Loading bin/db_dump.py +15 −25 Original line number Diff line number Diff line Loading @@ -6,7 +6,7 @@ # Software is free software released under the "Modified BSD license" # # Copyright (c) 2012-2015 Alexandre Dulaunoy - a@foo.be # Copyright (c) 2015 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Copyright (c) 2015-2017 Pieter-Jan Moreels - pieterjan.moreels@gmail.com import os import sys runPath = os.path.dirname(os.path.realpath(__file__)) Loading @@ -14,11 +14,16 @@ sys.path.append(os.path.join(runPath, "..")) import argparse import json from bson import json_util import lib.CVEs as cves import lib.DatabaseLayer as db from lib.DatabaseLayer2 import DatabaseLayer def dump(limit, ranking=False, via4=False, capec=False): db = DatabaseLayer() for cve in db.CVE.last(limit=limit, via4=via4, ranking=ranking): item = cve.dict(capec, human_dates=True) print(json.dumps(item, sort_keys=True)) if __name__ == "__main__": argParser = argparse.ArgumentParser(description='Dump database in JSON format') argParser.add_argument('-r', default=False, action='store_true', help='Include ranking value') argParser.add_argument('-v', default=False, action='store_true', help='Include via4 map') Loading @@ -26,19 +31,4 @@ argParser.add_argument('-c', default=False, action='store_true', help='Include C argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)') args = argParser.parse_args() rankinglookup = args.r via4lookup = args.v capeclookup = args.c l = cves.last(rankinglookup=rankinglookup, via4lookup=via4lookup, capeclookup=capeclookup) for cveid in db.getCVEIDs(limit=args.l): item = l.getcve(cveid=cveid) if 'cvss' in item: if type(item['cvss']) == str: item['cvss'] = float(item['cvss']) date_fields = ['cvss-time', 'Modified', 'Published'] for field in date_fields: if field in item: item[field] = str(item[field]) print(json.dumps(item, sort_keys=True, default=json_util.default)) dump(args.l, args.r, args.v, args.c) lib/Objects.py +18 −3 Original line number Diff line number Diff line Loading @@ -101,9 +101,9 @@ class CVE: self.references = references self.cvss_time = cvss_time def dict(self): def dict(self, capec=False, human_dates=False, backwards_compatible=True): vuln_conf = [x.id for x in self.vulnerable_configuration] return {'id': self.id, data = {'id': self.id, 'cvss': self.cvss, 'summary': self.summary, 'vulnerable_configuration': vuln_conf, Loading @@ -111,9 +111,24 @@ class CVE: 'Modified': self.modified, 'impact': self.impact and self.impact.dict() or None, 'access': self.access and self.access.dict() or None, 'cwe': "CWE-"+self.cwe.id, 'cwe': self.cwe.id, 'references': self.references, 'cvss-time': self.cvss_time} if data['cwe'] != "Unknown": data['cwe'] = "CWE-"+ data['cwe'] if capec: data['capec'] = [] if self.cwe and self.cwe.id.lower() != "unknown": data['capec'] = [c.dict() for c in self.cwe.capec] if human_dates: for field in ['Published', 'Modified', 'cvss-time']: data[field] = str(data[field]) # To be removed in the newest release if backwards_compatible: b = [x.id_2_2 for x in self.vulnerable_configuration] data['vulnerable_configuration_cpe_2_2'] = b return data @classmethod def fromDict(cls, data): Loading lib/Query.py +0 −67 Original line number Diff line number Diff line Loading @@ -16,68 +16,12 @@ import sys runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runPath, "..")) import lib.CVEs as cves import lib.DatabaseLayer as db import lib.Toolkit as tk from lib.Config import Configuration rankinglookup = True redisdb = Configuration.getRedisVendorConnection() def findranking(cpe=None, loosy=True): if cpe is None: return False result = False if loosy: for x in cpe.split(':'): if x is not '': i = db.findRanking(cpe, regex=True) if i is None: continue if 'rank' in i: result = i['rank'] else: