metadata

emo-crab · Feb 21, 2024 · 5568e5f · 5568e5f
1 parent c211e51
commit 5568e5f
Show file tree

Hide file tree

Showing 14 changed files with 91 additions and 69 deletions.
diff --git a/helper/src/cli.rs b/helper/src/cli.rs
@@ -14,9 +14,8 @@ pub struct TopLevel {
 pub enum NVDHelper {
   CVE(CVECommand),
   CPE(CPECommand),
-  EXP(EXPCommand),
-  SYNC(SyncCommand),
   KB(KBCommand),
+  SYNC(SyncCommand),
 }
 
 #[derive(FromArgs, PartialEq, Debug)]
@@ -50,19 +49,13 @@ pub struct CPECommand {
 #[derive(FromArgs, PartialEq, Debug)]
 #[argh(description = "kb helper")]
 #[argh(subcommand, name = "kb")]
-pub struct EXPCommand {
+pub struct KBCommand {
   #[argh(option, description = "import kb from files_exploits.csv")]
   pub path: Option<PathBuf>,
   #[argh(option, description = "import kb from nuclei-templates path")]
   pub template: Option<PathBuf>,
   #[argh(switch, description = "update kb from nuclei-templates")]
   pub api: bool,
-}
-
-#[derive(FromArgs, PartialEq, Debug)]
-#[argh(description = "knowledge-base helper")]
-#[argh(subcommand, name = "kb")]
-pub struct KBCommand {
   #[argh(switch, description = "import knowledge-base from attackerkb api")]
   pub akb: bool,
 }

diff --git a/helper/src/cve/mod.rs b/helper/src/cve/mod.rs
@@ -6,18 +6,18 @@ use std::path::PathBuf;
 use std::str::FromStr;
 
 use diesel::mysql::MysqlConnection;
-use nvd_api::ApiVersion;
 use nvd_api::pagination::Object;
 use nvd_api::v2::vulnerabilities::CveParameters;
+use nvd_api::ApiVersion;
 
 use nvd_cves::v4::{CVEContainer, CVEItem};
 use nvd_model::cve::{CreateCve, Cve};
 use nvd_model::error::DBResult;
 use nvd_model::types::AnyValue;
 
-use crate::{create_cve_product, init_db_pool};
 use crate::cpe::{del_expire_product, import_vendor_product_to_db};
 use crate::kb::associate_cve_and_exploit;
+use crate::{create_cve_product, init_db_pool};
 
 pub(crate) async fn async_cve(param: CveParameters) {
   let connection_pool = init_db_pool();

diff --git a/helper/src/kb/mod.rs b/helper/src/kb/mod.rs
@@ -7,25 +7,25 @@ use std::ops::DerefMut;
 use std::path::{Path, PathBuf};
 use std::sync::Arc;
 
-use attackerkb_api_rs::AttackKBApi;
 use attackerkb_api_rs::pagination::KBResponse;
 use attackerkb_api_rs::v1::query::TopicsParametersBuilder;
+use attackerkb_api_rs::AttackKBApi;
 use chrono::{DateTime, Duration, NaiveDateTime, Utc};
 use diesel::MysqlConnection;
-use octocrab::{Octocrab, Page};
 use octocrab::models::repos::{DiffEntryStatus, RepoCommit};
+use octocrab::{Octocrab, Page};
 use reqwest::header;
 use serde::{de, Deserialize, Deserializer, Serialize};
 
-use nvd_model::cve_knowledge_base::CveKnowledgeBase;
 use nvd_model::cve_knowledge_base::db::CreateCveKB;
+use nvd_model::cve_knowledge_base::CveKnowledgeBase;
 use nvd_model::error::DBResult;
 use nvd_model::knowledge_base::db::{CreateKnowledgeBase, KBSource, KBTypes};
 use nvd_model::knowledge_base::KnowledgeBase;
 use nvd_model::types::{AnyValue, MetaData};
 
