def __init__(self):
self.config = Configuration()
database_plugin = self.config.readSetting("Database", "PluginName", self.config.default["DatabasePluginName"])
self.dbpluginloader = DatabasePluginLoader()
fetched_plugin = self.dbpluginloader.load_plugin(database_plugin)()
if isinstance(fetched_plugin, DatabasePluginBase):
self.connection = fetched_plugin
else:
raise TypeError("The provided plugin is not derived from the DatabasePluginBase class!")
def body_from_template(self, template_file, data, today):
templateLoader = jinja2.FileSystemLoader(searchpath=TEMPLATE_DIR)
templateEnv = jinja2.Environment(loader=templateLoader)
template = templateEnv.get_template(template_file)
#ubacujemo adresu u e_mail za potvrdu pretplate i odjavu
config_test = Configuration()
host_test = "https://" + config_test.default["flaskHost"] + "/activate?"
host_test_deactivate = "https://" + config_test.default[
"flaskHost"] + "/deactivate?"
return template.render(data=data,
today=today,
host_test=host_test,
host_test_deactivate=host_test_deactivate)
def __init__(self, feed_type, prefix=None):
self._end = None
self.feed_type = feed_type
self.prefix = prefix
self.queue = RedisQueue(name=self.feed_type)
self.file_queue = RedisQueue(name=f"{self.feed_type}:files")
self.file_queue.clear()
self.progress_bar = None
self.last_modified = None
self.do_process = True
self.logger = logging.getLogger("DownloadHandler")
self.config = Configuration()
import sys
import sre_constants
import urllib
import getpass
from collections import defaultdict
import bson
import pymongo
from pymongo import DESCENDING, ASCENDING
from pymongo.collection import Collection
from werkzeug.security import generate_password_hash, check_password_hash
from lib.DatabaseLayer import sanitize
from lib.DatabasePluginBase import DatabasePluginBase
from lib.Config import Configuration
config = Configuration()
HOST = config.readSetting("Database", "Host", config.default["mongoHost"])
PORT = config.readSetting("Database", "Port", config.default["mongoPort"])
DATABASE = config.getMongoDB()
USERNAME = urllib.parse.quote(
config.readSetting("Database", "Username",
config.default["mongoUsername"]))
PASSWORD = urllib.parse.quote(
config.readSetting("Database", "Password",
config.default["mongoPassword"]))
exits = {
"userInDb": "User already exists in database",
"userNotInDb": "User does not exist in database",
"userpasscombo": "Master user/password combination does not exist",
def create_app(version, run_path):
global app, token_blacklist, socketio
app = Flask(__name__, static_url_path="/cvesearch/static", static_folder="static")
cors = CORS(app)
app.config['CORS_HEADERS'] = 'Content-Type'
app.config["version"] = version
app.config["run_path"] = run_path
app.config["APPLICATION_ROOT"] = "/cvesearch"
config = Configuration()
if config.getWebInterface().lower() == "full":
app.config["WebInterface"] = False
else:
app.config["WebInterface"] = True
app.config["MONGO_DBNAME"] = config.getMongoDB()
app.config["SECRET_KEY"] = str(random.getrandbits(256))
app.config["JWT_SECRET_KEY"] = str(random.getrandbits(256))
app.config["JWT_ACCESS_TOKEN_EXPIRES"] = ACCESS_EXPIRES
app.config["JWT_REFRESH_TOKEN_EXPIRES"] = REFRESH_EXPIRES
app.config["JWT_BLACKLIST_ENABLED"] = True
app.config["JWT_BLACKLIST_TOKEN_CHECKS"] = ["access", "refresh"]
token_blacklist = config.getRedisTokenConnection()
app.config["RESTX_MASK_SWAGGER"] = False
socketio = SocketIO(app)
Breadcrumbs(app=app)
Bootstrap(app)
jwt = JWTManager(app)
@jwt.additional_claims_loader
def add_claims_to_access_token(identity):
return {"user": identity}
@jwt.token_in_blocklist_loader
def check_if_token_is_revoked(decrypted_token):
jti = decrypted_token["jti"]
entry = token_blacklist.get(jti)
if entry == "true":
return True
return False
login_manager.init_app(app)
login_manager.login_message = "You must be logged in to access this page!!!"
