Skip to content

Commit

Permalink
Merge pull request #932 from dbarzin/dev
Browse files Browse the repository at this point in the history 
fix multiple address
  • Loading branch information
@dbarzin
dbarzin authored Oct 29, 2024
2 parents b5be70a + b844d4f commit daf7b20
Show file tree
Hide file tree
Showing 5 changed files with 66 additions and 38 deletions.
2 changes: 1 addition & 1 deletion ROADMAP.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ Changements prévus en 2024 :
- [ ] Améliorer les tests Dusk
- [x] Documenter une procédure de déploiement sous Debian
- [ ] Dark Theme
- [ ] Ajout d'une chart Helm pour simplifier le déploiement dans Kubernetes (https://helm.sh/docs/topics/charts/)
- [x] Ajout d'une chart Helm pour simplifier le déploiement dans Kubernetes (https://helm.sh/docs/topics/charts/)

# Changements réalisés en 2023 :

Expand Down
86 changes: 52 additions & 34 deletions app/Console/Commands/CVESearch.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ public function handle()
file_put_contents(config_path('mercator-config.php'), $text);
}

$client = curl_init($provider . '/api/dbinfo');
$client = curl_init($provider . '/api/dbInfo');
curl_setopt($client, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($client);
if ($response === false) {
Expand All @@ -74,7 +74,8 @@ public function handle()
}

$json = json_decode($response);
Log::debug('CVESearch - Provider last update: ' . $json->cwe->last_update . ' size=' . $json->cwe->size);
$msg = "Last NVD update :" . $json->last_updates->nvd . " Total db size = " . $json->db_sizes->total;
Log::debug('CVESearch - ' . $msg);

// start timestamp
$min_timestamp = strtotime(sprintf('-%d days', $check_frequency), strtotime('now'));
Expand All @@ -91,6 +92,7 @@ public function handle()
->orderBy('name')
->get();

/*
foreach ($applications as $app) {
$url = $provider . '/api/cvefor/cpe:2.3:a:' . $app->vendor . ':' . $app->product . ':' . $app->version;
Expand Down Expand Up @@ -128,9 +130,9 @@ public function handle()
// Be nice with CIRCL, wait few miliseconds
usleep(200);
}

*/
// QUERY
$client = curl_init($provider . '/api/query');
$client = curl_init($provider . '/api/last');
curl_setopt($client, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($client);
if ($response === false) {
Expand All @@ -149,47 +151,62 @@ public function handle()
});

// CVE counters
$cve_match = [];
$found=false;
$message = '<html><body>';

// loop on all CVE
foreach ($json->results as $cve) {
foreach ($json as $cve) {
// check CVE in frequency range
if (strtotime($cve->Published) >= $min_timestamp) {
#print_r("------------------------------\n");
#print_r($cve);
if (property_exists($cve,"dataType") && $cve->dataType=="CVE_RECORD") {
if (strtotime($cve->cveMetadata->datePublished)>= $min_timestamp) {
// put summary in lowercase
$text= strtolower($cve->containers->cna->title);
// Log::debug('CVESearch - CVE summary ' . $cve->summary);
foreach ($names as $name) {
// Log::debug('CVESearch - check ' . $name);
if (str_contains($text, $name)) {
$message .= '<b>' . $name . ' </b> : <b>' . $cve->cveMetadata->cveId . ' </b> - ' . $cve->details . '<br>';
$found=true;
}
}
}
}
elseif (property_exists($cve,"details") && property_exists($cve,"published")) {
if (strtotime($cve->published)>= $min_timestamp) {
// put summary in lowercase
$text= strtolower($cve->details);
// Log::debug('CVESearch - CVE summary ' . $cve->summary);
foreach ($names as $name) {
// Log::debug('CVESearch - check ' . $name);
if (str_contains($text, $name)) {
$message .= '<b>' . $name . ' </b> : <b>' . $cve->aliases[0] . ' </b> - ' . $cve->details . '<br>';
$found=true;
}
}
}
}
else
dd($cve);
/*
elseif (strtotime($cve->document->tracking->current_release_date) >= $min_timestamp) {
// put summary in lowercase
$cve->summary = strtolower($cve->summary);
$text= strtolower($cve->document->title);
// Log::debug('CVESearch - CVE summary ' . $cve->summary);
foreach ($names as $name) {
// Log::debug('CVESearch - check ' . $name);
if (str_contains($cve->summary, $name)) {
$cve->application = $name;
$cve_match[] = $cve;
if (str_contains($tex, $name)) {
$message .= '<b>' . $cve->application . ' </b> : <b>' . $cve->id . ' </b> - ' . $cve->document->title . '<br>';
$found=true;
}
}
}
*/
}
$message .= '</body></html>';

