Skip to content
/ CVE_Backend Public

It finds CVE vulnerability and provides corresponding status with patch link for all packages and kernel

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

chandra-pro/CVE_Backend

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
cli
cli
 
 
hmi
hmi
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
config.json
config.json
 
 

Repository files navigation

  • To Install Docker Engine on Ubuntu
sudo apt-get install docker-ce docker-ce-cli containerd.io
  • Verify that Docker Engine is installed correctly by running the hello-world image.
sudo docker run hello-world
  • Post-installation steps for Linux
  • To create the docker group and add your user:
  1. Create the docker group.
sudo groupadd docker
  1. Add your user to the docker group.
sudo usermod -aG docker $USER
  1. To activate the changes to groups.
newgrp docker
  1. Verify that you can run docker commands without sudo.
docker run hello-world

Note: If user is not added to the docker group then sudo access is required to run the project .

CVE Scanner

Follow following steps to setup the system.

  • Clone the repository.
git clone ssh://git@stash.alm.mentorg.com:7999/cvec/cve-checker-tool-4.0.git --branch CVE-4.0
  • Change to the cloned directory.
cd cve-checker-tool-4.0
  • Build docker image.
docker build -t 'cve_4.0_latest' .
  • It will take approximately 30 minutes to build the docker image

  • Note : Go to directory where cve-checker-tool-4.0 folder is there

  • Create file make_container.sh to make a docker container.

docker run \
 --volume="<PATH TO cve-checker-tool-4.0>:/cve-checker-tool-4.0" \
 --volume="<PATH TO mount for uploads and downloads>:/PATH TO mount for uploads and downloads" \
 --name cve_4.0_development \
 -p 8856:8856 \
 -p 8857:8857 \
 -p 8858:8858 \
 -it <image_id> \
 /bin/bash
  • Example
docker run \
--volume="/scratch/TempCheckout/cve-checker-tool-4.0/:/cve-checker-tool-4.0" \
--volume="/scratch1/folder:/scratch1/folder" \
--name development \
-p 8857:8857 \
-p 8856:8856 \
-p 8868:8858 \
-it 'cve_4.0_latest' \
/bin/bash
  • image_id can be listed by using docker images command.
  • sample of image-id - 12e076ef2348
  • You can choose any one port to map.
  • This make_container.sh will start the docker container.
  • Run make_container.sh
./make_container.sh
  • Some useful docker commands.
docker start <container_name> #To start the container.
docker stop <container_name> #To stop the running container.
docker attach <container_name> #To attach the started container.

NOTE : You will be on the docker prompt after running make_container.sh

-In order to run your commands inside a running container use:

docker exec -it <container_id> /bin/bash
  • To get container id use docker ps -a

Server

  • Go inside Server directory
cd /cve-checker-tool-4.0/cli/Server

Follow following steps to create & update the database. Have to run it once to just create the database and can be update the databse whenever required by running update_database.py

  • To set the working dir,upload dir and download dir path
python3 pathset.py -v1 <path/to >/download_dir -v2 <path/to >/upload_dir -v3 <path/to >/working_dir

NOTE : All these paths should be inside additional path directory which is mounted during running container

  • Example
python3 pathset.py -v1 /scratch1/folder/download_dir -v2 /scratch1/folder/upload_dir -v3 /scratch1/folder/working_dir
  • To create v2.0 Database:
Add 'NVDDatabase_v2.0.db' (database name) in 'settings.py' file
Run 'setup_v2.0.sh' (./setup_v2.0.sh)
  • To update v2.0 Database:
Add 'NVDDatabase_v2.0.db' (database name) in 'settings.py' file
Run 'update_v2.0.sh' (./update_v2.0.sh)

Confiure CRON Job

  • Go inside Server directory and open cron tab
cd /cve-checker-tool-4.0/cli/Server
crontab -e
* * * * * /usr/bin/python3 /cve-checker-tool-4.0/cli/Server/manage.py runcrons
  • Add the following line to schedule the cron job to run every 12 hour
* * * * * /usr/bin/python3 /cve-checker-tool-4.0/cli/Server/manage.py runcrons

-Run the cron command to check manually

/usr/bin/python3 /cve-checker-tool-4.0/cli/Server/manage.py runcrons

-Start the cron

cd /cve-checker-tool-4.0/cli/Server
sudo service cron start

Client

If you want to run the tool through CLI then follow the steps belows:-

  • Go inside Client directory
cd /cve-checker-tool-4.0/cli/Client
  • To set the working dir,upload dir and download dir path
python3 pathset.py -v1 <path/to >/download_dir -v2 <path/to >/upload_dir -v3 <path/to >/working_dir

NOTE : All these paths should be inside additional path directory which is mounted during running container

  • Example
python3 pathset.py -v1 scratch1/folder/download_dir -v2 scratch1/folder/upload_dir -v3 scratch1/folder/working_dir

  • To run the Client

  • Go inside Client directory

cd /cve-checker-tool-4.0/cli/Client
python3 manage.py makemigrations
python3 manage.py migrate

Follow following steps to gnerate report based on manifest.

  • To search CVE through manifest:
python3 cve_search_manifest.py -m "manifest_file_name in sample_manfest_files"
  • To search CVE through package name and version:
python3 cve_search_manifest.py -p "package_name" -v "version_number"

PKCT

If you want to run the tool through CLI then follow the steps belows:-

  • Go inside Client directory
cd /cve-checker-tool-4.0/cli/Client

  • To run the pkct

cd /cve-checker-tool-4.0/cli/Client
python3 manage.py makemigrations
python3 manage.py migrate

Follow following steps to gnerate report based on manifest.

  • To check patch verification through manifest:
python3 pkct_main.py  -gk "user kernel repo link" -gb "user kernel branch name" -dk "dot kernel folder name" -db "dot kernel stable branch name" -m "manifest_file_name in sample_manfest_files"
  • To check patch verification through package name and version:
python3 pkct_main.py -gk "user kernel repo link" -gb "user kernel branch name" -dk "dotkernel" -ub master -build "BuildFileName in Client directory" -db "dot kernel stable branch name" -p "package_name" -v "version_number"
  • Example
python3 pkct_main.py -gk ssh://git@stash.alm.mentorg.com:7999/socsamexv9/automotive_ahh3_v9_kernel.git -gb mentor/cl45_FC-231026 -dk dotkernel_stable -ub master -build BuildFile-CL45.txt -db v5.15.165 -p kernel -v 5.15.74

HMI

Running the tool through HMI or user interfaces:-

  • Edit the settings.py file
cd /cve-checker-tool-4.0/hmi/CVEHMI/CVEHMI
vi settings.py
Add your 'IP' in the allowed host
Add frontend 'BASE_URL'(URL on which frontend is deployed including the port number.) in the cors allowed host

  • To get your IP address use hostname -I

  • To create Database

1. cd /cve-checker-tool-4.0/hmi/CVEHMI
2. python3 manage.py makemigrations
3. python3 manage.py migrate
  • To create media directory
1- cd /cve-checker-tool-4.0/hmi/CVEHMI/hmiapp
2- mkdir media
  • To run the Server
python3 manage.py runserver 0.0.0.0:port_number (Use 8856 or 8857 as port_number)

About

It finds CVE vulnerability and provides corresponding status with patch link for all packages and kernel

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages