def get_logs_csv():
"""
get target's logs through the API in JSON type
Returns:
an array with JSON events
"""
api_key_is_valid(app, flask_request)
target = get_value(flask_request, "target")
data = logs_to_report_json(target)
keys = data[0].keys()
filename = "report-" + now(model="%Y_%m_%d_%H_%M_%S") + "".join(
random.choice(string.ascii_lowercase) for _ in range(10))
with open(filename, "w") as report_path_filename:
dict_writer = csv.DictWriter(report_path_filename,
fieldnames=keys,
quoting=csv.QUOTE_ALL)
dict_writer.writeheader()
for event in data:
dict_writer.writerow(
{key: value
for key, value in event.items() if key in keys})
with open(filename, 'r') as report_path_filename:
reader = report_path_filename.read()
return Response(reader,
mimetype='text/csv',
headers={
'Content-Disposition':
'attachment;filename=' + filename + '.csv'
})
def get_results_csv(): # todo: need to fix time format
"""
get host's logs through the API in JSON type
Returns:
an array with JSON events
"""
api_key_is_valid(app, flask_request)
session = create_connection()
result_id = get_value(flask_request, "id")
if not result_id:
return jsonify(
structure(status="error", msg=messages("invalid_scan_id"))), 400
scan_details = session.query(Report).filter(Report.id == result_id).first()
data = get_logs_by_scan_unique_id(scan_details.scan_unique_id)
keys = data[0].keys()
filename = ".".join(
scan_details.report_path_filename.split('.')[:-1])[1:] + '.csv'
with open(filename, "w") as report_path_filename:
dict_writer = csv.DictWriter(report_path_filename,
fieldnames=keys,
quoting=csv.QUOTE_ALL)
dict_writer.writeheader()
for event in data:
dict_writer.writerow(
{key: value
for key, value in event.items() if key in keys})
with open(filename, 'r') as report_path_filename:
reader = report_path_filename.read()
return Response(
reader,
mimetype='text/csv',
headers={'Content-Disposition': 'attachment;filename=' + filename})
def get_results_json():
"""
get host's logs through the API in JSON type
Returns:
an array with JSON events
"""
api_key_is_valid(app, flask_request)
session = create_connection()
result_id = get_value(flask_request, "id")
if not result_id:
return jsonify(
structure(
status="error",
msg=messages("invalid_scan_id")
)
), 400
scan_details = session.query(Report).filter(Report.id == result_id).first()
json_object = json.dumps(
get_logs_by_scan_unique_id(
scan_details.scan_unique_id
)
)
filename = ".".join(scan_details.report_path_filename.split('.')[:-1])[1:] + '.json'
return Response(
json_object,
mimetype='application/json',
headers={
'Content-Disposition': 'attachment;filename=' + filename
}
)
def get_logs_html(): # todo: check until here - ali
"""
get host's logs through the API in HTML type
Returns:
HTML report
"""
api_key_is_valid(app, flask_request)
target = get_value(flask_request, "target")
return make_response(logs_to_report_html(target))
def session_check():
"""
check the session if it's valid
Returns:
a JSON message if it's valid otherwise abort(401)
"""
api_key_is_valid(app, flask_request)
return jsonify(
structure(status="ok", msg=messages("browser_session_valid"))), 200
def get_last_host_logs(): # need to check
"""
get list of logs through the API
Returns:
an array of JSON logs if success otherwise abort(403)
"""
api_key_is_valid(app, flask_request)
page = get_value(flask_request, "page")
if not page:
page = 1
return jsonify(last_host_logs(int(page))), 200
def get_results():
"""
get list of scan's results through the API
Returns:
an array of JSON scan's results if success otherwise abort(403)
"""
api_key_is_valid(app, flask_request)
page = get_value(flask_request, "page")
if not page:
page = 1
return jsonify(select_reports(int(page))), 200
def session_set():
"""
set session on the browser
Returns:
200 HTTP response if session is valid and a set-cookie in the
response if success otherwise abort(403)
"""
api_key_is_valid(app, flask_request)
res = make_response(
jsonify(structure(status="ok", msg=messages("browser_session_valid"))))
res.set_cookie(
"key", value=app.config["OWASP_NETTACKER_CONFIG"]["api_access_key"])
return res
def get_result_content():
"""
get a result HTML/TEXT/JSON content
Returns:
content of the scan result
"""
api_key_is_valid(app, flask_request)
scan_id = get_value(flask_request, "id")
if not scan_id:
return jsonify(
structure(
status="error",
msg=messages("invalid_scan_id")
)
), 400
return get_scan_result(scan_id)
def go_for_search_logs():
"""
search in all events
Returns:
an array with JSON events
"""
api_key_is_valid(app, flask_request)
try:
page = int(get_value(flask_request, "page"))
if page > 0:
page -= 1
except Exception:
page = 0
try:
query = get_value(flask_request, "q")
except Exception:
query = ""
return jsonify(search_logs(page, query)), 200
def get_logs():
"""
get host's logs through the API in JSON type
Returns:
an array with JSON events
"""
api_key_is_valid(app, flask_request)
target = get_value(flask_request, "target")
data = logs_to_report_json(target)
json_object = json.dumps(data)
filename = "report-" + now(model="%Y_%m_%d_%H_%M_%S") + "".join(
random.choice(string.ascii_lowercase) for _ in range(10))
return Response(json_object,
mimetype='application/json',
headers={
'Content-Disposition':
'attachment;filename=' + filename + '.json'
})
def new_scan():
"""
new scan through the API
Returns:
a JSON message with scan details if success otherwise a JSON error
"""
api_key_is_valid(app, flask_request)
form_values = dict(flask_request.form)
for key in nettacker_application_config:
if key not in form_values:
form_values[key] = nettacker_application_config[key]
options = check_all_required(
None, api_forms=SimpleNamespace(**copy.deepcopy(form_values)))
app.config["OWASP_NETTACKER_CONFIG"]["options"] = options
new_process = multiprocessing.Process(target=start_scan_processes,
args=(options, ))
new_process.start()
return jsonify(vars(options)), 200
def get_result_content():
"""
get a result HTML/TEXT/JSON content
Returns:
content of the scan result
"""
api_key_is_valid(app, flask_request)
scan_id = get_value(flask_request, "id")
if not scan_id:
return jsonify(
structure(status="error", msg=messages("invalid_scan_id"))), 400
filename, file_content = get_scan_result(scan_id)
return Response(file_content,
mimetype=mime_types().get(
os.path.splitext(filename)[1], "text/plain"),
headers={
'Content-Disposition':
'attachment;filename=' + filename.split('/')[-1]
})