i = db.findRanking(cpe, regex=True) print (cpe) if i is None: return result if 'rank' in i: result = i['rank'] return result def lookupcpe(cpeid=None): e = db.getCPE(cpeid) if e is None: return cpeid if 'id' in e: return e['title'] def lastentries(limit=5, namelookup=False, rankinglookup=True): entries = [] for item in db.getCVEs(limit): if not namelookup and rankinglookup is not True: entries.append(item) else: if "vulnerable_configuration" in item: vulconf = [] ranking = [] for conf in item['vulnerable_configuration']: if namelookup: vulconf.append(lookupcpe(cpeid=conf)) else: vulconf.append(conf) if rankinglookup: rank = findranking(cpe=conf) if rank and rank not in ranking: ranking.append(rank) item['vulnerable_configuration'] = vulconf if rankinglookup and len(ranking) > 0: item['ranking'] = ranking entries.append(item) return entries def apigetcve(api, cveid=None): if cveid is None: return False Loading Loading @@ -114,18 +58,7 @@ def apisearch(api, query=None): else: return False # Lastly added def cvesForCPE(cpe): cpe = tk.toStringFormattedCPE(cpe) data = [] if cpe: cvesp = cves.last(rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False) for x in db.cvesForCPE(cpe): data.append(cvesp.getcve(x['id'])) return data def getBrowseList(vendor): result = {} if (vendor is None) or type(vendor) == list: Loading web/advanced_api.py +0 −1 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ import sys _runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(_runPath, "..")) import lib.DatabaseLayer as db import sbin.db_blacklist as bl import sbin.db_whitelist as wl Loading web/api.py +0 −1 Original line number Diff line number Diff line Loading @@ -36,7 +36,6 @@ from tornado.wsgi import WSGIContainer import datetime import lib.CVEs as cves import lib.DatabaseLayer as db import lib.Query as query import lib.Toolkit as tk Loading Loading
bin/db_dump.py +15 −25 Original line number Diff line number Diff line Loading @@ -6,7 +6,7 @@ # Software is free software released under the "Modified BSD license" # # Copyright (c) 2012-2015 Alexandre Dulaunoy - a@foo.be # Copyright (c) 2015 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Copyright (c) 2015-2017 Pieter-Jan Moreels - pieterjan.moreels@gmail.com import os import sys runPath = os.path.dirname(os.path.realpath(__file__)) Loading @@ -14,11 +14,16 @@ sys.path.append(os.path.join(runPath, "..")) import argparse import json from bson import json_util import lib.CVEs as cves import lib.DatabaseLayer as db from lib.DatabaseLayer2 import DatabaseLayer def dump(limit, ranking=False, via4=False, capec=False): db = DatabaseLayer() for cve in db.CVE.last(limit=limit, via4=via4, ranking=ranking): item = cve.dict(capec, human_dates=True) print(json.dumps(item, sort_keys=True)) if __name__ == "__main__": argParser = argparse.ArgumentParser(description='Dump database in JSON format') argParser.add_argument('-r', default=False, action='store_true', help='Include ranking value') argParser.add_argument('-v', default=False, action='store_true', help='Include via4 map') Loading @@ -26,19 +31,4 @@ argParser.add_argument('-c', default=False, action='store_true', help='Include C argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)') args = argParser.parse_args() rankinglookup = args.r via4lookup = args.v capeclookup = args.c l = cves.last(rankinglookup=rankinglookup, via4lookup=via4lookup, capeclookup=capeclookup) for cveid in db.getCVEIDs(limit=args.l): item = l.getcve(cveid=cveid) if 'cvss' in item: if type(item['cvss']) == str: item['cvss'] = float(item['cvss']) date_fields = ['cvss-time', 'Modified', 'Published'] for field in date_fields: if field in item: item[field] = str(item[field]) print(json.dumps(item, sort_keys=True, default=json_util.default)) dump(args.l, args.r, args.v, args.c)
