UPDATED: NVD_NIST

Author: Ruskonert

README.md

@@ -26,9 +26,10 @@ git clone https://github.com/ruskonert/cve-mysql-python.git
 cd cve-mysql-python
 pip install -r requirements.txt
 ```
-pip 2 버전이 이미 설치되어 있다면, 다음 명렁어로 대신 입력하십시오:
+pip 2 버전이 이미 설치되어 있다면, 다음 명렁어를 입력하십시오:
 ```
-pip3 install -r requirements.txt
+pip3 install --upgrade pip
+pip install -r requirements.txt
 ```
 
 만약 파이썬 인터프리터가 없다면, 아래의 링크를 통해 Released된 실행 가능한 최신 파일을 다운로드하여 사용하십시오.<br>

cvemysql.py

@@ -25,9 +25,9 @@ def __init__(self, error):
         super().__init__(error)
 
 
-def initialize(user, password, host, port, char="utf8"):
+def initialize(user, password, host, port, char="utf8", not_used_password=False):
     """ 사용할 데이터베이스에 연결하고 작업이 이루어질 수 있는 환경을 객체화하여 반환합니다. """
-    if password is None:
+    if password is None and not not_used_password:
         password = getpass.getpass('Please input your password {u}@{h} > '.format(u=user, h=host))
     database = MySqlBase(user, password, host, port)
     database.connect()

nvdnist.py

@@ -146,40 +146,40 @@ def workstation(sql_user, sql_password, sql_host, sql_port, sql_database, tablen
         lastModifiedDate = str(jsonElement.get('lastModifiedDate', ''))
 
         # Unused variable for column fields
-        sql_user = None
-        sql_database = None
-        sql_port = None
-        sql_host = None
-        sql_password = None
-
+        c = None
         d = None
-        defined = None
+
+        sql_data = {'sql_user' : False, 'sql_database' : False, 'sql_port' : False, 'sql_host' : False, 'sql_password' : False, 'tablename': False}
+        filter_vars = lambda l: isinstance(l[1], str) and sql_data.get(l[0], True) and l[1] is not None
 
         if safe_insert:
             subWorker = SQLWorker(_cpeList).initialize(2)
+
+            # Check the cpe elements has at least 1
             while len(data) != 0:
-                defined = dict(vars())
+                defined = None
                 r = jsonElement[data.pop()].split(' || ')
-                subWorker._submit.append(subWorker._executor.submit(subWorker._function, sql_user, sql_password, sql_host, sql_port, sql_database, tablename, c, r, defined))
+                defined = dict((i, j) for i, j in filter(filter_vars, list(dict(vars()).items())))
+                subWorker._submit.append(subWorker._executor.submit(subWorker._function, sql_user, sql_password, sql_host, sql_port, sql_database, tablename, r, cpe_list, defined))
 
             for ps in subWorker.as_complete():
                 result = result + ps.result()
+
             subWorker.terminate()
 
         else:
             while len(data) != 0:
-                c = data.pop()
-                r = jsonElement[c].split(' || ')
+                r = jsonElement[data.pop()].split(' || ')
                 cpe_list_clone = list(cpe_list)
                 cpe_list_clone.reverse()
 
                 # It will use the value of table columns.
                 affects_vendor_name = r[0]
                 affects_product_name = r[1]
                 affects_version_value = r[2]
-                c = None
 
                 while len(cpe_list_clone) != 0:
+                    defined = None
                     cp = cpe_list_clone.pop()
                     r = cp.split('||')
 
@@ -194,23 +194,23 @@ def workstation(sql_user, sql_password, sql_host, sql_port, sql_database, tablen
                     cp = None
 
                     # Get deined variables
-                    v = dict(vars())
+                    defined = dict((i, j) for i, j in filter(filter_vars, list(dict(vars()).items())))
 
-                    if execute(base, tablename, v):
+                    if execute(base, tablename, defined):
                         result = result + 1
                     else:
                         print('err\n')
         base.disconnect()
         return result
     except (KeyboardInterrupt, SystemExit):
         print("Interrupt")
-        return 0
+        sys.exit(0)
 
-def _cpeList(sql_user, sql_password, sql_host, sql_port, sql_database, tablename, ID, c, r, variable):
