setting up sphinx docs

docs/build/html/.buildinfo

@@ -0,0 +1,4 @@
+# Sphinx build info version 1
+# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done.
+config: 99dae20a5f14be41e952b6746c216d29
+tags: 645f666f9bcd5a90fca523b33c5a78b7

docs/build/html/_sources/general/badges.rst.txt

@@ -0,0 +1 @@
+

docs/build/html/_sources/general/general.rst.txt

@@ -0,0 +1,33 @@
+.. _general:
+
+General
+=======
+
+.. image:: https://img.shields.io/github/release/cve-search/cve-search.svg
+   :target: https://GitHub.com/cve-search/cve-search/releases/
+
+.. image:: https://travis-ci.org/cve-search/cve-search.svg?branch=master
+    :target: https://travis-ci.org/cve-search/cve-search
+
+.. image:: https://badges.gitter.im/Join%20Chat.svg
+   :alt: Join the chat at https://gitter.im/cve-search/cve-search
+   :target: https://gitter.im/cve-search/cve-search?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge
+
+.. image:: https://img.shields.io/badge/License-GPLv3-blue.svg
+   :target: https://www.gnu.org/licenses/gpl-3.0
+
+CVE-Search is a tool to import CVE (Common Vulnerabilities and Exposures) and
+CPE (Common Platform Enumeration) into a MongoDB to facilitate search
+and processing of CVEs.
+
+The main objective of the software is to avoid doing direct and public lookups
+into the public CVE databases. Local lookups are usually faster and you can
+limit your sensitive queries via the Internet.
+
+CVE-Search includes a back-end to store vulnerabilities and related information,
+an intuitive web interface for search and managing vulnerabilities,
+a series of tools to query the system and a web API interface.
+
+CVE-Search is used by many organizations including the `public CVE services of CIRCL <https://cve.circl.lu/>`_.
+
+This document gives you basic information how to start with CVE-Search.

docs/build/html/_sources/getting_started/database.rst.txt

@@ -0,0 +1,63 @@
+.. _db:
+
+Database
+========
+
+The MongoDB database is called cvedb and has 11 collections:
+
+* cves (Common Vulnerabilities and Exposure items) - source NVD NIST (JSON)
+* cpe (Common Platform Enumeration items) - source NVD NIST
+* cwe (Common Weakness Enumeration items) - source NVD NIST
+* capec (Common Attack Pattern Enumeration and Classification) - source NVD NIST
+* ranking (ranking rules per group) - local cve-search
+* `MITRE Reference Key/Maps <https://cve.mitre.org/data/refs/>`_ - source MITRE reference Key/Maps
+* info (metadata of each collection like last-modified) - local cve-search
+* via4 `VIA4CVE <https://github.com/cve-search/VIA4CVE>`_ cross-references.
+
+The Redis database has 3 databases:
+
+* 10: The cpe (Common Platform Enumeration) cache - source MongoDB cvedb collection cpe
+* 11: The notification database - source cve-search
+* 12: The `CVE reference database <https://cve.mitre.org/data/refs/>`_ is a cross-reference database to CVE IDs against various vendors ID - source NVD NIST/MITRE
+
+The reference database has 3 additional sources:
+
+* `MITRE Reference Key/Maps <https://cve.mitre.org/data/refs/>`_.
+* Red Hat RPM to CVE database.
+* Red Hat RHSA Oval database.
+
+.. _pop_db:
+
+The initial setup of CVE-Search happens only once, at the installation.
+This consists of two steps and one optional step.
+
+ * Populating the database
+ * *Optional:* You can also run the "Other CPE Dictionary" script to help fill in the blanks
+ * Updating the database
+
+Populating the database
+-----------------------
+
+For the initial run, you need to populate the CVE database by running:
+
+.. code-block:: bash
+
+    ./sbin/db_mgmt_cpe_dictionary.py -p
+    ./sbin/db_mgmt_json.py -p
+    ./sbin/db_updater.py -c # This will take >45minutes on a decent machine, please be patient
+
+It will fetch all the existing JSON files from the Common Vulnerabilities
+and Exposures feed and the Common Platform Enumeration. The initial
+Common Platform Enumeration (CPE) import might take some time depending
+of your configuration.
+
+If you want to add the cross-references from NIST, Red Hat and other vendors thanks to `VIA4CVE <https://github.com/cve-search/VIA4CVE>`_:
+
+.. code-block:: bash
+
+    ./sbin/db_mgmt_ref.py
+
+NB: If you want to  import your own JSON from VIA4CVE, you have to replace URL in sources.ini the VIA4 attribute with
+`file:///PATH/TO/VIA4CVE/VIA4CVE-feed.json`.
+
+

