def bookmark(): bms = request.args.get('cve', type=str).split(",") try: dbLayer.addBookmarks(current_user.get_id(), bms) return jsonify({"status":"success"}) except: return jsonify({"status": "failure"})
def onCVEAction(self, cve, action, **args): if action in ["json", "pdf", "webview"]: data = args["fields"]['scan'][0] store = bool(args["fields"]['store'][0]) tags = args["fields"]['tags'][0].split(",") notes = args["fields"]['notes'][0] data = self.handle_scan(data, action, tags, notes, store) return {'status': 'plugin_action_complete', 'data': data} elif action in ["save_settings"]: try: data = {"reaper.enable": toBool(args["fields"]["reaper_enable"][0]), "reaper.folder": args["fields"]["reaper_folder"][0], "reaper.store": toBool(args["fields"]["reaper_store"][0]), "output.enable": toBool(args["fields"]["output_enable"][0]), "output.type": args["fields"]["output_type"][0], "output.folder": args["fields"]["output_folder"][0] } if data["output.type"] not in ["json", "pdf", "webview"]: return False if not data["reaper.folder"]: data["reaper.folder"] = "./cve-scan" if not data["output.folder"]: data["output.folder"] = "./cve-scan-output" for key, val in data.items(): db.p_writeSetting(self.collection, key, val) self._set_reaper_status() except Exception as e: print(e) return False return True return False
def setIndex(col, field, printSuccess = True): try: dbLayer.ensureIndex(col, field) if printSuccess: print('[+]Success to create index %s on %s' % (field, col)) except Exception as e: print('[-]Failed to create index %s on %s: %s' % (col, field, e))
def mark(self, cve, **args): user = args["current_user"].get_id() if db.p_readUserSetting(self.collectionName, user, "mark") == "show": color = db.p_readUserSetting(self.collectionName, user, "markcolor") userdata = db.p_queryOne(self.collectionName, {'user': user}) if userdata and 'cves' in userdata and cve in userdata['cves']: return (None, color)
def getCVEActions(self, cve, **args): if db.p_readUserSetting(self.collectionName, args["current_user"].get_id(), "buttons") == "show": userdata = db.p_queryOne(self.collectionName, {'user': args["current_user"].get_id()}) if userdata and 'cves' in userdata and cve in userdata['cves']: return [{'text': 'Unsee', 'action': 'unsee', 'icon': 'eye-close'}] else: return [{'text': 'See', 'action': 'see', 'icon': 'eye-open'}]
def listAdd(): cpe = request.args.get('cpe') cpeType = request.args.get('type') lst = request.args.get('list') status = ["added", "success"] if addCPEToList(cpe, lst, cpeType) else ["already_exists", "info"] returnList = dbLayer.getWhitelist() if lst=="whitelist" else dbLayer.getBlacklist() return jsonify({"status":status, "rules":returnList, "listType":lst.title()})
def verifyPass(password, user): if not dbLayer.userExists(user): sys.exit(exits['userNotInDb']) dbPass = dbLayer.getUser(user)['password'] if not pbkdf2_sha256.verify(password, dbPass): sys.exit(exits['userpasscombo']) return True
def unbookmark(): bms = request.args.get('cve', type=str).split(",") try: dbLayer.removeBookmarks(current_user.get_id(), bms) return jsonify({"status":"success"}) except Exception as e: print(e) return jsonify({"status": "failure"})
