Merge branch 'master' of https://github.com/pidgeyl/cve-search (82f7f385) · Commits · Zhang Yushan / cve-search

bin/db_dump.py

+4 −3

Original line number	Diff line number	Diff line
		@@ -24,9 +24,9 @@ db = Configuration.getMongoConnection()
		collection = db.cves


		def dumpallcveid():
		def dumpallcveid(limit=False):
		cveid = []
		for x in collection.find({}).sort('_id', 1):
		for x in collection.find({}).sort('_id', 1).limit(limit):
		cveid.append(x['id'])
		return cveid

		@@ -34,6 +34,7 @@ argParser = argparse.ArgumentParser(description='Dump database in JSON format')
		argParser.add_argument('-r', default=False, action='store_true', help='Include ranking value')
		argParser.add_argument('-v', default=False, action='store_true', help='Include vfeed map')
		argParser.add_argument('-c', default=False, action='store_true', help='Include CAPEC information')
		argParser.add_argument('-l', default=False, type=int, help='Limit output to n elements (default: unlimited)')
		args = argParser.parse_args()

		rankinglookup = args.r
		@@ -42,6 +43,6 @@ capeclookup = args.c

		l = cves.last(rankinglookup=rankinglookup, vfeedlookup=vfeedlookup, capeclookup=capeclookup)

		for cveid in dumpallcveid():
		for cveid in dumpallcveid(limit=args.l):
		item = l.getcve(cveid=cveid)
		print (json.dumps(item, sort_keys=True, default=json_util.default))

bin/search_fulltext.py

+2 −3

Original line number	Diff line number	Diff line
		@@ -5,7 +5,7 @@
		#
		# Software is free software released under the "Modified BSD license"
		#
		# Copyright (c) 2012-2014 Alexandre Dulaunoy - a@foo.be
		# Copyright (c) 2012-2015 Alexandre Dulaunoy - a@foo.be
		# Copyright (c) 2015 Pieter-Jan Moreels - pieterjan.moreels@gmail.com

		# Imports
		@@ -20,7 +20,6 @@ import argparse
		import json
		from bson import json_util


		runPath = os.path.dirname(os.path.realpath(__file__))

		indexpath = "./indexdir"
		@@ -32,7 +31,7 @@ argParser = argparse.ArgumentParser(description='Full text search for cve-search
		argParser.add_argument('-q', action='append', help='query to lookup (one or more)')
		argParser.add_argument('-t', action='store_true', help='output title of the match CVE(s)')
		argParser.add_argument('-f', action='store_true', help='output matching CVE(s) in JSON')
		argParser.add_argument('-m', type=int, default=False, help='most frequent terms)')
		argParser.add_argument('-m', type=int, default=False, help='most frequent terms in CVE description (m is top-m values)')
		argParser.add_argument('-l', action='store_true', default=False, help='dump all terms encountered in CVE description')
		argParser.add_argument('-g', action='store_true', default=False, help='graph of most frequent terms with each matching CVE (JSON output)')
		argParser.add_argument('-s', action='store_true', default=False, help='enable stemming on graph JSON output (default is False)')

etc/configuration.ini.sample

+1 −0

Original line number	Diff line number	Diff line
		@@ -18,6 +18,7 @@ vFeed: http://www.toolswatch.org/vfeed/vfeed.db.tgz
		vFeedStatus: http://www.toolswatch.org/update.dat
		Vendor: https://nvd.nist.gov/download/vendorstatements.xml
		CAPEC: http://capec.mitre.org/data/xml/capec_v2.6.xml
		Ref: https://cve.mitre.org/data/refs/refmap/allrefmaps.zip
		[Webserver]
		Host: 127.0.0.1
		Port: 5000

lib/CVEs.py

+1 −1

Original line number	Diff line number	Diff line
		@@ -104,7 +104,7 @@ class last:
		if rank and rank not in ranking:
		ranking.append(rank)
		e['vulnerable_configuration'] = vulconf
		if self.rankinglookup:
		if self.rankinglookup and len(ranking) > 0:
		e['ranking'] = ranking
		if self.vfeedlookup:
		f = self.getvfeed(cveid=cveid)

lib/Config.py

+22 −2

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@ import redis
		import re
		import datetime
		import configparser
		import urllib.parse


		class Configuration():
		@@ -28,6 +29,7 @@ class Configuration():
		'redisVendorDB': 10, 'redisNotificationsDB': 11,
		'mongoHost': 'localhost', 'mongoPort': 27017,
		'mongoDB': "cvedb",
		'mongoUsername': '', 'mongoPassword': '',
		'flaskHost': "127.0.0.1", 'flaskPort': 5000,
		'flaskDebug': True, 'pageLength': 50,
		'loginRequired': False,
		@@ -42,6 +44,7 @@ class Configuration():
		'd2sec': "http://www.d2sec.com/exploits/elliot.xml",
		'vendor': "https://nvd.nist.gov/download/vendorstatements.xml",
		'capec': "http://capec.mitre.org/data/xml/capec_v2.6.xml",
		'ref': "https://cve.mitre.org/data/refs/refmap/allrefmaps.zip",
		'logging': True, 'logfile': "../log/cve-search.log",
		'maxLogSize': '100MB', 'backlog': 5,
		'Indexdir': './indexdir',
		@@ -74,7 +77,20 @@ class Configuration():
		mongoHost = cls.readSetting("Mongo", "Host", cls.default['mongoHost'])
		mongoPort = cls.readSetting("Mongo", "Port", cls.default['mongoPort'])
		mongoDB = cls.getMongoDB()
		mongoUsername = cls.readSetting("Mongo", "Username", cls.default['mongoUsername'])
		mongoPassword = cls.readSetting("Mongo", "Password", cls.default['mongoPassword'])

		mongoUsername = urllib.parse.quote( mongoUsername )
		mongoPassword = urllib.parse.quote( mongoPassword )
		try:
		if mongoUsername and mongoPassword:
		mongoURI = "mongodb://{username}:{password}@{host}:{port}/{db}".format(
		username = mongoUsername, password = mongoPassword,
		host = mongoHost, port = mongoPort,
		db = mongoDB
		)
		connect = pymongo.MongoClient(mongoURI)
		else:
		connect = pymongo.MongoClient(mongoHost, mongoPort)
		except:
		sys.exit("Unable to connect to Mongo. Is it running on %s:%s?"%(mongoHost,mongoPort))
		@@ -162,6 +178,10 @@ class Configuration():
		def getvFeedStatus(cls):
		return cls.readSetting("Sources", "vFeedStatus", cls.default['vFeedstatus'])

		@classmethod
		def getRefURL(cls):
		return cls.readSetting("Sources", "Ref", cls.default['ref'])

		@classmethod
		def getCVEDict(cls):
		return cls.readSetting("Sources", "CVE", cls.default['cvedict'])

Admin message