Commit f5898fd5 authored by PidgeyL's avatar PidgeyL
Browse files

abstract query code for esier implementation

parent abdf90eb
Loading
Loading
Loading
Loading
+4 −101
Original line number Diff line number Diff line
@@ -34,6 +34,7 @@ import requests
import urllib.parse

from lib.Config import Configuration
from lib.Query import lastentries, apigetcve, apibrowse, apisearch
# BSON MongoDB include ugly stuff that needs to be processed for standard JSON
from bson import json_util

@@ -58,64 +59,6 @@ helpmessage = helpmessage + "get <cve-id> (output: JSON)\n"
helpmessage = helpmessage + "For more info about cve-search: http://adulau.github.com/cve-search/"


def lookupcpe(cpeid=None):
    e = db.cpe.find_one({'id': cpeid})
    if e is None:
        return cpeid
    if 'id' in e:
        return e['title']


def findranking(cpe=None, loosy=True):
    if cpe is None:
        return False
    r = db.ranking
    result = False
    if loosy:
        for x in cpe.split(':'):
            if x is not '':
                i = r.find_one({'cpe': {'$regex': x}})
            if i is None:
                continue
            if 'rank' in i:
                result = i['rank']
    else:
        i = r.find_one({'cpe': {'$regex': cpe}})
        print (cpe)
        if i is None:
            return result
        if 'rank' in i:
            result = i['rank']

    return result


def lastentries(limit=5, namelookup=False):
    entries = []
    for item in collection.find({}).sort("Modified", -1).limit(limit):
        if not namelookup and rankinglookup is not True:
            entries.append(item)
        else:
            if "vulnerable_configuration" in item:
                vulconf = []
                ranking = []
                for conf in item['vulnerable_configuration']:
                    if namelookup:
                        vulconf.append(lookupcpe(cpeid=conf))
                    else:
                        vulconf.append(conf)
                    if rankinglookup:
                        rank = findranking(cpe=conf)
                        if rank and rank not in ranking:
                            ranking.append(rank)

                item['vulnerable_configuration'] = vulconf
                if rankinglookup:
                    item['ranking'] = ranking
            entries.append(item)
    return entries


def cvesearch(query="last", option=None):
    if query == "last":
        if option is None:
@@ -128,11 +71,11 @@ def cvesearch(query="last", option=None):
    elif query == "get":
        if option is None:
            return "A cve-id must be specified"
        return apigetcve(cveid=option)
        return apigetcve(opts.api,cveid=option)
    elif query == "browse":
        return apibrowse(vendor=option)
        return apibrowse(opts.api, vendor=option)
    elif query == "search":
        return apisearch(query=option)
        return apisearch(opts.api, query=option)
    elif query == "cvetweet":
        text = " "

@@ -150,46 +93,6 @@ def cvesearch(query="last", option=None):
    else:
        return False


def apigetcve(cveid=None):
    if cveid is None:
        return False
    url = urllib.parse.urljoin(opts.api, "api/cve/"+cveid)
    urltoget = urllib.parse.urljoin(url, cveid)
    r = requests.get(urltoget)
    if r.status_code is 200:
        return r.text
    else:
        return False


def apibrowse(vendor=None):
    url = urllib.parse.urljoin(opts.api, "api/browse")
    if vendor is None:
        r = requests.get(url)
    else:
        urlvendor = url + "/" + vendor
        r = requests.get(urlvendor)

    if r.status_code is 200:
        return r.text
    else:
        return False


def apisearch(query=None):
    if query is None:
        return False
    url = urllib.parse.urljoin(opts.api, "api/search/")
    url = url+query

    r = requests.get(url)
    if r.status_code is 200:
        return r.text
    else:
        return False


class CVEBot(sleekxmpp.ClientXMPP):

    def __init__(self, jid, password):

lib/Query.py

0 → 100644
+111 −0
Original line number Diff line number Diff line
#!/usr/bin/env python3.3
# -*- coding: utf-8 -*-
#
# Query tools
#
# Software is free software released under the "Modified BSD license"
#
# Copyright (c) 2014-2015 	Pieter-Jan Moreels - pieterjan.moreels@gmail.com

import urllib.parse
import json
import requests

from lib.Config import Configuration


db = Configuration.getMongoConnection()
collection = db.cves

rankinglookup = True


def findranking(cpe=None, loosy=True):
  if cpe is None:
    return False
  r = db.ranking
  result = False
  if loosy:
    for x in cpe.split(':'):
      if x is not '':
        i = r.find_one({'cpe': {'$regex': x}})
      if i is None:
        continue
      if 'rank' in i:
        result = i['rank']
  else:
    i = r.find_one({'cpe': {'$regex': cpe}})
    print (cpe)
    if i is None:
      return result
    if 'rank' in i:
      result = i['rank']
  return result

def lookupcpe(cpeid=None):
    e = db.cpe.find_one({'id': cpeid})
    if e is None:
        return cpeid
    if 'id' in e:
        return e['title']


def lastentries(limit=5, namelookup=False):
  entries = []
  for item in collection.find({}).sort("Modified", -1).limit(limit):
    if not namelookup and rankinglookup is not True:
      entries.append(item)
    else:
      if "vulnerable_configuration" in item:
        vulconf = []
        ranking = []
        for conf in item['vulnerable_configuration']:
          if namelookup:
            vulconf.append(lookupcpe(cpeid=conf))
          else:
            vulconf.append(conf)
          if rankinglookup:
            rank = findranking(cpe=conf)
            if rank and rank not in ranking:
              ranking.append(rank)
        item['vulnerable_configuration'] = vulconf
        if rankinglookup:
          item['ranking'] = ranking
      entries.append(item)
  return entries

def apigetcve(api, cveid=None):
  if cveid is None:
    return False
  url = urllib.parse.urljoin(api, "api/cve/"+cveid)
  urltoget = urllib.parse.urljoin(url, cveid)
  r = requests.get(urltoget)
  if r.status_code is 200:
    return r.text
  else:
    return False

def apibrowse(api, vendor=None):
  url = urllib.parse.urljoin(api, "api/browse")
  if vendor is None:
    r = requests.get(url)
  else:
    urlvendor = url + "/" + vendor
    r = requests.get(urlvendor)

  if r.status_code is 200:
    return r.text
  else:
    return False

def apisearch(api, query=None):
  if query is None:
    return False
  url = urllib.parse.urljoin(api, "api/search/")
  url = url+query

  r = requests.get(url)
  if r.status_code is 200:
    return r.text
  else:
    return False