) if cpe else None
def test_fail_create_cpe(self): try: CPE(id=1, title="Test CPE 2", references=()) self.fail("Object should not be created") except TypeError as e: assert "id is supposed to be of type str, not int" == str(e)
def test_create_cpe(self): CPE(id="cpe:/a:test:test1", title="Test CPE 1", references=[]) CPE(id="cpe:2.3:a:test:test2", title="Test CPE 2", references=())
if not indexed: indexed = 0 if icve and icpeo: if icpeo == icve: print("Not modified") sys.exit(0) cves = db.CVE.query(skip=indexed, sort=("Published", "asc")) if not cves: print("Empty collections, import skipped") sys.exit(2) unique = set() for cve in progressbar(cves): for cpe in cve.vulnerable_configuration: unique.add(cpe.id) indexed_cpe = set() for cpe in unique: if db.CPE.get(cpe): unique.add(cpe) for cpe in indexed_cpe: unique.remove(cpe) if len(unique) > 0: db.CPE.alternative_upsert([CPE(x) for x in unique]) #update database info after successful program-run db.CVE.updated(icve) db.CPE.alternative_updated(icve, (indexed + len(cves)))
def get(self, id): cpe = self.db.cpe_get(toStringFormattedCPE(id)) return cpe if cpe else CPE(id)
self.referencetag = False self.href = None # make parser parser = make_parser() ch = CPEHandler() parser.setContentHandler(ch) db = DatabaseLayer() # check modification date try: (f, r) = Configuration.getFeedData('cpe') except: sys.exit("Cannot open url %s. Bad URL or not connected to the internet?" % (Configuration.getFeedURL("cpe"))) i = db.CPE.updated() last_modified = parse_datetime(r.headers['last-modified'], ignoretz=True) if i is not None: if last_modified == i: print("Not modified") sys.exit(0) # parse xml and store in database parser.parse(f) cpeList = [] for x in progressbar(ch.cpe): cpeList.append(CPE(x['name'], x['title'][0], x['references'])) db.CPE.upsert(cpeList) #update database info after successful program-run db.CPE.updated(last_modified)