Loading lib/DatabaseLayer.py +24 −0 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ colBLACKLIST=db['mgmt_blacklist'] colUSERS= db['mgmt_users'] colSEEN= db['mgmt_seen'] colINFO= db['info'] colVFEED= db['vfeed'] # Functions def sanitize(x): if type(x)==pymongo.cursor.Cursor: Loading Loading @@ -106,6 +107,29 @@ def getFreeText(text): def getInfo(collection): return sanitize(colINFO.find_one({"db": collection})) def getLastModified(collection): info=getInfo(collection) return info['last-modified'] if info else None def getSize(collection): return db[collection].count() def vFeedLinked(key, val): print(key) print(val) cveList=[x['id'] for x in colVFEED.find({key: val})] return sanitize(getCVEs(query={'id':{'$in':cveList}})) def getDBStats(): cols=['cve', 'cpe', 'cpeOther', 'capec', 'd2sec', 'vendor', 'vfeed'] stats={x+'A': getSize(x.lower()) for x in cols} stats['cveA']=getSize('cves') stats.update({x+'U': getLastModified(x.lower()) for x in cols}) stats.update({'blA': colBLACKLIST.count(), 'wlA':colWHITELIST.count()}) stats.update({'dbOnDisk': db.command("dbstats")['storageSize'], 'dbSize':db.command('dbstats')['dataSize']}) stats['dbName']=conf.getMongoDB() return stats # Dynamic data def getWhitelist(): return sanitize(colWHITELIST.find()) Loading web/index.py +4 −25 Original line number Diff line number Diff line Loading @@ -60,7 +60,6 @@ pageLength = Configuration.getPageLength() login_manager = LoginManager() login_manager.init_app(app) # db connectors db = Configuration.getMongoConnection() redisdb = Configuration.getRedisVendorConnection() # functions Loading Loading @@ -143,24 +142,7 @@ def getVersionsOfProduct(product): def adminStats(): cveU = db.info.find_one({'db': 'cve'}) cpeU = db.info.find_one({'db': 'cpe'}) cpeOtherU = db.info.find_one({'db': 'cpeother'}) capecU = db.info.find_one({'db': 'capec'}) d2secU = db.info.find_one({'db': 'd2sec'}) vendorU = db.info.find_one({'db': 'vendor'}) vfeedU = db.info.find_one({'db': 'vfeed'}) stats = {'cveA': db.cves.count(), 'cveU': cveU['last-modified'] if cveU is not None else None, 'cpeA': db.cpe.count(), 'cpeU': cpeU['last-modified'] if cpeU is not None else None, 'cpeOtherA': db.cpeother.count(), 'cpeOtherU': cpeOtherU['last-modified'] if cpeOtherU is not None else None, 'capecA': db.capec.count(), 'capecU': capecU['last-modified'] if capecU is not None else None, 'd2secA': db.d2sec.count(), 'd2secU': d2secU['last-modified'] if d2secU is not None else None, 'vendorA': db.vendor.count(), 'vendorU': vendorU['last-modified'] if vendorU is not None else None, 'vfeedA': db.vfeed.count(), 'vfeedU': vfeedU['last-modified'] if vfeedU is not None else None, 'blA': db.mgmt_blacklist.count(), 'wlA': db.mgmt_whitelist.count(), 'dbName': Configuration.getMongoDB(), 'dbSize': db.command("dbstats")['dataSize'], 'dbOnDisk': db.command("dbstats")['storageSize']} return stats return dbLayer.getDBStats() def filter_logic(blacklist, whitelist, unlisted, timeSelect, startDate, endDate, Loading Loading @@ -418,9 +400,8 @@ def searchText(): @app.route('/search/<vendor>/<path:product>') def search(vendor=None, product=None): collection = db.cves search = vendor + ":" + product cve = collection.find({"vulnerable_configuration": {'$regex': search}}).sort("Modified", -1) cve = dbLayer.cvesForCPE(search) return render_template('search.html', vendor=vendor, product=product, cve=cve) @app.route('/link/<vFeedMap>/<field>/<path:value>') Loading @@ -430,8 +411,7 @@ def link(vFeedMap=None,field=None,value=None): value=htmlDedode(value) search="%s.%s"%(vFeedMap,field) regex = re.compile(re.escape(value), re.I) cveList=[x['id'] for x in db.vfeed.find({search: regex}).sort("Modified",-1)] cve = list(db.cves.find({'id':{'$in': cveList}}).sort("Modified",-1)) cve=dbLayer.vFeedLinked(search, regex) # marking relevant records cve = whitelist_mark(cve) cve = blacklist_mark(cve) Loading Loading @@ -630,8 +610,7 @@ def listManagementAdd(): vendor = browseList['vendor'] elif 4 > len(item) > 1: # cpe type can be found with a mongo regex query collection = db.cpe result = collection.find({'cpe_2_2': {'$regex': item[1]}}) result = dbLayer.getCVEs(query={'cpe_2_2': {'$regex': item[1]}}) if result.count() != 0: prefix = ((result[0])['cpe_2_2'])[:7] if len(item) == 2: Loading Loading
