Beispiel #1
0
def embed(vcdb_id):
    try:
        section_id = int(request.args.get("sid", -1))
        start_line = int(request.args.get("start_line", 1))
        end_line = int(request.args.get("end_line", -1))
        vulnerability_details = VulnerabilityDetails(vcdb_id)
        vulnerability_details.validate_and_simplify_id()
        view = vulnerability_details.vulnerability_view
        if not view:
            return make_response(("No vulnerability found", 404))
        if not view.master_commit:
            return make_response(
                (f"Vuln (id: {view.id}) has no linked Git commits!", 404)
            )

        master_commit = vulnerability_details.get_master_commit()
        files_schema = RepositoryFilesSchema(many=True)
        # Hack to quickly retrieve the full data.
        custom_data = json.loads(
            files_schema.jsonify(master_commit.repository_files).data
        )
        settings = {
            "section_id": section_id,
            "startLine": start_line,
            "endLine": end_line,
            "entry_data": custom_data,
        }
        return render_template(
            "vulnerability/embedded.html",
            vulnerability_details=vulnerability_details,
            embed_settings=settings,
        )
    except (ValueError, InvalidIdentifierException):
        return make_response(("No vulnerability found", 404))
Beispiel #2
0
def view_vuln(vcdb_id, use_template):
    try:
        vulnerability_details = VulnerabilityDetails(vcdb_id)
        vulnerability_details.validate_and_simplify_id()
        if not vulnerability_details.vulnerability_view:
            abort(404)
    except InvalidIdentifierException as err:
        return flash_error(str(err), "frontend.serve_index")
    return render_template(use_template, vulnerability_details=vulnerability_details)
Beispiel #3
0
def _get_vulnerability_details(vcdb_id, vuln_id=None,
                               simplify_id: bool = True):
    try:
        vulnerability_details = VulnerabilityDetails(vcdb_id, vuln_id)
        if simplify_id:
            vulnerability_details.validate_and_simplify_id()
        # Drop everything else.
        if not vulnerability_details.vulnerability_view:
            abort(404)
        return vulnerability_details
    except InvalidIdentifierException:
        abort(404)
Beispiel #4
0
def get_vulnerability_details(vcdb_id, vuln_id=None, simplify_id: bool = True):
    # pylint: disable=import-outside-toplevel,cyclic-import
    from app.vulnerability.views.details import VulnerabilityDetails

    # pylint: enable=import-outside-toplevel,cyclic-import
    try:
        vulnerability_details = VulnerabilityDetails(vcdb_id, vuln_id)
        if simplify_id:
            vulnerability_details.validate_and_simplify_id()
        # Drop everything else.
        if not vulnerability_details.vulnerability_view:
            abort(404)
        return vulnerability_details
    except InvalidIdentifierException:
        abort(404)
Beispiel #5
0
def bug_save_editor_data():
    if request.method != "POST":
        return create_json_response("Accepting only POST requests.", 400)

    try:
        vulnerability_details = VulnerabilityDetails()
        vulnerability_details.validate_and_simplify_id()
    except InvalidIdentifierException as ex:
        return create_json_response(str(ex), 400)
    vuln_view = vulnerability_details.vulnerability_view

    if not vuln_view:
        return create_json_response("Please create an entry first", 404)

    if not vuln_view.master_commit:
        current_app.logger.error(
            f"Vuln (id: {vuln_view.id}) has no linked Git commits!")
        return create_json_response("Entry has no linked Git link!", 404)

    master_commit = vulnerability_details.get_master_commit()

    old_files = master_commit.repository_files
    current_app.logger.debug("%d old files", len(old_files))
    # Flush any old custom content of this vulnerability first.
    new_files = []
    for file in request.get_json():
        for old_file in old_files:
            if old_file.file_path == file["path"] or \
                old_file.file_hash == file["hash"]:
                current_app.logger.debug(
                    "Found old file: %s",
                    (file["path"], file["hash"], file["name"]))
                file_obj = old_file
                break
        else:
            current_app.logger.debug(
                "Creating new file: %s",
                (file["path"], file["hash"], file["name"]))
            file_obj = RepositoryFiles(
                file_name=file["name"],
                file_path=file["path"],
                file_patch="DEPRECATED",
                file_hash=file["hash"],
            )
        # Create comment objects.
        new_comments = []
        for comment in file["comments"]:
            comment_obj = RepositoryFileComments(
                row_from=comment["row_from"],
                row_to=comment["row_to"],
                text=comment["text"],
                sort_pos=comment["sort_pos"],
                creator=g.user,
            )
            new_comments.append(comment_obj)
        update_file_comments(file_obj, new_comments)
        # Create marker objects.
        new_markers = []
        for marker in file["markers"]:
            marker_obj = RepositoryFileMarkers(
                row_from=marker["row_from"],
                row_to=marker["row_to"],
                column_from=marker["column_from"],
                column_to=marker["column_to"],
                marker_class=marker["class"],
                creator=g.user,
            )
            new_markers.append(marker_obj)
        update_file_markers(file_obj, new_markers)
        new_files.append(file_obj)

    current_app.logger.debug("Setting %d files", len(new_files))
    master_commit.repository_files = new_files

    # Update / Insert entries into the database.
    db.session.commit()
    return create_json_response("Update successful.")