Пример #1
0
    def get_cve_by_cpe(cls, cpe_id):
        """ Return list of CVE-ID by CPEID
        @param cve_id: string with CPEID instance
        @return: list of tuples (CVE-ID instance), Official name) 
        """
        if not isinstance(cpe_id, CPEID):
            cpe_id = CPEID(cpe_id)

        query = """
                SELECT cve_id, summary
                FROM vulnerabilities AS vulns
                JOIN products_to_vulnerabilities AS pr2vulns ON pr2vulns.vuln_id = vulns.id
                JOIN concrete_products AS concr_pr ON concr_pr.id = pr2vulns.concrete_product_id
                JOIN products AS pr ON pr.id = concr_pr.product_id
                WHERE pr.part='%s' AND pr.vendor='%s' AND pr.product='%s' 
                      AND concr_pr.version='%s' AND  concr_pr.pr_update='%s' AND  concr_pr.edition='%s' AND  language='%s'
                """ % (cpe_id.get_part_info(), cpe_id.get_vendor_info(),
                       cpe_id.get_product_info(), cpe_id.get_version_info(),
                       cpe_id.get_update_info(), cpe_id.get_edition_info(),
                       cpe_id.get_language_info())

        res = cls._cur.execute(query).fetchall()

        ret = []
        for row in res:
            cve_id = CVEID(row[0])
            #ret.append(str(cve_id))
            ret.append((str(cve_id), str(row[1])))

        return ret
Пример #2
0
    def get_cve_by_cpe(cls, cpe_id):
        """ Return list of CVE-ID by CPEID
        @param cve_id: string with CPEID instance
        @return: list of tuples (CVE-ID instance), Official name) 
        """
        if not isinstance(cpe_id, CPEID):
            cpe_id = CPEID(cpe_id)

        query = """
                SELECT cve_id, summary
                FROM vulnerabilities AS vulns
                JOIN products_to_vulnerabilities AS pr2vulns ON pr2vulns.vuln_id = vulns.id
                JOIN concrete_products AS concr_pr ON concr_pr.id = pr2vulns.concrete_product_id
                JOIN products AS pr ON pr.id = concr_pr.product_id
                WHERE pr.part='%s' AND pr.vendor='%s' AND pr.product='%s' 
                      AND concr_pr.version='%s' AND  concr_pr.pr_update='%s' AND  concr_pr.edition='%s' AND  language='%s'
                """ % (
            cpe_id.get_part_info(),
            cpe_id.get_vendor_info(),
            cpe_id.get_product_info(),
            cpe_id.get_version_info(),
            cpe_id.get_update_info(),
            cpe_id.get_edition_info(),
            cpe_id.get_language_info(),
        )

        res = cls._cur.execute(query).fetchall()

        ret = []
        for row in res:
            cve_id = CVEID(row[0])
            # ret.append(str(cve_id))
            ret.append((str(cve_id), str(row[1])))

        return ret
Пример #3
0
    def test_cve_should_be_ok(self):
        cpe_str = "CPE:/a:microsoft:ie:8.0.7600.16385"

        self.assertTrue(CPEID.correct_cpe_str(cpe_str))

        cpe = CPEID(cpe_str)

        self.assertEqual(cpe.get_part_info(), "a")
        self.assertEqual(cpe.get_vendor_info(), "microsoft")
        self.assertEqual(cpe.get_product_info(), "ie")
        self.assertEqual(cpe.get_version_info(), "8.0.7600.16385")
        self.assertEqual(cpe.get_edition_info(), "")
        self.assertEqual(cpe.get_language_info(), "")
        self.assertEqual(str(cpe), cpe_str)
Пример #4
0
    def test_cve_creation_additional_params_should_be_ok(self):
        # if cve_stris present all other parameters will be ignores
        cpe_str = "CPE:/a:microsoft:ie:8.0.7600.16385"
        cpe = CPEID(
            cpe_str, part="h", vendor="qqq", product="qqq", version="qqq", update="qqq", edition="qqq", language="qqq"
        )

