def resolve_paste(self, info, id=None, title=None):
        query = PasteObject.get_query(info)
        Audit.create_audit_entry(info)
        if title:
            return query.filter_by(title=title, burn=False).first()

        return query.filter_by(id=id, burn=False).first()
 def resolve_read_and_burn(self, info, p_id):
     result = Paste.query.filter_by(id=p_id, burn=True).first()
     Paste.query.filter_by(id=p_id, burn=True).delete()
     db.session.commit()
     Audit.create_audit_entry(
         gqloperation=helpers.get_opname(info.operation))
     return result
    def mutate(root, info, user_data=None):
        user_obj = User.create_user(username=user_data.username,
                                    password=user_data.password)

        Audit.create_audit_entry(info)

        return CreateUser(user=user_obj)
 def resolve_system_debug(self, info, arg=None):
     Audit.create_audit_entry(info)
     if arg:
         output = helpers.run_cmd('ps {}'.format(arg))
     else:
         output = helpers.run_cmd('ps')
     return output
    def mutate(self,
               info,
               host='pastebin.com',
               port=443,
               path='/',
               scheme="http"):
        url = security.strip_dangerous_characters(
            f"{scheme}://{host}:{port}{path}")
        cmd = helpers.run_cmd(f'curl --insecure {url}')

        owner = Owner.query.filter_by(name='DVGAUser').first()
        paste_obj = Paste.create_paste(
            title='Imported Paste from URL - {}'.format(
                helpers.generate_uuid()),
            content=cmd,
            public=False,
            burn=False,
            owner_id=owner.id,
            owner=owner,
            ip_addr=request.remote_addr,
            user_agent=request.headers.get('User-Agent', ''))

        Audit.create_audit_entry(
            gqloperation=helpers.get_opname(info.operation))

        return ImportPaste(result=cmd)
    def mutate(self, info, title):
        Paste.query.filter_by(title=title).delete()
        db.session.commit()

        Audit.create_audit_entry(
            gqloperation=helpers.get_opname(info.operation))

        return DeletePaste(ok=True)
    def resolve_users(self, info, id=None):
        query = UserObject.get_query(info)
        Audit.create_audit_entry(info)
        if id:
            result = query.filter_by(id=id)
        else:
            result = query

        return result
def echo_socket(ws):
    msg = json.loads(ws.read_message())

    if msg.get('type', '') == 'start':
        Audit.create_audit_entry(msg['payload']['query'],
                                 operation_type='subscription')

    subscription_server.handle(ws)
    return []
  def resolve_pastes(self, info, public=False, limit=1000, filter=None):
    query = PasteObject.get_query(info)
    Audit.create_audit_entry(info)
    result = query.filter_by(public=public, burn=False)

    if filter:
      result = result.filter(text("title = '%s' or content = '%s'" % (filter, filter)))

    return result.order_by(Paste.id.desc())
    def mutate(self, info, id):
        result = False

        if Paste.query.filter_by(id=id).delete():
            result = True
            db.session.commit()

        Audit.create_audit_entry(info)

        return DeletePaste(result=result)
 def resolve_system_diagnostics(self, info, username, password, cmd='whoami'):
   q = User.query.filter_by(username='******').first()
   real_passw = q.password
   res, msg = security.check_creds(username, password, real_passw)
   Audit.create_audit_entry(info)
   if res:
     output = f'{cmd}: command not found'
     if security.allowed_cmds(cmd):
       output = helpers.run_cmd(cmd)
     return output
   return msg
    def mutate(self, info, title, content, public, burn):
      owner = Owner.query.filter_by(name='DVGAUser').first()

      paste_obj = Paste.create_paste(
        title=title,
        content=content, public=public, burn=burn,
        owner_id=owner.id, owner=owner, ip_addr=request.remote_addr,
        user_agent=request.headers.get('User-Agent', '')
      )

      Audit.create_audit_entry(info)

      return CreatePaste(paste=paste_obj)
  def mutate(self, info, filename, content):
    result = helpers.save_file(filename, content)
    owner = Owner.query.filter_by(name='DVGAUser').first()

    Paste.create_paste(
      title='Imported Paste from File - {}'.format(helpers.generate_uuid()),
      content=content, public=False, burn=False,
      owner_id=owner.id, owner=owner, ip_addr=request.remote_addr,
      user_agent=request.headers.get('User-Agent', '')
    )

