Error in index.py ( builtins.TypeError --- TypeError: 'bool' object is not callable) about cve-search HOT 37 CLOSED

Hi, thank you for sharing this bug :)
Can you please also give us a copy of your configuration file?

from cve-search.

Yes! Many thanks:

cve-search/etc
configuration.ini.sample
https://www.dropbox.com/s/143znuuoyes9f24/configuration.ini.sample?dl=0

cve-search/lib
Config.py
https://www.dropbox.com/s/26vd5y0sca3cbes/Config.py?dl=0

cve-search/lib/pycache
https://www.dropbox.com/s/qo5mdjkn7xvn08a/Config.cpython-34.pyc?dl=0
Config.cpython-34.pyc

from cve-search.

I see you sent the configuration.ini.sample file. Do you not have a configuration.ini file? If not, this would mean you're using the default values from the config.py file. (Just debugging here).
Could you try if you get the same issue using my development branch? It usually runs a fair bit ahead on Wim's, but it's generally less tested. It's just that, I've never seen this happen before, and I'm using the index.py every day, but on my branch.
Thanks :)

from cve-search.

Yes . I have only configuration.ini.sample

Sorry! I did not understand:

I download your Development Branch ( https://github.com/pidgeyl/cve-search ) and install everything again and check if problem there again?

Many many thanks.

from cve-search.

You can run it without installing it again. It will automatically point to the same database. Just keep in mind to shut off the other index.py before running this one

from cve-search.

OK! I'll try! Many thank you very much !

What I caught my attention
is that if I run minimal-web.py everything works OK and correctly.
The problem is when I run index.py !

from cve-search.

Yes, the difference between the two, is that the minimal version does not have the ability for you to log in. And that is where the error occurs in index.py. I remember patching some bug there, a short while ago, so maybe this is also fixed :)

from cve-search.

oh! Same problem :( I try:

python3 index.py 

and same problem.

Thanks.

from cve-search.

that's very strange, because I don't get it, at all... It is after first going to the page, right?

from cve-search.

Yes, right.
With

python3  minimal-web.py

python3 index.py 

from cve-search.

The problem will be caused by python modules using PIP3 ?
How can I verify pip3 install -r requirements.txt
run successfully ?

from cve-search.

you could do a sudo pip3 freeze, and look at all the versions of the packages, if you think the problem might be there

from cve-search.

No, I do not think they are the modules . They are all correct.

Now I do not know what else to try :(

Also thanks for the help and sorry for the inconvenience .

from cve-search.

That's really not an issue :) we want our project to work on default Linux systems, so naturally we would like to resolve this issue as well. The only thing is that we would have to try to recreate it for us to study the bug

from cve-search.

I made installation

Ubuntu 14.04 LTS ( 64-bit )
Kali 2.0 (64 Bits )

And the problem occurs in both

Maybe the problem occurs through the steps / procedures that I perform :
I need a step or am doing something incorrectly / wrong

1. sudo apt-get update
2. sudo apt-get upgrade
3. sudo apt-get install python3
4. sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
5. echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list
6. sudo apt-get update
7. sudo apt-get upgrade
8. sudo apt-get install -y mongodb-org
9. sudo service mongod start
10. sudo apt-get install redis-server
11. sudo apt-get install python3-pip
12. sudo pip3 install -r requirements.txt
13. git clone https://github.com/PidgeyL/cve-search.git
14. pyhton3 db_mgmt.py -p
15. pyhton3 db_mgmt_cpe_dictionary.py
16. pyhton3 db_updater.py -c
17. pyhton3 index.py
18. ERROR

Thanks!

from cve-search.

Apart from the fact that I install mongo from the repo directly (Ubuntu), there is no difference. I will try a fresh install to replicate the problem. So far, I still was not able to reproduce the problem

from cve-search.

How to dump in CSV?

Hello!
I use the command db_dump.py

but I want to dump database in CSV or other formats, not JSON

This is possible?

The command search.py -o csv export in CSV, but not db_dump.py

Thank you.

from cve-search.

I could add a CSV export in the db_dump but as the format is quite rich (dictionary with array of data), it could be quite tricky to express all in CSV.

