def filter_logic(unlisted, timeSelect, startDate, endDate,
timeTypeSelect, cvssSelect, cvss, rejectedSelect, limit, skip):
query = []
# retrieving lists
if rejectedSelect == "hide":
exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
query.append({'summary': re.compile(exp)})
# cvss logic
if cvssSelect != "all":
if cvssSelect == "above":
query.append({'cvss': {'$gt': float(cvss)}})
if cvssSelect == "equals":
query.append({'cvss': float(cvss)})
if cvssSelect == "below":
query.append({'cvss': {'$lt': float(cvss)}})
# date logic
if timeSelect != "all":
startDate = convertDateToDBFormat(startDate)
endDate = convertDateToDBFormat(endDate)
if timeSelect == "from":
query.append({timeTypeSelect: {'$gt': startDate}})
if timeSelect == "until":
query.append({timeTypeSelect: {'$lt': endDate}})
if timeSelect == "between":
query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
if timeSelect == "outside":
query.append({'$or': [{timeTypeSelect: {'$lt': startDate}}, {timeTypeSelect: {'$gt': endDate}}]})
return dbLayer.getCVEs(limit=limit, skip=skip, query=query)
def filter_logic(unlisted, timeSelect, startDate, endDate,
timeTypeSelect, cvssSelect, cvss, rejectedSelect, limit, skip):
query = []
# retrieving lists
if rejectedSelect == "hide":
exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
query.append({'summary': re.compile(exp)})
# cvss logic
if cvssSelect != "all":
if cvssSelect == "above":
query.append({'cvss': {'$gt': float(cvss)}})
if cvssSelect == "equals":
query.append({'cvss': float(cvss)})
if cvssSelect == "below":
query.append({'cvss': {'$lt': float(cvss)}})
# date logic
if timeSelect != "all":
startDate = convertDateToDBFormat(startDate)
endDate = convertDateToDBFormat(endDate)
if timeSelect == "from":
query.append({timeTypeSelect: {'$gt': startDate}})
if timeSelect == "until":
query.append({timeTypeSelect: {'$lt': endDate}})
if timeSelect == "between":
query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
if timeSelect == "outside":
query.append({'$or': [{timeTypeSelect: {'$lt': startDate}}, {timeTypeSelect: {'$gt': endDate}}]})
return dbLayer.getCVEs(limit=limit, skip=skip, query=query)
def filter_logic(f, limit, skip):
query = []
# retrieving lists
if f['blacklistSelect'] == "on":
regexes = db.getRules('blacklist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
{'vulnerable_configuration': {'$exists': False}},
{'vulnerable_configuration': []}
]})
if f['whitelistSelect'] == "hide":
regexes = db.getRules('whitelist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
{'vulnerable_configuration': {'$exists': False}},
{'vulnerable_configuration': []}
]})
if f['unlistedSelect'] == "hide":
wlregexes = compile(db.getRules('whitelist'))
blregexes = compile(db.getRules('blacklist'))
query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}},
{'vulnerable_configuration': {'$in': blregexes}}]})
if f['rejectedSelect'] == "hide":
exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
query.append({'summary': re.compile(exp)})
# plugin filters
query.extend(plugManager.doFilter(f, current_user=current_user))
# cvss logic
if f['cvssSelect'] == "above": query.append({'cvss': {'$gt': float(f['cvss'])}})
elif f['cvssSelect'] == "equals": query.append({'cvss': float(f['cvss'])})
elif f['cvssSelect'] == "below": query.append({'cvss': {'$lt': float(f['cvss'])}})
# date logic
if f['timeSelect'] != "all":
print(f["timeSelect"])
startDate = convertDateToDBFormat(f['startDate'])
endDate = convertDateToDBFormat(f['endDate'])
if f['timeSelect'] == "from":
query.append({f['timeTypeSelect']: {'$gt': startDate}})
if f['timeSelect'] == "until":
query.append({f['timeTypeSelect']: {'$lt': endDate}})
if f['timeSelect'] == "between":
query.append({f['timeTypeSelect']: {'$gt': startDate, '$lt': endDate}})
if f['timeSelect'] == "outside":
query.append({'$or': [{f['timeTypeSelect']: {'$lt': startDate}}, {f['timeTypeSelect']: {'$gt': endDate}}]})
cve=db.getCVEs(limit=limit, skip=skip, query=query)
