Skip to content

Commit

Permalink
chg: support params in search, show GSD in recent
Browse files Browse the repository at this point in the history
  • Loading branch information
@Rafiot
Rafiot committed Dec 7, 2023
1 parent 39095cf commit 7e2b042
Show file tree
Hide file tree
Showing 5 changed files with 56 additions and 35 deletions.
2 changes: 1 addition & 1 deletion vulnerabilitylookup/feeders/gsd
Submodule gsd updated 1861 files
2 changes: 1 addition & 1 deletion vulnerabilitylookup/feeders/pysec
Submodule pysec updated 1 files
+2 −1 vulns/langchain-experimental/PYSEC-2023-194.yaml
2 changes: 1 addition & 1 deletion vulnerabilitylookup/vulnerabilitylookup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,7 @@ def get_vendor_vulnerabilities(self, vendor: str):

def get_vendor_product_vulnerabilities(self, vendor: str, product: str):
_v = vendor.strip().lower()
_p = vendor.strip().lower()
_p = product.strip().lower()
to_return: Dict[str, List[Tuple[str, Dict[str, Any]]]] = defaultdict(list)
for vuln_id in self.storage.smembers(f'{_v}:{_p}:vulnerabilities'):
if vuln := self.get_vulnerability(vuln_id):
Expand Down
66 changes: 40 additions & 26 deletions website/web/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,10 @@ def search():
if request.method == 'HEAD':
# Just returns ack if the webserver is running
return 'Ack'
if request.method == 'GET':
vulnerability_id = request.args.get('vulnerability_id')
vendor = request.args.get('vendor')
product = request.args.get('product')
if request.method == 'POST':
vulnerability_id = None
product = None
Expand All @@ -65,32 +69,40 @@ def search():
product = search_query
vendor = request.form.get('vendor')

if vulnerability_id:
if vulnerability := vulnerabilitylookup.get_vulnerability(vulnerability_id, with_meta=True):
# The search query was a vulnerability ID, just display that.
source = vulnerabilitylookup.get_vulnerability_source(vulnerability_id)
linked_vulns = vulnerabilitylookup.get_linked_vulnerabilities(vulnerability_id)
return render_template('search.html', source=source,
vulnerability_id=vulnerability_id,
vulnerability_data=vulnerability,
linked_vulns=linked_vulns)

elif linked_vulns := vulnerabilitylookup.get_linked_vulnerabilities(vulnerability_id):
# unable to find a vulnerability with that id. Attempt to find linked entries.
return render_template('search.html', vulnerability_id=vulnerability_id, linked_vulns=linked_vulns)
elif vulnerability_id in vulnerabilitylookup.get_vendors():
vendor = vulnerability_id
# Got a vendor, show the proper template.
vendor_products = vulnerabilitylookup.get_vendor_products(vendor)
vendor_vulns = vulnerabilitylookup.get_vendor_vulnerabilities(vendor)
return render_template('search.html', vendor=vendor, vendor_products=vendor_products, vendor_vulns=vendor_vulns)
flash(f'Nothing found in the database for {vulnerability_id}.', 'warning')
elif vendor and product:
vulnerabilities = vulnerabilitylookup.get_vendor_product_vulnerabilities(vendor, product)
if vulnerability_id:
if vulnerability := vulnerabilitylookup.get_vulnerability(vulnerability_id, with_meta=True):
# The search query was a vulnerability ID, just display that.
source = vulnerabilitylookup.get_vulnerability_source(vulnerability_id)
linked_vulns = vulnerabilitylookup.get_linked_vulnerabilities(vulnerability_id)
return render_template('search.html', source=source,
vulnerability_id=vulnerability_id,
vulnerability_data=vulnerability,
linked_vulns=linked_vulns)

