Bespoke Vulnerability Watch - Developer Guide

Table of Contents

1. Introduction

2. databaseLayer.py

3. db_actions.db

4. Sources_process.py

5. db_updater.py

6. views.py (admin)

7. utils.py

8. views.py (home)

9. admin.js

10. scripts.js

11. statusses.js

12. admin.html

13. menu.html

14. New files

Introduction

This file aims to help the futures developers to update our custom version of CVE-Search manually after a fresh new git clone from the original repository

This documentation tries to be comprehensive, if you notice any missing part of code, please add it to this file.

Another way to check if everything has been added is to search globally (e.g. ctrl + maj + f on VScode) certain key words ("entity", "entities", "watchlist", "signal") on the repository.

databaseLayer.py

location: cve-search/lib/DatabaseLayer.py

Add these variables at the beginning of the file:

colENTITIES = db["entities"]
colWATCHLIST = db["watchlist"]

Add this variable to the function getDBStats(): "watchlist": {}

Add these functions at the end of the file:

initWatchlist()
addEntity(entityName):
removeEntity(entityName):
addEntityCpe(entityName, cpe):
getAllEntities():
getEntityCpes(entityName):
deleteCPEFromEntity(entityName, cpe):
updateWatchlistCVE(doc):
updateWatchlistCVELastmodified(filter, date):
setWatchlistCVEComment(cveid, entity, product, comment):
switchWatchlistCVEStatus(cveid, entity, product):
deleteWatchlistCVE(cveid, en![databaselayer1](https://github.com/Dlux-cyber-projects/cve-search-2023/assets/82516361/e252e98c-bdb0-4423-96a2-8318ecdd958c)
tity, product):
getWatchlistCVE(cveid, entity, product):
getWatchlistCVEbyID(cveid):

db_actions.db

location: cve-search/lib/db_action.py

Add import for signal and watchlist

This argument:

update_watchlist=False, signal_groups=[]

These variables:

self.update_watchlist = update_watchlist
self.signal_groups = signal_groups

And the if condition:

Add the following function:

_update_watchlist(self)

Sources_process.py

location: cve-search/lib/Sources_process.py

Add import for signal notifications:

In __init__() function, add:

This argument:

update_watchlist=False, signal_groups=[]

These variables:

self.update_watchlist = update_watchlist
self.signal_groups = signal_groups

In function process_item() add these variables:

update_watchlist=self.update_watchlist
signal_groups=self.signal_groups

Toolkit.py

location: cve-search/lib/Toolkit.py

Add this import

Add isBlacklisted() function

db_updater.py

location: cve-search/sbin/db_updater.py

Import getInfo from lib.DatabaseLayer

Add this function

argParser.add_argument()

In else statement of "while loop", add what is related to signal notification and watchlist:

views.py (admin)

location: cve-search/web/admin/views.py

Add these imports:

Add view_entities(args, kwargs) function

Add entities() function

Add entityAdd() function

Add entityRemove() function

Add entityCpeAdd() function

Add verify() function

Add verifyCaptcha() function

Add verifyCode() function

Add changeThresholds() function

Add deleteEntityCpe() function

utils.py

location: cve-search/web/home/utils.py

import getInfo in lib.DatabaseLayer

In generate_minimal_query() function, add threshold related code

In adminInfo() function, add:

"signalPhoneRegistered": getInfo('subscriptions')['registeredPhone'] != '',
watchlistInfos": getInfo('watchlist'),

views.py (home)

location: cve-search/web/home/views.py

In import add:

from flask_login.utils import login_required

and

getEntityCpes,
setWatchlistCVEComment,
switchWatchlistCVEStatus,
deleteWatchlistCVE,
getWatchlistCVE,

Add view_cpe_name() function

Add view_entity_name() function:

Add search_entity() function:

Add browse_entity() function

Add watchlist() function

Add watchlist_cve() function

Add save_comment() function

Add switch_status() function

Add delete_from_watchlist() function

Add delete_filtered_watchlist() function

Add export_csv() function

Add export_notice() function

admin.js

Location: cve-search/web/static/js/custom/admin.js

Add verify() function

Add verifyCaptcha() function

Add verifyCode() function

scripts.js

Location: cve-search/web/static/js/custom/statuscriptssses.js

Add escapeHtml() function

statusses.js

Location: cve-search/web/static/js/custom/statusses.js

In parseStatus(), add these cases

admin.html

location: cve-search/web/templates/admin.html

Add related watchlist code button

Add entities management

Add CVSS threshold

Add signal notifications

menu.html

Location: cve-search/web/templates/subpages/menu.html

Add link related to watchlist, vendor and entity

New files

Locations: cve-search/lib/signalNotification.py

cve-search/web/static/css/custom/entities.css

cve-search/web/static/css/custom/entities.css

cve-search/web/static/css/custom/watchlistCVE.css

cve-search/web/static/css/custom/watchlistCVE.css

cve-search/web/static/js/custom/entities.js

cve-search/web/static/js/custom/entities.js

cve-search/web/static/js/custom/watchlist.js

cve-search/web/static/js/custom/watchlistCVE.js

cve-search/web/static/js/custom/watchlistCVE.js

cve-search/web/templates/browse_entity_products.html

cve-search/web/templates/browse_entity_products.html

cve-search/web/templates/entities.html

cve-search/web/templates/entities.html

cve-search/web/templates/search_entity.html

cve-search/web/templates/search_entity.html

cve-search/web/templates/watchlist.html

cve-search/web/templates/watchlistCve.html

cve-search/web/templates/subpages/browse_entity.html

cve-search/web/templates/subpages/browse_entity.html

cve-search/web/templates/subpages/static_table.html

cve-search/web/templates/subpages/static_table.html

cve-search/web/templates/subpages/watchlist_table.html

cve-search/web/templates/subpages/watchlist_table.html

Add these new files.