chg: [documenation] Added output from Sphinx in /static/documentation.

Author: cedricbonhomme

content/_index.md

@@ -13,7 +13,7 @@ Vulnerability-Lookup facilitates quick correlation of vulnerabilities from vario
 {{< cards >}}
   {{< card link="https://github.com/cve-search/vulnerability-lookup" title="The project on GitHub" icon="github" >}}
   {{< card link="https://vulnerability.circl.lu" title="Instance operated by CIRCL" icon="server" >}}
-  {{< card link="https://vulnerability.circl.lu/documentation" title="Docs" icon="book-open" >}}
+  {{< card link="/documentation" title="Documentation" icon="book-open" >}}
   {{< card link="about" title="About" icon="user" >}}
 {{< /cards >}}
 

hugo.yaml

@@ -30,7 +30,7 @@ menu:
       pageRef: /news
       weight: 1
     - name: Docs
-      url: "https://vulnerability.circl.lu/documentation"
+      pageRef: /documentation
       weight: 2
     - name: About
       pageRef: /about

static/documentation/_images/vulnerability-lookup.png

@@ -0,0 +1,49 @@
+API v1
+======
+
+.. _OpenAPI:
+
+
+`PyVulnerabilityLookup <https://github.com/cve-search/PyVulnerabilityLookup>`_
+is a Python library to access Vulnerability-Lookup its REST API.
+
+
+OpenAPI specicification
+-----------------------
+
+
+.. openapi:: _static/files/swagger.json
+
+
+Examples
+--------
+
+Comments
+~~~~~~~~
+
+Getting the list of comments:
+
+.. code-block:: bash
+
+    $ curl -X 'GET' 'http://127.0.0.1:5000/api/comment/' -H 'accept: application/json'
+
+
+Getting the list of comments made by a specific author:
+
+.. code-block:: bash
+
+    $ curl -X 'GET' 'http://127.0.0.1:5000/api/comment/?author=john' -H 'accept: application/json'
+
+
+Getting the list of comments related to a vulnerability:
+
+.. code-block:: bash
+
+    $ curl -X 'GET' 'http://127.0.0.1:5000/api/comment/?vuln_id=cve-2024-38063' -H 'accept: application/json'
+
+
+Getting the list of comments that are related to a Proof of Concept:
+
+.. code-block:: bash
+
+    $ curl -X 'GET' 'http://127.0.0.1:5000/api/comment/?meta=[{"tags":["PoC"]}]' -H 'accept: application/json'

static/documentation/_images/vulnogram-code.png

@@ -0,0 +1,8 @@
+High level architecture
+=======================
+
+.. figure:: _static/img/vulnerability-lookup.png
+   :alt: High level architecture
+   :target: _static/img/vulnerability-lookup.png
+
+   High level architecture

static/documentation/_sources/api-v1.rst

@@ -0,0 +1,135 @@
+Command Line Interface
+======================
+
+Section to explain the various commands available.
+
+Core
+----
+
+Start all the services
+~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ start
+
+
+Stop all the services
+~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ stop
+
+
+Start only the website
+~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ start_website
+
+
+Restart only the website
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ restart_website
+
+
+Dump a source in a JSON file
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ dump --feed nvd
+
+Update the documentation
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ cd docs; make hmtl
+
+
+
+Web service
+-----------
+
+This section describes the main commands related to the web service.
+
+
+Init the database
+~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ flask --app website.app db_init --help
+    Usage: flask db_init [OPTIONS]
+
+    Will create the database from conf parameters.
+
+    Options:
+    --help  Show this message and exit.
+
+
+Create a user
+~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ flask --app website.app create_user --help
+    Usage: flask create_user [OPTIONS]
+
+      Initializes a user
+
+    Options:
+    --login TEXT     Login
+    --email TEXT     Email
+    --password TEXT  Password
+    --help           Show this message and exit.
+
+
+Create an admin
+~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ flask --app website.app create_admin
+
+
+List all users
+~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ flask --app website.app user_list
+
+
+Delete a user
+~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ flask --app website.app user_delete --login <login>
+
+
+Update MISP warning lists
+~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ flask --app website.app update_warninglists
+
+During the update of Vulnerability Lookup, the administrator will be prompted to execute this command.
+
+
+Backup the PostgreSQL database
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ flask --app website.app db_backup
+
+This command is executed automatically during the update ot Vulnerability Lookup.

