Loading web/advanced_api.py +11 −9 Original line number Diff line number Diff line Loading @@ -27,6 +27,7 @@ from functools import wraps from io import StringIO from lib.Authentication import AuthenticationHandler from lib.DatabaseLayer2 import DatabaseLayer from web.api import API, APIError Loading Loading @@ -64,6 +65,7 @@ class Advanced_API(API): return method, name, key def authErrors(): db = DatabaseLayer() # Required to circumvent the use of self, because of this being a wrapper (This is one reason to use a singleton ;) ) # Check auth if not request.headers.get('Authorization'): return ({'status': 'error', 'reason': 'Authentication needed'}, 401) Loading @@ -78,7 +80,7 @@ class Advanced_API(API): authenticator = AuthenticationHandler() if authenticator.validateUser(name, token): authenticated = True elif method.lower() == 'token': if self.db.Users.getToken(name) == token: authenticated = True if db.Users.getToken(name) == token: authenticated = True elif method.lower() == 'session': authenticator = AuthenticationHandler() if authenticator.api_sessions.get(name) == token: authenticated = True Loading Loading @@ -106,7 +108,7 @@ class Advanced_API(API): def api_dbInfo(self): errors = Advanced_API.authErrors() admin = False if errors and errors[0].get('reason') == "Authentication needed" else True return API.api(db.getDBStats)(admin) return API.api(self.db.db_info)(admin) # Overriding api_documentation to show the documentation for these functions def api_documentation(self): Loading @@ -118,7 +120,7 @@ class Advanced_API(API): @token_required def api_admin_blacklist(self): return db.getBlacklist() return self.db.Blacklist.get() @token_required def api_admin_import_whitelist(self): Loading @@ -130,27 +132,27 @@ class Advanced_API(API): @token_required def api_admin_drop_whitelist(self): return wl.dropWhitelist() return self.db.Whitelist.clear() @token_required def api_admin_drop_blacklist(self): return bl.dropBlacklist() return self.db.Blacklist.clear() @token_required def api_admin_add_whitelist(self): return wl.insertWhitelist(request.form['cpe'], request.form['type']) return self.db.Whitelist.insert(request.form['cpe'], request.form['type']) @token_required def api_admin_add_blacklist(self): return bl.insertBlacklist(request.form['cpe'], request.form['type']) return self.db.Blacklist.insert(request.form['cpe'], request.form['type']) @token_required def api_admin_remove_whitelist(self): return wl.removeWhitelist(request.form['cpe']) return self.db.Whitelist.remove(request.form['cpe']) @token_required def api_admin_remove_blacklist(self): return bl.removeBlacklist(request.form['cpe']) return self.db.Blacklist.remove(request.form['cpe']) @token_required # Of course only the login credentials would work def api_admin_get_token(self): Loading web/api.py +6 −8 Original line number Diff line number Diff line Loading @@ -132,7 +132,7 @@ class API(): returnType = request.headers.get('Accept') # Default to JSON if any(t in returnType for t in ['json', 'application/*', 'text/*', '*/*']): data = error if error else {'status': 'success', 'data': data} data = error if error else {'status': 'success', 'data': data[0]} elif 'plain' in returnType: pass # No need to do anything, but needs to be accepted else: Loading Loading @@ -188,7 +188,7 @@ class API(): def filter_logic(self, filters, skip, limit=None): query = self.generate_minimal_query(filters) limit = limit if limit else self.args['pageLength'] return db.getCVEs(limit=limit, skip=skip, query=query) return self.db.CVE.query(limit=limit, skip=skip, query=query) ########## # ROUTES # Loading Loading @@ -285,14 +285,12 @@ class API(): def api_search(self, vendor=None, product=None): if not (vendor and product): return {} search = vendor + ":" + product # Not using query.cvesForCPE, because that one gives too much info #return json.dumps(db.cvesForCPE(search), default=json_util.default) return self.db.CVE.forCPE(search) # /api/search/<path:search> @api def api_text_search(self, search=None): return db.getSearchResults(search) def api_text_search(self, search): return self.db.CVE.textSearch(search) # /api/link/<key>/<value> @api Loading @@ -300,7 +298,7 @@ class API(): key=self.htmlDecode(key) value=self.htmlDecode(value) regex = re.compile(re.escape(value), re.I) data = {'cves': db.via4Linked(key, regex)} data = {'cves': self.db.VIA4.link(key, regex)} cvssList=[float(x['cvss']) for x in data['cves'] if 'cvss' in x] if cvssList: data['stats']={'maxCVSS': max(cvssList), 'minCVSS': min(cvssList),'count':len(data['cves'])} Loading @@ -311,7 +309,7 @@ class API(): # /api/dbInfo @api def api_dbInfo(self): return db.getDBStats() return self.db.db_info() ######################## Loading web/minimal.py +5 −13 Original line number Diff line number Diff line Loading @@ -83,7 +83,7 @@ class Minimal(API): cve = self.filter_logic(filters, r) except Exception as e: print(e) cve = db.getCVEs(limit=self.args['pageLength'], skip=r) cve = self.db.CVE.query(self.args['pageLength'], skip=r) errors = True return {'filters': filters, 'cve': cve, 'errors': errors} return(filters,cve,errors) Loading Loading @@ -148,29 +148,21 @@ class Minimal(API): # /search/<vendor>/<product> def search(self, vendor=None, product=None): search = vendor + ":" + product cve = db.cvesForCPE(search) cve = self.api_search(vendor, product) return render_template('search.html', vendor=vendor, product=product, cve=cve, minimal=self.minimal) # /search def freetext_search(self): search = request.form.get('search') result = db.getSearchResults(search) result = self.api_text_search(search) cve=result['data'] errors=result['errors'] if 'errors' in result else [] return render_template('search.html', cve=cve, errors=errors, minimal=self.minimal) # /link/<key>/<value> def link(self, key=None,value=None): key=self.htmlDecode(key) value=self.htmlDecode(value) regex = re.compile(re.escape(value), re.I) cve=db.via4Linked(key, regex) cvssList=[float(x['cvss']) for x in cve if 'cvss' in x] if cvssList: stats={'maxCVSS': max(cvssList), 'minCVSS': min(cvssList),'count':len(cve)} else: stats={'maxCVSS': 0, 'minCVSS': 0, 'count':len(cve)} cve = self.api_link(key, value) stats = cve.pop("stats") return render_template('linked.html', via4map=key.split(".")[0], field='.'.join(key.split(".")[1:]), value=value, cve=cve, stats=stats, minimal=self.minimal) Loading web/templates/cve.html +46 −48 Original line number Diff line number Diff line {% extends 'layouts/master-page' %} {% block title %}{{cve['id']}} - {{cve['summary'][:100]}}{% endblock %} {% block title %}{{cve.id}} - {{cve.summary[:100]}}{% endblock %} {% block head %} <!-- css --> <link href="/static/css/custom/cve.css" rel="stylesheet" /> Loading @@ -14,7 +14,7 @@ <!-- breadcrumb --> <ol class="breadcrumb"> <li><a href="/">CVE-Search</a></li> <li class="active">{{cve['id']}}</li> <li class="active">{{cve.id}}</li> </ol> <!