lib/Objects.py +18 −3 Original line number Diff line number Diff line Loading @@ -101,9 +101,9 @@ class CVE: self.references = references self.cvss_time = cvss_time def dict(self): def dict(self, capec=False, human_dates=False, backwards_compatible=True): vuln_conf = [x.id for x in self.vulnerable_configuration] return {'id': self.id, data = {'id': self.id, 'cvss': self.cvss, 'summary': self.summary, 'vulnerable_configuration': vuln_conf, Loading @@ -111,9 +111,24 @@ class CVE: 'Modified': self.modified, 'impact': self.impact and self.impact.dict() or None, 'access': self.access and self.access.dict() or None, 'cwe': "CWE-"+self.cwe.id, 'cwe': self.cwe.id, 'references': self.references, 'cvss-time': self.cvss_time} if data['cwe'] != "Unknown": data['cwe'] = "CWE-"+ data['cwe'] if capec: data['capec'] = [] if self.cwe and self.cwe.id.lower() != "unknown": data['capec'] = [c.dict() for c in self.cwe.capec] if human_dates: for field in ['Published', 'Modified', 'cvss-time']: data[field] = str(data[field]) # To be removed in the newest release if backwards_compatible: b = [x.id_2_2 for x in self.vulnerable_configuration] data['vulnerable_configuration_cpe_2_2'] = b return data @classmethod def fromDict(cls, data): Loading
lib/Query.py +0 −67 Original line number Diff line number Diff line Loading @@ -16,68 +16,12 @@ import sys runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runPath, "..")) import lib.CVEs as cves import lib.DatabaseLayer as db import lib.Toolkit as tk from lib.Config import Configuration rankinglookup = True redisdb = Configuration.getRedisVendorConnection() def findranking(cpe=None, loosy=True): if cpe is None: return False result = False if loosy: for x in cpe.split(':'): if x is not '': i = db.findRanking(cpe, regex=True) if i is None: continue if 'rank' in i: result = i['rank'] else: i = db.findRanking(cpe, regex=True) print (cpe) if i is None: return result if 'rank' in i: result = i['rank'] return result def lookupcpe(cpeid=None): e = db.getCPE(cpeid) if e is None: return cpeid if 'id' in e: return e['title'] def lastentries(limit=5, namelookup=False, rankinglookup=True): entries = [] for item in db.getCVEs(limit): if not namelookup and rankinglookup is not True: entries.append(item) else: if "vulnerable_configuration" in item: vulconf = [] ranking = [] for conf in item['vulnerable_configuration']: if namelookup: vulconf.append(lookupcpe(cpeid=conf)) else: vulconf.append(conf) if rankinglookup: rank = findranking(cpe=conf) if rank and rank not in ranking: ranking.append(rank) item['vulnerable_configuration'] = vulconf if rankinglookup and len(ranking) > 0: item['ranking'] = ranking entries.append(item) return entries def apigetcve(api, cveid=None): if cveid is None: return False Loading Loading @@ -114,18 +58,7 @@ def apisearch(api, query=None): else: return False # Lastly added def cvesForCPE(cpe): cpe = tk.toStringFormattedCPE(cpe) data = [] if cpe: cvesp = cves.last(rankinglookup=False, namelookup=False, via4lookup=True, capeclookup=False) for x in db.cvesForCPE(cpe): data.append(cvesp.getcve(x['id'])) return data def getBrowseList(vendor): result = {} if (vendor is None) or type(vendor) == list: Loading
web/advanced_api.py +0 −1 Original line number Diff line number Diff line Loading @@ -17,7 +17,6 @@ import sys _runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(_runPath, "..")) import lib.DatabaseLayer as db import sbin.db_blacklist as bl import sbin.db_whitelist as wl Loading
web/api.py +0 −1 Original line number Diff line number Diff line Loading @@ -36,7 +36,6 @@ from tornado.wsgi import WSGIContainer import datetime import lib.CVEs as cves import lib.DatabaseLayer as db import lib.Query as query import lib.Toolkit as tk Loading
