changeset 162:07210df10edd

Add support for CVE import (from GSA)
author Benoît Allard <benoit.allard@greenbone.net>
date Tue, 30 Dec 2014 14:33:50 +0100
parents 57b65e7765c1
children 1d63a532ccce
files farol/main.py farol/templates/new.j2
diffstat 2 files changed, 14 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/farol/main.py	Tue Dec 30 14:30:10 2014 +0100
+++ b/farol/main.py	Tue Dec 30 14:33:50 2014 +0100
@@ -31,6 +31,7 @@
 
 import farolluz
 from farolluz.cvrf import CVRF, ValidationError
+from farolluz.parsers.cve import parse_CVE_from_GSA
 from farolluz.parsers.cvrf import parse
 from farolluz.renderer import render as render_cvrf
 from farolluz.utils import utcnow
@@ -102,7 +103,7 @@
 def welcome():
     return render_template('welcome.j2',
         version=__version__,
-        imports=[('New', 100), ('CVRF', 100)],
+        imports=[('New', 100), ('CVRF', 100), ('CVE from Greenbone Security Assistant', 90)],
         exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ],
         use_cases=[('Create a security advisory and publish as CVRF', 100),
                    ('Edit a security advisory in CVRF format', 100)]
@@ -153,6 +154,15 @@
         return
     download_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_})
 
+def parse_cve_from_gsa(id_):
+    url = 'https://secinfo.greenbone.net/omp?cmd=get_info&info_type=cve&info_id=%s&details=1&token=guest&xml=1' % id_
+    try: content = urllib2.urlopen(url).read()
+    except urllib2.HTTPError as e:
+        flash('Unable to download CVE %s: %s' % (url, e))
+        return
+    doc = parse_CVE_from_GSA(content)
+    set_current(doc)
+
 def set_text(text):
     try: doc = parse(text)
     except ET.ParseError as e:
@@ -176,6 +186,8 @@
         return redirect(url_for('new'))
     elif 'url' in request.form:
         download_url(request.form['url'])
+    elif 'cve' in request.form:
+        parse_cve_from_gsa(request.form['id'])
     elif 'local' in request.files:
         upload = request.files['local']
         fpath = os.path.join(app.instance_path, 'tmp',
--- a/farol/templates/new.j2	Tue Dec 30 14:30:10 2014 +0100
+++ b/farol/templates/new.j2	Tue Dec 30 14:33:50 2014 +0100
@@ -53,7 +53,7 @@
           {% for (type, placeholder) in [
                 ('RHSA', 'YYYY:nnnn'),
                 ('Oracle', 'nnnnnnn'),
-                ('Cisco', 'sa-YYYYMMDD-xxx')] %}
+                ('Cisco', 'sa-YYYYMMDD-xxx'),('CVE', 'CVE-YYYY-NNNN')] %}
           <div class="col-lg-4">
             <form role="form" method="POST">
               <input type="hidden" name="{{ type | lower}}">

http://farol.wald.intevation.org