def filter_logic(f, limit, skip): query = [] # retrieving lists if f['blacklistSelect'] == "on": regexes = db.getRules('blacklist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if f['whitelistSelect'] == "hide": regexes = db.getRules('whitelist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if f['unlistedSelect'] == "hide": wlregexes = compile(db.getRules('whitelist')) blregexes = compile(db.getRules('blacklist')) query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}}, {'vulnerable_configuration': {'$in': blregexes}}]}) if f['rejectedSelect'] == "hide": exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)" query.append({'summary': re.compile(exp)}) # plugin filters query.extend(plugManager.doFilter(f, **pluginArgs())) # cvss logic if f['cvssSelect'] == "above": query.append({'cvss': {'$gt': float(f['cvss'])}}) elif f['cvssSelect'] == "equals": query.append({'cvss': float(f['cvss'])}) elif f['cvssSelect'] == "below": query.append({'cvss': {'$lt': float(f['cvss'])}}) # date logic if f['timeSelect'] != "all": if f['startDate']: startDate = parse_datetime(f['startDate'], ignoretz=True, dayfirst=True) if f['endDate']: endDate = parse_datetime(f['endDate'], ignoretz=True, dayfirst=True) if f['timeSelect'] == "from": query.append({f['timeTypeSelect']: {'$gt': startDate}}) if f['timeSelect'] == "until": query.append({f['timeTypeSelect']: {'$lt': endDate}}) if f['timeSelect'] == "between": query.append({f['timeTypeSelect']: {'$gt': startDate, '$lt': endDate}}) if f['timeSelect'] == "outside": query.append({'$or': [{f['timeTypeSelect']: {'$lt': startDate}}, {f['timeTypeSelect']: {'$gt': endDate}}]}) cve=db.getCVEs(limit=limit, skip=skip, query=query) # marking relevant records if f['whitelistSelect'] == "on": cve = whitelist_mark(cve) if f['blacklistSelect'] == "mark": cve = blacklist_mark(cve) plugManager.mark(cve, **pluginArgs()) cve = list(cve) return cve
def unseen(r): if not r: r = 0 seenlist=request.form.get('list').split(",") # retrieving data if current_user.is_authenticated(): dbLayer.removeSeenCVEs(current_user.get_id(), seenlist) settings, cve = getFilterSettingsFromPost(r) return render_template('index.html', settings=settings, cve=cve, r=r, pageLength=pageLength)
def listAdd(): cpe = request.args.get('cpe') cpeType = request.args.get('type') lst = request.args.get('list') if cpe and cpeType and lst: status = "added_to_list" if addCPEToList(cpe, lst, cpeType) else "already_exists_in_list" returnList = db.getWhitelist() if lst=="whitelist" else db.getBlacklist() return jsonify({"status":status, "rules":returnList, "listType":lst.title()}) else: return jsonify({"status": "could_not_add_to_list"})
def _userAlowed(self, user): if user.is_authenticated(): group = db.p_readSetting(self.collectionName, "group") if not group: db.p_writeSetting(self.collectionName, "group", []) group = [] if user.get_id() in group: return True return False
def dropCollection(self): try: count = self.countItems() db.drop("mgmt_"+self.collection.lower()) if self.args.v: print("collection of %s items dropped"%(count)) except Exception as ex: print("Error dropping the database: %s"%(ex)) sys.exit()
def getCVEActions(self, cve, **args): if self._userAlowed(args["current_user"]): if db.p_readUserSetting(self.collectionName, args["current_user"].get_id(), "buttons") == "show": userdata = db.p_queryOne(self.collectionName, {}) shortname = self.shortName + " " if self.shortName else "" if userdata and 'cves' in userdata and cve in userdata['cves']: return [{'text': shortname+'Uncheck', 'action': 'uncheck', 'icon': 'check'}] else: return [{'text': shortname+'Check', 'action': 'check', 'icon': 'unchecked'}]
def cve(cveid): cveid = cveid.upper() cvesp = cves.last(rankinglookup=True, namelookup=True, vfeedlookup=True, capeclookup=True,subscorelookup=True) cve = cvesp.getcve(cveid=cveid) if cve is None: return render_template('error.html',status={'except':'cve-not-found','info':{'cve':cveid}}) cve = markCPEs(cve) if current_user.is_authenticated(): dbLayer.addSeenCVEs(current_user.get_id(), cveid) return render_template('cve.html', cve=cve)
