admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update Mon May 27 00:21:12 CEST 2024

Browse Source
This commit is contained in:
0xMarcio 2024-05-27 00:21:12 +02:00
parent 1f3d35410a
commit 266c00057c
3 changed files with 99 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
docs/generate_cve_list.py Normal file
View File

@ -0,0 +1,60 @@
#!/usr/bin/python3
import os
import json
import re
# Path to enumerate CVEs from
dir = "../"
CVE_list = []
# Fetch all the years
years = os.listdir(dir)
# Remove non-numeric years
years = [year for year in years if year.isdigit()]
# Sort descending (we want the latest at the top)
years.sort(reverse=True)
# Clean up the text blocks
def clean_text(description_text):
description = re.sub(r'\n+', '\n', description_text)
# Remove the '-' at the beginning of each line
description_lines = description.split('\n')
description_lines = [line.lstrip('- ') for line in description_lines]
# Add <br/> for each line
description = '\n'.join(description_lines)
return description
# Generate JSON for each CVE
for year in years:
yearDir = os.path.join(dir, year)
for CVE_filename in os.listdir(yearDir):
# Open CVE file
with open(os.path.join(yearDir, CVE_filename), 'r') as CVE_file:
# Read CVE file
CVE_file_content = CVE_file.read()
# Extract CVE description, references, and GitHub links
CVE_description = CVE_file_content.split('### Description')[1].split('###')[0].strip()
CVE_references = CVE_file_content.split('### Reference')[1].split('###')[0].strip()
CVE_github = CVE_file_content.split('### Github')[1].split('###')[0].strip()
CVE_Name = CVE_filename.split('.')[0]
CVE_description = clean_text(CVE_description)
CVE_github = clean_text(CVE_github)
CVE_references = clean_text(CVE_references)
CVE_poc = [ref for ref in CVE_references.split('\n') if "No PoCs" not in ref]
CVE_poc += [poc for poc in CVE_github.split('\n') if "No PoCs" not in poc]
thisCVE = {"cve": CVE_Name, "desc": CVE_description, "poc": CVE_poc}
CVE_list.append(thisCVE)
# Convert CVE list to JSON without indentation
CVE_output = json.dumps(CVE_list)
# Save CVE list to JSON file
with open('CVE_list.json', 'w') as outfile:
outfile.write(CVE_output)
print("CVE list saved to CVE_list.json")

77
docs/generate_summary_json.py
View File

@ -1,77 +0,0 @@
#!/usr/bin/python3
import os
import datetime
import sys
import json
import re
#Path to enumerate CVEs from
dir = "../"
CVE_list = []
#fetch all the years
years = os.listdir(dir)
#remove non numeric years
years = [year for year in years if year.isdigit()]
#sort descending (we want the latest at the top)
years.sort(reverse=True)
#clean up the text blocks
def clean_text(description_text):
description = re.sub(r'\n+', '\n', description_text)
#remove the '-' at the beginning of each line
description_lines = description.split('\n')
description_lines = [line.lstrip('- ') for line in description_lines]
#change urls with <a> links with regular expression
#description_lines = [re.sub(r'(https?:\/\/[^\s]+)', r'<a target="_blank" href="\1">\1</a>', line) for line in description_lines]
#add <br/> for each line
description = '\n'.join(description_lines)
return description
#generate JSON for each CVE
for year in years:
yearDir = os.path.join(dir, year)
for CVE_filename in os.listdir(yearDir):
#open CVE file
CVE_file = open(os.path.join(yearDir, CVE_filename), 'r')
#read CVE file
CVE_file_content = CVE_file.read()
#extract CVE description, references and github
CVE_description = CVE_file_content.split('### Description')[1].split('###')[0].strip()
CVE_references = CVE_file_content.split('### Reference')[1].split('###')[0].strip()
CVE_github = CVE_file_content.split('### Github')[1].split('###')[0].strip()
#TODO: extract imageshield label attributes
CVE_Name = CVE_filename.split('.')[0]
CVE_description = clean_text(CVE_description)
CVE_github = clean_text(CVE_github)
CVE_references = clean_text(CVE_references)
CVE_poc = []
if "No PoCs" not in CVE_references:
if '\n' in CVE_references:
for ref in CVE_references.split('\n'):
CVE_poc.append(ref)
else:
CVE_poc.append(CVE_references)
if "No PoCs" not in CVE_github:
if '\n' in CVE_github:
for poc in CVE_github.split('\n'):
CVE_poc.append(poc)
else:
CVE_poc.append(CVE_github)
thisCVE = {"cve": CVE_Name, "desc": CVE_description, "poc": CVE_poc}
CVE_list.append(thisCVE)
CVE_output = f"{json.dumps(CVE_list)}"
#save CVE list to JSON file
with open('CVE_list.json', 'w') as outfile:
outfile.write(CVE_output)

