Loading sbin/db_mgmt_create_index.py +2 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,7 @@ runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runPath, "..")) import traceback from pymongo import TEXT from lib.Config import Configuration Loading @@ -37,6 +38,7 @@ setIndex('cpeother', 'id') setIndex('cves', 'id') setIndex('cves', 'vulnerable_configuration') setIndex('cves', 'Modified') setIndex('cves', [("summary",TEXT)]) setIndex('vfeed', 'id') setIndex('vendor', 'id') setIndex('d2sec', 'id') Loading web/index.py +12 −8 Original line number Diff line number Diff line Loading @@ -20,7 +20,6 @@ from tornado.wsgi import WSGIContainer from tornado.httpserver import HTTPServer from tornado.ioloop import IOLoop from flask import Flask, render_template, request, redirect, jsonify from flask.ext.pymongo import PyMongo from flask.ext.login import LoginManager, current_user, login_user, logout_user, login_required from werkzeug import secure_filename from passlib.hash import pbkdf2_sha256 Loading Loading @@ -448,11 +447,6 @@ def apisearch(vendor=None, product=None): r.append(cve) return (json.dumps(r)) @app.route('/seenCVEs', methods=['POST']) def see(): cves=request.form.get('blacklistSelect') return render_template('index.html', cve=cve) @app.route('/cve/<cveid>') def cve(cveid): cveid = cveid.upper() Loading @@ -468,8 +462,6 @@ def cve(cveid): col.update({"user":current_user.get_id()},{"$addToSet":{"seen_cves":cveid}}) return render_template('cve.html', cve=cve) @app.route('/browse/<vendor>') @app.route('/browse/') def browse(vendor=None): Loading @@ -486,6 +478,18 @@ def browse(vendor=None): 'info':{'host':Configuration.getRedisHost(),'port':Configuration.getRedisPort()}}) @app.route('/search', methods=['POST']) def searchText(): search = request.form.get('search') collection = db.cves try: cvelist = db.command("text", "cves", search=search)["results"] except: return render_template('error.html', status={'except':'textsearch-not-enabled'}) cve=[x["obj"] for x in cvelist] return render_template('search.html', cve=cve) @app.route('/search/<vendor>/<path:product>') def search(vendor=None, product=None): collection = db.cves Loading web/static/js/custom/scripts.js +16 −1 Original line number Diff line number Diff line //Search function function redirect() { var url = "/cve/" + document.getElementById("search").value.toUpperCase(); window.location = url; var search = document.getElementById("search").value if(/^CVE-[0-9]{4}-[0-9]{4,6}$/.test(search.toUpperCase())){ var url = "/cve/" + search; window.location = url; }else{ var form = document.createElement("form"); form.method="POST"; form.action="/search"; var field = document.createElement("INPUT"); field.type = "hidden"; field.name = "search" field.value = search form.appendChild(field); document.body.appendChild(form); form.submit(); } } //Bootstrap tooltip Loading web/static/js/custom/table.js +1 −0 Original line number Diff line number Diff line Loading @@ -11,6 +11,7 @@ function postList(url, cves) { } //Selectable table $(document).ready(function() { var duration = 500; $('#CVEs tbody').on( 'click', 'tr', function () { if($('#markseen').is(':checked') || $('#markunseen').is(':checked')){ $(this).toggleClass('selected'); Loading web/templates/error.html +5 −1 Original line number Diff line number Diff line Loading @@ -22,6 +22,10 @@ <h1>This CVE does not exist</h1> <p>{{status['info']['cve']}} could not be found in the CVE-Search database. This could mean that this CVE is not in the National Vulnerability Database yet, that your database is outdated or that you entered a wrong CVE.</p> {% elif status['except']=='textsearch-not-enabled' %} <h1>Fulltext search not enabled</h1> <p>The current settings in the database do not allow fulltext search.<br /> If you feel like this should be enabled, please contact your administrator.</p> {% endif %} </div> <!-- end content --> Loading Loading