-- CVE --> <table id="cveInfo" class="table table-hover table-striped"> Loading @@ -22,7 +22,7 @@ <tr> <td class="warning">ID</td> <td class="info"> {{ cve['id'] }} {{ cve.id }} {% if not minimal %} <table id="actions"> <tr> Loading @@ -35,14 +35,14 @@ </tr> <tr> <td class="warning">Summary</td> <td class="info">{{ cve['summary'] }}</td> <td class="info">{{ cve.summary }}</td> </tr> <tr> <td class="warning">References</td> <td> <div class="semiCollapsed colfield"> <ul class="block"> {% for ref in cve['references'] %} {% for ref in cve.references %} <li> <a href="{{ ref }}" target="_blank">{{ ref }}</a> </li> {% endfor %} </ul> Loading @@ -54,7 +54,7 @@ <td> <div class="colfield semiCollapsed"> <ul class="block"> {% for vulconf in cve['vulnerable_configuration'] %} {% for vulconf in cve.vulnerable_configuration %} <li {% if vulconf['list'] == 'white' %} class="whitelisted" Loading @@ -62,8 +62,8 @@ class="blacklisted" {% endif %} title="{{ vulconf['id'] }} matches {{ vulconf['match'] }}"> <span data-toggle="collapse" data-target="#v{{ loop.index }}" > {{ vulconf['title'] }}</span> <div id="v{{ loop.index }}" class="collapse">{{ vulconf['id'] }}</div> <span data-toggle="collapse" data-target="#v{{ loop.index }}" > {{ vulconf.title }}</span> <div id="v{{ loop.index }}" class="collapse">{{ vulconf.id }}</div> </li> {% endfor %} </ul> Loading @@ -74,32 +74,31 @@ <td class="warning">CVSS</td> <td class="info"> <table class="invisiTable"> <tr><td><b>Base: </b></td><td>{{ cve['cvss'] }} {% if 'cvss-time' in cve %}(as of {{ cve['cvss-time'].strftime('%d-%m-%Y - %H:%M') }}){% endif %}</td></tr> <tr><td><b>Impact: </b></td><td>{{ cve['impactCVSS'] }}</td></tr> <tr><td><b>Exploitability:</b></td><td>{{ cve['exploitCVSS'] }}</td></tr> <tr><td><b>Base: </b></td><td>{{ cve.cvss }} {% if cve.cvss_time %}(as of {{ cve.cvss_time.strftime('%d-%m-%Y - %H:%M') }}){% endif %}</td></tr> <tr><td><b>Impact: </b></td><td>{{ cve.impact.cvss }}</td></tr> <tr><td><b>Exploitability:</b></td><td>{{ cve.access.cvss }}</td></tr> </table> </td> </tr> {% if 'cwe' in cve%} {% if cve['cwe'] != 'Unknown' %} {% if cve.cwe %} {% if cve.cwe.name != 'Unknown' %} <tr> <td class="warning">CWE</td> <td class="info"><a href="/cwe/{{ cve['cwe'].split('-')[1] }}" target="_blank">{{ cve['cwe'] }}</a></td> <td class="info"><a href="/cwe/{{ cve.cwe.id.split('-')[1] }}" target="_blank">{{ cve.cwe.id }}</a></td> </tr> {% endif %} {% endif %} {% if 'capec' in cve%} {% if cve['cwe']|length != 0 %} {% if cve.cwe.capec %} {% if cve.cwe.capec|length != 0 %} <tr> <td class="warning">CAPEC</td> <td class="info"> <div class="colfield semiCollapsed"> <ul class="block"> {% for c in cve['capec'] %} {% for c in cve.cwe.capec %} <li> <a href="/capec/{{c['id']}}"><span class="glyphicon glyphicon-info-sign"></span></a> <span data-toggle="collapse" data-target="#c{{ loop.index }}"> {{c['name']}} </span> <div id="c{{ loop.index }}" class="collapse"> {{c['summary']}} </div> <a href="/capec/{{c.id}}"><span class="glyphicon glyphicon-info-sign"></span></a> <span data-toggle="collapse" data-target="#c{{ loop.index }}"> {{c.name}} </span> <div id="c{{ loop.index }}" class="collapse"> {{c.summary}} </div> </li> {% endfor %} </ul> Loading @@ -108,39 +107,38 @@ </tr> {% endif %} {% endif %} {% if 'access' in cve %} {% endif %} {% if cve.access %} <tr> <td class="warning">Access</td> <td class="info"> <table class="table table-hover table-bordered cve-info table-even"> <thead><tr class="warning"><td>Vector</td><td>Complexity</td><td>Authentication</td></tr></thead> <tr> <td>{{cve['access']['vector']}}</td> <td>{{cve['access']['complexity']}}</td> <td>{{cve['access']['authentication']}}</td> <td>{{cve.access.vector}}</td> <td>{{cve.access.complexity}}</td> <td>{{cve.access.authentication}}</td> </tr> </table> </td> </tr> {% endif %} {% if 'impact' in cve %} {% if cve.impact %} <tr> <td class="warning">Impact</td> <td class="info"> <table class="table table-hover table-bordered