Commit c3740cfc authored by PidgeyL's avatar PidgeyL
Browse files

initial commit database layer

parent 5e02b5f8

lib/DatabaseLayer.py

0 → 100644
+45 −0
Original line number Diff line number Diff line 
#!/usr/bin/env python3.3

# -*- coding: utf-8 -*-

#

# Database layer

#  translates database calls to functions

#

# Software is free software released under the "Modified BSD license"

#



# Copyright (c) 2014-2015       Pieter-Jan Moreels - pieterjan.moreels@gmail.com



# imports

from lib.Config import Configuration as conf



# Variables

db=conf.getMongoConnection()



# Functions



# API Functions

def cvesForCPE(cpe):

  col=db['cves']

  if not cpe: return []

  cves=list(col.find({"vulnerable_configuration": {"$regex": cpe}}).sort("Modified", -1))

  for cve in cves:

    cve.pop("_id")

  return cves



# User Functions

def seenCVEs(user):

  col=db['mgmt_seen']

  data = col.find_one({"user": user})

  if not data:

    col.insert({"user": user, "seen_cves": []})

    return []

  else:

    return data['seen_cves']



def addSeenCVEs(user, CVEs):

  col=db['mgmt_seen']

  if type(CVEs) == str: CVEs=[CVEs]

  if type(CVEs) == list:

    seen=list(set(CVEs)-set(seenCVEs(user)))

    if seen:

      col.update({"user": user},{"$addToSet": {"seen_cves": { "$each": seen}}})

web/index.py

+5 −16
Original line number Diff line number Diff line
@@ -41,6 +41,7 @@ from lib.User import User 
from lib.Config import Configuration

from lib.Toolkit import toStringFormattedCPE, toOldCPE, currentTime, isURL, vFeedName, convertDateToDBFormat

import lib.CVEs as cves

import lib.DatabaseLayer as dbLayer

from sbin.db_whitelist import *

from sbin.db_blacklist import *
@@ -369,8 +370,7 @@ def seen(r): 
    seenlist=request.form.get('list').split(",")

    # retrieving data

    if current_user.is_authenticated():

        col = db.mgmt_seen

        col.update({"user":current_user.get_id()},{"$addToSet":{"seen_cves":{"$each":seenlist}}})

        dbLayer.addSeenCVEs(current_user.get_id(), seenlist)

    settings,cve = getFilterSettingsFromPost(r)

    return render_template('index.html', settings=settings, cve=cve, r=r, pageLength=pageLength)
@@ -405,11 +405,9 @@ def apiCVEFor(cpe): 
    col = db['cves']

    cpe=urllib.parse.unquote_plus(cpe)

    cpe=toStringFormattedCPE(cpe)

    if not cpe: cpe='None'

    vulns = col.find({"vulnerable_configuration": {'$regex': cpe}}).sort("Modified", -1)

    r = []

    cvesp = cves.last(rankinglookup=False, namelookup=False, vfeedlookup=True, capeclookup=False)

    for x in vulns:

    for x in dbLayer.cvesForCPE(cpe):

        r.append(cvesp.getcve(x['id']))

    return json.dumps(r)
@@ -438,14 +436,8 @@ def apibrowse(vendor=None): 
def apisearch(vendor=None, product=None):

    if vendor is None or product is None:

        return (jsonify({}))

    collection = db.cves

    search = vendor + ":" + product

    cves = collection.find({"vulnerable_configuration": {'$regex': search}}).sort("Modified", -1)

    r = []

    for cve in cves:

        cve.pop('_id')

        r.append(cve)

    return (json.dumps(r))

    return (json.dumps(dbLayer.cvesForCPE(search)))



@app.route('/cve/<cveid>')

def cve(cveid):
@@ -456,10 +448,7 @@ def cve(cveid): 
        return render_template('error.html',status={'except':'cve-not-found','info':{'cve':cveid}}) 

    cve = markCPEs(cve)

    if current_user.is_authenticated():

        l = getSeenCVEs()

        if not cveid in l:

            col=db.mgmt_seen

            col.update({"user":current_user.get_id()},{"$addToSet":{"seen_cves":cveid}})

        dbLayer.addSeenCVEs(cveid)

    return render_template('cve.html', cve=cve)



@app.route('/browse/<vendor>')

CRA Git | Maintained and supported by SUSTech CRA and CCSE