Update Sun May 26 23:17:22 CEST 2024

2025-06-19 17:30:12 +00:00 · 2024-05-26 23:17:22 +02:00 · 2024-05-26 23:17:22 +02:00 · 1f3d35410a
commit 1f3d35410a
parent ab087c0419
5 changed files with 43 additions and 62 deletions
--- a/docs/CVE_list.json
+++ b/docs/CVE_list.json
--- a/docs/generate_summary_json.py
+++ b/docs/generate_summary_json.py
@ -17,22 +17,22 @@ years = [year for year in years if year.isdigit()]
 years.sort(reverse=True)

 #clean up the text blocks
-def clean_text(description):
-    
+def clean_text(description_text):
+    description = re.sub(r'\n+', '\n', description_text)
    #remove the '-' at the beginning of each line
    description_lines = description.split('\n')
    description_lines = [line.lstrip('- ') for line in description_lines]

    #change urls with <a> links with regular expression
-    description_lines = [re.sub(r'(https?:\/\/[^\s]+)', r'<a target="_blank" href="\1">\1</a>', line) for line in description_lines]
-    
+    #description_lines = [re.sub(r'(https?:\/\/[^\s]+)', r'<a target="_blank" href="\1">\1</a>', line) for line in description_lines]
+
    #add <br/> for each line
-    description = '<br/>'.join(description_lines)
+    description = '\n'.join(description_lines)
    return description

 #generate JSON for each CVE
 for year in years:
-    
+
    yearDir = os.path.join(dir, year)
    for CVE_filename in os.listdir(yearDir):

@ -45,20 +45,33 @@ for year in years:
        CVE_description = CVE_file_content.split('### Description')[1].split('###')[0].strip()
        CVE_references = CVE_file_content.split('### Reference')[1].split('###')[0].strip()
        CVE_github = CVE_file_content.split('### Github')[1].split('###')[0].strip()
-        
+
        #TODO: extract imageshield label attributes
-        
+
        CVE_Name = CVE_filename.split('.')[0]
-        
+
        CVE_description = clean_text(CVE_description)
        CVE_github = clean_text(CVE_github)
        CVE_references = clean_text(CVE_references)
+        CVE_poc = []
+        if "No PoCs" not in CVE_references:
+           if '\n' in CVE_references:
+             for ref in CVE_references.split('\n'):
+               CVE_poc.append(ref)
+           else:
+             CVE_poc.append(CVE_references)
+        if "No PoCs" not in CVE_github:
+           if '\n' in CVE_github:
+             for poc in CVE_github.split('\n'):
+               CVE_poc.append(poc)
+           else:
+             CVE_poc.append(CVE_github)

-        thisCVE = [year,CVE_Name, CVE_description, CVE_github,CVE_references]
+        thisCVE = {"cve": CVE_Name, "desc": CVE_description, "poc": CVE_poc}
        CVE_list.append(thisCVE)

-CVE_output = f"dataTable_data = {json.dumps(CVE_list)}"
+CVE_output = f"{json.dumps(CVE_list)}"

 #save CVE list to JSON file
 with open('CVE_list.json', 'w') as outfile:
-    outfile.write(CVE_output)
+    outfile.write(CVE_output)
--- a/docs/index.html
+++ b/docs/index.html
@ -20,7 +20,7 @@
 					<input type="text" class="search" placeholder="ENTER SEARCH TERM" autocomplete="false">
 				</form>
 			</div>
-			<div class="results">
+			<div class="results" style="display:none">
 				<br>
 				<div class="noResults">
 					<h2>No Results Found</h2>
--- a/docs/logic.js
+++ b/docs/logic.js
@ -1,6 +1,6 @@
-var searchResultFormat = '<tr><td class="cveNum"><b>$cve</b></td><td align="left">$description<hr>$poc</td></tr>';
-var totalLimit = 500;
-var replaceStrings = ['HackTheBox - ', 'VulnHub - ', 'UHC - '];
+const searchResultFormat = '<tr><td class="cveNum">$cve</td><td align="left">$description $poc</td></tr>';
+const totalLimit = 1000;
+const replaceStrings = ['HackTheBox - ', 'VulnHub - ', 'UHC - '];
 const results = document.querySelector('div.results');
 const searchValue = document.querySelector('input.search');
 const form = document.querySelector('form.searchForm');
@ -22,53 +22,22 @@ function escapeHTML(str) {
    });
 }

