Loading lib/DatabaseLayer.py +1 −4 Original line number Diff line number Diff line Loading @@ -222,9 +222,6 @@ def getSearchResults(search): 'map_redhat_bugzilla.redhatid', 'map_cve_ubuntu.ubuntuid', 'map_cve_suse.suseid', 'map_cve_fedora.fedoraid', 'map_cve_hp.hpid', 'map_cve_cisco.ciscoid'] # Temporally disable these (to be revised how to implement this in plugin searching) #threat= {'n': 'Threat', 'd': sanitize(colMISP.find({'threats': {'$in': [regSearch]}}))} #misp_tag={'n': 'MISP tag', 'd': sanitize(colMISP.find({'tags': {'$in': [regSearch]}}))} links = {'n': 'Link', 'd': []} for vLink in vFeedLinks: links['d'].extend(sanitize(colVFEED.find({vLink: {'$in': [regSearch]}}))) Loading @@ -234,7 +231,7 @@ def getSearchResults(search): except: textsearch={'n': 'Text search', 'd': []} result['errors']=['textsearch'] #for collection in [threat, misp_tag, textsearch, links]: for collection in [links, textsearch]: for item in collection['d']: # Check if already in result data Loading lib/PluginManager.py +19 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,7 @@ sys.path.append(os.path.join(runPath, "..")) import importlib import lib.DatabaseLayer as db from lib.Config import Configuration as conf from lib.Config import ConfigReader from lib.Plugins import Plugin, WebPlugin Loading Loading @@ -123,3 +124,21 @@ class PluginManager(): except: print("[!] Plugin %s failed on fetching CVE plugin info!"%plugin.getName()) return cveInfo def getSearchResults(self, text): result = {'data':[]} results = [] # Get all data for plugin in self.plugins.values(): data = plugin.search(text) # Validate format if type(data) == list and all([(type(x) == dict and 'n' in x and 'd' in x) for x in data]): results.extend(data) for collection in results: for item in collection['d']: # Check if already in result data if not any(item['id']==entry['id'] for entry in result['data']): entry=db.getCVE(item['id']) entry['reason']=collection['n'] result['data'].append(entry) return result lib/Plugins.py +1 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ class Plugin(): # To override def loadSettings(self, reader): pass def onDatabaseUpdate(self): pass def search(self, text): pass class WebPlugin(Plugin): Loading lib/Toolkit.py +14 −0 Original line number Diff line number Diff line Loading @@ -122,3 +122,17 @@ def convertDateToDBFormat(string): if result is not None: result = time.strftime('%Y-%m-%d', result) return result def mergeSearchResults(database, plugins): if 'errors' in database: results = {'data':[], 'errors':database['errors']} else: results = {'data': []} data = [] data.extend(database['data']) data.extend(plugins['data']) for cve in data: if not any(cve['id']==entry['id'] for entry in results['data']): results['data'].append(cve) return results web/index.py +4 −2 Original line number Diff line number Diff line Loading @@ -40,7 +40,7 @@ from logging.handlers import RotatingFileHandler from lib.User import User from lib.Config import Configuration from lib.PluginManager import PluginManager from lib.Toolkit import toStringFormattedCPE, toOldCPE, currentTime, isURL, vFeedName, convertDateToDBFormat from lib.Toolkit import toStringFormattedCPE, toOldCPE, currentTime, isURL, vFeedName, convertDateToDBFormat, mergeSearchResults import lib.CVEs as cves import lib.DatabaseLayer as db from sbin.db_whitelist import * Loading Loading @@ -465,7 +465,9 @@ def capec(capecid): @app.route('/search', methods=['POST']) def searchText(): search = request.form.get('search') result = db.getSearchResults(search) dbResults = db.getSearchResults(search) plugResults = plugManager.getSearchResults(search) result = mergeSearchResults(dbResults, plugResults) cve=result['data'] errors=result['errors'] if 'errors' in result else [] return render_template('search.html', cve=cve, errors=errors) Loading Loading