login_manager.login_view = "auth.login"
@login_manager.user_loader
def load_user(id):
return User.get(id, auth_handler)
from .home import home as home_blueprint
app.register_blueprint(home_blueprint)
from .plugins import plugins as plugins_blueprint
app.register_blueprint(plugins_blueprint, url_prefix="/cvesearch/plugin")
if not app.config["WebInterface"]:
from .auth import auth as auth_blueprint
app.register_blueprint(auth_blueprint)
from .admin import admin as admin_blueprint
app.register_blueprint(admin_blueprint, url_prefix="/cvesearch/admin")
from .restapi import blueprint as api
app.register_blueprint(api)
from .restapidocs import docs as docs_blueprint
app.register_blueprint(docs_blueprint)
@app.context_processor
def version():
def get_version():
return app.config["version"]
return dict(get_version=get_version)
@app.context_processor
def db_schema():
def db_schema():
sc = SchemaChecker()
try:
return sc.validate_schema()
except DatabaseSchemaError as err:
return err
return dict(db_schema=db_schema)
@app.context_processor
def WebInterface():
def get_WebInterface():
return app.config["WebInterface"]
return dict(get_WebInterface=get_WebInterface)
@app.context_processor
def JSON2HTMLTable():
# Doublequote, because we have to |safe the content for the tags
def doublequote(data):
return urllib.parse.quote_plus(urllib.parse.quote_plus(data))
def JSON2HTMLTableFilter(data, stack=None):
_return = ""
if type(stack) == str:
stack = [stack]
if type(data) == list:
if len(data) == 1:
_return += JSON2HTMLTableFilter(data[0], stack)
else:
_return += '<ul class="via4">'
for item in data:
_return += "<li>%s</li>" % JSON2HTMLTableFilter(item, stack)
_return += "</ul>"
elif type(data) == dict:
_return += '<table class="invisiTable">'
for key, val in sorted(data.items()):
_return += "<tr><td><b>%s</b></td><td>%s</td></tr>" % (
key,
JSON2HTMLTableFilter(val, stack + [key]),
)
_return += "</table>"
elif type(data) == str:
if stack:
_return += (
"<a href='/link/"
+ doublequote(".".join(stack))
+ "/"
+ doublequote(data)
+ "'>"
) # link opening
_return += "<i class='fas fa-link' aria-hidden='true'></i> </a>"
_return += (
"<a target='_blank' href='%s'>%s</a>" % (data, data)
if isURL(data)
else data
)
_return += ""
return _return
return dict(JSON2HTMLTable=JSON2HTMLTableFilter)
@app.template_filter("htmlEncode")
def htmlEncode(string):
return urllib.parse.quote_plus(string).lower()
@app.template_filter("htmlDecode")
def htmlDecode(string):
return urllib.parse.unquote_plus(string)
@app.template_filter("sortIntLikeStr")
def sortIntLikeStr(datalist):
return sorted(datalist, key=lambda k: int(k))
@app.errorhandler(404)
def page_not_found(error):
return (
render_template("404.html",),
404,
)
return app, socketio
class HelperLogger(logging.Logger):
"""
The HelperLogger is used by the application / gui as their logging class and *extends* the default python
logger.logging class.
This will separate the logging from the application / gui from that of the daemons.
"""
runPath = os.path.dirname(os.path.dirname(os.path.realpath(__file__)))
logPath = os.path.join(runPath, "log")
if not os.path.exists(logPath):
os.makedirs(logPath)
config = Configuration()
logDict = {
"version": 1,
"formatters": {
"sysLogFormatter": {
"format":
"%(asctime)s - %(name)-8s - %(levelname)-8s - %(message)s",
},
"simpleFormatter": {
"format":
"%(asctime)s - %(name)-8s - %(levelname)-8s - %(message)s",
},
},
"handlers": {
"consoleHandler": {
"class": "logging.StreamHandler",
"level": "INFO",
"stream": "ext://sys.stdout",
"formatter": "simpleFormatter",
}
},
"root": {
"level": "DEBUG",
"handlers": ["consoleHandler"]
},
}
dictConfig(logDict)
level_map = {
"debug": "magenta",
"info": "white",
"warning": "yellow",
"error": "red",
"critical": "red",
}
def __init__(self, name, level=logging.NOTSET):
super().__init__(name, level)
def debug(self, msg, *args, **kwargs):
"""
Log ‘msg % args’ with severity ‘DEBUG’ and color *MAGENTA.
To pass exception information, use the keyword argument exc_info with a true value, e.g.
logger.debug(“Houston, we have a %s”, “thorny problem”, exc_info=1)
:param msg: Message to log
:type msg: str
"""
msg = colors.color("{}".format(msg),
fg=HelperLogger.level_map["debug"])
return super(HelperLogger, self).debug(msg, *args, **kwargs)
def info(self, msg, *args, **kwargs):
"""
Log ‘msg % args’ with severity ‘INFO’ and color *WHITE*.
To pass exception information, use the keyword argument exc_info with a true value, e.g.
logger.info(“Houston, we have a %s”, “interesting problem”, exc_info=1)
:param msg: Message to log
:type msg: str
"""
msg = colors.color("{}".format(msg), fg=HelperLogger.level_map["info"])
return super(HelperLogger, self).info(msg, *args, **kwargs)
def warning(self, msg, *args, **kwargs):
"""
Log ‘msg % args’ with severity ‘WARNING’ and color *YELLOW*.