# marking relevant records
if f['whitelistSelect'] == "on": cve = whitelist_mark(cve)
if f['blacklistSelect'] == "mark": cve = blacklist_mark(cve)
plugManager.mark(cve, current_user=current_user)
cve = list(cve)
return cve
def filter_logic(unlisted, timeSelect, startDate, endDate, timeTypeSelect,
cvssSelect, cvss, rejectedSelect, limit, skip):
collection = db.cves
query = []
# retrieving lists
if rejectedSelect == "hide":
exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
query.append({'summary': re.compile(exp)})
# cvss logic
if cvssSelect != "all":
if cvssSelect == "above":
query.append({'cvss': {'$gt': float(cvss)}})
if cvssSelect == "equals":
query.append({'cvss': float(cvss)})
if cvssSelect == "below":
query.append({'cvss': {'$lt': float(cvss)}})
# date logic
if timeSelect != "all":
startDate = convertDateToDBFormat(startDate)
endDate = convertDateToDBFormat(endDate)
if timeSelect == "from":
query.append({timeTypeSelect: {'$gt': startDate}})
if timeSelect == "until":
query.append({timeTypeSelect: {'$lt': endDate}})
if timeSelect == "between":
query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
if timeSelect == "outside":
query.append({
'$or': [{
timeTypeSelect: {
'$lt': startDate
}
}, {
timeTypeSelect: {
'$gt': endDate
}
}]
})
if len(query) == 0:
cve = collection.find().sort("Modified", -1).limit(limit).skip(skip)
elif len(query) == 1:
cve = collection.find(query[0]).sort("Modified",
-1).limit(limit).skip(skip)
else:
cve = collection.find({
'$and': query
}).sort("Modified", -1).limit(limit).skip(skip)
# marking relevant records
cve = list(cve)
return cve
def filter_logic(unlisted, timeSelect, startDate, endDate,
timeTypeSelect, cvssSelect, cvss, rejectedSelect, limit, skip):
collection = db.cves
query = []
# retrieving lists
if rejectedSelect == "hide":
exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
query.append({'summary': re.compile(exp)})
# cvss logic
if cvssSelect != "all":
if cvssSelect == "above":
query.append({'cvss': {'$gt': float(cvss)}})
if cvssSelect == "equals":
query.append({'cvss': float(cvss)})
if cvssSelect == "below":
query.append({'cvss': {'$lt': float(cvss)}})
# date logic
if timeSelect != "all":
startDate = convertDateToDBFormat(startDate)
endDate = convertDateToDBFormat(endDate)
if timeSelect == "from":
query.append({timeTypeSelect: {'$gt': startDate}})
if timeSelect == "until":
query.append({timeTypeSelect: {'$lt': endDate}})
if timeSelect == "between":
query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
if timeSelect == "outside":
query.append({'$or': [{timeTypeSelect: {'$lt': startDate}}, {timeTypeSelect: {'$gt': endDate}}]})
if len(query) == 0:
cve = collection.find().sort("Modified", -1).limit(limit).skip(skip)
elif len(query) == 1:
cve = collection.find(query[0]).sort("Modified", -1).limit(limit).skip(skip)
else:
cve = collection.find({'$and': query}).sort("Modified", -1).limit(limit).skip(skip)
# marking relevant records
cve = list(cve)
return cve
def filter_logic(blacklist, whitelist, unlisted, timeSelect, startDate, endDate,
timeTypeSelect, cvssSelect, cvss, rejectedSelect, hideSeen, limit, skip):
query = []
# retrieving lists
if blacklist == "on":
regexes = dbLayer.getRules('blacklist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
{'vulnerable_configuration': {'$exists': False}},
{'vulnerable_configuration': []}
]})
if whitelist == "hide":
regexes = dbLayer.getRules('whitelist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
{'vulnerable_configuration': {'$exists': False}},
{'vulnerable_configuration': []}
]})
if unlisted == "hide":
wlregexes = compile(dbLayer.getRules('whitelist'))
blregexes = compile(dbLayer.getRules('blacklist'))
query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}},
{'vulnerable_configuration': {'$in': blregexes}}]})
if rejectedSelect == "hide":
exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
query.append({'summary': re.compile(exp)})
if current_user.is_authenticated():