def change_pass(self): current_pass = request.args.get('current_pass') new_pass = request.args.get('new_pass') if current_user.authenticate(current_pass): if new_pass: db.changePassword(current_user.id , new_pass) return jsonify({"status": "password_changed"}) return jsonify({"status": "no_password"}) else: return jsonify({"status": "wrong_user_pass"})
def getcpe(self, cpeid=None): if not(self.namelookup): return cpeid e = db.getCPE(cpeid) if e is None: e = db.getAlternativeCPE(cpeid) if e is None: return cpeid if 'id' in e: return e['title']
def change_pass(): current_pass = request.args.get('current_pass') new_pass = request.args.get('new_pass') if pbkdf2_sha256.verify(current_pass, current_user.password): if new_pass: new_pass = pbkdf2_sha256.encrypt(new_pass, rounds=8000, salt_size=10) db.changePassword(current_user.id , new_pass) return jsonify({"status": "password_changed"}) return jsonfiy({"status": "no_password"}) else: return jsonify({"status": "wrong_user_pass"})
def listEdit(): oldCPE = request.args.get('oldCPE') newCPE = request.args.get('cpe') lst = request.args.get('list') CPEType = request.args.get('type') if oldCPE and newCPE: result = updateWhitelist(oldCPE, newCPE, CPEType) if lst=="whitelist" else updateBlacklist(oldCPE, newCPE, CPEType) status = "cpelist_updated" if (result) else "cpelist_update_failed" else: status = "invalid_cpe" returnList = list(db.getWhitelist()) if lst=="whitelist" else list(db.getBlacklist()) return jsonify({"rules":returnList, "status":status, "listType":lst})
def _store_in_db(self, scan, reaper=False, notes=None, tags=None): if reaper and not self._getSetting("reaper.store", False): return # Hash calculation to prevent duplicates sha1=codecs.encode(hashlib.sha1(json.dumps(scan).encode('utf-8')).digest(), "hex").decode("utf-8") if not db.p_queryData(self.collection, {'sha1': sha1}): data={"scan": scan, "sha1": sha1} if type(notes) == str: data["notes"] = notes if type(tags) == list: data["tags"] = tags db.p_addEntry(self.collection, data) return True return False
def listRemove(): cpe = request.args.get('cpe', type=str) cpe = urllib.parse.quote_plus(cpe).lower() cpe = cpe.replace("%3a", ":") cpe = cpe.replace("%2f", "/") lst = request.args.get('list', type=str) if cpe and lst: result=removeWhitelist(cpe) if lst.lower()=="whitelist" else removeBlacklist(cpe) status = "removed_from_list" if (result > 0) else "already_removed_from_list" else: status = "invalid_cpe" returnList = db.getWhitelist() if lst=="whitelist" else db.getBlacklist() return jsonify({"status":status, "rules":returnList, "listType":lst.title()})
def cve(cveid): cveid = cveid.upper() cvesp = cves.last(rankinglookup=True, namelookup=True, vfeedlookup=True, capeclookup=True, subscorelookup=True) cve = cvesp.getcve(cveid=cveid) if cve is None: return render_template("error.html", status={"except": "cve-not-found", "info": {"cve": cveid}}) cve = markCPEs(cve) if current_user.is_authenticated(): db.addSeenCVEs(current_user.get_id(), cveid) bookmarked = "yes" if cveid in db.bookmarks(current_user.get_id()) else "no" else: bookmarked = None return render_template("cve.html", cve=cve, bookmarked=bookmarked)
def listRemove(): cpe = request.args.get('cpe', type=str) cpe = urllib.parse.quote_plus(cpe).lower() cpe = cpe.replace("%3a", ":") cpe = cpe.replace("%2f", "/") lst = request.args.get('list', type=str) if cpe: result=removeWhitelist(cpe) if lst=="whitelist" else removeBlacklist(cpe) status = ["removed", "success"] if (result > 0) else ["already_removed", "info"] else: status = ["invalid_url", "error"] returnList = dbLayer.getWhitelist() if lst=="whitelist" else dbLayer.getBlacklist() return jsonify({"status":status, "rules":returnList, "listType":lst.title()})