static/documentation/_sources/architecture.rst

@@ -0,0 +1,144 @@
+Feed syndication
+================
+
+Available feeds
+---------------
+
+.. list-table:: Available feeds
+   :widths: 25 25 50
+   :header-rows: 1
+
+   * - Endpoint
+     - Methods
+     - Rule
+
+   * - bundles_bp.feed_bundles
+     - GET
+     - /bundles/feed.<string:format>[?user=<login>]
+
+   * - comments_bp.feed_comments
+     - GET
+     - /comments/feed.<string:format>[?user=<login>]
+
+   * - user_bp.feed_activity
+     - GET
+     - /user/<string:login>.<string:format>
+
+   * - home_bp.feed_recent
+     - GET
+     - /recent/<string:source>.<string:format>[?vulnerability=<vuln-id>]
+
+
+The value of ``format`` can be ``rss`` or ``atom``.
+
+The value of ``source`` can be one of the following:
+"all",
+"github",
+"cvelistv5",
+"nvd",
+"pysec",
+"gsd",
+"ossf_malicious_packages",
+"csaf_certbund",
+"csaf_siemens",
+"csaf_redhat",
+"csaf_cisa",
+"csaf_cisco",
+"csaf_sick",
+"csaf_nozominetworks",
+"csaf_ox",
+"variot".
+
+
+Examples
+--------
+
+Recent vulnerabilities from all sources
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ curl https://vulnerability.circl.lu/recent/all.atom
+
+
+Recent vulnerabilities from pysec
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ curl https://vulnerability.circl.lu/recent/pysec.atom
+
+
+Recent vulnerabilities related to a vendor
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ curl 'https://vulnerability.circl.lu/recent/cvelistv5.atom?vendor=MISP&per_page=2&page=8'
+    <?xml version='1.0' encoding='UTF-8'?>
+    <feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
+    <id>https://vulnerability.circl.lu/rss/recent/cvelistv5/2</id>
+    <title>Most recent entries from cvelistv5</title>
+    <updated>2024-11-26T08:02:41.668408+00:00</updated>
+    <author>
+        <name>Vulnerability Lookup</name>
+        <email>[email protected]</email>
+    </author>
+    <link href="https://vulnerability.circl.lu" rel="alternate"/>
+    <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
+    <subtitle>Contains only the most 2 recent entries.</subtitle>
+    <entry>
+        <id>https://vulnerability.circl.lu/vuln/cve-2021-37534</id>
+        <title>cve-2021-37534</title>
+        <updated>2024-11-26T08:02:41.670402+00:00</updated>
+        <link href="https://vulnerability.circl.lu/vuln/cve-2021-37534"/>
+    </entry>
+    <entry>
+        <id>https://vulnerability.circl.lu/vuln/cve-2022-29528</id>
+        <title>cve-2022-29528</title>
+        <updated>2024-11-26T08:02:41.670364+00:00</updated>
+        <link href="https://vulnerability.circl.lu/vuln/cve-2022-29528"/>
+    </entry>
+    </feed>
+
+
+
+Recent vulnerabilities linked to the specified vulnerability
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+.. code-block:: bash
+
+    $ curl 'https://vulnerability.circl.lu/recent/all.atom?vulnerability=cve-2021-22280'
+    <?xml version='1.0' encoding='UTF-8'?>
+    <feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
+    <id>https://vulnerability.circl.lu/rss/recent/all/10</id>
+    <title>Most recent entries from all</title>
+    <updated>2024-11-26T08:03:09.000211+00:00</updated>
+    <author>
+        <name>Vulnerability Lookup</name>
+        <email>[email protected]</email>
+    </author>
+    <link href="https://vulnerability.circl.lu" rel="alternate"/>
+    <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
+    <subtitle>Contains only the most 10 recent entries.</subtitle>
+    <entry>
+        <id>https://vulnerability.circl.lu/vuln/ghsa-x53h-2cjp-mwcx</id>
+        <title>ghsa-x53h-2cjp-mwcx</title>
+        <updated>2024-11-26T08:03:09.013675+00:00</updated>
+        <link href="https://vulnerability.circl.lu/vuln/ghsa-x53h-2cjp-mwcx"/>
+    </entry>
+    <entry>
+        <id>https://vulnerability.circl.lu/vuln/gsd-2021-22280</id>
+        <title>gsd-2021-22280</title>
+        <updated>2024-11-26T08:03:09.013602+00:00</updated>
+        <link href="https://vulnerability.circl.lu/vuln/gsd-2021-22280"/>
+    </entry>
+    </feed>
+
+
+Subscribing to the activity related to a vulnerability
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The request will return recent observations (sightings) related to a vuln.
+
+    $ curl 'https://vulnerability.circl.lu/sightings/feed.atom?vulnerability=CVE-2024-0012'