Merge pull request #887 from BenediktMKuehne/cvexplore-intigration

Cvexplore integration
e-m-b-a · Nov 21, 2023 · 41c0359 · 41c0359
2 parents 0520a7c + 749d450
commit 41c0359
Show file tree

Hide file tree

Showing 3 changed files with 41 additions and 19 deletions.
diff --git a/config/emba_updater.init b/config/emba_updater.init
@@ -6,32 +6,36 @@ BASE_PATH="$(pwd)"
 LOG_DIR="/var/log"
 
 [ -d EMBA_INSTALL_PATH ] || exit 0
-[ -x EMBA_INSTALL_PATH/external/cve-search/sbin/db_updater.py ] || exit 0
 [ -x /etc/init.d/redis-server ] || exit 0
-[ -d "$LOG_DIR" ] || exit 0
+[ -d "${LOG_DIR}" ] || exit 0
 
 if [ -f EMBA_INSTALL_PATH/external/emba_venv/bin/activate ]; then
   source EMBA_INSTALL_PATH/external/emba_venv/bin/activate
 fi
 
 if command -v cve_searchsploit > /dev/null ; then
-  echo "[*] EMBA update - cve_searchsploit update" | tee -a "$LOG_DIR"/emba_update.log
-  cve_searchsploit -u | tee -a "$LOG_DIR"/emba_update.log
+  echo "[*] EMBA update - cve_searchsploit update" | tee -a "${LOG_DIR}"/emba_update.log
+  cve_searchsploit -u | tee -a "${LOG_DIR}"/emba_update.log
 fi
 
-echo "[*] EMBA update - main repository" | tee -a "$LOG_DIR"/emba_update.log
+echo "[*] EMBA update - main repository" | tee -a "${LOG_DIR}"/emba_update.log
 cd EMBA_INSTALL_PATH || exit
-git pull origin master | tee -a "$LOG_DIR"/emba_update.log
-cd "$BASE_PATH" || exit
+git pull origin master | tee -a "${LOG_DIR}"/emba_update.log
+cd "${BASE_PATH}" || exit
 
-echo "[*] EMBA update - cve-search update" | tee -a "$LOG_DIR"/emba_update.log
-service mongod start | tee -a "$LOG_DIR"/emba_update.log
-/etc/init.d/redis-server start | tee -a "$LOG_DIR"/emba_update.log
+echo "[*] EMBA update - cve-search update" | tee -a "${LOG_DIR}"/emba_update.log
+service mongod start | tee -a "${LOG_DIR}"/emba_update.log
+/etc/init.d/redis-server start | tee -a "${LOG_DIR}"/emba_update.log
 
-EMBA_INSTALL_PATH/external/cve-search/sbin/db_updater.py -v | tee -a "$LOG_DIR"/emba_update.log
+# Find and set Proxy-settings for cvexplore
+if [[ -n "${https_proxy}" ]]; then
+  export HTTP_PROXY_STRING="${https_proxy}"
+fi
+
+MONGODB_HOST="172.36.0.1" cvexplore database update | tee -a "${LOG_DIR}"/emba_update.log
 
-echo "[*] EMBA update - update local docker image" | tee -a "$LOG_DIR"/emba_update.log
-docker pull embeddedanalyzer/emba | tee -a "$LOG_DIR"/emba_update.log
+echo "[*] EMBA update - update local docker image" | tee -a "${LOG_DIR}"/emba_update.log
+docker pull embeddedanalyzer/emba | tee -a "${LOG_DIR}"/emba_update.log
 
 if [ -f EMBA_INSTALL_PATH/external/emba_venv/bin/activate ]; then
   deactivate

diff --git a/installer.sh b/installer.sh
@@ -55,9 +55,10 @@ export UBUNTU_OS=0
 export WSL=0
 export GH_ACTION=0
 export SSL_REPOS=0
+
 # cve_search
 export MONGODB_HOST="172.36.0.1"
-# export MONGODB_PORT=27017
+export MONGODB_PORT=27017
 
 ## Color definition
 export RED="\033[0;31m"

diff --git a/installer/IF20_cve_search.sh b/installer/IF20_cve_search.sh
@@ -12,7 +12,7 @@
 # EMBA is licensed under GPLv3
 #
 # Author(s): Michael Messner, Pascal Eckmann
-# Contributor(s): Stefan Haboeck, Nikolas Papaioannou
+# Contributor(s): Stefan Haboeck, Nikolas Papaioannou, Benedikt Kuehne
 
 # Description: Installs cve-search for CVE search module in EMBA (F20)
 
@@ -78,7 +78,7 @@ IF20_cve_search() {
       pip_install "dnspython==2.2.1"
       pip_install "Werkzeug"
       pip_install "python-dateutil"
-      pip_install "CveXplore>=0.3.16"
+      pip_install "CveXplore"
 
       REDIS_PW="$(tr -dc A-Za-z0-9 </dev/urandom | head -c 13 || true)"
 
@@ -173,15 +173,32 @@ IF20_cve_search() {
             echo -e "\\n""${MAGENTA}""cve-search database not ready.""${NC}"
             echo -e "\\n""${MAGENTA}""The installer is going to populate the database.""${NC}"
           fi
+          # Find and set Proxy-settings for cvexplore
+          if [[ -n "${https_proxy:-}" ]]; then
+            echo -e "\\n""${MAGENTA}""Found a https-proxy settings, will be routing traffic for cvexplore through:""${BOLD}""${https_proxy}""${NC}"
+            export HTTP_PROXY_STRING="${https_proxy}"
+          elif [[ -n "${HTTPS_PROXY:-}" ]]; then
+            echo -e "\\n""${MAGENTA}""Found a https-proxy settings, will be routing traffic for cvexplore through:""${BOLD}""${HTTPS_PROXY}""${NC}"
+            export HTTP_PROXY_STRING="${HTTPS_PROXY}"
+          fi
+          # Find and set NVD_NIST_API_KEY for cvexplore
+          if [[ -f "/home/${SUDO_USER}/.cvexplore/.env" ]]; then
+            set -o allexport
+            # shellcheck source=/dev/null
+            source "/home/${SUDO_USER}/.cvexplore/.env"
+            set +o allexport
+          fi
+          # independently checking if a NIST API key is set
+          if [[ -z "${NVD_NIST_API_KEY:-}" ]]; then
+            echo -e "\\n""${ORANGE}""${BOLD}""No NVD-NIST API key set. Trying to initialize the database without it""${NC}"
+          fi
           # only update and install the database if we have no working database
           # also do not update if we are running as github action (GH_ACTION set to 1)
           if [[ "${GH_ACTION}" -eq 0 ]] && [[ "${CVE_INST}" -eq 1 ]]; then
             /etc/init.d/redis-server restart
             CNT=0
             while [[ "${CVE_INST}" -eq 1 ]]; do
-              ./sbin/db_mgmt_cpe_dictionary.py -p || true
-              ./sbin/db_mgmt_json.py -p || true
-              ./sbin/db_updater.py -f || true
+              cvexplore database initialize
               if [[ $(./bin/search.py -p busybox 2>/dev/null | grep -c ":\ CVE-") -gt 18 ]]; then
                 break
               fi