Merge pull request #121 from PidgeyL/master

Small bugfixes and plug-in features
PidgeyL · May 11, 2016 · de359e6 · de359e6
2 parents 6f1bd52 + ab019bd
commit de359e6
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 18 deletions.
diff --git a/lib/DatabaseLayer.py b/lib/DatabaseLayer.py
@@ -10,6 +10,7 @@
 # Copyright (c) 2014-2016       Pieter-Jan Moreels - pieterjan.moreels@gmail.com
 
 # imports
+import ast
 import sqlite3
 import pymongo
 import re
@@ -375,10 +376,13 @@ def p_addToList(collection, query, listname, data):
     p_addEntry(collection, query)
   for entry in current:
     if listname in entry:
-      data=list(set(data)-set(entry[listname]))
+      data=list(set([repr(x) for x in data])-set([repr(x) for x in entry[listname]]))
+      data=[ast.literal_eval(x) for x in data]
     if data:
       db['plug_%s'%collection].update(query, {"$addToSet": {listname: {"$each": data}}})
 
 def p_removeFromList(collection, query, listname, data):
-  if type(data) != list: data=[data]
+  if   type(data) == dict: 
+    db['plug_%s'%collection].update(query, {"$pull": {listname: data}})
+  elif type(data) != list: data=[data]
   db['plug_%s'%collection].update(query, {"$pullAll": {listname: data}})
diff --git a/lib/PluginManager.py b/lib/PluginManager.py
@@ -63,7 +63,11 @@ def onCVEOpen(self, cve, **args):
   def onCVEAction(self, cve, plugin, action, **args):
     if plugin.strip() in self.plugins.keys(): # Check if plugin exists
       if self.plugins[plugin].isWebPlugin():  # Check if plugin is web plugin
-        return self.plugins[plugin].onCVEAction(cve, action, **args)
+        try:
+          return self.plugins[plugin].onCVEAction(cve, action, **args)
+        except Exception as e:
+          print("[!] Failed to perform %s action on module %s: "%(action, plugin))
+          print("[!]  -> %s"%e)
 
   def getPlugins(self):
     return self.plugins.values()
@@ -75,10 +79,10 @@ def getWebPlugins(self):
         webPlugins.append(plugin)
     return webPlugins
 
-  def getWebPluginsWithPage(self):
+  def getWebPluginsWithPage(self, **args):
     plugins = []
     for plug in self.getWebPlugins():
-      page = plug.getPage()
+      page = plug.getPage(**args)
       if page and page[0]: # Make sure there is a page
         plugins.append(plug)
     return plugins
@@ -91,8 +95,9 @@ def getCVEActions(self, cve, **args):
           action['auth'] = plugin.requiresAuth
           action['plugin'] = plugin.getUID()
           actions.append(action)
-      except:
+      except Exception as e:
         print("[!] Plugin %s failed on fetching CVE actions!"%plugin.getName())
+        print("[!]  -> %s"%e)
     return actions
 
   def requiresAuth(self, plugin):
@@ -134,8 +139,9 @@ def cvePluginInfo(self, cve, **args):
         data = plugin.cvePluginInfo(cve, **args)
         if type(data) == dict and 'title' in data and 'data' in data:
           cveInfo.append(data)
-      except:
+      except Exception as e:
         print("[!] Plugin %s failed on fetching CVE plugin info!"%plugin.getName())
+        print("[!]  -> %s"%e)
     return cveInfo
 
   def getSearchResults(self, text):
@@ -167,6 +173,7 @@ def getFilters(self, **args):
           filters.append(filter_)
       except Exception as e:
         print("[!] Plugin %s failed on fetching filters!"%plugin.getName())
+        print("[!]  -> %s"%e)
     return filters
 
   def doFilter(self, filters, **args):
@@ -180,6 +187,7 @@ def doFilter(self, filters, **args):
           elif type(filter_) is list: filters_.extend(filter_)
       except Exception as e:
         print("[!] Plugin %s failed on applying filters!"%plugin.getName())
+        print("[!]  -> %s"%e)
     return filters_
 