Another option is to use jq to parse the JSON and extract the fields you want for your CSV export.

from cve-search.

OK! Thank you!
I want to convert JSON to CSV and failed.
For example I use Json Validator ( json files) - http://codebeautify.org/jsonvalidate - and gives me error

How complicated is the use jq to parse JSON and extract the fields i want for CSV. ?

from cve-search.

Last question:

I want to dump but only 30 days (one month) ago, and only critical vulnerabilities - CVSS Scoring 7 or more
How can I do?

I have not found a command to do :(

Thank you!

from cve-search.

You can do it with db_dump and a jq filter:

python3 db_dump.py | jq "select (.cvss >=10) | ."

I hope this helps.

from cve-search.

Oh! Many many Thanks! Works perfects! python3 db_dump.py | jq "select (.cvss >=7) | ."

And.. how can i do only 30 days ago or last month or a specific day?

I try python3 db_dump.py | jq "select (.cvss >=7) | (.Published >=2015-09) | ." but not work.

from cve-search.

@sugusrojo "Good" news, I was able to recreate the error, using your steps. Time to fix the bug :) The strange thing, however, is that that code never changed, and a print of the object shows it has the right object type, so I have no clue what's going on. It'll take a while to figure this one out...

from cve-search.

@PidgeyL Many many Thanks! 👍

from cve-search.

I got it working (not committed yet). @sugusrojo and @adulau, could you both please do a pip3 freeze | grep -i flask? I'm thinking it might be a version difference. I have:
Flask==0.10.1
Flask-Login==0.3.1
Flask-PyMongo==0.3.1

from cve-search.

@PidgeyL

XXXX@ubuntu:~/cve-search/bin$  pip3 freeze | grep -i flask
Flask==0.10.1
Flask-Login==0.3.0
Flask-PyMongo==0.3.1 

from cve-search.

My work-pc, where the current version works, has the following packages:

Flask==0.10.1
Flask-Login==0.2.11
Flask-PyMongo==0.3.1

which probably confirms my suspicions of it being an update of Flask (login, in this case).
@adulau: What do we do? Do we set to use the old version of flask, or do we update the code? It seems to me, that the update of Flask is a very odd decision (basically, the current_user.is_authenticated() doesn't work anymore. current_user.is_authenticated has to be used instead). This, to me, looks like a bug though, it does not make sense to me to remove the function, and instead have it as a variable only.

@sugusrojo: What could be a temporary solution for you, would be to downgrade Flask-Login to 0.2.11 (a known good version). Once we decided on how we will solve this issue, we will update our code to make sure this works out of the box :)

from cve-search.

There is a recommendation about version pinning there maxcountryman/flask-login#230 from the author himself of Flask-Login. It seems very awkward to me.

from cve-search.

so what should we do? upgrade to the newer Flask? I already did this at home (not committed yet), and it's just changing 3 files (from what I've seen), something like 7 occurrences. Not a lot of work, but something we should decide on. Or we can make it work with both versions, if we do a version check at the beginning, but that seems overkill to me. Maybe best work with the latest version of Flask-Login?

from cve-search.

Thanks @adulau !
Sorry for the Question.. i am newbie in Linux :(
but.. how downgrade Flask-Login?

from cve-search.

I updated the requirements.txt file in the following way:

Flask-Login<=0.2.11

Then you can uninstall Flask-Login

sudo pip3 uninstall Flask-Login

And finally you reinstall all the requirements

sudo pip3 install -r requirements.txt --upgrade

from cve-search.

Many thanks @adulau and @PidgeyL
Work for me :) 👍
Sorry for my bad english, But again, thank you very much for all the work .

from cve-search.

Thanks for the fix. Is there another issue or item to track support for Flask-Login > 0.2.11?

from cve-search.

The flask developers themselves said not to upgrade to the newer version. We will keep an eye on the development, but for now, we will keep the version of 0.2.11

from cve-search.

The latest Ubuntu release has Flask-Login 0.4.0 now in its repositories. It's a shame to have to downgrade via pip before running cve-search :(

Should we open a dedicated ticket for this now?

from cve-search.

Sure. Thank you.

from cve-search.

Ok, done in #294.

from cve-search.