-
Notifications
You must be signed in to change notification settings - Fork 0
/
app.R
213 lines (183 loc) · 7.77 KB
/
app.R
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
## vFeed Viewer ##
## Russ McRee, @HolisticInfoSec, May 2016
## 0.1 alpha
## app.R ##
library(shinydashboard)
library(RSQLite)
library(ggplot2)
library(reshape2)
databasefile <- "vfeed.db"
dbcon <- dbConnect(dbDriver("SQLite"), dbname = databasefile)
CWEDB <- dbReadTable(dbcon, "cwe_db")
NVDDB <- dbReadTable(dbcon, "nvd_db", select.cols="cveid,summary")
LATEST <- dbReadTable(dbcon, "stat_new_cve")
STATS <- dbReadTable(dbcon, "stat_vfeed_kpi")
dbDisconnect(dbcon)
options(warn=-1)
ui <- dashboardPage(skin = "blue",
dashboardHeader(title = "vFeed Viewer 0.1 alpha", titleWidth = 350),
dashboardSidebar(
sidebarMenu(
menuItem(tags$div("vFeed Overview"), tabName = "summary", icon = icon("info-circle")),
menuItem(tags$div("vFeed NVD Search"), tabName = "nvdDb", icon = icon("search")),
menuItem(tags$div("vFeed CWE Search"), tabName = "cweDb", icon = icon("search")),
menuItem(tags$div("vFeed Latest Added CVEs"), tabName = "latest", icon = icon("list")),
menuItem(tags$div("vFeed Statistics"), tabName = "stats", icon = icon("calculator"))
)
),
dashboardBody(
img(src = "vFeed.png"),
tabItems(
# Data table
tabItem(tabName = "nvdDb",
h1("National Vulnerability Database Search"),
h3("NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP)."),
fluidRow(
column(width=2,
selectInput("cveid",
"CVE ID:",
c("All",
unique(as.character(NVDDB$cveid))))
),
column(width=2,
selectInput("summary",
"Summary:",
c("All",
unique(as.character(NVDDB$summary))))
)
),
# Create a new row for the table.
fluidRow(
dataTableOutput(outputId="table")
)
),
# Data table
tabItem(tabName = "cweDb",
h1("Common Weaknesses Enumeration Search"),
h3("A Community-Developed Dictionary of Software Weakness Types."),
fluidRow(
column(width=2,
selectInput("cweid",
"CWE ID:",
c("All",
unique(as.character(CWEDB$cweid))))
),
column(width=2,
selectInput("cwetitle",
"CWE Title:",
c("All",
unique(as.character(CWEDB$cwetitle))))
)
),
# Create a new row for the table.
fluidRow(
dataTableOutput(outputId="table2")
)
),
# Data table
tabItem(tabName = "latest",
h1("Latest added CVEs"),
fluidRow(
column(width=2,
selectInput("new_cve_id",
"New CVE ID:",
c("All",
unique(as.character(LATEST$new_cve_id))))
),
column(width=2,
selectInput("new_cve_summary",
"New CVE Summary:",
c("All",
unique(as.character(LATEST$new_cve_summary))))
)
),
# Create a new row for the table.
fluidRow(
dataTableOutput(outputId="table3")
)
),
# Stats plot
tabItem(tabName = "stats",
fluidRow(
plotOutput("plotType")
)
),
# Print Summary
tabItem(tabName = "summary",
h1("The Correlated Community Vulnerability and Threat Database"),
p(strong("vFeed Framework"), "is a CVE, CWE and OVAL Compatible naming scheme concept that provides extra structured detailed
third-party references",br(), "and technical characteristics for a CVE entry through an extensible XML/JSON schema.",br(),
"It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for describing the relationship with other standards and security references."),
p(strong("vFeed"), "utilizes XML-based / JSON-based format outputs to describe in detail vulnerabilities.",br(),
"They can be leveraged as input by security researchers, practitioners and tools as part of their vulnerability description.",br(),
"In fact, the standard syntax is easy to interpret by humans and systems.")
)
)
)
)
server <- function(input, output) {
output$table <- renderDataTable({
withProgress(message = 'Calculation in progress',
detail = 'Standby...', value = 0, {
for (i in 1:10) {
incProgress(1/10)
Sys.sleep(0.1) }})
data <- NVDDB
if (input$cveid != "All"){
data <- data[data$cveid == input$cveid,]
}
if (input$summary != "All"){
data <- data[data$summary == input$summary,]
}
data
})
output$table2 <- renderDataTable({
withProgress(message = 'Calculation in progress',
detail = 'Standby...', value = 0, {
for (i in 1:10) {
incProgress(1/10)
Sys.sleep(0.1) }})
data <- CWEDB
if (input$cweid != "All"){
data <- data[data$cweid == input$cweid,]
}
if (input$cwetitle != "All"){
data <- data[data$cwetitle == input$cwetitle,]
}
data
})
output$table3 <- renderDataTable({
withProgress(message = 'Calculation in progress',
detail = 'standby...', value = 0, {
for (i in 1:10) {
incProgress(1/10)
Sys.sleep(0.1) }})
data <- LATEST
if (input$new_cve_id != "All"){
data <- data[data$new_cve_id == input$new_cve_id,]
}
if (input$new_cve_summary != "All"){
data <- data[data$new_cve_summary == input$new_cve_summary,]
}
data
})
vfeedStats <- melt(STATS)
vfeedStats <- vfeedStats[-c(1,3),]
x=vfeedStats$variable
y=vfeedStats$value
output$plotType <- renderPlot({
withProgress(message = 'Calculation in progress',
detail = 'Standby...', value = 0, {
for (i in 1:10) {
incProgress(1/10)
Sys.sleep(0.1) }})
ggplot(data=vfeedStats, aes(x,y, fill=variable)) +
geom_bar(stat="identity") +
theme(text = element_text(size=20), axis.text.x=element_text(angle=90,hjust=1,vjust=0.5)) +
scale_y_continuous(breaks = c(0,25000,50000,75000,100000)) +
labs(title = "vFeed Statistics (-CPE)", x = "vFeed Category Entities", y = "vFeed Entries") +
scale_colour_gradientn(colours=rainbow(8)) +
theme(legend.position="none")
})
}
shinyApp(ui, server)