Mercurial > farol > farol
comparison farol/main.py @ 162:07210df10edd
Add support for CVE import (from GSA)
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Tue, 30 Dec 2014 14:33:50 +0100 |
parents | 57b65e7765c1 |
children | 4d8218fbe686 |
comparison
equal
deleted
inserted
replaced
161:57b65e7765c1 | 162:07210df10edd |
---|---|
29 import urllib2 | 29 import urllib2 |
30 from xml.etree import ElementTree as ET | 30 from xml.etree import ElementTree as ET |
31 | 31 |
32 import farolluz | 32 import farolluz |
33 from farolluz.cvrf import CVRF, ValidationError | 33 from farolluz.cvrf import CVRF, ValidationError |
34 from farolluz.parsers.cve import parse_CVE_from_GSA | |
34 from farolluz.parsers.cvrf import parse | 35 from farolluz.parsers.cvrf import parse |
35 from farolluz.renderer import render as render_cvrf | 36 from farolluz.renderer import render as render_cvrf |
36 from farolluz.utils import utcnow | 37 from farolluz.utils import utcnow |
37 | 38 |
38 import flask | 39 import flask |
100 | 101 |
101 @app.route('/') | 102 @app.route('/') |
102 def welcome(): | 103 def welcome(): |
103 return render_template('welcome.j2', | 104 return render_template('welcome.j2', |
104 version=__version__, | 105 version=__version__, |
105 imports=[('New', 100), ('CVRF', 100)], | 106 imports=[('New', 100), ('CVRF', 100), ('CVE from Greenbone Security Assistant', 90)], |
106 exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ], | 107 exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ], |
107 use_cases=[('Create a security advisory and publish as CVRF', 100), | 108 use_cases=[('Create a security advisory and publish as CVRF', 100), |
108 ('Edit a security advisory in CVRF format', 100)] | 109 ('Edit a security advisory in CVRF format', 100)] |
109 ) | 110 ) |
110 | 111 |
150 try: kind = {'sa': 'Advisory', 'sr': 'Response'}[kind] | 151 try: kind = {'sa': 'Advisory', 'sr': 'Response'}[kind] |
151 except KeyError: | 152 except KeyError: |
152 flash('Wrong cisco id: %s' % id_) | 153 flash('Wrong cisco id: %s' % id_) |
153 return | 154 return |
154 download_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_}) | 155 download_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_}) |
156 | |
157 def parse_cve_from_gsa(id_): | |
158 url = 'https://secinfo.greenbone.net/omp?cmd=get_info&info_type=cve&info_id=%s&details=1&token=guest&xml=1' % id_ | |
159 try: content = urllib2.urlopen(url).read() | |
160 except urllib2.HTTPError as e: | |
161 flash('Unable to download CVE %s: %s' % (url, e)) | |
162 return | |
163 doc = parse_CVE_from_GSA(content) | |
164 set_current(doc) | |
155 | 165 |
156 def set_text(text): | 166 def set_text(text): |
157 try: doc = parse(text) | 167 try: doc = parse(text) |
158 except ET.ParseError as e: | 168 except ET.ParseError as e: |
159 flash('Unable to parse Document: %s' % e) | 169 flash('Unable to parse Document: %s' % e) |
174 elif 'nasl' in request.form: | 184 elif 'nasl' in request.form: |
175 flash("I'm not able to parse NASL scripts yet", 'danger') | 185 flash("I'm not able to parse NASL scripts yet", 'danger') |
176 return redirect(url_for('new')) | 186 return redirect(url_for('new')) |
177 elif 'url' in request.form: | 187 elif 'url' in request.form: |
178 download_url(request.form['url']) | 188 download_url(request.form['url']) |
189 elif 'cve' in request.form: | |
190 parse_cve_from_gsa(request.form['id']) | |
179 elif 'local' in request.files: | 191 elif 'local' in request.files: |
180 upload = request.files['local'] | 192 upload = request.files['local'] |
181 fpath = os.path.join(app.instance_path, 'tmp', | 193 fpath = os.path.join(app.instance_path, 'tmp', |
182 secure_filename(upload.filename)) | 194 secure_filename(upload.filename)) |
183 if not os.path.exists(os.path.dirname(fpath)): | 195 if not os.path.exists(os.path.dirname(fpath)): |