Formated the code

sudesh0sudesh · Apr 11, 2024 · e50cad6 · e50cad6
1 parent b27130d
commit e50cad6
Show file tree

Hide file tree

Showing 63 changed files with 184 additions and 198 deletions.
diff --git a/opencve/__init__.py b/opencve/__init__.py
@@ -10,7 +10,6 @@
 from opencve.extensions import db
 from opencve.settings import env_config
 
-
 with open(Path(__file__).parent.resolve() / "VERSION", encoding="utf-8") as version:
     __version__ = version.readline().rstrip()
 

diff --git a/opencve/admin.py b/opencve/admin.py
@@ -175,8 +175,8 @@ def tasks(self):
 
     @expose("/tasks/<id>")
     def task(self, id):
-        from .models.tasks import Task
         from .models.changes import Change
+        from .models.tasks import Task
 
         task = Task.query.get(id)
         changes = (

diff --git a/opencve/api/__init__.py b/opencve/api/__init__.py
@@ -3,21 +3,19 @@
 
 from opencve.api.alerts import AlertListResource, AlertResource
 from opencve.api.cves import CveListResource, CveResource
-from opencve.api.cwes import CweListResource, CweResource, CweCveResource
+from opencve.api.cwes import CweCveResource, CweListResource, CweResource
 from opencve.api.products import (
     FlatProductListResource,
+    ProductCveResource,
     ProductListResource,
     ProductResource,
-    ProductCveResource,
 )
 from opencve.api.reports import ReportListResource, ReportResource
-from opencve.api.vendors import VendorListResource, VendorResource, VendorCveResource
-
 from opencve.api.subscriptions import (
-    SubscriptionListRessourceVendor,
     SubscriptionListRessourceProduct,
+    SubscriptionListRessourceVendor,
 )
-
+from opencve.api.vendors import VendorCveResource, VendorListResource, VendorResource
 
 api_bp = Blueprint("api", __name__)
 api = Api(api_bp)

diff --git a/opencve/api/alerts.py b/opencve/api/alerts.py
@@ -8,7 +8,6 @@
 from opencve.controllers.reports import ReportController
 from opencve.models.users import User
 
-
 alert_fields = {
     "id": fields.String(attribute="id"),
     "created_at": DatetimeField(),

diff --git a/opencve/api/base.py b/opencve/api/base.py
@@ -1,8 +1,8 @@
 from functools import wraps
 
-from flask import request
 from flask import current_app as app
-from flask_restful import Resource, HTTPException
+from flask import request
+from flask_restful import HTTPException, Resource
 
 from opencve.extensions import limiter
 from opencve.models.users import User

diff --git a/opencve/api/cves.py b/opencve/api/cves.py
@@ -5,7 +5,6 @@
 from opencve.api.fields import CveVendorsField, DatetimeField
 from opencve.controllers.cves import CveController
 
-
 cves_fields = {
     "id": fields.String(attribute="cve_id"),
     "summary": fields.String(attribute="summary"),

diff --git a/opencve/api/cwes.py b/opencve/api/cwes.py
@@ -6,7 +6,6 @@
 from opencve.controllers.cves import CveController
 from opencve.controllers.cwes import CweController
 
-
 cwes_fields = {
     "id": fields.String(attribute="cwe_id"),
     "name": fields.String(attribute="name"),

diff --git a/opencve/api/products.py b/opencve/api/products.py
@@ -8,7 +8,6 @@
 from opencve.controllers.products import ProductController
 from opencve.controllers.vendors import VendorController
 
-
 product_fields = {
     "name": fields.String(attribute="name"),
     "human_name": HumanizedNameField(attribute="name"),

diff --git a/opencve/api/reports.py b/opencve/api/reports.py
@@ -9,7 +9,6 @@
 from opencve.controllers.reports import ReportController
 from opencve.models.users import User
 
-
 report_list_fields = {
     "id": fields.String(attribute="public_link"),
     "created_at": DatetimeField(),

diff --git a/opencve/api/subscriptions.py b/opencve/api/subscriptions.py
@@ -5,7 +5,6 @@
 from opencve.api.fields import HumanizedNameField
 from opencve.models.users import User
 