-use crate::{Connection, init_db_pool};
 use crate::error::HelperResult;
+use crate::{init_db_pool, Connection};
 
 mod date_format {
   use chrono::{NaiveDate, NaiveDateTime, Utc};
@@ -34,16 +34,16 @@ mod date_format {
   pub(crate) const FORMAT: &str = "%Y-%m-%d";
 
   pub fn serialize<S>(date: &NaiveDateTime, serializer: S) -> Result<S::Ok, S::Error>
-    where
-      S: Serializer,
+  where
+    S: Serializer,
   {
     let s = date.to_string();
     serializer.serialize_str(&s)
   }
 
   pub fn deserialize<'de, D>(deserializer: D) -> Result<NaiveDateTime, D::Error>
-    where
-      D: Deserializer<'de>,
+  where
+    D: Deserializer<'de>,
   {
     let s = String::deserialize(deserializer)?;
     if s.is_empty() {
@@ -255,8 +255,8 @@ pub async fn update_from_github() {
 
 /// 字符串转set
 fn string_to_hashset<'de, D>(deserializer: D) -> Result<HashSet<String>, D::Error>
-  where
-    D: Deserializer<'de>,
+where
+  D: Deserializer<'de>,
 {
   struct StringToHashSet(PhantomData<HashSet<String>>);
   impl<'de> de::Visitor<'de> for StringToHashSet {
@@ -265,8 +265,8 @@ fn string_to_hashset<'de, D>(deserializer: D) -> Result<HashSet<String>, D::Erro
       formatter.write_str("string or list of strings")
     }
     fn visit_str<E>(self, value: &str) -> Result<Self::Value, E>
-      where
-        E: de::Error,
+    where
+      E: de::Error,
     {
       let name: Vec<String> = value
         .split(',')
@@ -276,8 +276,8 @@ fn string_to_hashset<'de, D>(deserializer: D) -> Result<HashSet<String>, D::Erro
       Ok(HashSet::from_iter(name))
     }
     fn visit_seq<S>(self, visitor: S) -> Result<Self::Value, S::Error>
-      where
-        S: de::SeqAccess<'de>,
+    where
+      S: de::SeqAccess<'de>,
     {
       Deserialize::deserialize(de::value::SeqAccessDeserializer::new(visitor))
     }
@@ -416,7 +416,6 @@ impl GitHubCommit {
             }
             cache_map.insert(format!("{:?}_{}", file.status, file.filename));
             let path = file.filename.clone();
-            let meta = MetaData::default();
             let cve = Path::new(&file.filename)
               .file_name()
               .unwrap_or_default()
@@ -447,7 +446,7 @@ impl GitHubCommit {
                   name: template.id.clone(),
                   description: template.info.description,
                   source: KBSource::NucleiTemplates.to_string(),
-                  meta: AnyValue::new(meta),
+                  meta: AnyValue::new(MetaData::from_hashset("tags", template.info.tags)),
                   verified: 1,
                   created_at: Utc::now().naive_utc(),
                   updated_at: Utc::now().naive_utc(),
@@ -499,8 +498,8 @@ struct Item {
 }
 
 pub fn rfc3339_deserialize<'de, D>(deserializer: D) -> Result<NaiveDateTime, D::Error>
-  where
-    D: Deserializer<'de>,
+where
+  D: Deserializer<'de>,
 {
   let s = String::deserialize(deserializer)?;
   if s.is_empty() {

diff --git a/helper/src/lib.rs b/helper/src/lib.rs
@@ -1,14 +1,14 @@
 use chrono::{Duration, Utc};
-use diesel::{MysqlConnection, r2d2};
 use diesel::r2d2::ConnectionManager;
-use nvd_api::v2::LastModDate;
+use diesel::{r2d2, MysqlConnection};
 use nvd_api::v2::vulnerabilities::CveParameters;
+use nvd_api::v2::LastModDate;
 
 pub use cli::{CPECommand, CVECommand, NVDHelper, TopLevel};
 use cpe::create_cve_product;
 pub use cwe::import_cwe;
 
-use crate::cli::{EXPCommand, KBCommand, SyncCommand};
+use crate::cli::{KBCommand, SyncCommand};
 use crate::cpe::with_archive_cpe;
 use crate::cve::{async_cve, with_archive_cve};
 use crate::kb::{
@@ -65,7 +65,7 @@ pub async fn cpe_mode(config: CPECommand) {
   }
 }
 
-pub async fn exploit_mode(config: EXPCommand) {
+pub async fn kb_mode(config: KBCommand) {
   if let Some(path) = config.path {
     with_archive_exploit(path)
   }
@@ -75,6 +75,9 @@ pub async fn exploit_mode(config: EXPCommand) {
   if let Some(path) = config.template {
     import_from_nuclei_templates_path(path)
   }
+  if config.akb {
+    let _ = akb_sync().await;
+  }
 }
 
 pub async fn sync_mode(config: SyncCommand) {
@@ -102,12 +105,6 @@ pub async fn sync_mode(config: SyncCommand) {
   }
 }
 
