Пример #1
0
def cve(cve_id):
    cvesp = CveHandler(
        rankinglookup=True,
        namelookup=True,
        via4lookup=True,
        capeclookup=True,
        subscorelookup=True,
    )
    cve = cvesp.getcve(cveid=cve_id.upper())
    if cve is None:
        return render_template("error.html",
                               status={
                                   "except": "cve-not-found",
                                   "info": {
                                       "cve": cve_id
                                   }
                               })

    if app.config["WebInterface"]:
        cve = markCPEs(cve)

        plugManager.onCVEOpen(cve_id, **pluginArgs)
        pluginData = plugManager.cvePluginInfo(cve_id, **pluginArgs)
        return render_template("cve.html", cve=cve, plugins=pluginData)
    else:
        return render_template("cve.html", cve=cve)
Пример #2
0
 def api_last(self, limit=None):
     limit = limit if limit else 30
     cvesp = CveHandler(
         rankinglookup=True, namelookup=True, via4lookup=True, capeclookup=True
     )
     cve = cvesp.get(limit=limit)
     return cve
Пример #3
0
def watchlist_cve(cveid):
    entity = request.args.get('entity')
    product = request.args.get('product')
    cvesp = CveHandler(
        rankinglookup=True,
        namelookup=True,
        via4lookup=True,
        capeclookup=True,
        subscorelookup=True,
    )
    cve = cvesp.getcve(cveid=cveid.upper())
    if cve is None:
        return render_template("error.html",
                               status={
                                   "except": "cve-not-found",
                                   "info": {
                                       "cve": cveid
                                   }
                               })
    wcve = getWatchlistCVE(cveid, entity, product)
    if wcve and 'comment' in wcve:
        comment = wcve['comment']
    else:
        comment = None
    return render_template("watchlistCve.html",
                           cve=cve,
                           entity=entity,
                           product=product,
                           comment=comment)
Пример #4
0
 def api_cve(self, cveid):
     cvesp = CveHandler(
         rankinglookup=True, namelookup=True, via4lookup=True, capeclookup=True
     )
     cve = cvesp.getcve(cveid=cveid.upper())
     if not cve:
         raise (APIError("cve not found", 404))
     return cve
Пример #5
0
def qcvesForCPE(cpe, limit=0):
    cpe = toStringFormattedCPE(cpe)
    data = []
    if cpe:
        cvesp = CveHandler(
            rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False
        )
        r = cvesForCPE(cpe, limit=limit)
        for x in r["results"]:
            data.append(cvesp.getcve(x["id"]))
    return data
Пример #6
0
    def cve(self, cveid):
        cveid = cveid.upper()
        cvesp = CveHandler(
            rankinglookup=True,
            namelookup=True,
            via4lookup=True,
            capeclookup=True,
            subscorelookup=True,
        )
        cve = cvesp.getcve(cveid=cveid)
        if cve is None:
            return render_template("error.html",
                                   status={
                                       "except": "cve-not-found",
                                       "info": {
                                           "cve": cveid
                                       }
                                   })
        cve = self.markCPEs(cve)

        self.plugManager.onCVEOpen(cveid, **self.pluginArgs)
        pluginData = self.plugManager.cvePluginInfo(cveid, **self.pluginArgs)
        return render_template("cve.html", cve=cve, plugins=pluginData)
Пример #7
0
def cve(cve_id):
    cvesp = CveHandler(
        rankinglookup=True,
        namelookup=True,
        via4lookup=True,
        capeclookup=True,
        subscorelookup=True,
    )
    cve = cvesp.getcve(cveid=cve_id.upper())
    if cve is None:
        return (
            render_template(
                "error.html",
                status={"except": "cve-not-found", "info": {"cve": cve_id}},
            ),
            404,
        )

    if app.config["WebInterface"]:
        cve = markCPEs(cve)

        return render_template("cve.html", cve=cve)
    else:
        return render_template("cve.html", cve=cve)
Пример #8
0
runPath = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(runPath, ".."))