cve-info"> <thead><tr class="warning"><td>Confidentiality</td><td>Integrity</td><td>Availability</td></tr></thead> <tr> <td class="impact-{{cve['impact']['confidentiality']|lower}}">{{cve['impact']['confidentiality']}}</td> <td class="impact-{{cve['impact']['integrity']|lower}}">{{cve['impact']['integrity']}}</td> <td class="impact-{{cve['impact']['availability']|lower}}">{{cve['impact']['availability']}}</td> <td class="impact-{{cve.impact.confidentiality|lower}}">{{cve.impact.confidentiality}}</td> <td class="impact-{{cve.impact.integrity|lower}}"> {{cve.impact.integrity}}</td> <td class="impact-{{cve.impact.availability|lower}}"> {{cve.impact.availability}}</td> </tr> </table> </td> </tr> {% endif %} {% set keytype = ['vulnerable_configuration_cpe_2_2','impactCVSS','exploitCVSS' ,'cvss', 'capec', 'access', 'impact', 'cvss-time', 'Modified', 'Published', 'summary', 'vulnerable_configuration', 'references', '_id', 'id', 'last-modified', 'ranking', 'cwe'] %} {% for key, value in cve|dictsort %} {% if not key in keytype %} {% for key, value in cve.via4.dict()|dictsort %} <tr> <td class="warning">{{ key }} <span class="badge"><a href="https://github.com/CVE-Search/VIA4CVE/" target="_blank">via4</a></span> Loading @@ -149,7 +147,6 @@ {{ JSON2HTMLTable(value, key)|safe }} </td> </tr> {% endif %} {% endfor %} {% for plugin in plugins %} <tr> Loading @@ -159,13 +156,14 @@ {% endfor %} <tr> <td class="warning">Last major update</td> <td class="info">{{ cve['Modified'].strftime('%d-%m-%Y - %H:%M') }}</td> <td class="info">{{ cve.modified.strftime('%d-%m-%Y - %H:%M') }}</td> </tr> <tr> <td class="warning">Published</td> <td class="info">{{ cve['Published'].strftime('%d-%m-%Y - %H:%M') }}</td> <td class="info">{{ cve.published.strftime('%d-%m-%Y - %H:%M') }}</td> </tr> {% if 'last-modified' in cve%} {% if 'last-modified' in cve.summary %} <tr> <td class="warning">Last modified</td> <td class="info">{{ cve['last-modified'].strftime('%d-%m-%Y - %H:%M') }}</td> Loading web/templates/subpages/table.html +13 −13 Original line number Diff line number Diff line Loading @@ -6,39 +6,39 @@ </thead> <tbody> {% for c in cve %} {% if 'whitelisted' in c %}{%set class="whitelisted"%}{% elif 'blacklisted' in c %}{%set class="blacklisted"%} {% if c.whitelisted %}{%set class="whitelisted"%}{% elif c.blacklisted %}{%set class="blacklisted"%} {% else %}{%set class=""%}{% endif %} <tr id ="{{ c['id'] }}" class="{{class}}" {{'style=color:'+c['color'] if 'color' in c else ''}}> <tr id ="{{ c.id }}" class="{{class}}" {% if c.color %} 'style=color:'{{c.color}} {% endif %}> <td> {% if 'icon' in c %} <span class="glyphicon glyphicon-{{c['icon']}}"></span> {% if c.icon %} <span class="glyphicon glyphicon-{{c.icon}}"></span> {% else %} {% if 'whitelisted' in c %} {% if c.whitelisted %} <span class="glyphicon glyphicon-bookmark"></span> {% elif 'blacklisted' in c %} {% elif c.blacklisted %} <span class="glyphicon glyphicon-eye-close"></span> {% endif %} {% endif %} </td> <td> <a href="/cve/{{ c['id'] }}">{{ c['id'] }}</a> {% if 'reason' in c %} <br /><span class="badge">{{c['reason']}}</span> <a href="/cve/{{ c.id }}">{{ c.id }}</a> {% if c.reason %} <br /><span class="badge">{{c.reason}}</span> {% endif %} </td> <td> {{ c['cvss'] }} {{ c.cvss }} </td> <td> <div rel="tooltip" title="{{ c['summary'] }}"> {{ c['summary'][:250] }} {{ c.summary[:250] }} </div> </td> <td> {{ c['Modified'].strftime('%d-%m-%Y - %H:%M') }} {{ c.modified.strftime('%d-%m-%Y - %H:%M') }} </td> <td> {{ c['Published'].strftime('%d-%m-%Y - %H:%M') }} {{ c.published.strftime('%d-%m-%Y - %H:%M') }} </td> </tr> {% endfor %} Loading Loading
