def searchText(): search = request.form.get('search') try: cve=dbLayer.getFreeText(search) except: return render_template('error.html', status={'except':'textsearch-not-enabled'}, minimal=True) return render_template('search.html', cve=cve, minimal=True)
def searchText(): search = request.form.get('search') try: cve=dbLayer.getFreeText(search) except: return render_template('error.html', status={'except':'textsearch-not-enabled'}) return render_template('search.html', cve=cve)
def searchText(): search = request.form.get("search") try: cve = db.getFreeText(search) except: return render_template("error.html", status={"except": "textsearch-not-enabled"}) return render_template("search.html", cve=cve)
def searchText(): search = request.form.get('search') try: cve = db.getFreeText(search) except Exception as e: print(e) return render_template('error.html', status={'except': 'textsearch-not-enabled'}) return render_template('search.html', cve=cve)
elif xmlOutput: printCVE_xml(item) elif cveidOutput: printCVE_id(item) else: printCVE_human(item) if htmlOutput: print("</body></html>") sys.exit(0) # Basic freetext search (in vulnerability summary). # Full-text indexing is more efficient to search across all CVEs. if vFreeSearch: try: for item in db.getFreeText(vFreeSearch): printCVE_json(item, indent=2) except: sys.exit("Free text search not enabled on the database!") sys.exit(0) # Search Product (best to use CPE notation, e.g. cisco:ios:12.2 if vSearch: for item in db.cvesForCPE(vSearch): if not last_ndays: if csvOutput: printCVE_csv(item) elif htmlOutput: printCVE_html(item) # bson straight from the MongoDB db - converted to JSON default
printCVE_xml(item) elif cveidOutput: printCVE_id(item) else: printCVE_human(item) if htmlOutput: print("</body></html>") sys.exit(0) # Basic freetext search (in vulnerability summary). # Full-text indexing is more efficient to search across all CVEs. if vFreeSearch: try: for item in db.getFreeText(vFreeSearch): printCVE_json(item, indent=2) except: sys.exit("Free text search not enabled on the database!") sys.exit(0) # Search Product (best to use CPE notation, e.g. cisco:ios:12.2 if vSearch: for item in db.cvesForCPE(vSearch, lax=relaxSearch): if not last_ndays: if csvOutput: printCVE_csv(item) elif htmlOutput: printCVE_html(item)
def search_func(args, output=sys.__stdout__): "Implement main cve-search function." # set output pipe # output is set back to sys.__stdout__ at the end of # the function sys.stdout = output # init control variables csvOutput = 0 htmlOutput = 0 jsonOutput = 0 xmlOutput = 0 last_ndays = 0 nlimit = 0 # init various variables :-) vSearch = "" vOutput = "" vFreeSearch = "" summary_text = "" vSearch = args["p"] cveSearch = [x.upper() for x in args["c"]] if args["c"] else None vOutput = args["o"] vFreeSearch = args["f"] sLatest = args["l"] namelookup = args["n"] rankinglookup = args["r"] capeclookup = args["a"] last_ndays = args["t"] summary_text = args["s"] nlimit = args["i"] cves = CVEs.last(rankinglookup=rankinglookup, namelookup=namelookup, capeclookup=capeclookup) # replace special characters in vSearch with encoded version. # Basically cuz I'm to lazy to handle conversion on DB creation ... if vSearch: vSearch = re.sub(r"\(", "%28", vSearch) vSearch = re.sub(r"\)", "%29", vSearch) # define which output to generate. if vOutput == "csv": csvOutput = 1 elif vOutput == "html": htmlOutput = 1 elif vOutput == "xml": xmlOutput = 1 r = Element("cve-search") elif vOutput == "json": jsonOutput = 1 elif vOutput == "cveid": cveidOutput = 1 else: cveidOutput = False # Print first line of html output if htmlOutput and args["p"] is not None: print("<html><body><h1>CVE search " + args["p"] + " </h1>") elif htmlOutput and args["c"] is not None: print("<html><body><h1>CVE-ID " + str(args["c"]) + " </h1>") # search default