class ModelFilterSet(FilterSet):
class Meta:
model = models.Album
query = session.query(models.Album)
operators = (operators.Equal, operators.In)
parser = parser
genre = Filter(fields.Str(), operator=operators.Like)
sales__modulo = Filter(fields.Str(), operator=modulo)
class VulnerabilityFilterSet(FilterSet):
class Meta(FilterSetMeta):
model = VulnerabilityWeb # It has all the fields
# TODO migration: Check if we should add fields owner,
# command, impact, issuetracker, tags, date, host
# evidence, policy violations, hostnames
fields = ("id", "status", "website", "pname", "query", "path",
"service", "data", "severity", "confirmed", "name",
"request", "response", "parameters", "params", "resolution",
"ease_of_resolution", "description", "command_id", "target",
"creator", "method", "easeofresolution", "query_string",
"parameter_name", "service_id", "status_code")
strict_fields = (
"severity",
"confirmed",
"method",
"status",
"easeofresolution",
"ease_of_resolution",
"service_id",
)
default_operator = CustomILike
# next line uses dict comprehensions!
column_overrides = {
field: _strict_filtering
for field in strict_fields
}
operators = (CustomILike, operators.Equal)
id = IDFilter(fields.Int())
target = TargetFilter(fields.Str())
type = TypeFilter(
fields.Str(validate=[OneOf(['Vulnerability', 'VulnerabilityWeb'])]))
creator = CreatorFilter(fields.Str())
service = ServiceFilter(fields.Str())
severity = Filter(SeverityField())
easeofresolution = Filter(
fields.String(attribute='ease_of_resolution',
validate=OneOf(Vulnerability.EASE_OF_RESOLUTIONS),
allow_none=True))
pname = Filter(fields.String(attribute='parameter_name'))
query = Filter(fields.String(attribute='query_string'))
status_code = StatusCodeFilter(fields.Int())
params = Filter(fields.String(attribute='parameters'))
status = Filter(
fields.Function(deserialize=lambda val: 'open'
if val == 'opened' else val,
validate=OneOf(Vulnerability.STATUSES + ['opened'])))
hostnames = HostnamesFilter(fields.Str())
confirmed = Filter(fields.Boolean())
def filter(self):
"""Generate a filtered query from request parameters.
:returns: Filtered SQLALchemy query
"""
# TODO migration: this can became a normal filter instead of a custom
# one, since now we can use creator_command_id
command_id = request.args.get('command_id')
query = super(VulnerabilityFilterSet, self).filter()
if command_id:
# query = query.filter(CommandObject.command_id == int(command_id))
query = query.filter(
VulnerabilityGeneric.creator_command_id == int(
command_id)) # TODO migration: handle invalid int()
return query
def make_filter(mcs, prop, field, label, operator, klass):
opts = klass.opts
if operator.multiple:
field = opts.list_class(field)
return Filter(field, prop.key, label=label, operator=operator)