def filter_logic(f, limit, skip): query = [] # retrieving lists if f['blacklistSelect'] == "on": regexes = db.getRules('blacklist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if f['whitelistSelect'] == "hide": regexes = db.getRules('whitelist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if f['unlistedSelect'] == "hide": wlregexes = compile(db.getRules('whitelist')) blregexes = compile(db.getRules('blacklist')) query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}}, {'vulnerable_configuration': {'$in': blregexes}}]}) if f['rejectedSelect'] == "hide": exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)" query.append({'summary': re.compile(exp)}) # plugin filters query.extend(plugManager.doFilter(f, **pluginArgs())) # cvss logic if f['cvssSelect'] == "above": query.append({'cvss': {'$gt': float(f['cvss'])}}) elif f['cvssSelect'] == "equals": query.append({'cvss': float(f['cvss'])}) elif f['cvssSelect'] == "below": query.append({'cvss': {'$lt': float(f['cvss'])}}) # date logic if f['timeSelect'] != "all": if f['startDate']: startDate = parse_datetime(f['startDate'], ignoretz=True, dayfirst=True) if f['endDate']: endDate = parse_datetime(f['endDate'], ignoretz=True, dayfirst=True) if f['timeSelect'] == "from": query.append({f['timeTypeSelect']: {'$gt': startDate}}) if f['timeSelect'] == "until": query.append({f['timeTypeSelect']: {'$lt': endDate}}) if f['timeSelect'] == "between": query.append({f['timeTypeSelect']: {'$gt': startDate, '$lt': endDate}}) if f['timeSelect'] == "outside": query.append({'$or': [{f['timeTypeSelect']: {'$lt': startDate}}, {f['timeTypeSelect']: {'$gt': endDate}}]}) cve=db.getCVEs(limit=limit, skip=skip, query=query) # marking relevant records if f['whitelistSelect'] == "on": cve = whitelist_mark(cve) if f['blacklistSelect'] == "mark": cve = blacklist_mark(cve) plugManager.mark(cve, **pluginArgs()) cve = list(cve) return cve
def filter_logic(self, f, limit, skip, plugManager, **args): query = [] # retrieving lists if f['blacklistSelect'] == "on": regexes = db.getRules('blacklist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if f['whitelistSelect'] == "hide": regexes = db.getRules('whitelist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if f['unlistedSelect'] == "hide": wlregexes = compile(db.getRules('whitelist')) blregexes = compile(db.getRules('blacklist')) query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}}, {'vulnerable_configuration': {'$in': blregexes}}]}) if f['rejectedSelect'] == "hide": exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)" query.append({'summary': re.compile(exp)}) # plugin filters query.extend(plugManager.doFilter(f, **args)) # cvss logic if f['cvssSelect'] == "above": query.append({'cvss': {'$gt': float(f['cvss'])}}) elif f['cvssSelect'] == "equals": query.append({'cvss': float(f['cvss'])}) elif f['cvssSelect'] == "below": query.append({'cvss': {'$lt': float(f['cvss'])}}) # date logic if f['timeSelect'] != "all": if f['startDate']: startDate = parse_datetime(f['startDate'], ignoretz=True, dayfirst=True) if f['endDate']: endDate = parse_datetime(f['endDate'], ignoretz=True, dayfirst=True) if f['timeSelect'] == "from": query.append({f['timeTypeSelect']: {'$gt': startDate}}) if f['timeSelect'] == "until": query.append({f['timeTypeSelect']: {'$lt': endDate}}) if f['timeSelect'] == "between": query.append({f['timeTypeSelect']: {'$gt': startDate, '$lt': endDate}}) if f['timeSelect'] == "outside": query.append({'$or': [{f['timeTypeSelect']: {'$lt': startDate}}, {f['timeTypeSelect']: {'$gt': endDate}}]}) cve=db.getCVEs(limit=limit, skip=skip, query=query) # marking relevant records if f['whitelistSelect'] == "on": cve = self.whitelist_mark(cve) if f['blacklistSelect'] == "mark": cve = self.blacklist_mark(cve) plugManager.mark(cve, **args) cve = list(cve) return cve