docs/build/html/_sources/getting_started/installation.rst.txt

@@ -0,0 +1,80 @@
+.. _intro:
+
+Getting Started
+===============
+
+The CVE-Search project is developed for a linux environment and therefore this section describes the installation
+procedure for CVE-Search on Linux. Instructions and scripts of this release are written for the current release of Ubuntu LTS on
+the x86_64 architecture but will work on most other distributions. In this guide, we assume you are using *apt* as your
+package manager. If you are using a different one, install the requirements using your package manager of choice
+
+Before setting up CVE-Search, you have to make sure the all the necessary code is present on your system.
+Your best choice is to use *git* to clone CVE-Search from github.
+
+You can clone CVE-Search from
+
+ * git clone https://github.com/cve-search/cve-search.git
+
+Dependencies
+------------
+
+.. literalinclude:: ../../../requirements.txt
+   :language: bash
+
+.. _installation:
+
+Installation
+------------
+
+Install CVE-Search and its python dependencies:
+
+.. code-block:: bash
+
+    pip3 install -r requirements.txt
+
+Install system requirements:
+
+.. code-block:: bash
+
+    # Install system dependencies by running
+    xargs sudo apt-get install -y < requirements.system
+
+Install mongodb.
+
+.. code-block:: bash
+
+    wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
+
+    echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
+
+    sudo apt-get update
+
+    sudo apt-get install -y mongodb-org
+
+    sudo systemctl daemon-reload
+
+    sudo systemctl start mongod
+
+    # Verify status of mongodb
+    sudo systemctl status mongod
+
+    # if all is ok, enable mongodb to start on system startup
+    sudo systemctl enable mongod
+
+
+Please check the `mongodb website <https://docs.mongodb.org/manual/installation/>`_ for installation
+instructions on different Linux distributions.
+
+Configuration
+-------------
+By default CVE-Search takes assumptions on certain configuration aspects of the application. These defaults are noted in
+the <<install_dir>>/etc/configuration.ini.sample:
+
+.. literalinclude:: ../../../etc/configuration.ini.sample
+    :language: bash
+
+If your setup requires alternate settings and configurations, then copy the etc/configuration.ini.sample to
+<<install_dir>>/etc/configuration.ini and adjust accordingly.
+
+Once these steps are completed all the conditions are met for CVE-Search to function properly; continue with populating
+the database.

docs/build/html/_sources/index.rst.txt

@@ -0,0 +1,50 @@
+.. CVE-Search documentation master file, created by
+   sphinx-quickstart on Thu Nov 12 18:26:41 2020.
+   You can adapt this file completely to your liking, but it should at least
+   contain the root `toctree` directive.
+
+CVE-Search
+==========
+
+.. image:: https://img.shields.io/github/release/cve-search/cve-search.svg
+   :target: https://GitHub.com/cve-search/cve-search/releases/
+
+.. image:: https://travis-ci.org/cve-search/cve-search.svg?branch=master
+    :target: https://travis-ci.org/cve-search/cve-search
+
+.. image:: https://badges.gitter.im/Join%20Chat.svg
+   :alt: Join the chat at https://gitter.im/cve-search/cve-search
+   :target: https://gitter.im/cve-search/cve-search?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge
+
+.. image:: https://img.shields.io/badge/License-GPLv3-blue.svg
+   :target: https://www.gnu.org/licenses/gpl-3.0
+
+CVE-Search is a tool to import CVE (Common Vulnerabilities and Exposures) and
+CPE (Common Platform Enumeration) into a MongoDB to facilitate search
+and processing of CVEs.
+
+The main objective of the software is to avoid doing direct and public lookups
+into the public CVE databases. Local lookups are usually faster and you can
+limit your sensitive queries via the Internet.
+
+CVE-Search includes a back-end to store vulnerabilities and related information,
+an intuitive web interface for search and managing vulnerabilities,
+a series of tools to query the system and a web API interface.
+
+CVE-Search is used by many organizations including the `public CVE services of CIRCL <https://cve.circl.lu/>`_.
+
+This document gives you basic information how to start with CVE-Search.
+
+.. toctree::
+   :maxdepth: 2
+   :caption: Contents:
+
+   getting_started/installation
+   getting_started/database
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`modindex`
+* :ref:`search`