   def mark(self, cves, **args):
@@ -190,8 +198,7 @@ def mark(self, cves, **args):
           if marks and type(marks) == tuple and len(marks) == 2:
             if marks[0]: cve['icon']  = marks[0]
             if marks[1]: cve['color'] = marks[1]
-            print(marks)
         except Exception as e:
-          print(e)
           print("[!] Plugin %s failed on marking cves!"%plugin.getName())
+          print("[!]  -> %s"%e)
     return cves
diff --git a/lib/Plugins.py b/lib/Plugins.py
@@ -38,7 +38,7 @@ def getCVEActions(self, cve, **args): return []
   def getFilters(self, **args):         return []
   def doFilter(self, filters, **args):  return []
   def cvePluginInfo(self, cve, **args): pass
+  def mark(self, cve, **args):          return (None, None)
   # To override without returns
   def onCVEAction(self, cve, action, **args): pass
   def onCVEOpen(self, cve, **args):           pass 
-  def mark(self, cve, **args):                return (None, None)
diff --git a/web/index.py b/web/index.py
@@ -191,16 +191,17 @@ def filter_logic(f, limit, skip):
 
     # date logic
     if f['timeSelect'] != "all":
+        print(f["timeSelect"])
         startDate = convertDateToDBFormat(f['startDate'])
         endDate = convertDateToDBFormat(f['endDate'])
         if f['timeSelect'] == "from":
-            query.append({f['timeTypeSelect']: {'$gt': f['startDate']}})
+            query.append({f['timeTypeSelect']: {'$gt': startDate}})
         if f['timeSelect'] == "until":
-            query.append({f['timeTypeSelect']: {'$lt': f['endDate']}})
+            query.append({f['timeTypeSelect']: {'$lt': endDate}})
         if f['timeSelect'] == "between":
-            query.append({f['timeTypeSelect']: {'$gt': f['startDate'], '$lt': f['endDate']}})
+            query.append({f['timeTypeSelect']: {'$gt': startDate, '$lt': endDate}})
         if f['timeSelect'] == "outside":
-            query.append({'$or': [{f['timeTypeSelect']: {'$lt': f['startDate']}}, {f['timeTypeSelect']: {'$gt': f['endDate']}}]})
+            query.append({'$or': [{f['timeTypeSelect']: {'$lt': startDate}}, {f['timeTypeSelect']: {'$gt': endDate}}]})
     cve=db.getCVEs(limit=limit, skip=skip, query=query)
     # marking relevant records
     if f['whitelistSelect'] == "on":   cve = whitelist_mark(cve)
@@ -271,9 +272,9 @@ def filterLast(r):
 @app.route('/_get_plugins', methods=['GET'])
 def get_plugins():
     if not current_user.is_authenticated(): # Don't show plugins requiring auth if not authenticated
-        plugins = [{"name": x.getName(), "link": x.getUID()} for x in plugManager.getWebPluginsWithPage() if not x.requiresAuth]
+        plugins = [{"name": x.getName(), "link": x.getUID()} for x in plugManager.getWebPluginsWithPage(current_user=current_user) if not x.requiresAuth]
     else:
-        plugins = [{"name": x.getName(), "link": x.getUID()} for x in plugManager.getWebPluginsWithPage()]
+        plugins = [{"name": x.getName(), "link": x.getUID()} for x in plugManager.getWebPluginsWithPage(current_user=current_user)]
     return jsonify({"plugins": plugins})
 
 @app.route('/plugin/_get_cve_actions', methods=['GET'])
@@ -313,8 +314,8 @@ def openPluginSubpage(plugin, page):
 
 @app.route('/plugin/<plugin>/_cve_action/<action>', methods=['GET'])
 def jsonCVEAction(plugin, action):
-    cve = request.args.get('cve', type=str).split(",")
-    if plugManager.onCVEAction(cve, plugin, action, current_user=current_user):
+    cve = request.args.get('cve', type=str)
+    if plugManager.onCVEAction(cve, plugin, action, current_user=current_user, fields=dict(request.args)):
         return jsonify({'status': 'plugin_action_complete'})
     else:
         return jsonify({'status': 'plugin_action_failed'})