lib/DatabaseLayer.py +1 −4 Original line number Diff line number Diff line Loading @@ -222,9 +222,6 @@ def getSearchResults(search): 'map_redhat_bugzilla.redhatid', 'map_cve_ubuntu.ubuntuid', 'map_cve_suse.suseid', 'map_cve_fedora.fedoraid', 'map_cve_hp.hpid', 'map_cve_cisco.ciscoid'] # Temporally disable these (to be revised how to implement this in plugin searching) #threat= {'n': 'Threat', 'd': sanitize(colMISP.find({'threats': {'$in': [regSearch]}}))} #misp_tag={'n': 'MISP tag', 'd': sanitize(colMISP.find({'tags': {'$in': [regSearch]}}))} links = {'n': 'Link', 'd': []} for vLink in vFeedLinks: links['d'].extend(sanitize(colVFEED.find({vLink: {'$in': [regSearch]}}))) Loading @@ -234,7 +231,7 @@ def getSearchResults(search): except: textsearch={'n': 'Text search', 'd': []} result['errors']=['textsearch'] #for collection in [threat, misp_tag, textsearch, links]: for collection in [links, textsearch]: for item in collection['d']: # Check if already in result data Loading
lib/PluginManager.py +19 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,7 @@ sys.path.append(os.path.join(runPath, "..")) import importlib import lib.DatabaseLayer as db from lib.Config import Configuration as conf from lib.Config import ConfigReader from lib.Plugins import Plugin, WebPlugin Loading Loading @@ -123,3 +124,21 @@ class PluginManager(): except: print("[!] Plugin %s failed on fetching CVE plugin info!"%plugin.getName()) return cveInfo def getSearchResults(self, text): result = {'data':[]} results = [] # Get all data for plugin in self.plugins.values(): data = plugin.search(text) # Validate format if type(data) == list and all([(type(x) == dict and 'n' in x and 'd' in x) for x in data]): results.extend(data) for collection in results: for item in collection['d']: # Check if already in result data if not any(item['id']==entry['id'] for entry in result['data']): entry=db.getCVE(item['id']) entry['reason']=collection['n'] result['data'].append(entry) return result
lib/Plugins.py +1 −0 Original line number Diff line number Diff line Loading @@ -16,6 +16,7 @@ class Plugin(): # To override def loadSettings(self, reader): pass def onDatabaseUpdate(self): pass def search(self, text): pass class WebPlugin(Plugin): Loading
lib/Toolkit.py +14 −0 Original line number Diff line number Diff line Loading @@ -122,3 +122,17 @@ def convertDateToDBFormat(string): if result is not None: result = time.strftime('%Y-%m-%d', result) return result def mergeSearchResults(database, plugins): if 'errors' in database: results = {'data':[], 'errors':database['errors']} else: results = {'data': []} data = [] data.extend(database['data']) data.extend(plugins['data']) for cve in data: if not any(cve['id']==entry['id'] for entry in results['data']): results['data'].append(cve) return results
web/index.py +4 −2 Original line number Diff line number Diff line Loading @@ -40,7 +40,7 @@ from logging.handlers import RotatingFileHandler from lib.User import User from lib.Config import Configuration from lib.PluginManager import PluginManager from lib.Toolkit import toStringFormattedCPE, toOldCPE, currentTime, isURL, vFeedName, convertDateToDBFormat from lib.Toolkit import toStringFormattedCPE, toOldCPE, currentTime, isURL, vFeedName, convertDateToDBFormat, mergeSearchResults import lib.CVEs as cves import lib.DatabaseLayer as db from sbin.db_whitelist import * Loading Loading @@ -465,7 +465,9 @@ def capec(capecid): @app.route('/search', methods=['POST']) def searchText(): search = request.form.get('search') result = db.getSearchResults(search) dbResults = db.getSearchResults(search) plugResults = plugManager.getSearchResults(search) result = mergeSearchResults(dbResults, plugResults) cve=result['data'] errors=result['errors'] if 'errors' in result else [] return render_template('search.html', cve=cve, errors=errors) Loading
