def set_stage(self, source, eid, cpe, command=None, packages=None, services=None, selinux=None, filename=None): curated_exploit = CuratedExploit.from_eid(self.curation_dir, source, eid) if command: curated_exploit.set_command(cpe, command) if packages: curated_exploit.set_packages(cpe, packages) if services: curated_exploit.set_services(cpe, services) if selinux: curated_exploit.set_selinux(cpe, selinux) if filename: curated_exploit.set_filename(cpe, os.path.basename(filename)) curated_exploit.write()
def cves_from_exploits(self, source, eids): cves = [] for eid in eids: curated_exploit = CuratedExploit.from_eid(self.curation_dir, source, eid) cves = cves + curated_exploit.cves() return cves
def setUp(self): self.test_data_path = os.path.join( os.path.dirname(os.path.realpath(__file__)), '..', 'test_data') self.curation_dir = os.path.join(self.test_data_path, 'lem-curation') self.source = 'exploit-source' self.eid = 'one_cve' self.curated_exploit = CuratedExploit.from_eid(self.curation_dir, self.source, self.eid) self.cpe = "cpe:/o:redhat:enterprise_linux:7.0:ga:server" self.cpe_two = "cpe:/o:redhat:enterprise_linux:6.0:ga:server"
def copy(self, source, eid, destination, cpe, stage=False): curated_exploit = CuratedExploit.from_eid(self.curation_dir, source, eid) if os.path.isdir(destination): destination = os.path.join(destination, curated_exploit.get_filename(cpe)) with open(destination, 'w') as file_obj: file_obj.write(base64.b64decode(curated_exploit.get_exploit())) if stage: self.stage(curated_exploit, cpe, os.path.dirname(destination))
def update_exploits(self, source_name='', all_exploits=False): exploits = [] if source_name: exploits = CurationManager.load_exploits_from_source( self.sources[source_name], self.curation_dir, all_exploits) else: for _, source in self.sources.iteritems(): exploits = CurationManager.load_exploits_from_source( source, self.curation_dir, all_exploits) for exploit in exploits: curated_exploit = CuratedExploit.from_eid(self.curation_dir, exploit['source'], exploit['id']) curated_exploit.reconcile(exploit) curated_exploit.write()
def score(self, source, eid, cpe, kind, value): curated_exploit = CuratedExploit.from_eid(self.curation_dir, source, eid) curated_exploit.score(cpe, kind, value) curated_exploit.write()