def __init__(self): self.name = "Notes" self.requiresAuth = True self.collectionName = "notes" self.noteText=''' <textarea id="noteID_%s" cols="50">%s</textarea> %s <a onclick="$.getJSON('/plugin/%s/_cve_action/save',{cve: '%s', id: '%s', text: $('#noteID_%s').val()},function(data){parseStatus(data);window.location='/cve/%s'});"> <span class="glyphicon glyphicon-save" aria-hidden="true"></span></a>''' self.noteRemove=''' <a onclick="$.getJSON('/plugin/%s/_cve_action/delete',{cve: '%s', id: '%s'},function(data){parseStatus(data);window.location='/cve/%s'})"> <span class="glyphicon glyphicon-remove" aria-hidden="true"></span></a>''' # Ensure the database settings exist nid = db.p_readSetting(self.collectionName, "last_note") if not nid: db.p_writeSetting(self.collectionName, "last_note", 0)
def listEdit(): oldCPE = request.args.get('oldCPE') newCPE = request.args.get('cpe') lst = request.args.get('list') CPEType = request.args.get('type') if oldCPE and newCPE: result = updateWhitelist(oldCPE, newCPE, CPEType) if lst=="whitelist" else updateBlacklist(oldCPE, newCPE, CPEType) if (result): status = ["updated", "success"] else: status = ["update_failed", "error"] else: status = ["invalid_url", "error"] returnList = list(dbLayer.getWhitelist()) if lst=="whitelist" else list(dbLayer.getBlacklist()) return jsonify({"rules":returnList, "status":status, "listType":lst})
def filter_logic(unlisted, timeSelect, startDate, endDate, timeTypeSelect, cvssSelect, cvss, rejectedSelect, limit, skip): query = [] # retrieving lists if rejectedSelect == "hide": exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)" query.append({'summary': re.compile(exp)}) # cvss logic if cvssSelect != "all": if cvssSelect == "above": query.append({'cvss': {'$gt': float(cvss)}}) if cvssSelect == "equals": query.append({'cvss': float(cvss)}) if cvssSelect == "below": query.append({'cvss': {'$lt': float(cvss)}}) # date logic if timeSelect != "all": startDate = convertDateToDBFormat(startDate) endDate = convertDateToDBFormat(endDate) if timeSelect == "from": query.append({timeTypeSelect: {'$gt': startDate}}) if timeSelect == "until": query.append({timeTypeSelect: {'$lt': endDate}}) if timeSelect == "between": query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}}) if timeSelect == "outside": query.append({'$or': [{timeTypeSelect: {'$lt': startDate}}, {timeTypeSelect: {'$gt': endDate}}]}) return dbLayer.getCVEs(limit=limit, skip=skip, query=query)
def getcve(self, cveid=None): if cveid is not None: e = db.getCVE(cveid, collection=self.collection) if e is None: return None if "cwe" in e and self.capeclookup: if e['cwe'].lower() != 'unknown': e['capec'] = self.getcapec(cweid=(e['cwe'].split('-')[1])) if "vulnerable_configuration" in e: vulconf = [] ranking = [] for conf in e['vulnerable_configuration']: vulconf.append({'id': conf, 'title': self.getcpe(cpeid=conf)}) if self.rankinglookup: rank = self.getranking(cpeid=conf) if rank and rank not in ranking: ranking.append(rank) e['vulnerable_configuration'] = vulconf if self.rankinglookup and len(ranking) > 0: e['ranking'] = ranking if self.reflookup: f = self.getRefs(cveid=cveid) if not isinstance(f, str): g = dict(itertools.chain(e.items(), f.items())) e = g if self.subscorelookup: exploitCVSS=exploitabilityScore(e) impactCVSS =impactScore(e) e['exploitCVSS']=(math.ceil(exploitCVSS*10)/10) if type(exploitCVSS) is not str else exploitCVSS e['impactCVSS']=(math.ceil(impactCVSS*10)/10) if type(impactCVSS) is not str else impactCVSS else: e = None return e