web/advanced_api.py +11 −9 Original line number Diff line number Diff line Loading @@ -27,6 +27,7 @@ from functools import wraps from io import StringIO from lib.Authentication import AuthenticationHandler from lib.DatabaseLayer2 import DatabaseLayer from web.api import API, APIError Loading Loading @@ -64,6 +65,7 @@ class Advanced_API(API): return method, name, key def authErrors(): db = DatabaseLayer() # Required to circumvent the use of self, because of this being a wrapper (This is one reason to use a singleton ;) ) # Check auth if not request.headers.get('Authorization'): return ({'status': 'error', 'reason': 'Authentication needed'}, 401) Loading @@ -78,7 +80,7 @@ class Advanced_API(API): authenticator = AuthenticationHandler() if authenticator.validateUser(name, token): authenticated = True elif method.lower() == 'token': if self.db.Users.getToken(name) == token: authenticated = True if db.Users.getToken(name) == token: authenticated = True elif method.lower() == 'session': authenticator = AuthenticationHandler() if authenticator.api_sessions.get(name) == token: authenticated = True Loading Loading @@ -106,7 +108,7 @@ class Advanced_API(API): def api_dbInfo(self): errors = Advanced_API.authErrors() admin = False if errors and errors[0].get('reason') == "Authentication needed" else True return API.api(db.getDBStats)(admin) return API.api(self.db.db_info)(admin) # Overriding api_documentation to show the documentation for these functions def api_documentation(self): Loading @@ -118,7 +120,7 @@ class Advanced_API(API): @token_required def api_admin_blacklist(self): return db.getBlacklist() return self.db.Blacklist.get() @token_required def api_admin_import_whitelist(self): Loading @@ -130,27 +132,27 @@ class Advanced_API(API): @token_required def api_admin_drop_whitelist(self): return wl.dropWhitelist() return self.db.Whitelist.clear() @token_required def api_admin_drop_blacklist(self): return bl.dropBlacklist() return self.db.Blacklist.clear() @token_required def api_admin_add_whitelist(self): return wl.insertWhitelist(request.form['cpe'], request.form['type']) return self.db.Whitelist.insert(request.form['cpe'], request.form['type']) @token_required def api_admin_add_blacklist(self): return bl.insertBlacklist(request.form['cpe'], request.form['type']) return self.db.Blacklist.insert(request.form['cpe'], request.form['type']) @token_required def api_admin_remove_whitelist(self): return wl.removeWhitelist(request.form['cpe']) return self.db.Whitelist.remove(request.form['cpe']) @token_required def api_admin_remove_blacklist(self): return bl.removeBlacklist(request.form['cpe']) return self.db.Blacklist.remove(request.form['cpe']) @token_required # Of course only the login credentials would work def api_admin_get_token(self): Loading
web/api.py +6 −8 Original line number Diff line number Diff line Loading @@ -132,7 +132,7 @@ class API(): returnType = request.headers.get('Accept') # Default to JSON if any(t in returnType for t in ['json', 'application/*', 'text/*', '*/*']): data = error if error else {'status': 'success', 'data': data} data = error if error else {'status': 'success', 'data': data[0]} elif 'plain' in returnType: pass # No need to do anything, but needs to be accepted else: Loading Loading @@ -188,7 +188,7 @@ class API(): def filter_logic(self, filters, skip, limit=None): query = self.generate_minimal_query(filters) limit = limit if limit else self.args['pageLength'] return db.getCVEs(limit=limit, skip=skip, query=query) return self.db.CVE.query(limit=limit, skip=skip, query=query) ########## # ROUTES # Loading Loading @@ -285,14 +285,12 @@ class API(): def api_search(self, vendor=None, product=None): if not (vendor and product): return {} search = vendor + ":" + product # Not using query.cvesForCPE, because that one gives too much info #return json.dumps(db.cvesForCPE(search), default=json_util.default) return self.db.CVE.forCPE(search) # /api/search/<path:search> @api def api_text_search(self, search=None): return db.getSearchResults(search) def api_text_search(self, search): return self.db.CVE.textSearch(search) # /api/link/<key>/<value> @api Loading @@ -300,7 +298,7 @@ class API(): key=self.htmlDecode(key) value=self.htmlDecode(value) regex = re.compile(re.escape(value), re.I) data = {'cves': db.via4Linked(key, regex)} data = {'cves': self.db.VIA4.link(key, regex)} cvssList=[float(x['cvss']) for x in data['cves'] if 'cvss' in x] if cvssList: data['stats']={'maxCVSS': max(cvssList), 'minCVSS': min(cvssList),'count':len(data['cves'])} Loading @@ -311,7 +309,7 @@ class API(): # /api/dbInfo @api def api_dbInfo(self): return db.getDBStats() return self.db.db_info() ######################## Loading
web/minimal.py +5 −13 Original line number Diff line number Diff line Loading @@ -83,7 +83,7 @@ class Minimal(API): cve = self.filter_logic(filters, r) except Exception as e: print(e) cve = db.getCVEs(limit=self.args['pageLength'], skip=r) cve = self.db.CVE.query(self.args['pageLength'], skip=r) errors = True return {'filters': filters, 'cve': cve, 'errors': errors} return(filters,cve,errors) Loading Loading @@ -148,29 +148,21 @@ class Minimal(API): # /search/<vendor>/<product> def search(self, vendor=None, product=None): search = vendor + ":" + product cve = db.cvesForCPE(search) cve = self.api_search(vendor, product) return render_template('search.html', vendor=vendor, product=product, cve=cve, minimal=self.minimal) # /search def freetext_search(self): search = request.form.get('search') result = db.getSearchResults(search) result = self.api_text_search(search) cve=result['data'] errors=result['errors'] if 'errors' in result else [] return render_template('search.html', cve=cve, errors=errors, minimal=self.minimal) # /link/<key>/<value> def link(self, key=None,value=None): key=self.htmlDecode(key) value=self.htmlDecode(value) regex = re.compile(re.escape(value), re.I) cve=db.via4Linked(key, regex) cvssList=[float(x['cvss']) for x in cve if 'cvss' in x] if cvssList: stats={'maxCVSS': max(cvssList), 'minCVSS': min(cvssList),'count':len(cve)} else: stats={'maxCVSS': 0, 'minCVSS': 0, 'count':len(cve)} cve = self.api_link(key, value) stats = cve.pop("stats") return render_template('linked.html', via4map=key.split(".")[0], field='.'.join(key.split(".")[1:]), value=value, cve=cve, stats=stats, minimal=self.minimal) Loading
web/templates/cve.html +46 −48 Original line number Diff line number Diff line {% extends 'layouts/master-page' %} {% block title %}{{cve['id']}} - {{cve['summary'][:100]}}{% endblock %} {% block title %}{{cve.id}} - {{cve.summary[:100]}}{% endblock %} {% block head %} <!-- css --> <link href="/static/css/custom/cve.css" rel="stylesheet" /> Loading @@ -14,7 +14,7 @@ <!-- breadcrumb --> <ol class="breadcrumb"> <li><a href="/">CVE-Search</a></li> <li class="active">{{cve['id']}}</li> <li class="active">{{cve.id}}</li> </ol> <!