Add bulk CPE lookup support

SpiderLabs · Oct 16, 2015 · dba7d3d · dba7d3d
1 parent b75d296
commit dba7d3d
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 3 deletions.
diff --git a/.gitignore b/.gitignore
@@ -7,3 +7,4 @@ log/*
 tmp/*
 !tmp/.gitkeep
 coverage
+config/database.yml
diff --git a/lib/cve_server/app.rb b/lib/cve_server/app.rb
@@ -22,10 +22,16 @@ class App < Sinatra::Base
       end
     end
 
-    get '/v1/cpe/:cpe' do |cpe|
-      bad_request unless valid_cpe?(cpe)
+    get '/v1/cpe/:cpes' do |cpes|
+      # Multiple cpes were included
+      if cpes.include?(",")
+        bad_request unless valid_cpes?(cpes)
+        @cves = CVEServer::Cve.all_cpes_equal(cpes.downcase)
+      else
+        bad_request unless valid_cpe?(cpes)
+        @cves = CVEServer::Cve.all_cpe_equal(cpes.downcase)
+      end
 
-      @cves = CVEServer::Cve.all_cpe_equal(cpe.downcase)
       if @cves.count > 0
         json_resp @cves
       else

diff --git a/lib/cve_server/cve.rb b/lib/cve_server/cve.rb
@@ -18,6 +18,12 @@ def self.all_cpe_equal(cpe)
       end.uniq.sort
     end
 
+    def self.all_cpes_equal(cpes)
+      cpes.split(",").collect do |cpe|
+        self.all_cpe_equal(cpe)
+      end.flatten.uniq.sort
+    end
+
     def self.reduce_cpes
       map_reduce(mapper, reducer, map_reducer_opts).count
     end

diff --git a/lib/cve_server/helper.rb b/lib/cve_server/helper.rb
@@ -10,5 +10,10 @@ def valid_cve?(cve)
     def valid_cpe?(cpe)
       cpe.match(/^[a-z0-9_\%\~\.\-\:]+$/i)
     end
+
+    def valid_cpes?(cpes)
+      cpes.split(",").all? { |cpe| valid_cpe?(cpe) }
+    end
+
   end
 end