def markCPEs(cve): blacklist = compile(dbLayer.getRules('blacklist')) whitelist = compile(dbLayer.getRules('whitelist')) for conf in cve['vulnerable_configuration']: conf['list'] = 'none' conf['match'] = 'none' for w in whitelist: if w.match(conf['id']): conf['list'] = 'white' conf['match'] = w for b in blacklist: if b.match(conf['id']): conf['list'] = 'black' conf['match'] = b return cve
def get(self, limit=5, skip=0): entries = [] for item in db.getCVEs(limit=limit, skip=skip, collection=self.collection): if not(self.namelookup) and not(self.rankinglookup): entries.append(item) elif self.namelookup or self.rankinglookup: if "vulnerable_configuration" in item: vulconf = [] ranking = [] for conf in item['vulnerable_configuration']: vulconf.append(self.getcpe(cpeid=conf)) if self.rankinglookup: rank = self.getranking(cpeid=conf) if rank and rank not in ranking: ranking.append(rank) item['vulnerable_configuration'] = vulconf if self.rankinglookup: item['ranking'] = ranking if "ranking" in item: if len(item['ranking']) == 0: del(item['ranking']) if "cwe" in item and self.capeclookup: if item['cwe'].lower() != 'unknown': item['capec'] = self.getcapec(cweid=(item['cwe'].split('-')[1])) entries.append(item) return (entries)
def searchText(): search = request.form.get('search') try: cve=dbLayer.getFreeText(search) except: return render_template('error.html', status={'except':'textsearch-not-enabled'}) return render_template('search.html', cve=cve)
# dict cpedict = Configuration.getCPEDict() # make parser parser = make_parser() ch = CPEHandler() parser.setContentHandler(ch) # check modification date try: f = Configuration.getFile(cpedict) except: sys.exit("Cannot open url %s. Bad URL or not connected to the internet?" % (cpedict)) i = db.getLastModified('cpe') last_modified = parse_datetime(f.headers['last-modified'], ignoretz=True) if i is not None: if last_modified == i: print("Not modified") sys.exit(0) # parse xml and store in database parser.parse(f) cpeList = [] for x in progressbar(ch.cpe): x['id'] = toStringFormattedCPE(x['name']) x['title'] = x['title'][0] x['cpe_2_2'] = x.pop('name') if not x['references']: x.pop('references') cpeList.append(x) db.bulkUpdate("cpe", cpeList)
def search(self, text, **args): threat = [x["id"] for x in db.p_queryData(self.collectionName, {'threats': {"$regex": text, "$options": "-i"}})] misp_tag = [x["id"] for x in db.p_queryData(self.collectionName, {'tags': {"$regex": text, "$options": "-i"}})] return [{'n': 'Threat', 'd': threat}, {'n': 'MISP tag', 'd': misp_tag}]
def api_admin_get_token(self): method, name, key = Advanced_API.getAuth() return db.getToken(name)
def filter_logic(self, filters, skip, limit=None): query = self.generate_minimal_query(filters) limit = limit if limit else self.args['pageLength'] return db.getCVEs(limit=limit, skip=skip, query=query)
def filter_logic(f, limit, skip): query = [] # retrieving lists if f['blacklistSelect'] == "on": regexes = db.getRules('blacklist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({ '$or': [{ 'vulnerable_configuration': re.compile(exp) }, { 'vulnerable_configuration': { '$exists': False } }, { 'vulnerable_configuration': [] }] }) if f['whitelistSelect'] == "hide": regexes = db.getRules('whitelist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({ '$or': [{ 'vulnerable_configuration': re.compile(exp) }, { 'vulnerable_configuration': { '$exists': False } }, { 'vulnerable_configuration': [] }] }) if f['unlistedSelect'] == "hide": wlregexes = compile(db.getRules('whitelist')) blregexes = compile(db.getRules('blacklist')) query.append({ '$or': [{ 'vulnerable_configuration': { '$in': wlregexes } }, { 'vulnerable_configuration': { '$in': blregexes } }] }) if f['rejectedSelect'] == "hide": exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)" query.append({'summary': re.compile(exp)}) # plugin filters query.extend(plugManager.doFilter(f, **pluginArgs())) # cvss logic if f['cvssSelect'] == "above": query.append({'cvss': {'$gt': float(f['cvss'])}}) elif f['cvssSelect'] == "equals": query.append({'cvss': float(f['cvss'])}) elif f['cvssSelect'] == "below": query.append({'cvss': {'$lt': float(f['cvss'])}}) # date logic if f['timeSelect'] != "all": if f['startDate']: startDate = parse_datetime(f['startDate'], ignoretz=True, dayfirst=True) if f['endDate']: endDate = parse_datetime(f['endDate'], ignoretz=True, dayfirst=True) if f['timeSelect'] == "from": query.append({f['timeTypeSelect']: {'$gt': startDate}}) if f['timeSelect'] == "until": query.append({f['timeTypeSelect']: {'$lt': endDate}}) if f['timeSelect'] == "between": query.append( {f['timeTypeSelect']: { '$gt': startDate, '$lt': endDate }}) if f['timeSelect'] == "outside": query.append({ '$or': [{ f['timeTypeSelect']: { '$lt': startDate } }, { f['timeTypeSelect']: { '$gt': endDate } }] }) cve = db.getCVEs(limit=limit, skip=skip, query=query) # marking relevant records if f['whitelistSelect'] == "on": cve = whitelist_mark(cve) if f['blacklistSelect'] == "mark": cve = blacklist_mark(cve) plugManager.mark(cve, **pluginArgs()) cve = list(cve) return cve
def adminInfo(output=None): return { 'stats': db.getDBStats(), 'plugins': plugManager.getPlugins(), 'updateOutput': filterUpdateField(output) }
def nbelement(collection=None): if collection is None or collection == "cve": collection = "cves" return db.getSize(collection)
def relatedCWE(self, cweid): cwes={x["id"]: x["name"] for x in self.api_cwe()} return render_template('cwe.html', cwes=cwes, cwe=cweid, capec=db.getCAPECFor(cweid), minimal=self.minimal)
def capec(self, capecid): cwes={x["id"]: x["name"] for x in self.api_cwe()} return render_template('capec.html', cwes=cwes, capec=db.getCAPEC(capecid), minimal=self.minimal)
def isCVESearchUser(self, user): return db.userExists(user)
action='store_true', help='Include ranking value') argParser.add_argument('-v', default=False, action='store_true', help='Include vfeed map') argParser.add_argument('-c', default=False, action='store_true', help='Include CAPEC information') argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)') args = argParser.parse_args() rankinglookup = args.r vfeedlookup = args.v capeclookup = args.c l = cves.last(rankinglookup=rankinglookup, vfeedlookup=vfeedlookup, capeclookup=capeclookup) for cveid in db.getCVEIDs(limit=args.l): item = l.getcve(cveid=cveid) if 'cvss' in item: if type(item['cvss']) == str: item['cvss'] = float(item['cvss']) print(json.dumps(item, sort_keys=True, default=json_util.default))
def api_search(self, vendor=None, product=None): if vendor is None or product is None: return jsonify({}) search = vendor + ":" + product # Not using query.cvesForCPE, because that one gives too much info #return json.dumps(db.cvesForCPE(search), default=json_util.default) return db.cvesForCPE(search)
def api_cwe(self, cwe_id=None): return db.getCAPECFor(str(cwe_id)) if cwe_id else db.getCWEs()
