Comments (37)
Hi, thank you for sharing this bug :)
Can you please also give us a copy of your configuration file?
from cve-search.
Yes! Many thanks:
cve-search/etc
configuration.ini.sample
https://www.dropbox.com/s/143znuuoyes9f24/configuration.ini.sample?dl=0
cve-search/lib
Config.py
https://www.dropbox.com/s/26vd5y0sca3cbes/Config.py?dl=0
cve-search/lib/pycache
https://www.dropbox.com/s/qo5mdjkn7xvn08a/Config.cpython-34.pyc?dl=0
Config.cpython-34.pyc
from cve-search.
I see you sent the configuration.ini.sample file. Do you not have a configuration.ini file? If not, this would mean you're using the default values from the config.py file. (Just debugging here).
Could you try if you get the same issue using my development branch? It usually runs a fair bit ahead on Wim's, but it's generally less tested. It's just that, I've never seen this happen before, and I'm using the index.py every day, but on my branch.
Thanks :)
from cve-search.
Yes . I have only configuration.ini.sample
Sorry! I did not understand:
I download your Development Branch ( https://github.com/pidgeyl/cve-search ) and install everything again and check if problem there again?
Many many thanks.
from cve-search.
You can run it without installing it again. It will automatically point to the same database. Just keep in mind to shut off the other index.py before running this one
from cve-search.
OK! I'll try! Many thank you very much !
What I caught my attention
is that if I run minimal-web.py everything works OK and correctly.
The problem is when I run index.py !
from cve-search.
Yes, the difference between the two, is that the minimal version does not have the ability for you to log in. And that is where the error occurs in index.py. I remember patching some bug there, a short while ago, so maybe this is also fixed :)
from cve-search.
oh! Same problem :( I try:
python3 index.py
and same problem.
Thanks.
from cve-search.
that's very strange, because I don't get it, at all... It is after first going to the page, right?
from cve-search.
Yes, right.
With
python3 minimal-web.py
python3 index.py
from cve-search.
The problem will be caused by python modules using PIP3 ?
How can I verify pip3 install -r requirements.txt
run successfully ?
from cve-search.
you could do a sudo pip3 freeze, and look at all the versions of the packages, if you think the problem might be there
from cve-search.
No, I do not think they are the modules . They are all correct.
Now I do not know what else to try :(
Also thanks for the help and sorry for the inconvenience .
from cve-search.
That's really not an issue :) we want our project to work on default Linux systems, so naturally we would like to resolve this issue as well. The only thing is that we would have to try to recreate it for us to study the bug
from cve-search.
I made installation
Ubuntu 14.04 LTS ( 64-bit )
Kali 2.0 (64 Bits )
And the problem occurs in both
Maybe the problem occurs through the steps / procedures that I perform :
I need a step or am doing something incorrectly / wrong
- sudo apt-get update
- sudo apt-get upgrade
- sudo apt-get install python3
- sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
- echo "deb http://repo.mongodb.org/apt/ubuntu trusty/mongodb-org/3.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.0.list
- sudo apt-get update
- sudo apt-get upgrade
- sudo apt-get install -y mongodb-org
- sudo service mongod start
- sudo apt-get install redis-server
- sudo apt-get install python3-pip
- sudo pip3 install -r requirements.txt
- git clone https://github.com/PidgeyL/cve-search.git
- pyhton3 db_mgmt.py -p
- pyhton3 db_mgmt_cpe_dictionary.py
- pyhton3 db_updater.py -c
- pyhton3 index.py
- ERROR
Thanks!
from cve-search.
Apart from the fact that I install mongo from the repo directly (Ubuntu), there is no difference. I will try a fresh install to replicate the problem. So far, I still was not able to reproduce the problem
from cve-search.
How to dump in CSV?
Hello!
I use the command db_dump.py
but I want to dump database in CSV or other formats, not JSON
This is possible?
The command search.py -o csv
export in CSV, but not db_dump.py
Thank you.
from cve-search.
I could add a CSV export in the db_dump but as the format is quite rich (dictionary with array of data), it could be quite tricky to express all in CSV.
Another option is to use jq to parse the JSON and extract the fields you want for your CSV export.
from cve-search.
OK! Thank you!
I want to convert JSON to CSV and failed.
For example I use Json Validator ( json files) - http://codebeautify.org/jsonvalidate - and gives me error
How complicated is the use jq to parse JSON and extract the fields i want for CSV. ?
from cve-search.
Last question:
I want to dump but only 30 days (one month) ago, and only critical vulnerabilities - CVSS Scoring 7 or more
How can I do?
I have not found a command to do :(
Thank you!
from cve-search.
You can do it with db_dump and a jq filter:
python3 db_dump.py | jq "select (.cvss >=10) | ."
I hope this helps.
from cve-search.