-
 vendor_list_fields = {
     "name": fields.String(attribute="name"),
     "human_name": HumanizedNameField(attribute="name"),

diff --git a/opencve/api/vendors.py b/opencve/api/vendors.py
@@ -7,7 +7,6 @@
 from opencve.controllers.cves import CveController
 from opencve.controllers.vendors import VendorController
 
-
 vendor_list_fields = {
     "name": fields.String(attribute="name"),
     "human_name": HumanizedNameField(attribute="name"),

diff --git a/opencve/app.py b/opencve/app.py
@@ -3,6 +3,5 @@
 from opencve import create_app
 from opencve.extensions import cel
 
-
 env = os.environ.get("OPENCVE_ENV", "production")
 app = create_app(env)
diff --git a/opencve/checks/cpes.py b/opencve/checks/cpes.py
@@ -22,13 +22,15 @@ def execute(self):
         if payload["added"] or payload["removed"]:
 
             # Change the CVE's vendors attribute
-            
-            #changed code by sudesh to fix the issue of stopping cpe data refresh if cpe data is not present in cve_json
-            cpe_data=self.cve_json.get("configurations", {})
+
+            # changed code by sudesh to fix the issue of stopping cpe data refresh if cpe data is not present in cve_json
+            cpe_data = self.cve_json.get("configurations", {})
             if len(cpe_data) == 0:
-                self.cve_json["configurations"] = self.cve_obj.json.get("configurations")
-
-            vendors_products = convert_cpes(self.cve_json.get("configurations", {}))                
+                self.cve_json["configurations"] = self.cve_obj.json.get(
+                    "configurations"
+                )
+
+            vendors_products = convert_cpes(self.cve_json.get("configurations", {}))
             self.cve_obj.vendors = flatten_vendors(vendors_products)
             db.session.commit()
 

diff --git a/opencve/cli.py b/opencve/cli.py
@@ -5,11 +5,11 @@
 from opencve import __version__
 from opencve.commands.celery import celery
 from opencve.commands.create_user import create_user
+from opencve.commands.imports import import_data
 from opencve.commands.init import init
+from opencve.commands.migrate_nvd import migrate_nvd
 from opencve.commands.upgrade_db import upgrade_db
-from opencve.commands.imports import import_data
 from opencve.commands.webserver import webserver
-from opencve.commands.migrate_nvd import migrate_nvd
 
 
 @click.group()

diff --git a/opencve/commands/imports/cve.py b/opencve/commands/imports/cve.py
@@ -1,21 +1,20 @@
+import os
 import time
 
 import arrow
 import requests
-import os
 from openai import OpenAI
 
 from opencve.commands import info, timed_operation
 from opencve.extensions import db
-from opencve.utils import convert_cpes, flatten_vendors, weaknesses_to_flat
 from opencve.models import get_uuid
 from opencve.models.changes import Change
 from opencve.models.cve import Cve
-from opencve.models.tasks import Task
+from opencve.models.metas import Meta
 from opencve.models.products import Product
+from opencve.models.tasks import Task
 from opencve.models.vendors import Vendor
-from opencve.models.metas import Meta
-
+from opencve.utils import convert_cpes, flatten_vendors, weaknesses_to_flat
 
 NVD_API_URL = "https://services.nvd.nist.gov/rest/json/cves/2.0"
 
@@ -44,9 +43,9 @@ def run():
 
     start_index = 0
     total_results = 0
-    openai_api_key=os.environ.get("OPEN_AI_KEY",None)
+    openai_api_key = os.environ.get("OPEN_AI_KEY", None)
     client = OpenAI(api_key=openai_api_key)
-    instruction="Your sole purpose is to extract only a single cpe information in the format 'cpe:2.3:a:vendor:product' from the provided CVE summary; Replace a with h for hardware or o for Operating system based on type of vulnerbility. If there is no match please return 'cpe:2.3:a:::'  Answer without any heading and other information."
+    instruction = "Your sole purpose is to extract only a single cpe information in the format 'cpe:2.3:a:vendor:product' from the provided CVE summary; Replace a with h for hardware or o for Operating system based on type of vulnerbility. If there is no match please return 'cpe:2.3:a:::'  Answer without any heading and other information."
 
     while start_index <= total_results:
         url = url_template.format(idx=start_index)
@@ -88,62 +87,60 @@ def run():
 