elif linked_vulns := vulnerabilitylookup.get_linked_vulnerabilities(vulnerability_id):
# unable to find a vulnerability with that id. Attempt to find linked entries.
return render_template('search.html', vulnerability_id=vulnerability_id, linked_vulns=linked_vulns)
elif vulnerability_id in vulnerabilitylookup.get_vendors():
# FIXME: this is dirty.
vendor = vulnerability_id
# Got a vendor, show the proper template.
vendor_products = vulnerabilitylookup.get_vendor_products(vendor)
vendor_vulns = vulnerabilitylookup.get_vendor_vulnerabilities(vendor)
return render_template('search.html', vendor=vendor, vendor_products=vendor_products, vendor_vulns=vendor_vulns)
flash(f'Nothing found in the database for {vulnerability_id}.', 'warning')
elif vendor and not product:
if vendor in vulnerabilitylookup.get_vendors():
# Got a vendor, show the proper template.
vendor_products = vulnerabilitylookup.get_vendor_products(vendor)
vendor_vulns = vulnerabilitylookup.get_vendor_vulnerabilities(vendor)
return render_template('search.html', vendor=vendor, vendor_products=vendor_products, vendor_vulns=vendor_vulns)
else:
flash(f'Nothing found in the database for {vendor}.', 'warning')
elif vendor and product:
if vulnerabilities := vulnerabilitylookup.get_vendor_product_vulnerabilities(vendor, product):
return render_template('search.html', vendor=vendor, product=product, vp_vulnerabilities=vulnerabilities)
else:
# not enough info
pass
flash(f'Nothing found in the database for {vendor} / {product}.', 'warning')

# render search page
return render_template('search.html')
Expand All @@ -99,8 +111,10 @@ def search():
@app.route('/recent', methods=['GET'])
def recent():
# For the webinterface, we want the most recent entries by source
recent = {source: vulnerabilitylookup.get_last(source) for source in vulnerabilitylookup.get_sources()}
return render_template('recent.html', recent=recent)
source_to_show = ['github', 'cvelistv5', 'pysec', 'gsd']
default_source = 'cvelistv5'
recent = {source: vulnerabilitylookup.get_last(source) for source in source_to_show}
return render_template('recent.html', recent=recent, default_source=default_source)


# #### API ####
Expand Down
19 changes: 13 additions & 6 deletions website/web/templates/recent.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@
<h1>Most recent vulnerabilities by source</h1>
<h6>The vulnerabilities are sorted by update time (recent ot old)</h6>
<ul class="nav nav-tabs" id="vulnSourcesTab" role="tablist">
{% for source in recent.keys() if source in ['github', 'cvelistv5', 'pysec'] %}
{% for source, vulns in recent.items() if vulns %}
<li class="nav-item" role="presentation">
<button class="nav-link {% if source == "cvelistv5" %}active{%endif%}" id="{{source}}-tab"
<button class="nav-link {% if source == default_source %}active{%endif%}" id="{{source}}-tab"
data-bs-toggle="tab"
data-bs-target="#{{source}}-tab-pane"
type="button" role="tab"
Expand All @@ -31,18 +31,16 @@ <h6>The vulnerabilities are sorted by update time (recent ot old)</h6>
{%endfor%}
</ul>
<div class="tab-content" id="vulnSourcesTabContent">
{% for source, vulns in recent.items() if source in ['github', 'cvelistv5', 'pysec'] %}
{% for source, vulns in recent.items() if vulns %}
<div class="tab-pane fade show {% if source == 'cvelistv5' %} active {%endif%}"
id="{{source}}-tab-pane" role="tabpanel" aria-labelledby="{{source}}-tab" tabindex="0">
<table class="table">
{% if source in ['cvelistv5', 'github', 'pysec'] %}
<thead>
<tr>
<th scope="col">Vulnerability ID</th>
<th scope="col">Description</th>
</tr>
</thead>
{%endif%}
<tbody>
{%for vuln in vulns %}
{%if source == "cvelistv5" %}
Expand All @@ -67,8 +65,17 @@ <h6>The vulnerabilities are sorted by update time (recent ot old)</h6>
</tr>
{%elif source == "pysec" %}
<tr>
<th scope="row">{{vuln['id']}}</th>
<th scope="row">
<a href="{{url_for('search', vulnerability_id=vuln['id'])}}">{{vuln['id']}}</a>
</th>
<td>{{vuln['details']}}</td>
</tr>
{%elif source == "gsd" %}
<tr>
<th scope="row">
<a href="{{url_for('search', vulnerability_id=vuln['GSD']['id'])}}">{{vuln['GSD']['id']}}</a>
</th>
<td>The format of the source doesn't require a description, click on the link for more details</td>
</tr>
{%else%}
<tr>
Expand Down

0 comments on commit 7e2b042

Please sign in to comment.