-- CVE --> <table id="cveInfo" class="table table-hover table-striped"> Loading @@ -22,7 +22,7 @@ <tr> <td class="warning">ID</td> <td class="info"> {{ cve['id'] }} {{ cve.id }} {% if not minimal %} <table id="actions"> <tr> Loading @@ -35,14 +35,14 @@ </tr> <tr> <td class="warning">Summary</td> <td class="info">{{ cve['summary'] }}</td> <td class="info">{{ cve.summary }}</td> </tr> <tr> <td class="warning">References</td> <td> <div class="semiCollapsed colfield"> <ul class="block"> {% for ref in cve['references'] %} {% for ref in cve.references %} <li> <a href="{{ ref }}" target="_blank">{{ ref }}</a> </li> {% endfor %} </ul> Loading @@ -54,7 +54,7 @@ <td> <div class="colfield semiCollapsed"> <ul class="block"> {% for vulconf in cve['vulnerable_configuration'] %} {% for vulconf in cve.vulnerable_configuration %} <li {% if vulconf['list'] == 'white' %} class="whitelisted" Loading @@ -62,8 +62,8 @@ class="blacklisted" {% endif %} title="{{ vulconf['id'] }} matches {{ vulconf['match'] }}"> <span data-toggle="collapse" data-target="#v{{ loop.index }}" > {{ vulconf['title'] }}</span> <div id="v{{ loop.index }}" class="collapse">{{ vulconf['id'] }}</div> <span data-toggle="collapse" data-target="#v{{ loop.index }}" > {{ vulconf.title }}</span> <div id="v{{ loop.index }}" class="collapse">{{ vulconf.id }}</div> </li> {% endfor %} </ul> Loading @@ -74,32 +74,31 @@ <td class="warning">CVSS</td> <td class="info"> <table class="invisiTable"> <tr><td><b>Base: </b></td><td>{{ cve['cvss'] }} {% if 'cvss-time' in cve %}(as of {{ cve['cvss-time'].strftime('%d-%m-%Y - %H:%M') }}){% endif %}</td></tr> <tr><td><b>Impact: </b></td><td>{{ cve['impactCVSS'] }}</td></tr> <tr><td><b>Exploitability:</b></td><td>{{ cve['exploitCVSS'] }}</td></tr> <tr><td><b>Base: </b></td><td>{{ cve.cvss }} {% if cve.cvss_time %}(as of {{ cve.cvss_time.strftime('%d-%m-%Y - %H:%M') }}){% endif %}</td></tr> <tr><td><b>Impact: </b></td><td>{{ cve.impact.cvss }}</td></tr> <tr><td><b>Exploitability:</b></td><td>{{ cve.access.cvss }}</td></tr> </table> </td> </tr> {% if 'cwe' in cve%} {% if cve['cwe'] != 'Unknown' %} {% if cve.cwe %} {% if cve.cwe.name != 'Unknown' %} <tr> <td class="warning">CWE</td> <td class="info"><a href="/cwe/{{ cve['cwe'].split('-')[1] }}" target="_blank">{{ cve['cwe'] }}</a></td> <td class="info"><a href="/cwe/{{ cve.cwe.id.split('-')[1] }}" target="_blank">{{ cve.cwe.id }}</a></td> </tr> {% endif %} {% endif %} {% if 'capec' in cve%} {% if cve['cwe']|length != 0 %} {% if cve.cwe.capec %} {% if cve.cwe.capec|length != 0 %} <tr> <td class="warning">CAPEC</td> <td class="info"> <div class="colfield semiCollapsed"> <ul class="block"> {% for c in cve['capec'] %} {% for c in cve.cwe.capec %} <li> <a href="/capec/{{c['id']}}"><span class="glyphicon glyphicon-info-sign"></span></a> <span data-toggle="collapse" data-target="#c{{ loop.index }}"> {{c['name']}} </span> <div id="c{{ loop.index }}" class="collapse"> {{c['summary']}} </div> <a href="/capec/{{c.id}}"><span class="glyphicon glyphicon-info-sign"></span></a> <span data-toggle="collapse" data-target="#c{{ loop.index }}"> {{c.name}} </span> <div id="c{{ loop.index }}" class="collapse"> {{c.summary}} </div> </li> {% endfor %} </ul> Loading @@ -108,39 +107,38 @@ </tr> {% endif %} {% endif %} {% if 'access' in cve %} {% endif %} {% if cve.access %} <tr> <td class="warning">Access</td> <td class="info"> <table class="table table-hover table-bordered cve-info table-even"> <thead><tr class="warning"><td>Vector</td><td>Complexity</td><td>Authentication</td></tr></thead> <tr> <td>{{cve['access']['vector']}}</td> <td>{{cve['access']['complexity']}}</td> <td>{{cve['access']['authentication']}}</td> <td>{{cve.access.vector}}</td> <td>{{cve.access.complexity}}</td> <td>{{cve.access.authentication}}</td> </tr> </table> </td> </tr> {% endif %} {% if 'impact' in cve %} {% if cve.impact %} <tr> <td class="warning">Impact</td> <td class="info"> <table class="table table-hover table-bordered