bugfixes + code clean-up (253e9e49) · Commits · Zhang Yushan / cve-search

web/advanced_api.py

+0 −1

Original line number	Diff line number	Diff line
		@@ -27,7 +27,6 @@ from functools import wraps
		from io import StringIO

		from lib.Authentication import AuthenticationHandler
		from lib.User import User
		from web.api import API, APIError

web/index.py

+16 −32

Original line number	Diff line number	Diff line
		@@ -20,7 +20,7 @@ import urllib
		_runPath = os.path.dirname(os.path.realpath(__file__))
		sys.path.append(os.path.join(_runPath, ".."))

		from flask import jsonify, request, redirect, render_template, send_file
		from flask import abort, jsonify, request, redirect, render_template, send_file
		from flask_login import LoginManager, current_user, login_user, logout_user, login_required
		from io import TextIOWrapper, BytesIO
		from redis import exceptions as redisExceptions
		@@ -55,6 +55,7 @@ class Index(Minimal, Advanced_API):
		self.plugManager.loadPlugins()
		self.login_manager.init_app(self.app)
		self.login_manager.user_loader(self.load_user)
		self.redisdb = Configuration.getRedisVendorConnection()

		self.defaultFilters.update({'blacklistSelect': 'on', 'whitelistSelect': 'on',
		'unlistedSelect': 'show',})
		@@ -95,12 +96,6 @@ class Index(Minimal, Advanced_API):
		#############
		# Functions #
		#############
		def indexFilters(self):
		args = copy.copy(self.args)
		args.update({'filters': self.plugManager.getFilters(**self.pluginArgs)})
		return args


		def generate_full_query(self, f):
		query = self.generate_minimal_query(f)
		if current_user.is_authenticated():
		@@ -151,7 +146,7 @@ class Index(Minimal, Advanced_API):
		# marking relevant records
		if current_user.is_authenticated():
		if filters['whitelistSelect'] == "on": cve = self.list_mark('white', cve)
		if filters['blacklistSelect'] == "mark": cve = blacklist_mark('black', cve)
		if filters['blacklistSelect'] == "mark": cve = self.list_mark('black', cve)
		self.plugManager.mark(cve, **self.pluginArgs)
		cve = list(cve)
		return cve
		@@ -309,7 +304,7 @@ class Index(Minimal, Advanced_API):
		if new_pass:
		db.changePassword(current_user.id , new_pass)
		return jsonify({"status": "password_changed"})
		return jsonfiy({"status": "no_password"})
		return jsonify({"status": "no_password"})
		else:
		return jsonify({"status": "wrong_user_pass"})

		@@ -344,18 +339,18 @@ class Index(Minimal, Advanced_API):
		_list = request.url_rule.split('/')[2]
		file = request.files['file']
		force = request.form.get('force')
		count = countWhitelist() if _list.lower == 'whitelist' else countBlacklist()
		count = wl.countWhitelist() if _list.lower == 'whitelist' else bl.countBlacklist()
		if (count == 0) \| (not count) \| (force == "f"):
		if _list.lower == 'whitelist':
		dropWhitelist()
		wl.dropWhitelist()
		wl.importWhitelist(TextIOWrapper(file.stream))
		else:
		dropBlacklist()
		bl.dropBlacklist()
		bl.importBlacklist(TextIOWrapper(file.stream))
		status = _list[0]+"l_imported"
		else:
		status = _list[0]+"l_already_filled"
		return render_template('admin.html', status=status, **adminInfo())
		return render_template('admin.html', status=status, **self.adminInfo())


		# /admin/whitelist/export
		@@ -459,7 +454,6 @@ class Index(Minimal, Advanced_API):
		item = request.args.get('item', type=str)
		listType = request.args.get('list', type=str)

		vendor = product = version = None
		pattern = re.compile('^[a-z:/0-9.~_%-]+$')

		if pattern.match(item):
		@@ -467,35 +461,25 @@ class Index(Minimal, Advanced_API):
		added = False
		if len(item) == 1:
		# only vendor, so a check on cpe type is needed
		if redisdb.sismember("t:/o", item[0]):
		if addCPEToList("cpe:/o:" + item[0], listType): added = True
		if redisdb.sismember("t:/a", item[0]):
		if addCPEToList("cpe:/a:" + item[0], listType): added = True
		if redisdb.sismember("t:/h", item[0]):
		if addCPEToList("cpe:/h:" + item[0], listType): added = True
		browseList = getBrowseList(None)
		vendor = browseList['vendor']
		if self.redisdb.sismember("t:/o", item[0]):
		if self.addCPEToList("cpe:/o:" + item[0], listType): added = True
		if self.redisdb.sismember("t:/a", item[0]):
		if self.addCPEToList("cpe:/a:" + item[0], listType): added = True
		if self.redisdb.sismember("t:/h", item[0]):
		if self.addCPEToList("cpe:/h:" + item[0], listType): added = True
		elif 4 > len(item) > 1:
		# cpe type can be found with a mongo regex query
		result = db.getCVEs(query={'cpe_2_2': {'$regex': item[1]}})
		if result.count() != 0:
		prefix = ((result[0])['cpe_2_2'])[:7]
		if len(item) == 2:
		if addCPEToList(prefix + item[0] + ":" + item[1], listType):
		if self.addCPEToList(prefix + item[0] + ":" + item[1], listType):
		added = True
		if len(item) == 3:
		if addCPEToList(prefix + item[0] + ":" + item[1] + ":" + item[2], listType):
		if self.addCPEToList(prefix + item[0] + ":" + item[1] + ":" + item[2], listType):
		added = True
		vendor = item[0]
		if len(item) > 2:
		product = item[1]
		version = getVersionsOfProduct(product)
		else:
		product = (getBrowseList(vendor))['product']
		status = "added_to_list" if added else "could_not_add_to_list"
		else:
		browseList = getBrowseList(None)
		vendor = browseList['vendor']
		status = "invalid_cpe"
		j={"status":status, "listType":listType}
		return jsonify(j)

web/templates/listmanagement.html

+1 −0

Original line number	Diff line number	Diff line
		@@ -2,6 +2,7 @@
		{% block title %}CPE browser{% endblock %}
		{% block head %}
		<script type="text/javascript" src="/static/js/custom/list.js"></script>
		<script type="text/javascript" src="/static/js/custom/listmanagement.js"></script>
		{% endblock %}
		{% block content %}
		<!-- breadcrumb -->

Admin message