-pub async fn kb_mode(config: KBCommand) {
-  if config.akb {
-    let _ = akb_sync().await;
-  }
-}
-
 #[cfg(test)]
 mod tests {
   #[test]

diff --git a/helper/src/main.rs b/helper/src/main.rs
@@ -1,13 +1,12 @@
-use helper::{cpe_mode, cve_mode, exploit_mode, kb_mode, sync_mode, NVDHelper, TopLevel};
+use helper::{cpe_mode, cve_mode, kb_mode, sync_mode, NVDHelper, TopLevel};
 
 #[tokio::main]
 async fn main() {
   let toplevel: TopLevel = argh::from_env();
   match toplevel.nested {
     NVDHelper::CVE(config) => cve_mode(config).await,
     NVDHelper::CPE(config) => cpe_mode(config).await,
-    NVDHelper::EXP(config) => exploit_mode(config).await,
-    NVDHelper::SYNC(config) => sync_mode(config).await,
     NVDHelper::KB(config) => kb_mode(config).await,
+    NVDHelper::SYNC(config) => sync_mode(config).await,
   };
 }
diff --git a/nvd-cvss/src/v4/mod.rs b/nvd-cvss/src/v4/mod.rs
@@ -511,7 +511,7 @@ mod tests {
   use std::collections::HashMap;
   use std::str::FromStr;
 
-  use crate::v4::{CVSS, roundup};
+  use crate::v4::{roundup, CVSS};
 
   #[test]
   fn roundup_test() {

diff --git a/nvd-model/src/lib.rs b/nvd-model/src/lib.rs
@@ -1,5 +1,5 @@
 #[cfg(feature = "db")]
-use diesel::{MysqlConnection, r2d2, r2d2::ConnectionManager};
+use diesel::{r2d2, r2d2::ConnectionManager, MysqlConnection};
 
 // wubba lubba dub dub
 // 后端和前端特性不能同时开启

diff --git a/nvd-model/src/types.rs b/nvd-model/src/types.rs
@@ -1,5 +1,7 @@
-#[cfg(feature = "db")]
-use crate::DB;
+use std::collections::{HashMap, HashSet};
+use std::fmt::{Debug, Display, Formatter};
+use std::ops::{Deref, DerefMut};
+
 #[cfg(feature = "db")]
 use diesel::deserialize::FromSql;
 #[cfg(feature = "db")]
@@ -9,9 +11,9 @@ use diesel::{backend::Backend, deserialize, serialize, sql_types::Json, AsExpres
 #[cfg(feature = "db")]
 use serde::de::DeserializeOwned;
 use serde::{Deserialize, Serialize};
-use std::collections::{HashMap, HashSet};
-use std::fmt::{Debug, Display, Formatter};
-use std::ops::{Deref, DerefMut};
+
+#[cfg(feature = "db")]
+use crate::DB;
 
 #[derive(Clone, PartialEq, Serialize, Deserialize)]
 #[cfg_attr(feature = "db", derive(AsExpression, FromSqlRow), diesel(sql_type = Json))]
@@ -129,19 +131,25 @@ impl MetaData {
     i.insert(name.into(), hm.into());
     MetaData::HashSet(i)
   }
-  pub fn get_hashmap(&self, key: &str) -> Option<&HashMap<String, String>> {
+  pub fn get_hashmap(&self, key: &str) -> Option<HashMap<String, String>> {
     match self {
       MetaData::HashMap(m) => {
-        return m.get(key);
+        return m.get(key).cloned();
       }
       MetaData::HashSet(_) => None,
     }
   }
-  pub fn get_hashset(&self, key: &str) -> Option<&HashSet<String>> {
-    match self {
-      MetaData::HashMap(_) => None,
-      MetaData::HashSet(s) => s.get(key),
-    }
+  pub fn get_hashset(&self, key: &str) -> Option<HashSet<String>> {
+    return match self.clone() {
+      MetaData::HashMap(m) => {
+        if let Some(kv) = m.get(key) {
+          let s = kv.values().map(|s| s.to_string()).collect();
+          return Some(s);
+        };
+        None
+      }
+      MetaData::HashSet(s) => s.get(key).cloned(),
+    };
   }
 }
 

diff --git a/nvd-server/src/api/mod.rs b/nvd-server/src/api/mod.rs
@@ -1,12 +1,12 @@
 use std::ops::DerefMut;
 
