Implement service to test if given set of fields can be determined vulnerable

[abn]

A client should be able to submit a json string with available fields to test of vulnerable matches.

For example

{ "hash":"dummy512", "hashes" : {"sha512":{"files":{"h1":"filename"}}}}

[ashcrow]

Interesting. As in 'ask the server to match against it's database'? If so, we need to be careful over load and may need to institute an API key.

[abn]

Agreed. API keys (or something along those lines) are definitely required for "files" based checking as this is compute intensive.

[abn]

@ashcrow to make this work efficiently we might need some db internal structure modifications. Open to suggestions.

A candidate solution:
Given a list of file hashes ( args ) and an algorithm,

1. Find every record that contains at least one file hash from args
2. If all hashes in record are contained in args then add CVE to result

The problem is this does not work, I am assuming it is a structure issue. Any workarounds/solutions? (Here arg is one element in args)

    items = current_app.db.Hash.find(
            {'hashes': {algorithm: {'files': { arg : {'$exists' : True}}}}},
            make_projection({'hash':'', 'hashes':{}, 'cves':{}}))

[ashcrow]

Looks good. I sort of would like to wait for #55 as I'm worried a lot of our work will quickly be swept away once we move to a REST extension -- but the above should work if we need to get it done asap.

[abn]

Not urgent but good to have sooner than later. I am not sure mongoEngine would resolve the problem I commented on though. Doing an $exists on a non deterministic key seems not possible. And I think using exists affects query time too I think.