from lib.CVEs import CveHandler
from lib.DatabaseLayer import getCVEIDs


argParser = argparse.ArgumentParser(description='Dump database in JSON format')
argParser.add_argument('-r', default=False, action='store_true', help='Include ranking value')
argParser.add_argument('-v', default=False, action='store_true', help='Include via4 map')
argParser.add_argument('-c', default=False, action='store_true', help='Include CAPEC information')
argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)')
args = argParser.parse_args()

rankinglookup = args.r
via4lookup = args.v
capeclookup = args.c

cves = CveHandler(rankinglookup=rankinglookup, via4lookup=via4lookup, capeclookup=capeclookup)

for cveid in getCVEIDs(limit=args.l):
    item = cves.getcve(cveid=cveid)
    if 'cvss' in item:
        if type(item['cvss']) == str:
            item['cvss'] = float(item['cvss'])
    date_fields = ['cvss-time', 'Modified', 'Published']
    for field in date_fields:
        if field in item:
            item[field] = str(item[field])
    print(json.dumps(item, sort_keys=True, default=json_util.default))
Пример #9
0
)
argParser.add_argument("-c",
                       default=False,
                       action="store_true",
                       help="Display CAPEC values")

args = argParser.parse_args()

if args.l:
    last_items = args.l
else:
    last_items = 10

ref = "http://adulau.github.com/cve-search/"
cvelist = CveHandler(rankinglookup=args.r,
                     namelookup=args.n,
                     capeclookup=args.c)

if not (args.f == "html"):
    from feedformatter import Feed

    feed = Feed()

    feed.feed["title"] = ("cve-search Last " + str(last_items) +
                          " CVE entries generated on " +
                          str(datetime.datetime.now()))
    feed.feed["link"] = "http://adulau.github.com/cve-search/"
    feed.feed[
        "author"] = "Generated with cve-search available at http://adulau.github.com/cve-search/"
    feed.feed["description"] = ""
else:
Пример #10
0
vSearch = args.p
relaxSearch = args.lax
strict_vendor_product = args.strict_vendor_product
vulnerableProductSearch = args.vulnProdSearch
cveSearch = [x.upper() for x in args.c] if args.c else None
vOutput = args.o
vFreeSearch = args.f
sLatest = args.l
namelookup = args.n
rankinglookup = args.r
capeclookup = args.a
last_ndays = args.t
summary_text = args.s
nlimit = args.i

cves = CveHandler(rankinglookup=rankinglookup, namelookup=namelookup, capeclookup=capeclookup)


def print_job(item):
    if csvOutput:
        printCVE_csv(item)
    elif htmlOutput:
        printCVE_html(item)
    # bson straight from the MongoDB db - converted to JSON default
    # representation
    elif jsonOutput:
        printCVE_json(item)
    elif xmlOutput:
        printCVE_xml(item)
    elif cveidOutput:
        printCVE_id(item)
Пример #11
0
)
argParser.add_argument("-v", action="store_true", default=False, help="Verbose logging")
argParser.add_argument(
    "-l",
    default=5,
    help="Number of last entries to index (Default: 5) - 0 to index all documents",
)
argParser.add_argument(
    "-n",
    action="store_true",
    default=False,
    help="lookup complete cpe (Common Platform Enumeration) name for vulnerable configuration to add in the index",
)
args = argParser.parse_args()

c = CveHandler(namelookup=args.n)

indexpath = Configuration.getIndexdir()

schema = Schema(
    title=TEXT(stored=True), path=ID(stored=True, unique=True), content=TEXT
)

if not os.path.exists(indexpath):
    os.mkdir(indexpath)

if not exists_in(indexpath):
    ix = create_in(indexpath, schema)
else:
    ix = open_dir(indexpath)
    "-n",
    action="store_true",
    help=
    "lookup complete cpe (Common Platform Enumeration) name for vulnerable configuration",
)
argParser.add_argument("-r",
                       action="store_true",
                       help="lookup ranking of vulnerable configuration")
args = argParser.parse_args()

if not args.q and not args.l and not args.g and not args.m:
    argParser.print_help()
    exit(1)

if args.f or args.t:
    cves = CveHandler(rankinglookup=args.r, namelookup=args.n)

if args.q:
    with ix.searcher() as searcher:
        if not args.o:
            query = QueryParser("content", ix.schema).parse(" ".join(args.q))
        else:
            query = QueryParser("content",
                                schema=ix.schema,
                                group=qparser.OrGroup).parse(" ".join(args.q))

        results = searcher.search(query, limit=None)
        for x in results:
            if not args.f:
                print(x["path"])
            else: