Bespoke Vulnerability Watch - Developer Guide
Table of Contents
Introduction
This file aims to help the futures developers to update our custom version of CVE-Search manually after a fresh new git clone from the original repository
This documentation tries to be comprehensive, if you notice any missing part of code, please add it to this file.
Another way to check if everything has been added is to search globally (e.g. ctrl + maj + f on VScode) certain key words ("entity", "entities", "watchlist", "signal") on the repository.
databaseLayer.py
location: cve-search/lib/DatabaseLayer.py
Add these variables at the beginning of the file:
colENTITIES = db["entities"]
colWATCHLIST = db["watchlist"]
Add this variable to the function getDBStats(): "watchlist": {}
Add these functions at the end of the file:
initWatchlist()
addEntity(entityName):
removeEntity(entityName):
addEntityCpe(entityName, cpe):
getAllEntities():
getEntityCpes(entityName):
deleteCPEFromEntity(entityName, cpe):
updateWatchlistCVE(doc):
updateWatchlistCVELastmodified(filter, date):
setWatchlistCVEComment(cveid, entity, product, comment):
switchWatchlistCVEStatus(cveid, entity, product):
deleteWatchlistCVE(cveid, en![databaselayer1](https://github.com/Dlux-cyber-projects/cve-search-2023/assets/82516361/e252e98c-bdb0-4423-96a2-8318ecdd958c)
tity, product):
getWatchlistCVE(cveid, entity, product):
getWatchlistCVEbyID(cveid):
db_actions.db
location: cve-search/lib/db_action.py
Add import for signal and watchlist
This argument:
update_watchlist=False, signal_groups=[]
These variables:
self.update_watchlist = update_watchlist
self.signal_groups = signal_groups
And the if condition:
Add the following function:
_update_watchlist(self)
Sources_process.py
location: cve-search/lib/Sources_process.py
Add import for signal notifications:
In __init__() function, add:
This argument:
update_watchlist=False, signal_groups=[]
These variables:
self.update_watchlist = update_watchlist
self.signal_groups = signal_groups
In function process_item() add these variables:
update_watchlist=self.update_watchlist
signal_groups=self.signal_groups
Toolkit.py
location: cve-search/lib/Toolkit.py
Add this import
Add isBlacklisted() function
db_updater.py
location: cve-search/sbin/db_updater.py
Import getInfo from lib.DatabaseLayer
Add this function
argParser.add_argument()
In else statement of "while loop", add what is related to signal notification and watchlist:
views.py (admin)
location: cve-search/web/admin/views.py
Add these imports:
Add view_entities(args, kwargs) function
Add entities() function
Add entityAdd() function
Add entityRemove() function
Add entityCpeAdd() function
Add verify() function
Add verifyCaptcha() function
Add verifyCode() function
Add changeThresholds() function
Add deleteEntityCpe() function
utils.py
location: cve-search/web/home/utils.py
import getInfo in lib.DatabaseLayer
In generate_minimal_query() function, add threshold related code
In adminInfo() function, add:
"signalPhoneRegistered": getInfo('subscriptions')['registeredPhone'] != '',
watchlistInfos": getInfo('watchlist'),
views.py (home)
location: cve-search/web/home/views.py
In import add:
from flask_login.utils import login_required
and
getEntityCpes,
setWatchlistCVEComment,
switchWatchlistCVEStatus,
deleteWatchlistCVE,
getWatchlistCVE,
Add view_cpe_name() function
Add view_entity_name() function:
Add search_entity() function:
Add browse_entity() function
Add watchlist() function
Add watchlist_cve() function
Add save_comment() function
Add switch_status() function
Add delete_from_watchlist() function
Add delete_filtered_watchlist() function
Add export_csv() function
Add export_notice() function
admin.js
Location: cve-search/web/static/js/custom/admin.js
Add verify() function
Add verifyCaptcha() function
Add verifyCode() function
scripts.js
Location: cve-search/web/static/js/custom/statuscriptssses.js
Add escapeHtml() function
statusses.js
Location: cve-search/web/static/js/custom/statusses.js
In parseStatus(), add these cases
admin.html
location: cve-search/web/templates/admin.html
Add related watchlist code button
Add entities management
Add CVSS threshold
Add signal notifications
menu.html
Location: cve-search/web/templates/subpages/menu.html
Add link related to watchlist, vendor and entity
New files
Locations: cve-search/lib/signalNotification.py
cve-search/web/static/css/custom/entities.css
cve-search/web/static/css/custom/entities.css
cve-search/web/static/css/custom/watchlistCVE.css
cve-search/web/static/css/custom/watchlistCVE.css
cve-search/web/static/js/custom/entities.js
cve-search/web/static/js/custom/entities.js
cve-search/web/static/js/custom/watchlist.js
cve-search/web/static/js/custom/watchlistCVE.js
cve-search/web/static/js/custom/watchlistCVE.js
cve-search/web/templates/browse_entity_products.html
cve-search/web/templates/browse_entity_products.html
cve-search/web/templates/entities.html
cve-search/web/templates/entities.html
cve-search/web/templates/search_entity.html
cve-search/web/templates/search_entity.html
cve-search/web/templates/watchlist.html
cve-search/web/templates/watchlistCve.html
cve-search/web/templates/subpages/browse_entity.html
cve-search/web/templates/subpages/browse_entity.html
cve-search/web/templates/subpages/static_table.html
cve-search/web/templates/subpages/static_table.html
cve-search/web/templates/subpages/watchlist_table.html
cve-search/web/templates/subpages/watchlist_table.html
Add these new files.