def cve(cve_id):
cve = CveController.get({"cve_id": cve_id})
vendors = convert_cpes(cve.json["configurations"])
cwes = get_cwes_details(
cve.json["cve"]["problemtype"]["problemtype_data"][0]["description"])
# Get the user tags
user_tags = []
if current_user.is_authenticated:
user_tags = UserTagController.list_items({"user_id": current_user.id})
# We have to pass an encoded list of tags for the modal box
cve_tags_encoded = json.dumps([t.name for t in cve.tags])
events = Event.query.filter_by(cve_id=cve.id).order_by(
Event.created_at.desc())
events_by_time = [(time, list(evs)) for time, evs in (
itertools.groupby(events, operator.attrgetter("created_at")))]
return render_template(
"cve.html",
cve=cve,
cve_dumped=json.dumps(cve.json),
vendors=vendors,
cwes=cwes,
user_tags=user_tags,
cve_tags_encoded=cve_tags_encoded,
events_by_time=events_by_time,
)
def cve_associate_tags(cve_id):
cve = CveController.get({"cve_id": cve_id})
new_tags = request.form.getlist("tags")
# Check if all tags are declared by the user
user_tags = [
t.name
for t in UserTagController.list_items({"user_id": current_user.id})
]
for new_tag in new_tags:
if new_tag not in user_tags:
abort(404)
# Update the CVE tags
cve_tag = CveTag.query.filter_by(user_id=current_user.id,
cve_id=cve.id).first()
if not cve_tag:
cve_tag = CveTag(user_id=current_user.id, cve_id=cve.id)
cve_tag.tags = new_tags
db.session.add(cve_tag)
db.session.commit()
flash("The CVE tags have been updated.", "success")
return redirect(url_for("main.cve", cve_id=cve_id))
def cve_change(cve_id, change_id):
cve = CveController.get({"cve_id": cve_id})
if not is_valid_uuid(change_id):
abort(404)
change = Change.query.filter_by(cve_id=cve.id, id=change_id).first()
if not change:
abort(404)
previous = (Change.query.filter(
Change.created_at < change.created_at).filter(
Change.cve == change.cve).order_by(
Change.created_at.desc()).first())
previous_json = {}
if previous:
previous_json = previous.json
differ = CustomHtmlHTML()
diff = differ.make_table(
fromlines=json.dumps(previous_json, sort_keys=True,
indent=2).split("\n"),
tolines=json.dumps(change.json, sort_keys=True, indent=2).split("\n"),
context=True,
)
return render_template("change.html", change=change, diff=diff)
def cve(cve_id):
cve = CveController.get({"cve_id": cve_id})
vendors = convert_cpes(cve.json["configurations"])
cwes = get_cwes_details(
cve.json["cve"]["problemtype"]["problemtype_data"][0]["description"])
return render_template("cve.html",
cve=cve,
cve_dumped=json.dumps(cve.json),
vendors=vendors,
cwes=cwes)
def get(self, id):
return CveController.get({"cve_id": id})