+def _cpeList(sql_user, sql_password, sql_host, sql_port, sql_database, tablename, r, cpe_list, variable):
     base = initialize(sql_user, sql_password, sql_host, sql_port)
     base.use_database(sql_database)
     result = 0
-    cpe_list_clone = list(c)
+    cpe_list_clone = list(cpe_list)
     cpe_list_clone.reverse()
 
     affects_vendor_name = r[0]
@@ -229,32 +229,39 @@ def _cpeList(sql_user, sql_password, sql_host, sql_port, sql_database, tablename
     sql_host = None
     sql_password = None
 
+    sql_data = {'sql_user' : False, 'sql_database' : False, 'sql_port' : False, 'sql_host' : False, 'sql_password' : False, 'tablename': False}
+    filter_vars = lambda l: isinstance(l[1], str) and sql_data.get(l[0], True) and l[1] is not None
+
     while len(cpe_list_clone) != 0:
         cp = cpe_list_clone.pop().split('||')
         nodes_cpe_vulnerable = cp[0]
         nodes_cpe_cpe22uri = cp[1]
         nodes_cpe_cpe23uri = cp[2]
         nodes_cpe = cp[3]
+        
         cp = None
-        v = dict(vars()).update(variable)
-        if execute(base, tablename, v):
+        current_variable = dict(vars())
+
+        defined = dict((i, j) for i, j in filter(filter_vars, list(current_variable.items())))
+        defined.update(variable)
+
+        if execute(base, tablename, defined):
             result = result + 1
         else:
             print('sub-process err\n')
     base.disconnect()
     return result
 
-def execute(base, tablename, v):
+def execute(base, tablename, variable):
     query_header = "("
     query_format = "("
     query_argument = [] 
 
     # automatic insert value
-    for variable_name in v.keys():
-        if isinstance(v[variable_name], str) and not variable_name == "tablename":
-            query_header += variable_name + ','
-            query_format += "%s,"
-            query_argument.append(v[variable_name])
+    for variable_name in variable.keys():
+        query_header += variable_name + ','
+        query_format += "%s,"
+        query_argument.append(variable[variable_name])
 
     query_header = query_header[:-1]
     query_header += ")"
@@ -466,25 +473,29 @@ def find_key(self, element, pattern):
         return key
 
     def table_insert(self, tablename, jsonCollection):
-        result = 0
-        finish = 0
-        print("USE_MAX_THREAD_COUNT=%d" % self._usuge_thread)
-        worker = SQLWorker(workstation).initialize(self._usuge_thread)
-        self._worker = worker
-
-        print("Inserting value ...")
-        for jsonElement in jsonCollection:
-            worker.reserve(self.user, self.password, self.host, self.port, self.database, tablename, jsonElement)
-        
-        for ps in worker.as_complete():
-            result = result + ps.result()
-            finish = finish + 1
-            sys.stdout.write("\rFinish CVE(s): %d :: Processed amount: %d" % (finish, result))
-            sys.stdout.flush()
+        try:
+            result = 0
+            finish = 0
+            print("USE_MAX_THREAD_COUNT=%d" % self._usuge_thread)
+            worker = SQLWorker(workstation).initialize(self._usuge_thread)
+            self._worker = worker
+
+            print("Inserting value ...")
+            for jsonElement in jsonCollection:
+                worker.reserve(self.user, self.password, self.host, self.port, self.database, tablename, jsonElement)
+            
+            for ps in worker.as_complete():
+                result = result + ps.result()
+                finish = finish + 1
+                sys.stdout.write("\rFinish CVE(s): %d :: Processed amount: %d" % (finish, result))
+                sys.stdout.flush()
 
-        print("\nAll data insert completed.")
+            print("\nAll data insert completed.")
 
-        self._worker.terminate()
+            self._worker.terminate()
+        except (KeyboardInterrupt, SystemExit):
+            self._worker.terminate()
+            sys.exit(0)
 
     def auto_serialize(self, obj, jsonDefault, o=None):
         default_type = {str: True,bool: True,float: True,str: True,int: True}