def apisearch(vendor=None, product=None): if vendor is None or product is None: return jsonify({}) search = vendor + ":" + product return json.dumps(db.cvesForCPE(search), default=json_util.default)
def api_admin_generate_token(self): method, name, key = Advanced_API.getAuth() return db.generateBearer(name)
def api_admin_whitelist(self): return db.getWhitelist()
def apidbInfo(): return json.dumps(db.getDBStats(), default=json_util.default)
def api_dbInfo(self): return db.getDBStats()
def api_admin_blacklist(self): return db.getBlacklist()
def cwe(): cwes = [x for x in db.getCWEs() if x["weaknessabs"].lower() == "class"] #cwes=db.getCWEs() return render_template('cwe.html', cwes=cwes, capec=None)
def is_admin(self, id): user_obj = db.getUser(id) if not user_obj: return False return user_obj.get('master', False)
log("==========================") log(time.strftime("%a %d %B %Y %H:%M", time.gmtime())) log("==========================") if not args.l: loop = False newelement = 0 for source in sources: if not Configuration.includesFeed( source['name']) and source['name'] is not "redis-cache-cpe": continue if args.f and source['name'] is not "redis-cache-cpe": log("Dropping collection: " + source['name']) dropcollection(collection=source['name']) log(source['name'] + " dropped") if source['name'] is "cpeother": if "cpeother" not in db.getTableNames(): continue if source['name'] is not "redis-cache-cpe": log('Starting ' + source['name']) before = nbelement(collection=source['name']) if args.f and source['name'] is "cve": updater = "{} {} {}".format( sys.executable, os.path.join(runPath, "db_mgmt_json.py"), "-pa") subprocess.Popen((shlex.split(updater))).wait() elif args.f and source['name'] is "cpe": updater = "{} {} {}".format( sys.executable, os.path.join(runPath, "db_mgmt_cpe_dictionary.py"), "-pa") subprocess.Popen((shlex.split(updater))).wait() else:
sys.path.append(os.path.join(runPath, "..")) from pymongo import TEXT import lib.DatabaseLayer as dbLayer def setIndex(col, field, printSuccess=True): try: dbLayer.ensureIndex(col, field) if printSuccess: print('[+]Success to create index %s on %s' % (field, col)) except Exception as e: print('[-]Failed to create index %s on %s: %s' % (col, field, e)) setIndex('cpe', 'id') setIndex('cpeother', 'id') setIndex('cves', 'id') setIndex('cves', 'vulnerable_configuration') setIndex('cves', 'Modified') setIndex('cves', [("summary", TEXT)]) setIndex('vendor', 'id') setIndex('via4', 'id') setIndex('mgmt_whitelist', 'id') setIndex('mgmt_blacklist', 'id') setIndex('capec', 'related_weakness') for index in dbLayer.getInfo('via4').get('searchables', []): setIndex('via4', index, False)
def dropcollection(collection=None): if collection is None: return False return db.dropCollection(collection)
def api_text_search(self, search=None): return db.getSearchResults(search)
def api_search(self, vendor=None, product=None): if not (vendor and product): return {} search = vendor + ":" + product # Not using query.cvesForCPE, because that one gives too much info #return json.dumps(db.cvesForCPE(search), default=json_util.default) return db.cvesForCPE(search)
def _getSetting(self, setting, default): s = db.p_readSetting(self.collection, setting) if s is None: db.p_writeSetting(self.collection, setting, default) s = default return s
def api_capec(self, cweid): return db.getCAPEC(cweid)
def getvfeed(self, cveid=None): if not (self.vfeedlookup): return cveid e = db.getvFeed(cveid) return e if e else cveid
def search(self, vendor=None, product=None): search = vendor + ":" + product cve = db.cvesForCPE(search) return render_template('search.html', vendor=vendor, product=product, cve=cve, minimal=self.minimal)