Log::debug('CVESearch - ' . count($cve_match) . ' match found');

// CPE found ?
// if (true) {
if ((count($cpe_match) > 0) || (count($cve_match) > 0)) {
// Construct message
$message = '<html><body>';
if (count($cpe_match) > 0) {
$message = '<h1>CPE Matching</h1>';
foreach ($cpe_match as $cve) {
$message .= '<b>' . $cve->application . ' </b> : <b>' . $cve->id . ' </b> - ' . $cve->summary . '<br>';
}
}
if (count($cve_match) > 0) {
$message = '<h1>String matching</h1>';
foreach ($cve_match as $cve) {
$message .= '<b>' . $cve->application . ' </b> : <b>' . $cve->id . ' </b> - ' . $cve->summary . '<br>';
}
}
$message .= '</body></html>';

// Log::debug('CVESearch - '. $message);
if ($found) {

// Send mail
$mail = new PHPMailer(true);
Expand All @@ -209,7 +226,8 @@ public function handle()

// Recipients
$mail->setFrom(config('mercator-config.cve.mail-from'));
$mail->addAddress(config('mercator-config.cve.mail-to')); // Add a recipient
foreach(explode(",",$mail_to) as $email)
$mail->addAddress($email);

// Content
$mail->isHTML(true); // Set email format to HTML
Expand Down
3 changes: 2 additions & 1 deletion app/Console/Commands/CertificateExpiracy.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,8 @@ public function handle()

// Recipients
$mail->setFrom(config('mercator-config.cert.mail-from'));
$mail->addAddress(config('mercator-config.cert.mail-to')); // Add a recipient
foreach(explode(",",config('mercator-config.cert.mail-to')) as $email)
$mail->addAddress($email);

// Content
$mail->isHTML(true); // Set email format to HTML
Expand Down
6 changes: 4 additions & 2 deletions app/Http/Controllers/Admin/ConfigurationController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,8 @@ public function saveCertConfig(Request $request)

// Recipients
$mail->setFrom($mail_from);
$mail->addAddress($mail_to); // Add a recipient
foreach(explode(",",$mail_to) as $email)
$mail->addAddress($email);

// Content
$mail->isHTML(true); // Set email format to HTML
Expand Down Expand Up @@ -205,7 +206,8 @@ public function saveCVEConfig(Request $request)

// Recipients
$mail->setFrom($mail_from);
$mail->addAddress($mail_to); // Add a recipient
foreach(explode(",",$mail_to) as $email)
$mail->addAddress($email);

// Content
$mail->isHTML(true); // Set email format to HTML
Expand Down
7 changes: 7 additions & 0 deletions resources/views/admin/certificates/show.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,13 @@
</a>
@endcan

@can('audit_log_show')
<a class="btn btn-secondary" href="{{ route('admin.history',
['type' => 'App\Certificate', 'id' => $certificate->id]) }}">
{{ trans('global.history') }}
</a>
@endcan

@can('certificate_delete')
<form action="{{ route('admin.certificates.destroy', $certificate->id) }}" method="POST" onsubmit="return confirm('{{ trans('global.areYouSure') }}');" style="display: inline-block;">
<input type="hidden" name="_method" value="DELETE">
Expand Down

0 comments on commit daf7b20

Please sign in to comment.