# HG changeset patch # User BenoƮt Allard # Date 1419946430 -3600 # Node ID 07210df10eddf633fad7dc1468e0b6ee67f2e1fc # Parent 57b65e7765c12e43005654f72d48b169ff152f10 Add support for CVE import (from GSA) diff -r 57b65e7765c1 -r 07210df10edd farol/main.py --- a/farol/main.py Tue Dec 30 14:30:10 2014 +0100 +++ b/farol/main.py Tue Dec 30 14:33:50 2014 +0100 @@ -31,6 +31,7 @@ import farolluz from farolluz.cvrf import CVRF, ValidationError +from farolluz.parsers.cve import parse_CVE_from_GSA from farolluz.parsers.cvrf import parse from farolluz.renderer import render as render_cvrf from farolluz.utils import utcnow @@ -102,7 +103,7 @@ def welcome(): return render_template('welcome.j2', version=__version__, - imports=[('New', 100), ('CVRF', 100)], + imports=[('New', 100), ('CVRF', 100), ('CVE from Greenbone Security Assistant', 90)], exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ], use_cases=[('Create a security advisory and publish as CVRF', 100), ('Edit a security advisory in CVRF format', 100)] @@ -153,6 +154,15 @@ return download_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_}) +def parse_cve_from_gsa(id_): + url = 'https://secinfo.greenbone.net/omp?cmd=get_info&info_type=cve&info_id=%s&details=1&token=guest&xml=1' % id_ + try: content = urllib2.urlopen(url).read() + except urllib2.HTTPError as e: + flash('Unable to download CVE %s: %s' % (url, e)) + return + doc = parse_CVE_from_GSA(content) + set_current(doc) + def set_text(text): try: doc = parse(text) except ET.ParseError as e: @@ -176,6 +186,8 @@ return redirect(url_for('new')) elif 'url' in request.form: download_url(request.form['url']) + elif 'cve' in request.form: + parse_cve_from_gsa(request.form['id']) elif 'local' in request.files: upload = request.files['local'] fpath = os.path.join(app.instance_path, 'tmp', diff -r 57b65e7765c1 -r 07210df10edd farol/templates/new.j2 --- a/farol/templates/new.j2 Tue Dec 30 14:30:10 2014 +0100 +++ b/farol/templates/new.j2 Tue Dec 30 14:33:50 2014 +0100 @@ -53,7 +53,7 @@ {% for (type, placeholder) in [ ('RHSA', 'YYYY:nnnn'), ('Oracle', 'nnnnnnn'), - ('Cisco', 'sa-YYYYMMDD-xxx')] %} + ('Cisco', 'sa-YYYYMMDD-xxx'),('CVE', 'CVE-YYYY-NNNN')] %}