lib/DatabaseLayer.py +24 −0 Original line number Diff line number Diff line Loading @@ -23,6 +23,7 @@ colBLACKLIST=db['mgmt_blacklist'] colUSERS= db['mgmt_users'] colSEEN= db['mgmt_seen'] colINFO= db['info'] colVFEED= db['vfeed'] # Functions def sanitize(x): if type(x)==pymongo.cursor.Cursor: Loading Loading @@ -106,6 +107,29 @@ def getFreeText(text): def getInfo(collection): return sanitize(colINFO.find_one({"db": collection})) def getLastModified(collection): info=getInfo(collection) return info['last-modified'] if info else None def getSize(collection): return db[collection].count() def vFeedLinked(key, val): print(key) print(val) cveList=[x['id'] for x in colVFEED.find({key: val})] return sanitize(getCVEs(query={'id':{'$in':cveList}})) def getDBStats(): cols=['cve', 'cpe', 'cpeOther', 'capec', 'd2sec', 'vendor', 'vfeed'] stats={x+'A': getSize(x.lower()) for x in cols} stats['cveA']=getSize('cves') stats.update({x+'U': getLastModified(x.lower()) for x in cols}) stats.update({'blA': colBLACKLIST.count(), 'wlA':colWHITELIST.count()}) stats.update({'dbOnDisk': db.command("dbstats")['storageSize'], 'dbSize':db.command('dbstats')['dataSize']}) stats['dbName']=conf.getMongoDB() return stats # Dynamic data def getWhitelist(): return sanitize(colWHITELIST.find()) Loading
web/index.py +4 −25 Original line number Diff line number Diff line Loading @@ -60,7 +60,6 @@ pageLength = Configuration.getPageLength() login_manager = LoginManager() login_manager.init_app(app) # db connectors db = Configuration.getMongoConnection() redisdb = Configuration.getRedisVendorConnection() # functions Loading Loading @@ -143,24 +142,7 @@ def getVersionsOfProduct(product): def adminStats(): cveU = db.info.find_one({'db': 'cve'}) cpeU = db.info.find_one({'db': 'cpe'}) cpeOtherU = db.info.find_one({'db': 'cpeother'}) capecU = db.info.find_one({'db': 'capec'}) d2secU = db.info.find_one({'db': 'd2sec'}) vendorU = db.info.find_one({'db': 'vendor'}) vfeedU = db.info.find_one({'db': 'vfeed'}) stats = {'cveA': db.cves.count(), 'cveU': cveU['last-modified'] if cveU is not None else None, 'cpeA': db.cpe.count(), 'cpeU': cpeU['last-modified'] if cpeU is not None else None, 'cpeOtherA': db.cpeother.count(), 'cpeOtherU': cpeOtherU['last-modified'] if cpeOtherU is not None else None, 'capecA': db.capec.count(), 'capecU': capecU['last-modified'] if capecU is not None else None, 'd2secA': db.d2sec.count(), 'd2secU': d2secU['last-modified'] if d2secU is not None else None, 'vendorA': db.vendor.count(), 'vendorU': vendorU['last-modified'] if vendorU is not None else None, 'vfeedA': db.vfeed.count(), 'vfeedU': vfeedU['last-modified'] if vfeedU is not None else None, 'blA': db.mgmt_blacklist.count(), 'wlA': db.mgmt_whitelist.count(), 'dbName': Configuration.getMongoDB(), 'dbSize': db.command("dbstats")['dataSize'], 'dbOnDisk': db.command("dbstats")['storageSize']} return stats return dbLayer.getDBStats() def filter_logic(blacklist, whitelist, unlisted, timeSelect, startDate, endDate, Loading Loading @@ -418,9 +400,8 @@ def searchText(): @app.route('/search/<vendor>/<path:product>') def search(vendor=None, product=None): collection = db.cves search = vendor + ":" + product cve = collection.find({"vulnerable_configuration": {'$regex': search}}).sort("Modified", -1) cve = dbLayer.cvesForCPE(search) return render_template('search.html', vendor=vendor, product=product, cve=cve) @app.route('/link/<vFeedMap>/<field>/<path:value>') Loading @@ -430,8 +411,7 @@ def link(vFeedMap=None,field=None,value=None): value=htmlDedode(value) search="%s.%s"%(vFeedMap,field) regex = re.compile(re.escape(value), re.I) cveList=[x['id'] for x in db.vfeed.find({search: regex}).sort("Modified",-1)] cve = list(db.cves.find({'id':{'$in': cveList}}).sort("Modified",-1)) cve=dbLayer.vFeedLinked(search, regex) # marking relevant records cve = whitelist_mark(cve) cve = blacklist_mark(cve) Loading Loading @@ -630,8 +610,7 @@ def listManagementAdd(): vendor = browseList['vendor'] elif 4 > len(item) > 1: # cpe type can be found with a mongo regex query collection = db.cpe result = collection.find({'cpe_2_2': {'$regex': item[1]}}) result = dbLayer.getCVEs(query={'cpe_2_2': {'$regex': item[1]}}) if result.count() != 0: prefix = ((result[0])['cpe_2_2'])[:7] if len(item) == 2: Loading
