CPE: query backend, cgi and help

doc/WEBUI.md

@@ -202,6 +202,7 @@ single or double quotes.
   - `netdev`, `networkdevice` look for network devices (firewalls,
     routers, ...).
   - `phonedev` look for telephony devices.
+  - `cpe:` look for a given cpe.
   - `[!]hop:` look for a particular IP address in the traceroute
     results.
   - `[!]hopname:` look for a matching hostname in the traceroute

ivre/db/mongo.py

@@ -1142,6 +1142,32 @@ def searchscreenshot(port=None, protocol='tcp', service=None, neg=False):
                            'screenshot': {'$exists': not neg}}
         }}
 
+    @staticmethod
+    def searchcpe(value=None, type=None, vendor=None, product=None,
+                  components=None):
+        """Look for a CPE by value (original cpe string), type (a, o or h),
+        vendor, product or components (the part after the column following
+        the product). No argument will just check for cpe existence.
+
+        """
+        if all(arg is None
+               for arg in [value, type, vendor, product, components]):
+            return {"cpes": {"$exists": True}}
+
+        flt = {}
+        fields = [
+            ("value", value),
+            ("type", type),
+            ("vendor", vendor),
+            ("product", product),
+            ("components", components),
+        ]
+
+        for (field_name, field_val) in fields:
+            if field_val is not None:
+                flt["cpes." + field_name] = field_val
+        return flt
+
     def topvalues(self, field, flt=None, topnbr=10, sortby=None,
                   limit=None, skip=None, least=False, archive=False,
                   aggrflt=None, specialproj=None, specialflt=None,

web/cgi-bin/scanjson.py

@@ -460,6 +460,22 @@ def check_referer():
         else:
             flt = db.nmap.flt_and(flt, db.nmap.searchscreenshot(
                 service=q[1], neg=neg))
+    elif nq == "cpe":
+        cpe_kwargs = {}
+        allowed_fields = set(["value", "type", "vendor", "product",
+                              "components"])
+        if q[1]:
+            cpe_args = q[1].split(',')
+            for cpe_arg in cpe_args:
+                if '=' not in cpe_arg:
+                    # only value
+                    cpe_kwargs["value"] = ivre.utils.str2regexp(cpe_arg)
+                else:
+                    field, value = cpe_arg.split("=", 1)
+                    if field not in allowed_fields:
+                        continue
+                    cpe_kwargs[field] = ivre.utils.str2regexp(value)
+        flt = db.nmap.flt_and(flt, db.nmap.searchcpe(**cpe_kwargs))
     elif nq == 'display':
         # ignore this parameter
         pass

web/dokuwiki/doc/webui.txt

@@ -130,6 +130,7 @@ If your command includes spaces, you need to protect it by using single or doubl
   * ''%%devtype:%%'', ''%%devicetype:%%'' look for a type of devices.
   * ''%%netdev%%'', ''%%networkdevice%%'' look for network devices (firewalls, routers, ...).
   * ''%%phonedev%%'' look for telephony devices.
+  * ''%%cpe%%''` look for a given cpe.
   * ''%%[!]hop:%%'' look for a particular IP address in the traceroute results.
   * ''%%[!]hopname:%%'' look for a matching hostname in the traceroute results.
   * ''%%[!]hopdomain:%%'' look for a hostname within a matching domain name in the traceroute results.

web/static/help.js

@@ -241,6 +241,11 @@ var HELP = {
 	"title": "phonedev",
 	"content": "Look for phone devices (e.g., PBX, VoIP devices, phones, etc.).",
     },
+    /* CPEs */
+    "cpe": {
+	"title": "cpe:<b>([value])</b> or cpe:<b>[field name]=[field value]</b>(, ...)",
+	"content": "Looks for CPEs matching value (which can be a /regex/). Providing no value will match all the hosts that have CPE information. The 'field name' can be: type (a, o or h), vendor, product or components, and 'field value' can be a /regex/.",
+    },
     /* traceroute */
     "hop:": {
 	"title": "<b>(!)</b>hop:<b>[IP address](:[TTL])</b>",