def generate_full_query(self, f): query = self.generate_minimal_query(f) if current_user.is_authenticated(): if f['blacklistSelect'] == "on": regexes = db.getRules('blacklist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({ '$or': [{ 'vulnerable_configuration': re.compile(exp) }, { 'vulnerable_configuration': { '$exists': False } }, { 'vulnerable_configuration': [] }] }) if f['whitelistSelect'] == "hide": regexes = db.getRules('whitelist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({ '$or': [{ 'vulnerable_configuration': re.compile(exp) }, { 'vulnerable_configuration': { '$exists': False } }, { 'vulnerable_configuration': [] }] }) if f['unlistedSelect'] == "hide": wlregexes = tk.compile(db.getRules('whitelist')) blregexes = tk.compile(db.getRules('blacklist')) query.append({ '$or': [{ 'vulnerable_configuration': { '$in': wlregexes } }, { 'vulnerable_configuration': { '$in': blregexes } }] }) return query
def markCPEs(self, cve): blacklist = tk.compile(db.getRules('blacklist')) whitelist = tk.compile(db.getRules('whitelist')) for conf in cve['vulnerable_configuration']: conf['list'] = 'none' conf['match'] = 'none' for w in whitelist: if w.match(conf['id']): conf['list'] = 'white' conf['match'] = w for b in blacklist: if b.match(conf['id']): conf['list'] = 'black' conf['match'] = b return cve
def markCPEs(cve): blacklist = compile(dbLayer.getRules('blacklist')) whitelist = compile(dbLayer.getRules('whitelist')) for conf in cve['vulnerable_configuration']: conf['list'] = 'none' conf['match'] = 'none' for w in whitelist: if w.match(conf['id']): conf['list'] = 'white' conf['match'] = w for b in blacklist: if b.match(conf['id']): conf['list'] = 'black' conf['match'] = b return cve
def markCPEs(cve): blacklist = compile(db.getRules("blacklist")) whitelist = compile(db.getRules("whitelist")) for conf in cve["vulnerable_configuration"]: conf["list"] = "none" conf["match"] = "none" for w in whitelist: if w.match(conf["id"]): conf["list"] = "white" conf["match"] = w for b in blacklist: if b.match(conf["id"]): conf["list"] = "black" conf["match"] = b return cve
def list_mark(self, listed, cveList): if listed not in ['white', 'black']: return list(cves) items = tk.compile(db.getRules(listed+'list')) # check the cpes (full or partially) in the black/whitelist for i, cve in enumerate(list(cveList)): # the list() is to ensure we don't have a pymongo cursor object for c in cve['vulnerable_configuration']: if any(regex.match(c) for regex in items): cveList[i][listed+'listed'] = 'yes' return cveList
def blacklist_mark(cve): blacklistitems = compile(dbLayer.getRules('blacklist')) # ensures we're working with a list object, in case we get a pymongo.cursor object cve = list(cve) # check the cpes (full or partially) in the blacklist for cveid in cve: cpes = cveid['vulnerable_configuration'] for c in cpes: if any(regex.match(c) for regex in blacklistitems): cve[cve.index(cveid)]['blacklisted'] = 'yes' return cve
def blacklist_mark(cve): blacklistitems = compile(db.getRules('blacklist')) # ensures we're working with a list object, in case we get a pymongo.cursor object cve = list(cve) # check the cpes (full or partially) in the blacklist for cveid in cve: cpes = cveid['vulnerable_configuration'] for c in cpes: if any(regex.match(c) for regex in blacklistitems): cve[cve.index(cveid)]['blacklisted'] = 'yes' return cve
def whitelist_mark(cve): whitelistitems = compile(db.getRules("whitelist")) # ensures we're working with a list object, in case we get a pymongo.cursor object cve = list(cve) # check the cpes (full or partially) in the whitelist for cveid in cve: cpes = cveid["vulnerable_configuration"] for c in cpes: if any(regex.match(c) for regex in whitelistitems): cve[cve.index(cveid)]["whitelisted"] = "yes" return cve
def generate_full_query(self, f): query = self.generate_minimal_query(f) if current_user.is_authenticated(): if f['blacklistSelect'] == "on": regexes = db.getRules('blacklist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if f['whitelistSelect'] == "hide": regexes = db.getRules('whitelist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if f['unlistedSelect'] == "hide": wlregexes = tk.compile(db.getRules('whitelist')) blregexes = tk.compile(db.getRules('blacklist')) query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}}, {'vulnerable_configuration': {'$in': blregexes}}]}) return query
