Commit 138d2d85 authored by IrootGeek's avatar IrootGeek
Browse files

Add new function search text in all summary

parent c00ec242

bin/search.py

+93 −14
Original line number Diff line number Diff line
@@ -11,6 +11,7 @@ 
# Imports

import os

import sys



runPath = os.path.dirname(os.path.realpath(__file__))

sys.path.append(os.path.join(runPath, ".."))
@@ -24,16 +25,21 @@ from bson import json_util 
from lib import CVEs

import lib.DatabaseLayer as db



from datetime import datetime, timedelta



# init control variables

csvOutput = 0

htmlOutput = 0

jsonOutput = 0

xmlOutput = 0

last_ndays = 0

nlimit = 0



    # init various variables :-)

vSearch = ""

vOutput = ""

vFreeSearch = ""

summary_text = ""





# parse command-line arguments
@@ -47,7 +53,11 @@ argParser.add_argument('-n', action='store_true', help='lookup complete cpe (Com 
argParser.add_argument('-r', action='store_true', help='lookup ranking of vulnerable configuration')

argParser.add_argument('-a', default=False, action='store_true', help='Lookup CAPEC for related CWE weaknesses')

argParser.add_argument('-v', type=str, help='vendor name to lookup in reference URLs')

argParser.add_argument('-s', type=str, help='search in summary text')

argParser.add_argument('-t', type=int, help='search in last n day')

argParser.add_argument('-i', default=False, type=int, help='Limit output to n elements (default: unlimited)')

args = argParser.parse_args()



vSearch = args.p

cveSearch = [x.upper() for x in args.c] if args.c else None

vOutput = args.o
@@ -56,6 +66,9 @@ sLatest = args.l 
namelookup = args.n

rankinglookup = args.r

capeclookup = args.a

last_ndays = args.t

summary_text= args.s

nlimit =args.i



cves = CVEs.last(rankinglookup=rankinglookup, namelookup=namelookup, capeclookup=capeclookup)
@@ -246,6 +259,11 @@ def printCVE_human(item): 
                    print( i + ": " + str(e[i]))

    print("\n\n")



# Search in summary text

def search_in_summary(item):

     print(item['summary'])

     #if args.a in str(item['summary']):

      #  printCVE_json(item)



if cveSearch:

    for item in db.getCVEs(cves=cveSearch):
@@ -264,6 +282,7 @@ if cveSearch: 
        else:

            printCVE_human(item)





    if htmlOutput:

        print("</body></html>")

    sys.exit(0)
@@ -278,9 +297,12 @@ if vFreeSearch: 
        sys.exit("Free text search not enabled on the database!")

    sys.exit(0)





# Search Product (best to use CPE notation, e.g. cisco:ios:12.2

if vSearch:



    for item in db.cvesForCPE(vSearch):

        if not last_ndays:

            if csvOutput:

                printCVE_csv(item)

            elif htmlOutput:
@@ -295,7 +317,63 @@ if vSearch: 
                printCVE_id(item)

            else:

                printCVE_human(item)

        else:

            date_n_days_ago = datetime.now() - timedelta(days=last_ndays)

            if item['Published'] > date_n_days_ago: 



                    if csvOutput:

                        printCVE_csv(item)

                    elif htmlOutput:

                        printCVE_html(item)

                    # bson straight from the MongoDB db - converted to JSON default

                    # representation

                    elif jsonOutput:

                        printCVE_json(item)

                    elif xmlOutput:

                        printCVE_xml(item)

                    elif cveidOutput:

                        printCVE_id(item)

                    else:

                        printCVE_human(item)

    if htmlOutput:

        print("</body></html>")

    sys.exit(0)



# Search text in summary 

if summary_text:

    import lib.CVEs as cves



    l = cves.last(rankinglookup=rankinglookup, namelookup=namelookup, capeclookup=capeclookup)



    for cveid in db.getCVEIDs(limit=nlimit):

        item = l.getcve(cveid=cveid)

        if 'cvss' in item:

            if type(item['cvss']) == str:

                item['cvss'] = float(item['cvss'])

        date_fields = ['cvss-time', 'Modified', 'Published']

        for field in date_fields:

            if field in item:

                item[field] = str(item[field])

        if summary_text.upper() in item['summary'].upper():

            if not last_ndays:

                if vOutput:

                    printCVE_id(item)

                else:

                    print(json.dumps(item, sort_keys=True, default=json_util.default))    

            else:



                date_n_days_ago = datetime.now() - timedelta(days=last_ndays)

                   # print(item['Published'])

                   # print(type (item['Published']))

                   # print("Last n day " +str(last_ndays)) 

                try:

                    if  datetime.strptime(item['Published'], '%Y-%m-%d %H:%M:%S.%f')  > date_n_days_ago:

                        if vOutput:

                            printCVE_id(item)

                        else:

                            print(json.dumps(item, sort_keys=True, default=json_util.default))

                except:

                    pass

    if htmlOutput:

        print("</body></html>")

    sys.exit(0)
@@ -305,6 +383,7 @@ if xmlOutput: 
    s = tostring(r).decode("utf-8")

    print(s)

    sys.exit(0)



else:

    argParser.print_help()

    argParser.exit()
 
 No newline at end of file

CRA Git | Maintained and supported by SUSTech CRA and CCSE