Mercurial > farol > farol
diff farol/main.py @ 162:07210df10edd
Add support for CVE import (from GSA)
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Tue, 30 Dec 2014 14:33:50 +0100 |
parents | 57b65e7765c1 |
children | 4d8218fbe686 |
line wrap: on
line diff
--- a/farol/main.py Tue Dec 30 14:30:10 2014 +0100 +++ b/farol/main.py Tue Dec 30 14:33:50 2014 +0100 @@ -31,6 +31,7 @@ import farolluz from farolluz.cvrf import CVRF, ValidationError +from farolluz.parsers.cve import parse_CVE_from_GSA from farolluz.parsers.cvrf import parse from farolluz.renderer import render as render_cvrf from farolluz.utils import utcnow @@ -102,7 +103,7 @@ def welcome(): return render_template('welcome.j2', version=__version__, - imports=[('New', 100), ('CVRF', 100)], + imports=[('New', 100), ('CVRF', 100), ('CVE from Greenbone Security Assistant', 90)], exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ], use_cases=[('Create a security advisory and publish as CVRF', 100), ('Edit a security advisory in CVRF format', 100)] @@ -153,6 +154,15 @@ return download_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_}) +def parse_cve_from_gsa(id_): + url = 'https://secinfo.greenbone.net/omp?cmd=get_info&info_type=cve&info_id=%s&details=1&token=guest&xml=1' % id_ + try: content = urllib2.urlopen(url).read() + except urllib2.HTTPError as e: + flash('Unable to download CVE %s: %s' % (url, e)) + return + doc = parse_CVE_from_GSA(content) + set_current(doc) + def set_text(text): try: doc = parse(text) except ET.ParseError as e: @@ -176,6 +186,8 @@ return redirect(url_for('new')) elif 'url' in request.form: download_url(request.form['url']) + elif 'cve' in request.form: + parse_cve_from_gsa(request.form['id']) elif 'local' in request.files: upload = request.files['local'] fpath = os.path.join(app.instance_path, 'tmp',