-function convertLinksToList(content) {
-    const tempDiv = document.createElement('div');
-    tempDiv.innerHTML = content;
-
-    const links = tempDiv.querySelectorAll('a');
+function convertLinksToList(links) {
    if (links.length === 0) {
        return content;
    }
-
-    const list = document.createElement('ul');
+    let htmlOutput = `<hr><ul>`;
    links.forEach(link => {
-        const listItem = document.createElement('li');
-        listItem.appendChild(link.cloneNode(true));
-        list.appendChild(listItem);
+       htmlOutput += `<li><a target="_blank" href="${link}">${link}</a></li>`;
    });
-
-    // Remove all original links from the tempDiv
-    links.forEach(link => link.parentNode.removeChild(link));
-
-    // Append the newly created list to tempDiv
-    tempDiv.appendChild(list);
-
-    return tempDiv.innerHTML;
+    htmlOutput += `</ul>`
+    return htmlOutput;
 }

-function convertToList(content) {
-    // Create a temporary div to manipulate the content
-    const tempDiv = document.createElement('div');
-    // Remove all <br> tags
-    content = content.replace(/<br\s*\/?>/gi, '');
-    tempDiv.innerHTML = content;
-
-    const list = document.createElement('ul');
-    Array.from(tempDiv.childNodes).forEach(node => {
-        const listItem = document.createElement('li');
-        if (node.nodeType === Node.TEXT_NODE) {
-            listItem.textContent = node.textContent.trim();
-        } else if (node.nodeType === Node.ELEMENT_NODE && node.tagName === 'A') {
-            listItem.appendChild(node.cloneNode(true));
-        }
-        list.appendChild(listItem);
-    });
-
-    return list.outerHTML;
+function getCveLink(cveId) {
+    return `<a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=${cveId}"><b>${cveId}</b></a>`
 }

-
 var controls = {
    oldColor: '',
    displayResults: function() {
@ -86,8 +55,8 @@ var controls = {
        let negmatch = words.filter(word => word[0] === '-').map(word => word.substring(1));

        dataset.forEach(e => {
-            let description = replaceStrings.reduce((desc, str) => desc.replace(str, ''), e.description).toLowerCase();
-            let combinedText = (e.cve + e.poc + description).toLowerCase();
+            let description = replaceStrings.reduce((desc, str) => desc.replace(str, ''), e.desc).toLowerCase();
+            let combinedText = (e.cve + description).toLowerCase();

            let positiveMatch = posmatch.every(word => combinedText.includes(word));
            let negativeMatch = negmatch.some(word => combinedText.includes(word));
@ -118,10 +87,9 @@ var controls = {
            let fragment = document.createDocumentFragment();
            results.forEach(r => {
                let el = searchResultFormat
-                    .replace('$cve', r.cve)
-                    .replace('$description', escapeHTML(r.description) )
-                    //.replace('$poc', convertLinksToList(r.poc));
-                    .replace('$poc', convertToList(r.poc));
+                    .replace('$cve', getCveLink(r.cve))
+                    .replace('$description', escapeHTML(r.desc) )
+                    .replace('$poc', convertLinksToList(r.poc));
                let wrapper = document.createElement('table');
                wrapper.innerHTML = el;
                fragment.appendChild(wrapper.querySelector('tr'));
@ -170,7 +138,7 @@ document.addEventListener('DOMContentLoaded', function() {
        }
    }

-    fetch('./pocs.json')
+    fetch('./CVE_list.json')
        .then(res => res.json())
        .then(data => {
            window.dataset = data;
--- a/docs/pocs.json
+++ b/docs/pocs.json