if hideSeen == "hide":
query.append({'id': {"$nin":dbLayer.seenCVEs(current_user.get_id())}})
# cvss logic
if cvssSelect != "all":
if cvssSelect == "above":
query.append({'cvss': {'$gt': float(cvss)}})
if cvssSelect == "equals":
query.append({'cvss': float(cvss)})
if cvssSelect == "below":
query.append({'cvss': {'$lt': float(cvss)}})
# date logic
if timeSelect != "all":
startDate = convertDateToDBFormat(startDate)
endDate = convertDateToDBFormat(endDate)
if timeSelect == "from":
query.append({timeTypeSelect: {'$gt': startDate}})
if timeSelect == "until":
query.append({timeTypeSelect: {'$lt': endDate}})
if timeSelect == "between":
query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
if timeSelect == "outside":
query.append({'$or': [{timeTypeSelect: {'$lt': startDate}}, {timeTypeSelect: {'$gt': endDate}}]})
cve=dbLayer.getCVEs(limit=limit, skip=skip, query=query)
# marking relevant records
if whitelist == "on":
cve = whitelist_mark(cve)
if blacklist == "mark":
cve = blacklist_mark(cve)
seen_mark(cve)
bookmarked_mark(cve)
cve = list(cve)
return cve
def filter_logic(blacklist, whitelist, unlisted, timeSelect, startDate,
endDate, timeTypeSelect, cvssSelect, cvss, rejectedSelect,
hideSeen, limit, skip):
query = []
# retrieving lists
if blacklist == "on":
regexes = db.getRules('blacklist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({
'$or': [{
'vulnerable_configuration': re.compile(exp)
}, {
'vulnerable_configuration': {
'$exists': False
}
}, {
'vulnerable_configuration': []
}]
})
if whitelist == "hide":
regexes = db.getRules('whitelist')
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({
'$or': [{
'vulnerable_configuration': re.compile(exp)
}, {
'vulnerable_configuration': {
'$exists': False
}
}, {
'vulnerable_configuration': []
}]
})
if unlisted == "hide":
wlregexes = compile(db.getRules('whitelist'))
blregexes = compile(db.getRules('blacklist'))
query.append({
'$or': [{
'vulnerable_configuration': {
'$in': wlregexes
}
}, {
'vulnerable_configuration': {
'$in': blregexes
}
}]
})
if rejectedSelect == "hide":
exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
query.append({'summary': re.compile(exp)})
if current_user.is_authenticated():
if hideSeen == "hide":
query.append({'id': {"$nin": db.seenCVEs(current_user.get_id())}})
# cvss logic
if cvssSelect != "all":
if cvssSelect == "above":
query.append({'cvss': {'$gt': float(cvss)}})
if cvssSelect == "equals":
query.append({'cvss': float(cvss)})
if cvssSelect == "below":
query.append({'cvss': {'$lt': float(cvss)}})
# date logic
if timeSelect != "all":
startDate = convertDateToDBFormat(startDate)
endDate = convertDateToDBFormat(endDate)
if timeSelect == "from":
query.append({timeTypeSelect: {'$gt': startDate}})
if timeSelect == "until":
query.append({timeTypeSelect: {'$lt': endDate}})
if timeSelect == "between":
query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
if timeSelect == "outside":
query.append({
'$or': [{
timeTypeSelect: {
'$lt': startDate
}
}, {
timeTypeSelect: {
'$gt': endDate
}
}]
})
cve = db.getCVEs(limit=limit, skip=skip, query=query)
# marking relevant records
if whitelist == "on":
cve = whitelist_mark(cve)
if blacklist == "mark":
cve = blacklist_mark(cve)
seen_mark(cve)
bookmarked_mark(cve)
cve = list(cve)
return cve
def filter_logic(blacklist, whitelist, unlisted, timeSelect, startDate,
endDate, timeTypeSelect, cvssSelect, cvss, rejectedSelect,
hideSeen, limit, skip):
collection = db.cves
query = []
# retrieving lists
if blacklist == "on":
regexes = getBlacklistRules()
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({
'$or': [{
'vulnerable_configuration': re.compile(exp)
}, {
'vulnerable_configuration': {
'$exists': False
}
}, {
'vulnerable_configuration': []
}]
})
if whitelist == "hide":
regexes = getWhitelistRules()
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({
'$or': [{
'vulnerable_configuration': re.compile(exp)
}, {
'vulnerable_configuration': {
'$exists': False
}
}, {