sbin/db_mgmt_create_index.py +2 −0 Original line number Diff line number Diff line Loading @@ -15,6 +15,7 @@ runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runPath, "..")) import traceback from pymongo import TEXT from lib.Config import Configuration Loading @@ -37,6 +38,7 @@ setIndex('cpeother', 'id') setIndex('cves', 'id') setIndex('cves', 'vulnerable_configuration') setIndex('cves', 'Modified') setIndex('cves', [("summary",TEXT)]) setIndex('vfeed', 'id') setIndex('vendor', 'id') setIndex('d2sec', 'id') Loading
web/index.py +12 −8 Original line number Diff line number Diff line Loading @@ -20,7 +20,6 @@ from tornado.wsgi import WSGIContainer from tornado.httpserver import HTTPServer from tornado.ioloop import IOLoop from flask import Flask, render_template, request, redirect, jsonify from flask.ext.pymongo import PyMongo from flask.ext.login import LoginManager, current_user, login_user, logout_user, login_required from werkzeug import secure_filename from passlib.hash import pbkdf2_sha256 Loading Loading @@ -448,11 +447,6 @@ def apisearch(vendor=None, product=None): r.append(cve) return (json.dumps(r)) @app.route('/seenCVEs', methods=['POST']) def see(): cves=request.form.get('blacklistSelect') return render_template('index.html', cve=cve) @app.route('/cve/<cveid>') def cve(cveid): cveid = cveid.upper() Loading @@ -468,8 +462,6 @@ def cve(cveid): col.update({"user":current_user.get_id()},{"$addToSet":{"seen_cves":cveid}}) return render_template('cve.html', cve=cve) @app.route('/browse/<vendor>') @app.route('/browse/') def browse(vendor=None): Loading @@ -486,6 +478,18 @@ def browse(vendor=None): 'info':{'host':Configuration.getRedisHost(),'port':Configuration.getRedisPort()}}) @app.route('/search', methods=['POST']) def searchText(): search = request.form.get('search') collection = db.cves try: cvelist = db.command("text", "cves", search=search)["results"] except: return render_template('error.html', status={'except':'textsearch-not-enabled'}) cve=[x["obj"] for x in cvelist] return render_template('search.html', cve=cve) @app.route('/search/<vendor>/<path:product>') def search(vendor=None, product=None): collection = db.cves Loading
web/static/js/custom/scripts.js +16 −1 Original line number Diff line number Diff line //Search function function redirect() { var url = "/cve/" + document.getElementById("search").value.toUpperCase(); window.location = url; var search = document.getElementById("search").value if(/^CVE-[0-9]{4}-[0-9]{4,6}$/.test(search.toUpperCase())){ var url = "/cve/" + search; window.location = url; }else{ var form = document.createElement("form"); form.method="POST"; form.action="/search"; var field = document.createElement("INPUT"); field.type = "hidden"; field.name = "search" field.value = search form.appendChild(field); document.body.appendChild(form); form.submit(); } } //Bootstrap tooltip Loading
web/static/js/custom/table.js +1 −0 Original line number Diff line number Diff line Loading @@ -11,6 +11,7 @@ function postList(url, cves) { } //Selectable table $(document).ready(function() { var duration = 500; $('#CVEs tbody').on( 'click', 'tr', function () { if($('#markseen').is(':checked') || $('#markunseen').is(':checked')){ $(this).toggleClass('selected'); Loading
web/templates/error.html +5 −1 Original line number Diff line number Diff line Loading @@ -22,6 +22,10 @@ <h1>This CVE does not exist</h1> <p>{{status['info']['cve']}} could not be found in the CVE-Search database. This could mean that this CVE is not in the National Vulnerability Database yet, that your database is outdated or that you entered a wrong CVE.</p> {% elif status['except']=='textsearch-not-enabled' %} <h1>Fulltext search not enabled</h1> <p>The current settings in the database do not allow fulltext search.<br /> If you feel like this should be enabled, please contact your administrator.</p> {% endif %} </div> <!-- end content --> Loading
