dash/Typo3Scan
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

v0.6.2

Browse Source
This commit is contained in:
whoot
2020-07-20 17:41:19 +02:00
parent b693fec690
commit 4afa601cdd
5 changed files with 21 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/initdb.py
View File

@@ -33,7 +33,7 @@ class DB_Init:
c.execute('''DROP TABLE IF EXISTS extensions''')
c.execute('''DROP TABLE IF EXISTS extension_vulns''')
c.execute('''DROP TABLE IF EXISTS core_vulns''')
c.execute('''DROP TABLE IF EXISTS settings''')
c.execute('''DROP TABLE IF EXISTS UserAgents''')
conn.commit()
# Create table extensions
@@ -42,11 +42,11 @@ class DB_Init:
# Create table extension_vulns
c.execute('''CREATE TABLE IF NOT EXISTS extension_vulns
(advisory text, extensionkey text, vulnerability text, branch_max integer, affected_version_max text, branch_max integer, affected_version_min text)''')
(advisory text, extensionkey text, vulnerability text, affected_version_max text, affected_version_min text)''')
# Create table core_vulns
c.execute('''CREATE TABLE IF NOT EXISTS core_vulns
(advisory text, vulnerability text, subcomponent text, branch_max integer, affected_version_max text, branch_max integer, affected_version_min text, cve text)''')
(advisory text, vulnerability text, subcomponent text, affected_version_max text, affected_version_min text, cve text)''')
# Create table UserAgents
c.execute('''CREATE TABLE IF NOT EXISTS UserAgents
@@ -83,7 +83,7 @@ class DB_Init:
if conn:
conn.rollback()
print(e)
sys.exit(-1)
exit(-1)
finally:
if conn:

BIN
lib/typo3scan.db
View File

Binary file not shown.

19
lib/update.py
View File

@@ -153,19 +153,18 @@ class Update:
exit(-1)
# Add vulnerability details to database
for ext_vuln in vulnerabilities:
c.execute('SELECT * FROM core_vulns WHERE advisory=? AND vulnerability=? AND subcomponent=? AND affected_version_max=? AND affected_version_min=? AND cve=?', (ext_vuln[0], ext_vuln[1], ext_vuln[2], ext_vuln[3], ext_vuln[4], ext_vuln[5],))
for core_vuln in vulnerabilities:
c.execute('SELECT * FROM core_vulns WHERE advisory=? AND vulnerability=? AND subcomponent=? AND affected_version_max=? AND affected_version_min=? AND cve=?', (core_vuln[0], core_vuln[1], core_vuln[2], core_vuln[3], core_vuln[4], core_vuln[5],))
data = c.fetchall()
if not data:
update_counter+=1
c.execute('INSERT INTO core_vulns VALUES (?,?,?,?,?,?)', (ext_vuln[0], ext_vuln[1], ext_vuln[2], ext_vuln[3], ext_vuln[4], ext_vuln[5],))
c.execute('INSERT INTO core_vulns VALUES (?,?,?,?,?,?)', (core_vuln[0], core_vuln[1], core_vuln[2], core_vuln[3], core_vuln[4], core_vuln[5]))
conn.commit()
else:
if update_counter == 0:
print('[!] Already up-to-date.\n')
else:
print('[+] Done.')
print('[!] Added {} new CORE vulnerabilities to database.\n'.format(update_counter))
print(' \u2514 Done. Added {} new CORE vulnerabilities to database.\n'.format(update_counter))
return True
def dlProgress(self, count, blockSize, totalSize):
@@ -191,7 +190,7 @@ class Update:
infile.close()
outfile.close()
except Exception as e:
print ('\n', e)
print('\n', e)
def load_extensions(self):
"""
@@ -275,10 +274,14 @@ class Update:
extensionkey = re.findall('Extension[s]?:\s?(.*?)<', beauty_html)
# Sometimes there are multiple extensions in an advisory
if len(extensionkey) == 0: # If only one extension affected
extensionkey = [advisory_info[advisory_info.find('('):]]
if not '(' in advisory_info:
extensionkey = [advisory_info[advisory_info.rfind(' ')+1:]]
else:
extensionkey = [advisory_info[advisory_info.find('('):]]
for item in range (0, len(extensionkey)):
extensionkey_item = extensionkey[item]
extensionkey_item = extensionkey_item[extensionkey_item.rfind('(')+1:extensionkey_item.rfind(')')]
if '(' in extensionkey_item:
extensionkey_item = extensionkey_item[extensionkey_item.rfind('(')+1:extensionkey_item.rfind(')')]
description = vulnerability[item]
version_item = affected_versions[item]
version_item = version_item.replace("and all versions below", "- 0.0.0")