def filter_logic(blacklist, whitelist, unlisted, timeSelect, startDate, endDate, timeTypeSelect, cvssSelect, cvss, rejectedSelect, hideSeen, limit, skip): query = [] # retrieving lists if blacklist == "on": regexes = dbLayer.getRules('blacklist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if whitelist == "hide": regexes = dbLayer.getRules('whitelist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if unlisted == "hide": wlregexes = compile(dbLayer.getRules('whitelist')) blregexes = compile(dbLayer.getRules('blacklist')) query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}}, {'vulnerable_configuration': {'$in': blregexes}}]}) if rejectedSelect == "hide": exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)" query.append({'summary': re.compile(exp)}) if current_user.is_authenticated(): if hideSeen == "hide": query.append({'id': {"$nin":dbLayer.seenCVEs(current_user.get_id())}}) # cvss logic if cvssSelect != "all": if cvssSelect == "above": query.append({'cvss': {'$gt': float(cvss)}}) if cvssSelect == "equals": query.append({'cvss': float(cvss)}) if cvssSelect == "below": query.append({'cvss': {'$lt': float(cvss)}}) # date logic if timeSelect != "all": startDate = convertDateToDBFormat(startDate) endDate = convertDateToDBFormat(endDate) if timeSelect == "from": query.append({timeTypeSelect: {'$gt': startDate}}) if timeSelect == "until": query.append({timeTypeSelect: {'$lt': endDate}}) if timeSelect == "between": query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}}) if timeSelect == "outside": query.append({'$or': [{timeTypeSelect: {'$lt': startDate}}, {timeTypeSelect: {'$gt': endDate}}]}) cve=dbLayer.getCVEs(limit=limit, skip=skip, query=query) # marking relevant records if whitelist == "on": cve = whitelist_mark(cve) if blacklist == "mark": cve = blacklist_mark(cve) seen_mark(cve) bookmarked_mark(cve) cve = list(cve) return cve
def filter_logic(blacklist, whitelist, unlisted, timeSelect, startDate, endDate, timeTypeSelect, cvssSelect, cvss, rejectedSelect, hideSeen, limit, skip): query = [] # retrieving lists if blacklist == "on": regexes = db.getRules('blacklist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({ '$or': [{ 'vulnerable_configuration': re.compile(exp) }, { 'vulnerable_configuration': { '$exists': False } }, { 'vulnerable_configuration': [] }] }) if whitelist == "hide": regexes = db.getRules('whitelist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({ '$or': [{ 'vulnerable_configuration': re.compile(exp) }, { 'vulnerable_configuration': { '$exists': False } }, { 'vulnerable_configuration': [] }] }) if unlisted == "hide": wlregexes = compile(db.getRules('whitelist')) blregexes = compile(db.getRules('blacklist')) query.append({ '$or': [{ 'vulnerable_configuration': { '$in': wlregexes } }, { 'vulnerable_configuration': { '$in': blregexes } }] }) if rejectedSelect == "hide": exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)" query.append({'summary': re.compile(exp)}) if current_user.is_authenticated(): if hideSeen == "hide": query.append({'id': {"$nin": db.seenCVEs(current_user.get_id())}}) # cvss logic if cvssSelect != "all": if cvssSelect == "above": query.append({'cvss': {'$gt': float(cvss)}}) if cvssSelect == "equals": query.append({'cvss': float(cvss)}) if cvssSelect == "below": query.append({'cvss': {'$lt': float(cvss)}}) # date logic if timeSelect != "all": startDate = convertDateToDBFormat(startDate) endDate = convertDateToDBFormat(endDate) if timeSelect == "from": query.append({timeTypeSelect: {'$gt': startDate}}) if timeSelect == "until": query.append({timeTypeSelect: {'$lt': endDate}}) if timeSelect == "between": query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}}) if timeSelect == "outside": query.append({ '$or': [{ timeTypeSelect: { '$lt': startDate } }, { timeTypeSelect: { '$gt': endDate } }] }) cve = db.getCVEs(limit=limit, skip=skip, query=query) # marking relevant records if whitelist == "on": cve = whitelist_mark(cve) if blacklist == "mark": cve = blacklist_mark(cve) seen_mark(cve) bookmarked_mark(cve) cve = list(cve) return cve