From 91516f6db9eba79156fcfe6064a0655ce0c0fe5b Mon Sep 17 00:00:00 2001 From: Paul Reftu Date: Thu, 6 Jun 2019 17:38:19 +0300 Subject: [PATCH] Added early Security Alerter API v1 --- application/api/v1.php | 153 +++++++++++++++++++++++++++ application/soft_vuln/NvdCrawler.php | 4 +- 2 files changed, 156 insertions(+), 1 deletion(-) create mode 100644 application/api/v1.php diff --git a/application/api/v1.php b/application/api/v1.php new file mode 100644 index 0000000..fba038a --- /dev/null +++ b/application/api/v1.php @@ -0,0 +1,153 @@ +isURIValid($uri)) { + + header("HTTP/1.1 404 Not Found"); + exit(); + + } + + $requestMethod = $_SERVER["REQUEST_METHOD"]; + + switch ($_SERVER["REQUEST_METHOD"]) { + + case "GET": { + + if (!isset($_GET["description"])) { + + header("HTTP/1.1 400 Bad Request"); + exit(); + + } + else { + + $exploitSeeker = new ExploitSeeker(1, 5, 100); + + $shodanJson = $exploitSeeker->runShodanAPISearch($_GET["description"]); + $exploits = $shodanJson->matches; + + /* + * Until an alternative solution to get the needed + * references of an exploit is found, the following + * action displays unbelievably poor efficiency + * (~1s/exploit), and is therefore impossible + * to use in our API + */ + + /* + $nvdCrawler = new NvdCrawler(null); + + $i = 0; + + foreach ($exploits as &$exploit) { + + if ($i++ === 5) + break; + + $nvdCrawler->setVulnCveId($exploit->cve[0]); + + $exploit->refs = $nvdCrawler->collectRefs(); + + } + + $shodanJson->matches = $exploits; + */ + + header("HTTP/1.1 200 OK"); + echo json_encode($shodanJson, JSON_PRETTY_PRINT); + + + + } + + break; + } // end of case "GET" + + case "POST": { + + header("HTTP/1.1 403 Forbidden"); + exit(); + + } // end of case "POST" + + case "PUT": { + + header("HTTP/1.1 403 Forbidden"); + exit(); + + } // end of case "PUT" + + case "DELETE": { + + header("HTTP/1.1 403 Forbidden"); + exit(); + + } // end of case "DELETE" + + default: { + + header("HTTP/1.1 404 Not Found"); + exit(); + + } // end of default case + + } // end of switch for http request method + + } + + private function findCurrPageName($list) { + + for ($i = 0; $i < sizeof($list); $i++) + if ($list[$i] === $this->currPageName) + return $i; + + return -1; + + } + + private function isURIValid($uri) { + + $uri_parts = explode("/", $uri); + + $pageNameIndex = $this->findCurrPageName($uri_parts); + + if (sizeof($uri_parts) - 1 === $pageNameIndex) + return false; + + if ($uri_parts[$pageNameIndex + 1] !== $this->exploitsResourceName) + return false; + + return true; + + } + + } + + new API_V1(); + + + +?> \ No newline at end of file diff --git a/application/soft_vuln/NvdCrawler.php b/application/soft_vuln/NvdCrawler.php index fccc6e0..44f2669 100644 --- a/application/soft_vuln/NvdCrawler.php +++ b/application/soft_vuln/NvdCrawler.php @@ -37,7 +37,7 @@ public function collectRefs() { if ($this->vulnCveId !== null) { - $startTime = microtime(true); + //$startTime = microtime(true); $cve = $this->vulnCveId; @@ -67,6 +67,7 @@ public function collectRefs() { } // end of '$cve !== null' conditional + /* $endTime = microtime(true); $elapsedTime = $endTime - $startTime; @@ -80,6 +81,7 @@ public function collectRefs() { $mark = "" . $elapsedTime . ""; echo "Time taken for reference collection: " . $mark . "
"; + */ return $references;