Exemplo n.º 1
0
def cve(cve_id):
    cvesp = CveHandler(
        rankinglookup=True,
        namelookup=True,
        via4lookup=True,
        capeclookup=True,
        subscorelookup=True,
    )
    cve = cvesp.getcve(cveid=cve_id.upper())
    if cve is None:
        return render_template("error.html",
                               status={
                                   "except": "cve-not-found",
                                   "info": {
                                       "cve": cve_id
                                   }
                               })

    if app.config["WebInterface"]:
        cve = markCPEs(cve)

        plugManager.onCVEOpen(cve_id, **pluginArgs)
        pluginData = plugManager.cvePluginInfo(cve_id, **pluginArgs)
        return render_template("cve.html", cve=cve, plugins=pluginData)
    else:
        return render_template("cve.html", cve=cve)
Exemplo n.º 2
0
def watchlist_cve(cveid):
    entity = request.args.get('entity')
    product = request.args.get('product')
    cvesp = CveHandler(
        rankinglookup=True,
        namelookup=True,
        via4lookup=True,
        capeclookup=True,
        subscorelookup=True,
    )
    cve = cvesp.getcve(cveid=cveid.upper())
    if cve is None:
        return render_template("error.html",
                               status={
                                   "except": "cve-not-found",
                                   "info": {
                                       "cve": cveid
                                   }
                               })
    wcve = getWatchlistCVE(cveid, entity, product)
    if wcve and 'comment' in wcve:
        comment = wcve['comment']
    else:
        comment = None
    return render_template("watchlistCve.html",
                           cve=cve,
                           entity=entity,
                           product=product,
                           comment=comment)
Exemplo n.º 3
0
 def api_cve(self, cveid):
     cvesp = CveHandler(
         rankinglookup=True, namelookup=True, via4lookup=True, capeclookup=True
     )
     cve = cvesp.getcve(cveid=cveid.upper())
     if not cve:
         raise (APIError("cve not found", 404))
     return cve
Exemplo n.º 4
0
def qcvesForCPE(cpe, limit=0):
    cpe = toStringFormattedCPE(cpe)
    data = []
    if cpe:
        cvesp = CveHandler(
            rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False
        )
        r = cvesForCPE(cpe, limit=limit)
        for x in r["results"]:
            data.append(cvesp.getcve(x["id"]))
    return data
Exemplo n.º 5
0
    def cve(self, cveid):
        cveid = cveid.upper()
        cvesp = CveHandler(
            rankinglookup=True,
            namelookup=True,
            via4lookup=True,
            capeclookup=True,
            subscorelookup=True,
        )
        cve = cvesp.getcve(cveid=cveid)
        if cve is None:
            return render_template("error.html",
                                   status={
                                       "except": "cve-not-found",
                                       "info": {
                                           "cve": cveid
                                       }
                                   })
        cve = self.markCPEs(cve)

        self.plugManager.onCVEOpen(cveid, **self.pluginArgs)
        pluginData = self.plugManager.cvePluginInfo(cveid, **self.pluginArgs)
        return render_template("cve.html", cve=cve, plugins=pluginData)
Exemplo n.º 6
0
def cve(cve_id):
    cvesp = CveHandler(
        rankinglookup=True,
        namelookup=True,
        via4lookup=True,
        capeclookup=True,
        subscorelookup=True,
    )
    cve = cvesp.getcve(cveid=cve_id.upper())
    if cve is None:
        return (
            render_template(
                "error.html",
                status={"except": "cve-not-found", "info": {"cve": cve_id}},
            ),
            404,
        )

    if app.config["WebInterface"]:
        cve = markCPEs(cve)

        return render_template("cve.html", cve=cve)
    else:
        return render_template("cve.html", cve=cve)
Exemplo n.º 7
0
runPath = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(runPath, ".."))

from lib.CVEs import CveHandler
from lib.DatabaseLayer import getCVEIDs


argParser = argparse.ArgumentParser(description='Dump database in JSON format')
argParser.add_argument('-r', default=False, action='store_true', help='Include ranking value')
argParser.add_argument('-v', default=False, action='store_true', help='Include via4 map')
argParser.add_argument('-c', default=False, action='store_true', help='Include CAPEC information')
argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)')
args = argParser.parse_args()

rankinglookup = args.r
via4lookup = args.v
capeclookup = args.c

cves = CveHandler(rankinglookup=rankinglookup, via4lookup=via4lookup, capeclookup=capeclookup)

for cveid in getCVEIDs(limit=args.l):
    item = cves.getcve(cveid=cveid)
    if 'cvss' in item:
        if type(item['cvss']) == str:
            item['cvss'] = float(item['cvss'])
    date_fields = ['cvss-time', 'Modified', 'Published']
    for field in date_fields:
        if field in item:
            item[field] = str(item[field])
    print(json.dumps(item, sort_keys=True, default=json_util.default))
    with ix.searcher() as searcher:
        if not args.o:
            query = QueryParser("content", ix.schema).parse(" ".join(args.q))
        else:
            query = QueryParser("content",
                                schema=ix.schema,
                                group=qparser.OrGroup).parse(" ".join(args.q))

        results = searcher.search(query, limit=None)
        for x in results:
            if not args.f:
                print(x["path"])
            else:
                print(
                    json.dumps(
                        cves.getcve(x["path"]),
                        sort_keys=True,
                        default=json_util.default,
                    ))
            if args.t and not args.f:
                print(" -- " + x["title"])
elif args.m:
    xr = ix.searcher().reader()
    for x in xr.most_frequent_terms("content", number=args.m):
        sys.stdout.write(str(int(x[0])))
        sys.stdout.write(",")
        sys.stdout.write(x[1].decode("utf-8"))
        sys.stdout.write("\n")
elif args.l and not args.g:
    xr = ix.searcher().reader()
    for x in xr.lexicon("content"):