is ascending mode sorttype = 1 if sLatest: sorttype = -1 if cveSearch: results = db.getCVEs(cves=cveSearch) for index, item in enumerate(results): if csvOutput: printCVE_csv(item, namelookup, rankinglookup, cves) elif htmlOutput: printCVE_html(item, rankinglookup, cves) # bson straight from the MongoDB db - converted to JSON default # representation elif jsonOutput: printCVE_json(item, namelookup, rankinglookup, capeclookup, cves) if index != len(results) - 1: print(",", end="") elif xmlOutput: printCVE_xml(item, rankinglookup, cves, r) elif cveidOutput: printCVE_id(item) else: printCVE_human(item, namelookup, rankinglookup, cves) if htmlOutput: print("</body></html>") sys.stdout = sys.__stdout__ return 1 # Basic freetext search (in vulnerability summary). # Full-text indexing is more efficient to search across all CVEs. if vFreeSearch: try: results = db.getFreeText(vFreeSearch) for index, item in enumerate(results): if jsonOutput: printCVE_json(item, namelookup, rankinglookup, capeclookup, cves, indent=2) if index != len(results) - 1: print(",", end="") else: printCVE_human(item, namelookup, rankinglookup, cves) except: sys.exit("Free text search not enabled on the database!") sys.stdout = sys.__stdout__ return 1 # Search Product (best to use CPE notation, e.g. cisco:ios:12.2 if vSearch: results = db.cvesForCPE(vSearch) for index, item in enumerate(results): if not last_ndays: if csvOutput: printCVE_csv(item, namelookup, rankinglookup, cves) elif htmlOutput: printCVE_html(item, rankinglookup, cves) # bson straight from the MongoDB db - converted to JSON default # representation elif jsonOutput: printCVE_json(item, namelookup, rankinglookup, capeclookup, cves) if index != len(results) - 1: print(",", end="") elif xmlOutput: printCVE_xml(item, rankinglookup, cves, r) elif cveidOutput: printCVE_id(item) else: printCVE_human(item, namelookup, rankinglookup, cves) else: date_n_days_ago = datetime.now() - timedelta(days=last_ndays) if item["Published"] > date_n_days_ago: if csvOutput: printCVE_csv(item, namelookup, rankinglookup, cves) elif htmlOutput: printCVE_html(item, rankinglookup, cves) # bson straight from the MongoDB db - converted to JSON default # representation elif jsonOutput: printCVE_json(item, namelookup, rankinglookup, capeclookup, cves) elif xmlOutput: printCVE_xml(item, rankinglookup, cves, r) elif cveidOutput: printCVE_id(item) else: printCVE_human(item, namelookup, rankinglookup, cves) if htmlOutput: print("</body></html>") sys.stdout = sys.__stdout__ return 1 # Search text in summary if summary_text: import lib.CVEs as cves l = cves.last(rankinglookup=rankinglookup, namelookup=namelookup, capeclookup=capeclookup) for cveid in db.getCVEIDs(limit=nlimit): item = l.getcve(cveid=cveid) if "cvss" in item: if type(item["cvss"]) == str: item["cvss"] = float(item["cvss"]) date_fields = ["cvss-time", "Modified", "Published"] for field in date_fields: if field in item: item[field] = str(item[field]) if summary_text.upper() in item["summary"].upper(): if not last_ndays: if vOutput: printCVE_id(item) else: print( json.dumps(item, sort_keys=True, default=json_util.default)) else: date_n_days_ago = datetime.now() - timedelta( days=last_ndays) # print(item['Published']) # print(type (item['Published'])) # print("Last n day " +str(last_ndays)) try: if (datetime.strptime(item["Published"], "%Y-%m-%d %H:%M:%S.%f") > date_n_days_ago): if vOutput: printCVE_id(item) else: print( json.dumps(item, sort_keys=True, default=json_util.default)) except: pass if htmlOutput: print("</body></html>") sys.stdout = sys.__stdout__ return 1 if xmlOutput: # default encoding is UTF-8. Should this be detected on the terminal? s = tostring(r).decode("utf-8") print(s) sys.stdout = sys.__stdout__ return 1 else: sys.stdout = sys.__stdout__ return 0 sys.stdout = sys.__stdout__ return 1