cve-info"> <thead><tr class="warning"><td>Confidentiality</td><td>Integrity</td><td>Availability</td></tr></thead> <tr> <td class="impact-{{cve['impact']['confidentiality']|lower}}">{{cve['impact']['confidentiality']}}</td> <td class="impact-{{cve['impact']['integrity']|lower}}">{{cve['impact']['integrity']}}</td> <td class="impact-{{cve['impact']['availability']|lower}}">{{cve['impact']['availability']}}</td> <td class="impact-{{cve.impact.confidentiality|lower}}">{{cve.impact.confidentiality}}</td> <td class="impact-{{cve.impact.integrity|lower}}"> {{cve.impact.integrity}}</td> <td class="impact-{{cve.impact.availability|lower}}"> {{cve.impact.availability}}</td> </tr> </table> </td> </tr> {% endif %} {% set keytype = ['vulnerable_configuration_cpe_2_2','impactCVSS','exploitCVSS' ,'cvss', 'capec', 'access', 'impact', 'cvss-time', 'Modified', 'Published', 'summary', 'vulnerable_configuration', 'references', '_id', 'id', 'last-modified', 'ranking', 'cwe'] %} {% for key, value in cve|dictsort %} {% if not key in keytype %} {% for key, value in cve.via4.dict()|dictsort %} <tr> <td class="warning">{{ key }} <span class="badge"><a href="https://github.com/CVE-Search/VIA4CVE/" target="_blank">via4</a></span> Loading @@ -149,7 +147,6 @@ {{ JSON2HTMLTable(value, key)|safe }} </td> </tr> {% endif %} {% endfor %} {% for plugin in plugins %} <tr> Loading @@ -159,13 +156,14 @@ {% endfor %} <tr> <td class="warning">Last major update</td> <td class="info">{{ cve['Modified'].strftime('%d-%m-%Y - %H:%M') }}</td> <td class="info">{{ cve.modified.strftime('%d-%m-%Y - %H:%M') }}</td> </tr> <tr> <td class="warning">Published</td> <td class="info">{{ cve['Published'].strftime('%d-%m-%Y - %H:%M') }}</td> <td class="info">{{ cve.published.strftime('%d-%m-%Y - %H:%M') }}</td> </tr> {% if 'last-modified' in cve%} {% if 'last-modified' in cve.summary %} <tr> <td class="warning">Last modified</td> <td class="info">{{ cve['last-modified'].strftime('%d-%m-%Y - %H:%M') }}</td> Loading
web/templates/subpages/table.html +13 −13 Original line number Diff line number Diff line Loading @@ -6,39 +6,39 @@ </thead> <tbody> {% for c in cve %} {% if 'whitelisted' in c %}{%set class="whitelisted"%}{% elif 'blacklisted' in c %}{%set class="blacklisted"%} {% if c.whitelisted %}{%set class="whitelisted"%}{% elif c.blacklisted %}{%set class="blacklisted"%} {% else %}{%set class=""%}{% endif %} <tr id ="{{ c['id'] }}" class="{{class}}" {{'style=color:'+c['color'] if 'color' in c else ''}}> <tr id ="{{ c.id }}" class="{{class}}" {% if c.color %} 'style=color:'{{c.color}} {% endif %}> <td> {% if 'icon' in c %} <span class="glyphicon glyphicon-{{c['icon']}}"></span> {% if c.icon %} <span class="glyphicon glyphicon-{{c.icon}}"></span> {% else %} {% if 'whitelisted' in c %} {% if c.whitelisted %} <span class="glyphicon glyphicon-bookmark"></span> {% elif 'blacklisted' in c %} {% elif c.blacklisted %} <span class="glyphicon glyphicon-eye-close"></span> {% endif %} {% endif %} </td> <td> <a href="/cve/{{ c['id'] }}">{{ c['id'] }}</a> {% if 'reason' in c %} <br /><span class="badge">{{c['reason']}}</span> <a href="/cve/{{ c.id }}">{{ c.id }}</a> {% if c.reason %} <br /><span class="badge">{{c.reason}}</span> {% endif %} </td> <td> {{ c['cvss'] }} {{ c.cvss }} </td> <td> <div rel="tooltip" title="{{ c['summary'] }}"> {{ c['summary'][:250] }} {{ c.summary[:250] }} </div> </td> <td> {{ c['Modified'].strftime('%d-%m-%Y - %H:%M') }} {{ c.modified.strftime('%d-%m-%Y - %H:%M') }} </td> <td> {{ c['Published'].strftime('%d-%m-%Y - %H:%M') }} {{ c.published.strftime('%d-%m-%Y - %H:%M') }} </td> </tr> {% endfor %} Loading
