search

PidgeyL / cve-search

cve-search is a tool to import CVE (Common Vulnerabilities and Exposures) and CPE (Common Platform Enumeration) into a MongoDB to facilitate search and processing of CVEs.
http://adulau.github.com/cve-search/
Other
24 stars 4 forks source link

Traceback on some CVEs #108

Closed lvets closed 9 years ago

lvets commented 9 years ago

Hello,

I've installed cve-search, updated using "python3 ./db_updater.py -c -i -v" and I sometimes get the below error message in the web interface now.

For instance opening CVE-2015-4498 gives:

Traceback (most recent call last):
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1836, in __call__
    return self.wsgi_app(environ, start_response)
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1820, in wsgi_app
    response = self.make_response(self.handle_exception(e))
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1403, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python3.4/dist-packages/flask/_compat.py", line 33, in reraise
    raise value
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1817, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1477, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1381, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python3.4/dist-packages/flask/_compat.py", line 33, in reraise
    raise value
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1475, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1461, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/home/laurens/Source/cve-search/web/index.py", line 426, in cve
    cve = cvesp.getcve(cveid=cveid)
  File "/home/laurens/Source/cve-search/lib/CVEs.py", line 104, in getcve
    vulconf.append({'id': conf, 'title': self.getcpe(cpeid=conf)})
  File "/home/laurens/Source/cve-search/lib/CVEs.py", line 70, in getcpe
    e = db.getCPE(cpeid)
  File "/home/laurens/Source/cve-search/lib/DatabaseLayer.py", line 70, in getCPE
    return sanitize(colCPE.find_one({"id": id}))
  File "/home/laurens/Source/cve-search/lib/DatabaseLayer.py", line 32, in sanitize
    if "_id" in x: x.pop("_id")
TypeError: argument of type 'NoneType' is not iterable

Same for CVE-2015-5433:

Traceback (most recent call last):
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1836, in __call__
    return self.wsgi_app(environ, start_response)
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1820, in wsgi_app
    response = self.make_response(self.handle_exception(e))
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1403, in handle_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python3.4/dist-packages/flask/_compat.py", line 33, in reraise
    raise value
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1817, in wsgi_app
    response = self.full_dispatch_request()
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1477, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1381, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/usr/local/lib/python3.4/dist-packages/flask/_compat.py", line 33, in reraise
    raise value
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1475, in full_dispatch_request
    rv = self.dispatch_request()
  File "/usr/local/lib/python3.4/dist-packages/flask/app.py", line 1461, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/home/laurens/Source/cve-search/web/index.py", line 426, in cve
    cve = cvesp.getcve(cveid=cveid)
  File "/home/laurens/Source/cve-search/lib/CVEs.py", line 104, in getcve
    vulconf.append({'id': conf, 'title': self.getcpe(cpeid=conf)})
  File "/home/laurens/Source/cve-search/lib/CVEs.py", line 70, in getcpe
    e = db.getCPE(cpeid)
  File "/home/laurens/Source/cve-search/lib/DatabaseLayer.py", line 70, in getCPE
    return sanitize(colCPE.find_one({"id": id}))
  File "/home/laurens/Source/cve-search/lib/DatabaseLayer.py", line 32, in sanitize
    if "_id" in x: x.pop("_id")
TypeError: argument of type 'NoneType' is not iterable

Other CVEs work and I can't immediately see a difference between the 2...

PidgeyL commented 9 years ago

Thank you for noticing this. We are currently in the progress of moving the database related code in a different layer, so this might be the source of the problem. I will take a look at it, and keep you up to date. I think I already know where the problem is. I will test it tomorrow

PidgeyL commented 9 years ago

This issue should be solved with the last commit. Let me know if you find any other bugs. Thanks for reporting this one!

lvets commented 9 years ago

I think you made a typo in "db_mgmt.py" around line 225 :) it says "dbLayerr" instead of "dbLayer" which makes the script fail. Should I open a new bug for that?

PidgeyL commented 9 years ago

No need, I'll fix the typo (thanks again btw), and upload it again

lvets commented 9 years ago

No problem, thanks! :)