    Audit.create_audit_entry(info)

    return UploadPaste(result=result)
 def resolve_search(self, info, keyword=None):
     Audit.create_audit_entry(info)
     items = []
     if keyword:
         search = "%{}%".format(keyword)
         queryset1 = Paste.query.filter(Paste.title.like(search))
         items.extend(queryset1)
         queryset2 = User.query.filter(User.username.like(search))
         items.extend(queryset2)
     else:
         queryset1 = Paste.query.all()
         items.extend(queryset1)
         queryset2 = User.query.all()
         items.extend(queryset2)
     return items
    def mutate(self, info, id, title=None, content=None):
        paste_obj = Paste.query.filter_by(id=id).first()

        if title == None:
            title = paste_obj.title
        if content == None:
            content = paste_obj.content

        Paste.query.filter_by(id=id).update(dict(title=title, content=content))
        paste_obj = Paste.query.filter_by(id=id).first()

        db.session.commit()

        Audit.create_audit_entry(info)

        return EditPaste(paste=paste_obj)
Beispiel #16
0
def check_audit(request: Request):
    ymd = request.query_params.get('ymd', '00000000')
    assert len(ymd) == 8, 'ymd 확인'

    if Audit.checkAudit(ymd):
        return Response(status=412)

    return Response(status=200)
    def mutate(self, info, title, content, public, burn):
        owner = Owner.query.filter_by(name='DVGAUser').first()

        paste_obj = Paste.create_paste(
            title='Imported Paste from File - {}'.format(
                helpers.generate_uuid()),
            content=content,
            public=False,
            burn=False,
            owner_id=owner.id,
            owner=owner,
            ip_addr=request.remote_addr,
            user_agent=request.headers.get('User-Agent', ''))

        Audit.create_audit_entry(
            gqloperation=helpers.get_opname(info.operation))

        return CreatePaste(paste=paste_obj)
Beispiel #18
0
    def handle(self, ws, request_context=None):
        connection_context = GeventConnectionContext(ws, request_context)
        self.on_open(connection_context)
        while True:
            try:
                if connection_context.closed:
                    raise ConnectionClosedException()
                message = connection_context.receive()
            except ConnectionClosedException:
                self.on_close(connection_context)
                return

            if message:

                msg = json.loads(message)

                if msg.get('type', '') == 'start':
                    Audit.create_audit_entry(msg['payload']['query'],
                                             operation_type='subscription')

            self.on_message(connection_context, message)
Beispiel #19
0
def pump_db():
  print('Populating Database')
  db.create_all()
  admin = User(username="******", password=random_password())
  owner = Owner(name='DVGAUser')
  audit = Audit()
  paste = Paste()
  paste.title = random_title()
  paste.content = "My First Paste"
  paste.public = False
  paste.owner_id = owner.id
  paste.owner = owner
  paste.ip_addr = '127.0.0.1'
  paste.user_agent = 'User-Agent not set'
  audit.gqloperation = 'CreatePaste'
  db.session.add(admin)
  db.session.add(owner)
  db.session.add(paste)
  db.session.add(audit)

  for _ in range(0, 10 ):
    owner = Owner(name=random_owner())
    paste = Paste()
    paste.title = random_title()
    paste.content = random_content()
    paste.public = True
    paste.owner_id = owner.id
    paste.owner = owner
    paste.ip_addr = random_address()
    paste.user_agent = random_useragent()

    db.session.add(owner)
    db.session.add(paste)

  db.session.commit()

  print('done')
 def resolve_audits(self, info):
   query = Audit.query.all()
   Audit.create_audit_entry(info)
   return query
 def resolve_pastes(self, info, public=False):
     query = PasteObject.get_query(info)
     Audit.create_audit_entry(
         gqloperation=helpers.get_opname(info.operation))
     return query.filter_by(public=public,
                            burn=False).order_by(Paste.id.desc())
 def resolve_system_health(self, info):
     Audit.create_audit_entry(info)
     return 'System Load: {}'.format(
         helpers.run_cmd("uptime | awk '{print $10, $11, $12}'"))
 def resolve_read_and_burn(self, info, id):
     result = Paste.query.filter_by(id=id, burn=True).first()
     Paste.query.filter_by(id=id, burn=True).delete()
     db.session.commit()
     Audit.create_audit_entry(info)
     return result
 def resolve_paste(self, info, p_id):
     query = PasteObject.get_query(info)
     Audit.create_audit_entry(
         gqloperation=helpers.get_opname(info.operation))
     return query.filter_by(id=p_id, burn=False).first()
 def resolve_system_update(self, info):
     security.simulate_load()
     Audit.create_audit_entry(info)
     return 'no updates available'
 def resolve_system_update(self, info):
     security.simulate_load()
     Audit.create_audit_entry(
         gqloperation=helpers.get_opname(info.operation))
     return 'no updates available'
 def resolve_system_health(self, info):
     Audit.create_audit_entry(
         gqloperation=helpers.get_opname(info.operation))
     return 'System Load: {}'.format(
         helpers.run_cmd("uptime | awk '{print $10, $11, $12}'"))