Oh! Many many Thanks! Works perfects! python3 db_dump.py | jq "select (.cvss >=7) | ."
And.. how can i do only 30 days ago or last month or a specific day?
I try python3 db_dump.py | jq "select (.cvss >=7) | (.Published >=2015-09) | ."
but not work.
from cve-search.
@sugusrojo "Good" news, I was able to recreate the error, using your steps. Time to fix the bug :) The strange thing, however, is that that code never changed, and a print of the object shows it has the right object type, so I have no clue what's going on. It'll take a while to figure this one out...
from cve-search.
@PidgeyL Many many Thanks! 👍
from cve-search.
I got it working (not committed yet). @sugusrojo and @adulau, could you both please do a pip3 freeze | grep -i flask? I'm thinking it might be a version difference. I have:
Flask==0.10.1
Flask-Login==0.3.1
Flask-PyMongo==0.3.1
from cve-search.
XXXX@ubuntu:~/cve-search/bin$ pip3 freeze | grep -i flask
Flask==0.10.1
Flask-Login==0.3.0
Flask-PyMongo==0.3.1
from cve-search.
My work-pc, where the current version works, has the following packages:
Flask==0.10.1
Flask-Login==0.2.11
Flask-PyMongo==0.3.1
which probably confirms my suspicions of it being an update of Flask (login, in this case).
@adulau: What do we do? Do we set to use the old version of flask, or do we update the code? It seems to me, that the update of Flask is a very odd decision (basically, the current_user.is_authenticated()
doesn't work anymore. current_user.is_authenticated
has to be used instead). This, to me, looks like a bug though, it does not make sense to me to remove the function, and instead have it as a variable only.
@sugusrojo: What could be a temporary solution for you, would be to downgrade Flask-Login to 0.2.11 (a known good version). Once we decided on how we will solve this issue, we will update our code to make sure this works out of the box :)
from cve-search.
There is a recommendation about version pinning there maxcountryman/flask-login#230 from the author himself of Flask-Login. It seems very awkward to me.
from cve-search.
so what should we do? upgrade to the newer Flask? I already did this at home (not committed yet), and it's just changing 3 files (from what I've seen), something like 7 occurrences. Not a lot of work, but something we should decide on. Or we can make it work with both versions, if we do a version check at the beginning, but that seems overkill to me. Maybe best work with the latest version of Flask-Login?
from cve-search.
Thanks @adulau !
Sorry for the Question.. i am newbie in Linux :(
but.. how downgrade Flask-Login?
from cve-search.
I updated the requirements.txt file in the following way:
Flask-Login<=0.2.11
Then you can uninstall Flask-Login
sudo pip3 uninstall Flask-Login
And finally you reinstall all the requirements
sudo pip3 install -r requirements.txt --upgrade
from cve-search.
Many thanks @adulau and @PidgeyL
Work for me :) 👍
Sorry for my bad english, But again, thank you very much for all the work .
from cve-search.
Thanks for the fix. Is there another issue or item to track support for Flask-Login > 0.2.11?
from cve-search.
The flask developers themselves said not to upgrade to the newer version. We will keep an eye on the development, but for now, we will keep the version of 0.2.11
from cve-search.
The latest Ubuntu release has Flask-Login 0.4.0 now in its repositories. It's a shame to have to downgrade via pip before running cve-search :(
Should we open a dedicated ticket for this now?
from cve-search.
Sure. Thank you.
from cve-search.
Ok, done in #294.
from cve-search.
Related Issues (20)
- Download issues with db_mgmt_json.py HOT 5
- ModuleNotFoundError: No module named 'sqlalchemy' - db_updater.py -v HOT 3
- Tailored the New Vulnerabilities CVE only with list of Assets HOT 1
- CPE population fails with urllib3 1.x (stable version on Ubuntu 22.04 LTS) HOT 4
- New releases? HOT 16
- Update MongoDB in documentation HOT 1
- CPE parsing problem
- CVE-Search lifespan / roadmap HOT 1
- add plugins (steps) HOT 1
- New bug when Populating the database HOT 3
- Running as a service (version 5.0.2 HOT 2
- cve-search database doesn't populate even after forcing and dropping everything HOT 2
- Proxy setting not passed to CveXplore
- CVE and CPE Imports and Updates fail HOT 2
- Check for missed CVE's HOT 5
- Unable to create user accounts with db_mgmt_admin.py HOT 9
- CVE search for "curl:curl:8.6.0" does not return CVE-2024-2004 HOT 1
- ERROR: Could not find a version that satisfies the requirement cvexplore==0.3.30 HOT 1
- AttributeError: module 'lib' has no attribute 'X509_V_FLAG_NOTIFY_POLICY'. Did you mean: 'X509_V_FLAG_EXPLICIT_POLICY'? HOT 12
- Unable to connect to mongodb with user/password
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cve-search.