search

synfinner / KEVin

The missing API for the CISA Known Exploited Vulnerabilities Catalog. This repository contains the source running at kevin.gtfkd.com
https://kevin.gtfkd.com/
7 stars 0 forks source link

Error in sanitization logic for retrieving CVEs #179

Closed synfinner closed 3 months ago

synfinner commented 3 months ago

in api.py, the logic for retrieving data is as follows: 

cache_key_func = partial(self.make_cache_key, cve_id=cve_id)
cached_data = cache.get(cache_key_func())
if cached_data:
    return self.make_json_response(cached_data)
sanitized_cve_id = sanitize_query(cve_id)

As can be seen, the submitted CVE is being sanitized after being processed/checked in the cache.

Easy fix is to sanitize first: 

        sanitized_cve_id = sanitize_query(cve_id)
        if sanitized_cve_id is None:
            return self.handle_error("Invalid CVE ID", 400)
        # Use partial to create a new function that includes the cve_id in the key prefix
        cache_key_func = partial(self.make_cache_key, cve_id=sanitized_cve_id)
        cached_data = cache.get(cache_key_func())
        if cached_data:
            return self.make_json_response(cached_data)
        vulnerability = all_vulns_collection.find_one({"_id": sanitized_cve_id})
        if not vulnerability:
            return self.handle_error("Vulnerability not found")
        data = serialize_all_vulnerability(vulnerability)
        cache.set(cache_key_func(), data)  # Manually caching the data
        return self.make_json_response(data)
synfinner commented 3 months ago

Fix implemented and merged into main. closing.