Merge pull request #10 from cosad3s/main

Add Docker & Docker-compose + external configuration
This commit is contained in:
Alexandre Dulaunoy 2023-07-27 09:37:30 +02:00 committed by GitHub
commit 3a487c078a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 104 additions and 11 deletions

18
Dockerfile Normal file
View file

@ -0,0 +1,18 @@
# syntax=docker/dockerfile:1
FROM python:3.8-slim-buster
WORKDIR /app
COPY REQUIREMENTS REQUIREMENTS
RUN pip3 install -r REQUIREMENTS
COPY bin bin
COPY etc /etc
COPY lib lib
COPY docker/entrypoint.sh entrypoint.sh
RUN mkdir /app/config
RUN chmod u+x entrypoint.sh
ENTRYPOINT ["/app/entrypoint.sh"]

View file

@ -10,19 +10,46 @@ be used against [cve-search](https://github.com/cve-search/cve-search) to do act
## Usage
To use CPE guesser, you have to initialise the Redis database with `import.py`. Then you can use
the software with `lookup.py` to find the most probable CPE matching the keywords provided.
To use CPE guesser, you have to initialise the Redis database with `import.py`.
Then you can use the software with `lookup.py` to find the most probable CPE matching the keywords provided.
Or by calling the Web server (After running `server.py`), example: `curl -s -X POST http://localhost:8000/search -d "{\"query\": [\"tomcat\"]}" | jq .`
### Installation
- `git clone https://github.com/cve-search/cpe-guesser.git`
- `cd cpe-guesser/bin`
- Download the CPE dictionary & populate the database with `python3 ./import.py`.
- Take a cup of black or green tea.
- Take a cup of black or green tea ().
- `python3 cpe-guesser/bin/server.py` to run the local HTTP server.
If you don't want to install it locally, there is a public online version. Check below.
### Docker
#### Single image with existing Redis
```bash
docker build . -t cpe-guesser:l.0
# Edit settings.yaml content and/or path
docker run cpe-guesser:l.0 -v $(pwd)/config/settings.yaml:/app/config/settings.yaml
# Please wait for full import
```
#### Docker-compose
```bash
cd docker
# Edit docker/settings.yaml as you want
docker-compose up --build -d
# Please wait for full import
```
#### Specific usage
If you do not want to use the Web server, `lookup.py` can still be used. Example: `docker exec -it cpe-guesser python3 /app/bin/lookup.py tomcat`
## Public online version
[cpe-guesser.cve-search.org](https://cpe-guesser.cve-search.org) is public online version of CPE guesser which can be used via

View file

@ -1,2 +1,3 @@
redis
falcon
dynaconf

View file

@ -10,14 +10,15 @@ import shutil
import xml.sax
import redis
import time
from dynaconf import Dynaconf
# Configuration
cpe_path = '../data/official-cpe-dictionary_v2.3.xml'
cpe_source = (
'https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz'
settings = Dynaconf(
settings_files=['../config/settings.yaml']
)
rdb = redis.Redis(host='127.0.0.1', port=6379, db=8)
cpe_path = settings.cpe.path
cpe_source = (settings.cpe.source)
rdb = redis.Redis(host=settings.redis.host, port=settings.redis.port, db=8)
class CPEHandler(xml.sax.ContentHandler):
def __init__(self):
@ -127,7 +128,7 @@ if __name__ == '__main__':
if args.replace == 0 and rdb.dbsize() > 0 and not args.update:
print(f"Warning! The Redis database already has {rdb.dbsize()} keys.")
print("Use --replace if you want to flush the database and repopulate it.")
sys.exit(1)
sys.exit(0)
if args.download > 0 or not os.path.isfile(cpe_path):
print(f"Downloading CPE data from {cpe_source} ...")

View file

@ -6,9 +6,13 @@ import sys
import falcon
from wsgiref.simple_server import make_server
import json
from dynaconf import Dynaconf
# Configuration
port = 8000
settings = Dynaconf(
settings_files=['../config/settings.yaml']
)
port = settings.server.port
runPath = os.path.dirname(os.path.realpath(__file__))
sys.path.append(os.path.join(runPath, ".."))

8
config/settings.yaml Normal file
View file

@ -0,0 +1,8 @@
server:
port: 8000
redis:
host: 127.0.0.1
port: 6379
cpe:
path: '../data/official-cpe-dictionary_v2.3.xml'
source: 'https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz'

16
docker/docker-compose.yml Normal file
View file

@ -0,0 +1,16 @@
version: "3"
services:
server:
container_name: cpe-guesser
image: cpe-guesser:1.0
build: ..
volumes:
- ../data/:/data/:rw
- ./settings.yaml:/app/config/settings.yaml
ports:
- 8000:8000
depends_on:
- redis
redis:
container_name: cpe-guesser-db
image: "redis:alpine"

5
docker/entrypoint.sh Normal file
View file

@ -0,0 +1,5 @@
#!/bin/bash
set -e
python3 -u /app/bin/import.py
python3 -u /app/bin/server.py

8
docker/settings.yaml Normal file
View file

@ -0,0 +1,8 @@
server:
port: 8000
redis:
host: redis
port: 6379
cpe:
path: '/data/official-cpe-dictionary_v2.3.xml'
source: 'https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz'

View file

@ -2,11 +2,16 @@
# -*- coding: utf-8 -*-
import redis
from dynaconf import Dynaconf
# Configuration
settings = Dynaconf(
settings_files=['../config/settings.yaml']
)
class CPEGuesser:
def __init__(self):
self.rdb = redis.Redis(host='127.0.0.1', port=6379, db=8, decode_responses=True)
self.rdb = redis.Redis(host=settings.redis.host, port=settings.redis.port, db=8, decode_responses=True)
def guessCpe(self, words):
k = []