        self.assertEqual(cpe.get_part_info(), "a")
        self.assertEqual(cpe.get_vendor_info(), "microsoft")
        self.assertEqual(cpe.get_product_info(), "ie")
        self.assertEqual(cpe.get_version_info(), "8.0.7600.16385")
        self.assertEqual(cpe.get_edition_info(), "")
        self.assertEqual(cpe.get_language_info(), "")
        self.assertEqual(str(cpe), cpe_str)
Пример #5
0
    def test_cve_should_be_ok(self):
        cpe_str = "CPE:/a:microsoft:ie:8.0.7600.16385"

        self.assertTrue(CPEID.correct_cpe_str(cpe_str))

        cpe = CPEID(cpe_str)

        self.assertEqual(cpe.get_part_info(), 'a')
        self.assertEqual(cpe.get_vendor_info(), 'microsoft')
        self.assertEqual(cpe.get_product_info(), 'ie')
        self.assertEqual(cpe.get_version_info(), '8.0.7600.16385')
        self.assertEqual(cpe.get_edition_info(), '')
        self.assertEqual(cpe.get_language_info(), '')
        self.assertEqual(str(cpe), cpe_str)
Пример #6
0
    def test_cve_creation_only_additional_params_should_be_ok(self):
        # if cve_stris is not present all other parameters will not be ignores

        cpe = CPEID(
            part="a", vendor="microsoft", product="ie", version="8.0.7600.16385", update="1", edition="2", language="en"
        )

        self.assertEqual(cpe.get_part_info(), "a")
        self.assertEqual(cpe.get_vendor_info(), "microsoft")
        self.assertEqual(cpe.get_product_info(), "ie")
        self.assertEqual(cpe.get_version_info(), "8.0.7600.16385")
        self.assertEqual(cpe.get_update_info(), "1")
        self.assertEqual(cpe.get_edition_info(), "2")
        self.assertEqual(cpe.get_language_info(), "en")
        self.assertEqual(str(cpe).upper(), "CPE:/a:microsoft:ie:8.0.7600.16385:1:2:en".upper())
Пример #7
0
    def test_cve_creation_additional_params_should_be_ok(self):
        #if cve_stris present all other parameters will be ignores
        cpe_str = "CPE:/a:microsoft:ie:8.0.7600.16385"
        cpe = CPEID(cpe_str,
                    part='h',
                    vendor='qqq',
                    product='qqq',
                    version='qqq',
                    update='qqq',
                    edition='qqq',
                    language='qqq')

        self.assertEqual(cpe.get_part_info(), 'a')
        self.assertEqual(cpe.get_vendor_info(), 'microsoft')
        self.assertEqual(cpe.get_product_info(), 'ie')
        self.assertEqual(cpe.get_version_info(), '8.0.7600.16385')
        self.assertEqual(cpe.get_edition_info(), '')
        self.assertEqual(cpe.get_language_info(), '')
        self.assertEqual(str(cpe), cpe_str)
Пример #8
0
    def test_cve_creation_only_additional_params_should_be_ok(self):
        #if cve_stris is not present all other parameters will not be ignores

        cpe = CPEID(part='a',
                    vendor='microsoft',
                    product='ie',
                    version='8.0.7600.16385',
                    update='1',
                    edition='2',
                    language='en')

        self.assertEqual(cpe.get_part_info(), 'a')
        self.assertEqual(cpe.get_vendor_info(), 'microsoft')
        self.assertEqual(cpe.get_product_info(), 'ie')
        self.assertEqual(cpe.get_version_info(), '8.0.7600.16385')
        self.assertEqual(cpe.get_update_info(), '1')
        self.assertEqual(cpe.get_edition_info(), '2')
        self.assertEqual(cpe.get_language_info(), 'en')
        self.assertEqual(
            str(cpe).upper(),
            "CPE:/a:microsoft:ie:8.0.7600.16385:1:2:en".upper())