                 # Construct CWE and CPE lists
                 cwes = weaknesses_to_flat(cve_data.get("weaknesses"))
-                
-                 # In case of multiple languages, keep the EN one
+
+                # In case of multiple languages, keep the EN one
                 descriptions = cve_data["descriptions"]
                 if len(descriptions) > 1:
                     descriptions = [
                         d for d in descriptions if d["lang"] in ("en", "en-US")
                     ]
                 summary = descriptions[0]["value"]
-                cpe_info=cve_data.get("configurations", {})
-                #info(cpe_info)
-                if (len(cpe_info) == 0) and openai_api_key is not None and not summary.startswith("Rejected reason:"):
-
+                cpe_info = cve_data.get("configurations", {})
+                # info(cpe_info)
+                # OpenAI API call to get cpe information
+                # Changed code for tracking
+                if (
+                    (len(cpe_info) == 0)
+                    and openai_api_key is not None
+                    and not summary.startswith("Rejected reason:")
+                ):
+
                     info(summary)
                     try:
-                        prompt= f"CVE SUMMARY:{summary}"
-                        
-                        completion=client.chat.completions.create(
+                        prompt = f"CVE SUMMARY:{summary}"
+
+                        completion = client.chat.completions.create(
                             model="gpt-3.5-turbo-0125",
                             messages=[
                                 {"role": "system", "content": instruction},
                                 {"role": "user", "content": prompt},
-                            ]
+                            ],
                         )
-                        cpe=completion.choices[0].message.content
-                        cve_data["configurations"]=[{
-                            "nodes":[
-                                { 
-                                 "operator": "OR",
-                                  "negate": False,
-                                  "cpeMatch": [
-                                      {
-                                            "vulnerable": True,
-                                            "criteria": cpe
-                                      }
-                                  ]
-
-
-
-                                }
-
-
-                        ]}]
-                        cpe_info=cve_data.get("configurations", {})
+                        cpe = completion.choices[0].message.content
+                        cve_data["configurations"] = [
+                            {
+                                "nodes": [
+                                    {
+                                        "operator": "OR",
+                                        "negate": False,
+                                        "cpeMatch": [
+                                            {"vulnerable": True, "criteria": cpe}
+                                        ],
+                                    }
+                                ]
+                            }
+                        ]
+                        cpe_info = cve_data.get("configurations", {})
                         info(cpe_info)
-                        
+
                     except Exception as e:
-                        cpe_info={}
-
-
+                        cpe_info = {}
+                        info(f"Exception triggered in import cve.py: {str(e)}")
+                        info(cpe_info)
+
                 vendors_products = convert_cpes(cpe_info)
                 vendors_flatten = flatten_vendors(vendors_products)
 
-
-
-
-
                 # Create the CVEs mappings
                 mappings["cves"].append(
                     dict(

diff --git a/opencve/commands/imports/cwe.py b/opencve/commands/imports/cwe.py
@@ -38,9 +38,11 @@ def run():
                 id=get_uuid(),
                 cwe_id=f"CWE-{c['ID']}",
                 name=c["Name"],
-                description=c.Description.cdata
-                if hasattr(c, "Description")
-                else c.Summary.cdata,
+                description=(
+                    c.Description.cdata
+                    if hasattr(c, "Description")
+                    else c.Summary.cdata
+                ),
             )
 
     # Insert the objects in database

diff --git a/opencve/commands/init.py b/opencve/commands/init.py
@@ -5,14 +5,14 @@
 import click
 from flask.cli import with_appcontext
 
+from opencve.commands import error, info
 from opencve.configuration import (
     DEFAULT_CONFIG,
     DEFAULT_WELCOME_FILES,
     OPENCVE_CONFIG,
     OPENCVE_HOME,
     OPENCVE_WELCOME_FILES,
 )
-from opencve.commands import info, error
 
 
 def create_config():

diff --git a/opencve/commands/migrate_nvd.py b/opencve/commands/migrate_nvd.py
@@ -1,12 +1,12 @@
+import time
+
 import click
 import requests
-import time
 from flask.cli import with_appcontext
 
 from opencve.commands import ensure_config, error, info
-from opencve.models.cve import Cve
 from opencve.extensions import db
-
+from opencve.models.cve import Cve
 
 NVD_API_URL = "https://services.nvd.nist.gov/rest/json/cves/2.0"