Mercurial > farol
changeset 162:07210df10edd
Add support for CVE import (from GSA)
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Tue, 30 Dec 2014 14:33:50 +0100 |
parents | 57b65e7765c1 |
children | 1d63a532ccce |
files | farol/main.py farol/templates/new.j2 |
diffstat | 2 files changed, 14 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/farol/main.py Tue Dec 30 14:30:10 2014 +0100 +++ b/farol/main.py Tue Dec 30 14:33:50 2014 +0100 @@ -31,6 +31,7 @@ import farolluz from farolluz.cvrf import CVRF, ValidationError +from farolluz.parsers.cve import parse_CVE_from_GSA from farolluz.parsers.cvrf import parse from farolluz.renderer import render as render_cvrf from farolluz.utils import utcnow @@ -102,7 +103,7 @@ def welcome(): return render_template('welcome.j2', version=__version__, - imports=[('New', 100), ('CVRF', 100)], + imports=[('New', 100), ('CVRF', 100), ('CVE from Greenbone Security Assistant', 90)], exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ], use_cases=[('Create a security advisory and publish as CVRF', 100), ('Edit a security advisory in CVRF format', 100)] @@ -153,6 +154,15 @@ return download_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_}) +def parse_cve_from_gsa(id_): + url = 'https://secinfo.greenbone.net/omp?cmd=get_info&info_type=cve&info_id=%s&details=1&token=guest&xml=1' % id_ + try: content = urllib2.urlopen(url).read() + except urllib2.HTTPError as e: + flash('Unable to download CVE %s: %s' % (url, e)) + return + doc = parse_CVE_from_GSA(content) + set_current(doc) + def set_text(text): try: doc = parse(text) except ET.ParseError as e: @@ -176,6 +186,8 @@ return redirect(url_for('new')) elif 'url' in request.form: download_url(request.form['url']) + elif 'cve' in request.form: + parse_cve_from_gsa(request.form['id']) elif 'local' in request.files: upload = request.files['local'] fpath = os.path.join(app.instance_path, 'tmp',
--- a/farol/templates/new.j2 Tue Dec 30 14:30:10 2014 +0100 +++ b/farol/templates/new.j2 Tue Dec 30 14:33:50 2014 +0100 @@ -53,7 +53,7 @@ {% for (type, placeholder) in [ ('RHSA', 'YYYY:nnnn'), ('Oracle', 'nnnnnnn'), - ('Cisco', 'sa-YYYYMMDD-xxx')] %} + ('Cisco', 'sa-YYYYMMDD-xxx'),('CVE', 'CVE-YYYY-NNNN')] %} <div class="col-lg-4"> <form role="form" method="POST"> <input type="hidden" name="{{ type | lower}}">