Merge pull request #10 from cosad3s/main

Add Docker & Docker-compose + external configuration
cve-search · Jul 27, 2023 · 3a487c0 · 3a487c0
2 parents 5b5ecac + ab64022
commit 3a487c0
Show file tree

Hide file tree

Showing 10 changed files with 104 additions and 11 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,18 @@
+# syntax=docker/dockerfile:1
+
+FROM python:3.8-slim-buster
+
+WORKDIR /app
+
+COPY REQUIREMENTS REQUIREMENTS
+RUN pip3 install -r REQUIREMENTS
+
+COPY bin bin
+COPY etc /etc
+COPY lib lib
+COPY docker/entrypoint.sh entrypoint.sh
+
+RUN mkdir /app/config
+RUN chmod u+x entrypoint.sh
+
+ENTRYPOINT ["/app/entrypoint.sh"]
diff --git a/README.md b/README.md
@@ -10,19 +10,46 @@ be used against [cve-search](https://github.com/cve-search/cve-search) to do act
 
 ## Usage
 
-To use CPE guesser, you have to initialise the Redis database with `import.py`. Then you can use
-the software with `lookup.py` to find the most probable CPE matching the keywords provided.
+To use CPE guesser, you have to initialise the Redis database with `import.py`.
+
+Then you can use the software with `lookup.py` to find the most probable CPE matching the keywords provided.
+
+Or by calling the Web server (After running `server.py`), example: `curl -s -X POST http://localhost:8000/search -d "{\"query\": [\"tomcat\"]}" | jq .`
 
 ### Installation
 
 - `git clone https://github.com/cve-search/cpe-guesser.git`
 - `cd cpe-guesser/bin`
 - Download the CPE dictionary & populate the database with `python3 ./import.py`.
-- Take a cup of black or green tea.
+- Take a cup of black or green tea ().
 - `python3 cpe-guesser/bin/server.py` to run the local HTTP server.
 
 If you don't want to install it locally, there is a public online version. Check below. 
 
+### Docker
+
+#### Single image with existing Redis
+
+```bash
+docker build . -t cpe-guesser:l.0
+# Edit settings.yaml content and/or path
+docker run cpe-guesser:l.0 -v $(pwd)/config/settings.yaml:/app/config/settings.yaml
+# Please wait for full import
+```
+
+#### Docker-compose
+
+```bash
+cd docker
+# Edit docker/settings.yaml as you want
+docker-compose up --build -d
+# Please wait for full import
+```
+
+#### Specific usage
+
+If you do not want to use the Web server, `lookup.py` can still be used. Example: `docker exec -it cpe-guesser python3 /app/bin/lookup.py tomcat`
+
 ## Public online version
 
 [cpe-guesser.cve-search.org](https://cpe-guesser.cve-search.org) is public online version of CPE guesser which can be used via

diff --git a/REQUIREMENTS b/REQUIREMENTS
@@ -1,2 +1,3 @@
 redis
 falcon
+dynaconf
diff --git a/bin/import.py b/bin/import.py
@@ -10,14 +10,15 @@
 import xml.sax
 import redis
 import time
+from dynaconf import Dynaconf
 
 # Configuration
-cpe_path = '../data/official-cpe-dictionary_v2.3.xml'
-cpe_source = (
-    'https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz'
+settings = Dynaconf(
+    settings_files=['../config/settings.yaml']
 )
-rdb = redis.Redis(host='127.0.0.1', port=6379, db=8)
-
+cpe_path = settings.cpe.path
+cpe_source = (settings.cpe.source)
+rdb = redis.Redis(host=settings.redis.host, port=settings.redis.port, db=8)
 
 class CPEHandler(xml.sax.ContentHandler):
     def __init__(self):
@@ -127,7 +128,7 @@ def insert(word=None, cpe=None):
     if args.replace == 0 and rdb.dbsize() > 0 and not args.update:
         print(f"Warning! The Redis database already has {rdb.dbsize()} keys.")
         print("Use --replace if you want to flush the database and repopulate it.")
-        sys.exit(1)
+        sys.exit(0)
 
     if args.download > 0 or not os.path.isfile(cpe_path):
         print(f"Downloading CPE data from {cpe_source} ...")

diff --git a/bin/server.py b/bin/server.py
@@ -6,9 +6,13 @@
 import falcon
 from wsgiref.simple_server import make_server
 import json
+from dynaconf import Dynaconf
 
 # Configuration
-port = 8000
+settings = Dynaconf(
+    settings_files=['../config/settings.yaml']
+)
+port = settings.server.port
 
 runPath = os.path.dirname(os.path.realpath(__file__))
 sys.path.append(os.path.join(runPath, ".."))

diff --git a/config/settings.yaml b/config/settings.yaml
@@ -0,0 +1,8 @@
+server:
+  port: 8000
+redis:
+  host: 127.0.0.1
+  port: 6379
+cpe:
+  path: '../data/official-cpe-dictionary_v2.3.xml'
+  source: 'https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz'
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
@@ -0,0 +1,16 @@
+version: "3"
+services:
+  server:
+    container_name: cpe-guesser
+    image: cpe-guesser:1.0
+    build: ..
+    volumes:
+      - ../data/:/data/:rw
+      - ./settings.yaml:/app/config/settings.yaml
+    ports:
+      - 8000:8000
+    depends_on:
+      - redis
+  redis:
+    container_name: cpe-guesser-db
+    image: "redis:alpine"
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+set -e
+
+python3 -u /app/bin/import.py
+python3 -u /app/bin/server.py
diff --git a/docker/settings.yaml b/docker/settings.yaml
@@ -0,0 +1,8 @@
+server:
+  port: 8000
+redis:
+  host: redis
+  port: 6379
+cpe:
+  path: '/data/official-cpe-dictionary_v2.3.xml'
+  source: 'https://nvd.nist.gov/feeds/xml/cpe/dictionary/official-cpe-dictionary_v2.3.xml.gz'
diff --git a/lib/cpeguesser.py b/lib/cpeguesser.py
@@ -2,11 +2,16 @@
 # -*- coding: utf-8 -*-
 
 import redis
+from dynaconf import Dynaconf
 
+# Configuration
+settings = Dynaconf(
+    settings_files=['../config/settings.yaml']
+)
 
 class CPEGuesser:
     def __init__(self):
-        self.rdb = redis.Redis(host='127.0.0.1', port=6379, db=8, decode_responses=True)
+        self.rdb = redis.Redis(host=settings.redis.host, port=settings.redis.port, db=8, decode_responses=True)
 
     def guessCpe(self, words):
         k = []