93
docs/logic.js
View File

@ -10,66 +10,53 @@ const noResults = document.querySelector('div.noResults');
const colorUpdate = document.body;
function escapeHTML(str) {
return str.replace(/[&<>"']/g, function (match) {
const escapeChars = {
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#39;'
};
return escapeChars[match];
});
return str.replace(/[&<>"']/g, match => ({
'&': '&amp;',
'<': '&lt;',
'>': '&gt;',
'"': '&quot;',
"'": '&#39;'
}[match]));
}
function convertLinksToList(links) {
if (links.length === 0) {
return content;
return '';
}
let htmlOutput = `<hr><ul>`;
links.forEach(link => {
htmlOutput += `<li><a target="_blank" href="${link}">${link}</a></li>`;
});
htmlOutput += `</ul>`
return htmlOutput;
return `<hr><ul>${links.map(link => `<li><a target="_blank" href="${link}">${link}</a></li>`).join('')}</ul>`;
}
function getCveLink(cveId) {
return `<a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=${cveId}"><b>${cveId}</b></a>`
return `<a target="_blank" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=${cveId}"><b>${cveId}</b></a>`;
}
var controls = {
const controls = {
oldColor: '',
displayResults: function() {
displayResults() {
results.style.display = '';
resultsTableHideable.classList.remove('hide');
},
hideResults: function() {
hideResults() {
results.style.display = 'none';
resultsTableHideable.classList.add('hide');
},
doSearch: function(match, dataset) {
let results = [];
let words = match.toLowerCase().split(' ');
let posmatch = words.filter(word => word[0] !== '-');
let negmatch = words.filter(word => word[0] === '-').map(word => word.substring(1));
doSearch(match, dataset) {
const words = match.toLowerCase().split(' ');
const posmatch = words.filter(word => word[0] !== '-');
const negmatch = words.filter(word => word[0] === '-').map(word => word.substring(1));
dataset.forEach(e => {
let description = replaceStrings.reduce((desc, str) => desc.replace(str, ''), e.desc).toLowerCase();
let combinedText = (e.cve + description).toLowerCase();
return dataset.filter(e => {
const description = replaceStrings.reduce((desc, str) => desc.replace(str, ''), e.desc).toLowerCase();
const combinedText = (e.cve + description).toLowerCase();
let positiveMatch = posmatch.every(word => combinedText.includes(word));
let negativeMatch = negmatch.some(word => combinedText.includes(word));
const positiveMatch = posmatch.every(word => combinedText.includes(word));
const negativeMatch = negmatch.some(word => combinedText.includes(word));
if (positiveMatch && !negativeMatch) {
results.push(e);
}
return positiveMatch && !negativeMatch;
});
return results;
},
updateResults: function(loc, results) {
if (results.length == 0) {
updateResults(loc, results) {
if (results.length === 0) {
noResults.style.display = '';
noResults.textContent = 'No Results Found';
resultsTableHideable.classList.add('hide');
@ -84,21 +71,21 @@ var controls = {
noResults.style.display = 'none';
resultsTableHideable.classList.remove('hide');
let fragment = document.createDocumentFragment();
const fragment = document.createDocumentFragment();
results.forEach(r => {
let el = searchResultFormat
const el = searchResultFormat
.replace('$cve', getCveLink(r.cve))
.replace('$description', escapeHTML(r.desc) )
.replace('$description', escapeHTML(r.desc))
.replace('$poc', convertLinksToList(r.poc));
let wrapper = document.createElement('table');
const wrapper = document.createElement('table');
wrapper.innerHTML = el;
fragment.appendChild(wrapper.querySelector('tr'));
});
loc.appendChild(fragment);
}
},
setColor: function(loc, indicator) {
if (this.oldColor == indicator) return;
setColor(loc, indicator) {
if (this.oldColor === indicator) return;
loc.className = loc.className.replace(/\bcolor-\S+/g, '');
loc.classList.add('color-' + indicator);
this.oldColor = indicator;
@ -107,23 +94,21 @@ var controls = {
window.controls = controls;
document.addEventListener('DOMContentLoaded', function() {
document.addEventListener('DOMContentLoaded', () => {
document.body.classList.add('fade');
var currentSet = [];
var debounceTimer;
let currentSet = [];
let debounceTimer;
function doSearch(event) {
var val = searchValue.value.trim();
const val = searchValue.value.trim();
if (val !== '') {
controls.displayResults();
currentSet = window.dataset;
currentSet = window.controls.doSearch(val, currentSet);
currentSet = window.controls.doSearch(val, window.dataset);
if (currentSet.length < totalLimit) {
window.controls.setColor(colorUpdate, currentSet.length == 0 ? 'no-results' : 'results-found');
window.controls.setColor(colorUpdate, currentSet.length === 0 ? 'no-results' : 'results-found');
}
window.controls.updateResults(resultsTable, currentSet);
@ -133,7 +118,7 @@ document.addEventListener('DOMContentLoaded', function() {
noResults.style.display = 'none';
}
if (event.type == 'submit') {
if (event.type === 'submit') {
event.preventDefault();
}
}
@ -149,7 +134,7 @@ document.addEventListener('DOMContentLoaded', function() {
form.addEventListener('submit', doSearch);
searchValue.addEventListener('input', function(event) {
searchValue.addEventListener('input', event => {
clearTimeout(debounceTimer);
debounceTimer = setTimeout(() => doSearch(event), 300);
});