AIL-framework/bin/Cve.py

#!/usr/bin/env python3
# -*-coding:UTF-8 -*
"""
The CVE Module
======================

This module is consuming the Redis-list created by the Categ module.

It apply CVE regexes on paste content and warn if a reference to a CVE is spotted.

"""

##################################
# Import External packages
##################################
import time
import re

##################################
# Import Project packages
##################################
from modules.abstract_module import AbstractModule
from packages import Paste


class Cve(AbstractModule):
    """
    Cve module for AIL framework
    """

    def __init__(self):
        super(Cve, self).__init__()

        # regex to find CVE
        self.reg_cve = re.compile(r'(CVE-)[1-2]\d{1,4}-\d{1,5}')

        # Waiting time in secondes between to message proccessed
        self.pending_seconds = 1

        # Send module state to logs
        self.redis_logger.info(f'Module {self.module_name} initialized')


    def compute(self, message):

        filepath, count = message.split()
        paste = Paste.Paste(filepath)
        content = paste.get_p_content()
        
        # list of the regex results in the Paste, may be null
        results = set(self.reg_cve.findall(content))

        # if the list is positive, we consider the Paste may contain a list of cve
        if len(results) > 0:
            warning = f'{paste.p_name} contains CVEs'
            print(warning)
            self.redis_logger.warning(warning)

            msg = f'infoleak:automatic-detection="cve";{filepath}'
            # Send to Tags Queue
            self.send_message_to_queue(msg, 'Tags')
            # Send to Duplicate Queue
            self.send_message_to_queue(filepath, 'Duplicate')


if __name__ == '__main__':

    module = Cve()
    module.run()
decode with redis connection 2018-05-04 13:53:29 +02:00			`#!/usr/bin/env python3`
Added new modules and started WebTrending web interface 2016-06-30 14:38:28 +02:00			`# --coding:UTF-8 -`
			`"""`
Improved description of modules inside the scripts 2017-05-09 11:13:16 +02:00			`The CVE Module`
			`======================`

			`This module is consuming the Redis-list created by the Categ module.`

			`It apply CVE regexes on paste content and warn if a reference to a CVE is spotted.`

Added new modules and started WebTrending web interface 2016-06-30 14:38:28 +02:00			`"""`

fix: inherit AbstractModule to prevent stuck queues regex compiled only at start, not in the loop no duplicate warning string comments 2021-09-08 10:32:47 +02:00			`##################################`
			`# Import External packages`
			`##################################`
Added new modules and started WebTrending web interface 2016-06-30 14:38:28 +02:00			`import time`
			`import re`
fix: inherit AbstractModule to prevent stuck queues regex compiled only at start, not in the loop no duplicate warning string comments 2021-09-08 10:32:47 +02:00
			`##################################`
			`# Import Project packages`
			`##################################`
			`from modules.abstract_module import AbstractModule`
Added new modules and started WebTrending web interface 2016-06-30 14:38:28 +02:00			`from packages import Paste`


fix: inherit AbstractModule to prevent stuck queues regex compiled only at start, not in the loop no duplicate warning string comments 2021-09-08 10:32:47 +02:00			`class Cve(AbstractModule):`
			`"""`
			`Cve module for AIL framework`
			`"""`

			`def __init__(self):`
			`super(Cve, self).__init__()`

			`# regex to find CVE`
			`self.reg_cve = re.compile(r'(CVE-)[1-2]\d{1,4}-\d{1,5}')`

			`# Waiting time in secondes between to message proccessed`
			`self.pending_seconds = 1`

			`# Send module state to logs`
			`self.redis_logger.info(f'Module {self.module_name} initialized')`

Added new modules and started WebTrending web interface 2016-06-30 14:38:28 +02:00
fix: inherit AbstractModule to prevent stuck queues regex compiled only at start, not in the loop no duplicate warning string comments 2021-09-08 10:32:47 +02:00			`def compute(self, message):`

			`filepath, count = message.split()`
			`paste = Paste.Paste(filepath)`
			`content = paste.get_p_content()`

			`# list of the regex results in the Paste, may be null`
			`results = set(self.reg_cve.findall(content))`

			`# if the list is positive, we consider the Paste may contain a list of cve`
			`if len(results) > 0:`
			`warning = f'{paste.p_name} contains CVEs'`
			`print(warning)`
			`self.redis_logger.warning(warning)`

			`msg = f'infoleak:automatic-detection="cve";{filepath}'`
			`# Send to Tags Queue`
			`self.send_message_to_queue(msg, 'Tags')`
			`# Send to Duplicate Queue`
			`self.send_message_to_queue(filepath, 'Duplicate')`
Added new modules and started WebTrending web interface 2016-06-30 14:38:28 +02:00
Fixed bug in CVE (always sending to browse_warning even if there was no match) 2016-08-08 11:54:27 +02:00
Added new modules and started WebTrending web interface 2016-06-30 14:38:28 +02:00			`if __name__ == '__main__':`
fix: inherit AbstractModule to prevent stuck queues regex compiled only at start, not in the loop no duplicate warning string comments 2021-09-08 10:32:47 +02:00
			`module = Cve()`
			`module.run()`