Loading bin/search_cpe.py +21 −40 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ # Software is free software released under the "Modified BSD license" # # Copyright (c) 2014 psychedelys # Copyright (c) 2015 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Copyright (c) 2015-2017 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Copyright (c) 2015 Alexandre Dulaunoy - a@foo.be # Imports Loading @@ -13,48 +13,29 @@ import sys runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runPath, "..")) import re import argparse import json import re import urllib.parse import lib.DatabaseLayer as db from lib.DatabaseLayer2 import DatabaseLayer runPath = os.path.dirname(os.path.realpath(__file__)) vOutput = "" def search(cpe, output_format="json"): data = DatabaseLayer().CPE.get_regex(cpe) if output_format == "json": output = [{'id': i.id, 'title': i.title} for i in data] print(json.dumps(output, sort_keys=True, indent=4)) elif output_format == "compact": print("\n".join([i.id for i in data])) elif output_format == "expanded": print("\n".join(["%s %s"%(i.id, i.title) for i in data])) if __name__ == "__main__": argParser = argparse.ArgumentParser(description='Search for CPE with a pattern') argParser.add_argument('-s', type=str, required=True, help='search in cpe list') argParser.add_argument('-o', type=str, default='expanded' ,help='O = output format [expanded, compact, json] (default: expanded)') argParser.add_argument('-f', action='store_true', help='Enlarge the CPE search to all CPE indexed. Need the cpeother activated.', default=False) args = argParser.parse_args() cpeSearch = args.s vOutput = args.o def search(cpe): res = db.getCPEMatching(re.compile(cpe, re.IGNORECASE), args.f) if vOutput == "compact": for item in res: print(item['id']) elif vOutput == "expanded": for item in res: print(item['id'] + " " + item['title']) elif vOutput == "json": o = [] for item in res: x = {} x['id'] = item['id'] x['title'] = item['title'] o.append(x) print(json.dumps(o, sort_keys=True, indent=4)) # replace special characters in cpeSearch with encoded version. cpeSearch = urllib.parse.quote(cpeSearch) search(cpeSearch) search(urllib.parse.quote(args.s), args.o) lib/Authentication.py +7 −6 Original line number Diff line number Diff line Loading @@ -17,8 +17,8 @@ import uuid runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runPath, "..")) import lib.DatabaseLayer as db from lib.Config import Configuration as conf from lib.DatabaseLayer2 import DatabaseLayer from lib.Singleton import Singleton # Constants Loading @@ -36,6 +36,7 @@ class AuthenticationHandler(metaclass=Singleton): self.methods = [] self._load_methods() self.api_sessions = {} self.db = DatabaseLayer() def _load_methods(self): self.methods = [] Loading Loading @@ -63,10 +64,10 @@ class AuthenticationHandler(metaclass=Singleton): print("[!] -> %s"%e) def isCVESearchUser(self, user): return db.userExists(user) return self.db.Users.exists(user) def validateUser(self, user, password): user_obj = db.getUser(user) user_obj = self.db.Users.get(user) if not user_obj: return False # 'local_only' users bypass other auth methods. If the user is not, # we try the other auth methods first Loading @@ -84,7 +85,7 @@ class AuthenticationHandler(metaclass=Singleton): print("[!] -> %s"%e) # If we reach here, all methods (if any) failed to authenticate the user # so we check the user against the local database. return db.verifyUser(user, password) return self.db.Users.verifyPassword(user, password) def new_api_session(self, user): self.api_sessions[user] = (uuid.uuid4().hex, datetime.datetime.now()) Loading lib/Database.py +3 −0 Original line number Diff line number Diff line Loading @@ -267,6 +267,9 @@ class Database(metaclass=Singleton): def cpe_getAll(self): return [CPE.fromDict(x) for x in self.sanitize(self.colCPE.find())] or [] def cpe_regex(self, regex): return [CPE.fromDict(x) for x in self.sanitize(self.colCPE.find({"id": {"$regex": regex}}))] or [] ######## # CWEs # Loading lib/DatabaseLayer2.py +3 −0 Original line number Diff line number Diff line Loading @@ -288,6 +288,9 @@ class CPEs: cpe = self.db.cpe_get(toStringFormattedCPE(id)) return cpe if cpe else CPE(id) def get_regex(self, regex): return self.db.cpe_regex(re.compile(regex, re.IGNORECASE)) def getAll(self): return self.db.cpe_getAll() Loading lib/User.py +0 −1 Original line number Diff line number Diff line Loading @@ -18,7 +18,6 @@ runPath = os.path.dirname(os.path.realpath(__file__)) from flask_login import UserMixin from lib.Config import Configuration import lib.DatabaseLayer as db # Exception class UserNotFoundError(Exception): Loading Loading
