Merge pull request #54 from adulau/master

Various fixes and updates
PidgeyL · Mar 16, 2015 · e35cc86 · e35cc86
2 parents 1eb6330 + 97b6b83
commit e35cc86
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 6 deletions.
diff --git a/README.md b/README.md
@@ -74,7 +74,7 @@ The MongoDB database is called cvedb and there are 8 collections:
 * capec (Common Attack Pattern Enumeration and Classification) - source NVD NIST
 * ranking (ranking rules per group) - local cve-search
 * d2sec (Exploitation reference from D2 Elliot Web Exploitation Framework) - source d2sec.com
-* vfeed (cross-references to CVE ids (e.g. OVAL, OpenVAS, ...)) - source vfeed
+* [vFeed](https://github.com/toolswatch/vFeed) (cross-references to CVE ids (e.g. OVAL, OpenVAS, ...)) - source [vFeed](https://github.com/toolswatch/vFeed)
 * info (metadata of each collection like last-modified) - local cve-search
 
 Updating the database

diff --git a/bin/db_cpe_browser.py b/bin/db_cpe_browser.py
@@ -16,6 +16,8 @@
 runPath = os.path.dirname(os.path.realpath(__file__))
 sys.path.append(os.path.join(runPath, ".."))
 
+from redis import exceptions as redisExceptions
+
 from lib.Config import Configuration
 from lib.Toolkit import pad
 
@@ -37,8 +39,11 @@
     except Exception as ex:
         print(ex)
         pass
-    r.sadd("prefix:" + prefix, cpetype)
-    r.sadd("t:" + cpetype, vendor)
-    r.sadd("v:" + vendor, product)
-    if version:
-        r.sadd("p:" + product, version)
+    try:
+        r.sadd("prefix:" + prefix, cpetype)
+        r.sadd("t:" + cpetype, vendor)
+        r.sadd("v:" + vendor, product)
+        if version:
+            r.sadd("p:" + product, version)
+    except redisExceptions.ConnectionError:
+        sys.exit("Redis server not running on %s:%s"%(Configuration.getRedisHost(),Configuration.getRedisPort()))
diff --git a/web/index.py b/web/index.py
@@ -378,6 +378,16 @@ def filterLast(r):
 
     return render_template('index.html', settings=settings, cve=cve, r=r, pageLength=pageLength)
 
+@app.route('/api/cvefor/<cpe>', methods=['GET'])
+def apiCVEFor(cpe):
+    col = db['cves']
+    cpe=urllib.parse.unquote_plus(cpe)
+    vulns = col.find({"vulnerable_configuration": {'$regex': cpe}}).sort("Modified", -1)
+    r = []
+    for x in vulns:
+        x.pop('_id')
+        r.append(x)
+    return json.dumps(r)
 
 @app.route('/api/cve/<cveid>', methods=['GET'])
 def apiCVE(cveid):