-use actix_web::{get, HttpRequest, HttpResponse, web};
+use actix_web::{get, web, HttpRequest, HttpResponse};
 #[cfg(feature = "openapi")]
 use utoipa::OpenApi;
 
+use nvd_model::cve::{Cve, QueryCve};
 #[cfg(feature = "openapi")]
 use nvd_model::{cwe::Cwe, product::Product, vendor::Vendor};
-use nvd_model::cve::{Cve, QueryCve};
 
 use crate::{ApiResponse, Pool};
 

diff --git a/nvd-yew/src/component/kb_row.rs b/nvd-yew/src/component/kb_row.rs
@@ -35,6 +35,12 @@ impl Component for KBRow {
       props.description
     };
     let disabled_open = !name.starts_with("CVE-");
+    let mut tags = meta
+      .get_hashset("tags")
+      .unwrap_or_default()
+      .into_iter()
+      .collect::<Vec<String>>();
+    tags.sort();
     html! {
     <>
         <tr class="table-group-divider">
@@ -52,7 +58,27 @@ impl Component for KBRow {
           <td class="w-25 text-truncate text-nowrap">{self.source(&source)}</td>
           <td class="w-25 text-truncate text-nowrap">{self.verified(is_verified)}</td>
           <td class="w-25 text-truncate text-nowrap">{self.path(&source,&name,&path)}</td>
-          <td class="w-25 text-truncate text-nowrap">{format!("{:?}",meta)}</td>
+                    <td class="w-25 text-truncate text-nowrap">
+          {html!(<span class="badge rounded-pill bg-secondary">{tags.len()}</span>)}
+          {
+            if !tags.is_empty(){
+              tags.clone().into_iter().enumerate().filter(|(index,_)|index.lt(&3)).map(|(_,value)| {
+                if value.starts_with("CVE-"){
+                html!{
+                <a href={format!("/cve/{}",value)} class="text-reset text-nowrap" target="_blank" rel="noreferrer"><i class="ti ti-external-link"></i>{value}</a>
+                }
+              }else{
+                html!{<span class="text-truncate badge">{value}</span>}
+              }
+              }).collect::<Html>()
+            }else{
+            html!{
+                <span class="text-truncate badge">{ "N/A" }</span>
+              }
+            }
+          }
+          {if tags.len()>3{html!(<i>{format!("{} and more",tags.len()-2)}</i>)}else{html!()}}
+          </td>
           <td class="w-25 text-truncate text-nowrap">
             {update}
           </td>

diff --git a/nvd-yew/src/component/knowledge_base.rs b/nvd-yew/src/component/knowledge_base.rs
@@ -2,11 +2,11 @@ use yew::prelude::*;
 
 use nvd_model::knowledge_base::{KnowledgeBase, QueryKnowledgeBase};
 
-use crate::component::{KbProps, KBRow};
+use crate::component::{KBRow, KbProps};
 use crate::console_log;
 use crate::modules::Paging;
-use crate::services::FetchState;
 use crate::services::kb::knowledge_base_list;
+use crate::services::FetchState;
 
 #[derive(Default)]
 pub struct CVEKnowledgeBaseInfoList {

diff --git a/nvd-yew/src/component/mod.rs b/nvd-yew/src/component/mod.rs
@@ -1,13 +1,13 @@
 pub use accordion::Accordion;
 pub use comments::Comments;
 pub use cpe_query::{CPEQuery, CPEQueryProps};
-pub use cpe_row::{CpeProps, CPERow};
+pub use cpe_row::{CPERow, CpeProps};
 pub use cve_configuration::{CVEConfiguration, CVEConfigurationProps};
 pub use cve_query::{CVEQuery, CVEQueryProps};
-pub use cve_row::{CveProps, CVERow};
+pub use cve_row::{CVERow, CveProps};
 pub use cvss::{CVSS2, CVSS3};
 pub use kb_query::{KBQuery, KBQueryProps};
-pub use kb_row::{KbProps, KBRow};
+pub use kb_row::{KBRow, KbProps};
 pub use knowledge_base::CVEKnowledgeBaseInfoList;
 pub use pagination::{Pagination, PaginationProps};
 pub use tooltip_popover::TooltipPopover;