'vulnerable_configuration': []
}]
})
if unlisted == "hide":
wlregexes = getWhitelistRegexes()
blregexes = getBlacklistRegexes()
query.append({
'$or': [{
'vulnerable_configuration': {
'$in': wlregexes
}
}, {
'vulnerable_configuration': {
'$in': blregexes
}
}]
})
if rejectedSelect == "hide":
exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
query.append({'summary': re.compile(exp)})
if current_user.is_authenticated():
if hideSeen == "hide":
query.append({'id': {"$nin": getSeenCVEs()}})
# cvss logic
if cvssSelect != "all":
if cvssSelect == "above":
query.append({'cvss': {'$gt': float(cvss)}})
if cvssSelect == "equals":
query.append({'cvss': float(cvss)})
if cvssSelect == "below":
query.append({'cvss': {'$lt': float(cvss)}})
# date logic
if timeSelect != "all":
startDate = convertDateToDBFormat(startDate)
endDate = convertDateToDBFormat(endDate)
if timeSelect == "from":
query.append({timeTypeSelect: {'$gt': startDate}})
if timeSelect == "until":
query.append({timeTypeSelect: {'$lt': endDate}})
if timeSelect == "between":
query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
if timeSelect == "outside":
query.append({
'$or': [{
timeTypeSelect: {
'$lt': startDate
}
}, {
timeTypeSelect: {
'$gt': endDate
}
}]
})
if len(query) == 0:
cve = collection.find().sort("Modified", -1).limit(limit).skip(skip)
elif len(query) == 1:
cve = collection.find(query[0]).sort("Modified",
-1).limit(limit).skip(skip)
else:
cve = collection.find({
'$and': query
}).sort("Modified", -1).limit(limit).skip(skip)
# marking relevant records
if whitelist == "on":
cve = whitelist_mark(cve)
if blacklist == "mark":
cve = blacklist_mark(cve)
seen_mark(cve)
cve = list(cve)
return cve
def filter_logic(blacklist, whitelist, unlisted, timeSelect, startDate, endDate,
timeTypeSelect, cvssSelect, cvss, rejectedSelect, hideSeen, limit, skip):
collection = db.cves
query = []
# retrieving lists
if blacklist == "on":
regexes = getBlacklistRules()
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
{'vulnerable_configuration': {'$exists': False}},
{'vulnerable_configuration': []}
]})
if whitelist == "hide":
regexes = getWhitelistRules()
if len(regexes) != 0:
exp = "^(?!" + "|".join(regexes) + ")"
query.append({'$or': [{'vulnerable_configuration': re.compile(exp)},
{'vulnerable_configuration': {'$exists': False}},
{'vulnerable_configuration': []}
]})
if unlisted == "hide":
wlregexes = getWhitelistRegexes()
blregexes = getBlacklistRegexes()
query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}},
{'vulnerable_configuration': {'$in': blregexes}}]})
if rejectedSelect == "hide":
exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)"
query.append({'summary': re.compile(exp)})
if current_user.is_authenticated():
if hideSeen == "hide":
query.append({'id': {"$nin":getSeenCVEs()}})
# cvss logic
if cvssSelect != "all":
if cvssSelect == "above":
query.append({'cvss': {'$gt': float(cvss)}})
if cvssSelect == "equals":
query.append({'cvss': float(cvss)})
if cvssSelect == "below":
query.append({'cvss': {'$lt': float(cvss)}})
# date logic
if timeSelect != "all":
startDate = convertDateToDBFormat(startDate)
endDate = convertDateToDBFormat(endDate)
if timeSelect == "from":
query.append({timeTypeSelect: {'$gt': startDate}})
if timeSelect == "until":
query.append({timeTypeSelect: {'$lt': endDate}})
if timeSelect == "between":
query.append({timeTypeSelect: {'$gt': startDate, '$lt': endDate}})
if timeSelect == "outside":
query.append({'$or': [{timeTypeSelect: {'$lt': startDate}}, {timeTypeSelect: {'$gt': endDate}}]})
if len(query) == 0:
cve = collection.find().sort("Modified", -1).limit(limit).skip(skip)
elif len(query) == 1:
cve = collection.find(query[0]).sort("Modified", -1).limit(limit).skip(skip)
else:
cve = collection.find({'$and': query}).sort("Modified", -1).limit(limit).skip(skip)
# marking relevant records
if whitelist == "on":
cve = whitelist_mark(cve)
if blacklist == "mark":
cve = blacklist_mark(cve)
seen_mark(cve)
cve = list(cve)
return cve
