Fix bug in EoLD DB build and fix a test case

ra1nb0rn · Aug 7, 2024 · b310897 · b310897
1 parent 09fa4be
commit b310897
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/tests/test_exploit_completeness.py b/tests/test_exploit_completeness.py
@@ -14,7 +14,7 @@ def test_search_wp_572(self):
         self.maxDiff = None
         query = 'cpe:2.3:a:wordpress:wordpress:5.7.2:*:*:*:*:*:*:*'
         result = search_vulns.search_vulns(query=query, add_other_exploit_refs=True, is_good_cpe=True)
-        expected_exploits = ['https://www.exploit-db.com/exploits/50663', 'http://packetstormsecurity.com/files/165540/WordPress-Core-5.8.2-SQL-Injection.html', 'https://github.com/0x4E0x650x6F/Wordpress-cve-CVE-2022-21661', 'https://github.com/safe3s/CVE-2022-21661', 'https://github.com/TAPESH-TEAM/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection', 'https://github.com/WellingtonEspindula/SSI-CVE-2022-21661', 'https://github.com/daniel616/CVE-2022-21661-Demo', 'https://github.com/purple-WL/wordpress-CVE-2022-21661', 'https://github.com/sealldeveloper/CVE-2022-21661-PoC', 'https://github.com/z92g/CVE-2022-21661', 'https://www.exploit-db.com/exploits/38936', 'http://www.securityfocus.com/bid/64587', 'https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/', 'http://plugins.trac.wordpress.org/changeset/490070/my-calendar', 'http://plugins.trac.wordpress.org/changeset/435356/scormcloud', 'https://blog.sonarsource.com/wordpress-object-injection-vulnerability/', 'http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807', 'https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/', 'https://github.com/hxlxmjxbbxs/CVE-2022-3590-WordPress-Vulnerability-Scanner', 'https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/', 'https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve', 'https://github.com/guestzz/CVE-2022-21661', 'https://github.com/pog007/CVE-2023-5561-PoC', 'https://github.com/p4ncontomat3/CVE-2022-21661', 'https://github.com/CharonDefalt/WordPress--CVE-2022-21661']
+        expected_exploits = ['https://www.exploit-db.com/exploits/50663', 'http://packetstormsecurity.com/files/165540/WordPress-Core-5.8.2-SQL-Injection.html', 'https://github.com/0x4E0x650x6F/Wordpress-cve-CVE-2022-21661', 'https://github.com/safe3s/CVE-2022-21661', 'https://github.com/TAPESH-TEAM/CVE-2022-21661-WordPress-Core-5.8.2-WP_Query-SQL-Injection', 'https://github.com/WellingtonEspindula/SSI-CVE-2022-21661', 'https://github.com/daniel616/CVE-2022-21661-Demo', 'https://github.com/purple-WL/wordpress-CVE-2022-21661', 'https://github.com/sealldeveloper/CVE-2022-21661-PoC', 'https://github.com/z92g/CVE-2022-21661', 'https://www.exploit-db.com/exploits/38936', 'http://www.securityfocus.com/bid/64587', 'https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/', 'http://plugins.trac.wordpress.org/changeset/490070/my-calendar', 'http://plugins.trac.wordpress.org/changeset/435356/scormcloud', 'https://blog.sonarsource.com/wordpress-object-injection-vulnerability/', 'http://plugins.trac.wordpress.org/changeset?old_path=%2Fbad-behavior&old=543807&new_path=%2Fbad-behavior&new=543807', 'https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/', 'https://github.com/hxlxmjxbbxs/CVE-2022-3590-WordPress-Vulnerability-Scanner', 'https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-wordpress-6-3-2/', 'https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve', 'https://github.com/guestzz/CVE-2022-21661', 'https://github.com/pog007/CVE-2023-5561-PoC', 'https://github.com/p4ncontomat3/CVE-2022-21661', 'https://github.com/CharonDefalt/WordPress--CVE-2022-21661', 'https://github.com/michael-david-fry/CVE-2023-22622']
         result_exploits = []
         for cve in result[query]['vulns']:
             data = result[query]['vulns'].get(cve)

diff --git a/updater.py b/updater.py
@@ -441,7 +441,7 @@ def parse_eold_product_releases(release_info_raw):
     # parse manually instead of using a third-party YAML parser
     releases = []
 
-    for release_raw in release_info_raw.split('-   releaseCycle'):
+    for release_raw in re.split(r'- *releaseCycle', release_info_raw):
         release_raw = release_raw.strip()
         release_raw = release_raw.strip()
         if not release_raw:
@@ -459,7 +459,7 @@ def parse_eold_product_releases(release_info_raw):
                 line = line[:line.find('#')]
             if not added_back_cycle_key:
                 line = '-   releaseCycle' + line
-                added_back_cycle_key
+                added_back_cycle_key = True
 
             if line.startswith('-'):
                 line = line[1:]
@@ -575,8 +575,8 @@ def create_endoflife_date_table():
             # iterate over releases in reversed order, s.t. oldest release always has unique ID 0
             for i, release in enumerate(reversed(eold_entry['releases'])):
                 version_start = release['releaseCycle']
-                version_latest = release.get('releaseCyclelatest', '')  # e.g. slackware
-                eol_info = release.get('releaseCycleeol', 'false')
+                version_latest = release.get('latest', '')  # e.g. slackware
+                eol_info = release.get('eol', 'false')
                 db_data = (cpe, i, eold_entry['eold-id'], eold_entry['eold-title'],
                             version_start, version_latest, eol_info)
                 db_cursor.execute('INSERT INTO eol_date_data VALUES (?, ?, ?, ?, ?, ?, ?)', db_data)