bin/search_cpe.py +21 −40 Original line number Diff line number Diff line Loading @@ -4,7 +4,7 @@ # Software is free software released under the "Modified BSD license" # # Copyright (c) 2014 psychedelys # Copyright (c) 2015 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Copyright (c) 2015-2017 Pieter-Jan Moreels - pieterjan.moreels@gmail.com # Copyright (c) 2015 Alexandre Dulaunoy - a@foo.be # Imports Loading @@ -13,48 +13,29 @@ import sys runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runPath, "..")) import re import argparse import json import re import urllib.parse import lib.DatabaseLayer as db from lib.DatabaseLayer2 import DatabaseLayer runPath = os.path.dirname(os.path.realpath(__file__)) vOutput = "" def search(cpe, output_format="json"): data = DatabaseLayer().CPE.get_regex(cpe) if output_format == "json": output = [{'id': i.id, 'title': i.title} for i in data] print(json.dumps(output, sort_keys=True, indent=4)) elif output_format == "compact": print("\n".join([i.id for i in data])) elif output_format == "expanded": print("\n".join(["%s %s"%(i.id, i.title) for i in data])) if __name__ == "__main__": argParser = argparse.ArgumentParser(description='Search for CPE with a pattern') argParser.add_argument('-s', type=str, required=True, help='search in cpe list') argParser.add_argument('-o', type=str, default='expanded' ,help='O = output format [expanded, compact, json] (default: expanded)') argParser.add_argument('-f', action='store_true', help='Enlarge the CPE search to all CPE indexed. Need the cpeother activated.', default=False) args = argParser.parse_args() cpeSearch = args.s vOutput = args.o def search(cpe): res = db.getCPEMatching(re.compile(cpe, re.IGNORECASE), args.f) if vOutput == "compact": for item in res: print(item['id']) elif vOutput == "expanded": for item in res: print(item['id'] + " " + item['title']) elif vOutput == "json": o = [] for item in res: x = {} x['id'] = item['id'] x['title'] = item['title'] o.append(x) print(json.dumps(o, sort_keys=True, indent=4)) # replace special characters in cpeSearch with encoded version. cpeSearch = urllib.parse.quote(cpeSearch) search(cpeSearch) search(urllib.parse.quote(args.s), args.o)
lib/Authentication.py +7 −6 Original line number Diff line number Diff line Loading @@ -17,8 +17,8 @@ import uuid runPath = os.path.dirname(os.path.realpath(__file__)) sys.path.append(os.path.join(runPath, "..")) import lib.DatabaseLayer as db from lib.Config import Configuration as conf from lib.DatabaseLayer2 import DatabaseLayer from lib.Singleton import Singleton # Constants Loading @@ -36,6 +36,7 @@ class AuthenticationHandler(metaclass=Singleton): self.methods = [] self._load_methods() self.api_sessions = {} self.db = DatabaseLayer() def _load_methods(self): self.methods = [] Loading Loading @@ -63,10 +64,10 @@ class AuthenticationHandler(metaclass=Singleton): print("[!] -> %s"%e) def isCVESearchUser(self, user): return db.userExists(user) return self.db.Users.exists(user) def validateUser(self, user, password): user_obj = db.getUser(user) user_obj = self.db.Users.get(user) if not user_obj: return False # 'local_only' users bypass other auth methods. If the user is not, # we try the other auth methods first Loading @@ -84,7 +85,7 @@ class AuthenticationHandler(metaclass=Singleton): print("[!] -> %s"%e) # If we reach here, all methods (if any) failed to authenticate the user # so we check the user against the local database. return db.verifyUser(user, password) return self.db.Users.verifyPassword(user, password) def new_api_session(self, user): self.api_sessions[user] = (uuid.uuid4().hex, datetime.datetime.now()) Loading
lib/Database.py +3 −0 Original line number Diff line number Diff line Loading @@ -267,6 +267,9 @@ class Database(metaclass=Singleton): def cpe_getAll(self): return [CPE.fromDict(x) for x in self.sanitize(self.colCPE.find())] or [] def cpe_regex(self, regex): return [CPE.fromDict(x) for x in self.sanitize(self.colCPE.find({"id": {"$regex": regex}}))] or [] ######## # CWEs # Loading
lib/DatabaseLayer2.py +3 −0 Original line number Diff line number Diff line Loading @@ -288,6 +288,9 @@ class CPEs: cpe = self.db.cpe_get(toStringFormattedCPE(id)) return cpe if cpe else CPE(id) def get_regex(self, regex): return self.db.cpe_regex(re.compile(regex, re.IGNORECASE)) def getAll(self): return self.db.cpe_getAll() Loading
lib/User.py +0 −1 Original line number Diff line number Diff line Loading @@ -18,7 +18,6 @@ runPath = os.path.dirname(os.path.realpath(__file__)) from flask_login import UserMixin from lib.Config import Configuration import lib.DatabaseLayer as db # Exception class UserNotFoundError(Exception): Loading