To pass exception information, use the keyword argument exc_info with a true value, e.g.
logger.warning(“Houston, we have a %s”, “bit of a problem”, exc_info=1)
:param msg: Message to log
:type msg: str
"""
msg = colors.color("{}".format(msg),
fg=HelperLogger.level_map["warning"])
return super(HelperLogger, self).warning(msg, *args, **kwargs)
def error(self, msg, *args, **kwargs):
"""
Log ‘msg % args’ with severity ‘ERROR’ and color *RED*.
Store logged message to the database for dashboard alerting.
To pass exception information, use the keyword argument exc_info with a true value, e.g.
logger.error(“Houston, we have a %s”, “major problem”, exc_info=1)
:param msg: Message to log
:type msg: str
"""
msg = colors.color("{}".format(msg),
fg=HelperLogger.level_map["error"])
return super(HelperLogger, self).error(msg, *args, **kwargs)
def critical(self, msg, *args, **kwargs):
"""
Log ‘msg % args’ with severity ‘CRITICAL’ and color *RED*.
Store logged message to the database for dashboard alerting.
To pass exception information, use the keyword argument exc_info with a true value, e.g.
logger.critical(“Houston, we have a %s”, “hell of a problem”, exc_info=1)
:param msg: Message to log
:type msg: str
"""
msg = colors.color("{}".format(msg),
fg=HelperLogger.level_map["critical"])
return super(HelperLogger, self).critical(msg, *args, **kwargs)
class HelperLogger(logging.Logger):
"""
The HelperLogger is used by the application / gui as their logging class and *extends* the default python
logger.logging class.
This will separate the logging from the application / gui from that of the daemons.
"""
# Logging state variables for fault tolerance; reference as "static" with 'HelperLogger.variableName'.
testedLogFile = False
testedUpdateLogFile = False
failedLogFile = False
failedUpdateLogFile = False
config = Configuration()
logDict = {
"version": 1,
"formatters": {
"sysLogFormatter": {
"format":
"%(asctime)s - %(name)-8s - %(levelname)-8s - %(message)s"
},
"simpleFormatter": {
"format":
"%(asctime)s - %(name)-8s - %(levelname)-8s - %(message)s"
},
},
"handlers": {
"consoleHandler": {
"class": "logging.StreamHandler",
"level": "INFO",
"stream": "ext://sys.stdout",
"formatter": "simpleFormatter",
}
},
"root": {
"level": "DEBUG",
"handlers": ["consoleHandler"]
},
}
dictConfig(logDict)
level_map = {
"debug": "magenta",
"info": "white",
"warning": "yellow",
"error": "red",
"critical": "red",
}
def __init__(self, name, level=logging.NOTSET):
super().__init__(name, level)
def debug(self, msg, *args, **kwargs):
"""
Log ‘msg % args’ with severity ‘DEBUG’ and color *MAGENTA.
To pass exception information, use the keyword argument exc_info with a true value, e.g.
logger.debug(“Houston, we have a %s”, “thorny problem”, exc_info=1)
:param msg: Message to log
:type msg: str
"""
msg = colors.color("{}".format(msg),
fg=HelperLogger.level_map["debug"])
return super(HelperLogger, self).debug(msg, *args, **kwargs)
def info(self, msg, *args, **kwargs):
"""
Log ‘msg % args’ with severity ‘INFO’ and color *WHITE*.
To pass exception information, use the keyword argument exc_info with a true value, e.g.
logger.info(“Houston, we have a %s”, “interesting problem”, exc_info=1)
:param msg: Message to log
:type msg: str
"""
msg = colors.color("{}".format(msg), fg=HelperLogger.level_map["info"])
return super(HelperLogger, self).info(msg, *args, **kwargs)
def warning(self, msg, *args, **kwargs):
"""
Log ‘msg % args’ with severity ‘WARNING’ and color *YELLOW*.
To pass exception information, use the keyword argument exc_info with a true value, e.g.
logger.warning(“Houston, we have a %s”, “bit of a problem”, exc_info=1)
:param msg: Message to log
:type msg: str
"""
msg = colors.color("{}".format(msg),
fg=HelperLogger.level_map["warning"])
return super(HelperLogger, self).warning(msg, *args, **kwargs)
def error(self, msg, *args, **kwargs):
"""
Log ‘msg % args’ with severity ‘ERROR’ and color *RED*.
Store logged message to the database for dashboard alerting.
To pass exception information, use the keyword argument exc_info with a true value, e.g.
logger.error(“Houston, we have a %s”, “major problem”, exc_info=1)
:param msg: Message to log
:type msg: str
"""
msg = colors.color("{}".format(msg),
fg=HelperLogger.level_map["error"])
return super(HelperLogger, self).error(msg, *args, **kwargs)
def critical(self, msg, *args, **kwargs):
"""
Log ‘msg % args’ with severity ‘CRITICAL’ and color *RED*.
Store logged message to the database for dashboard alerting.
To pass exception information, use the keyword argument exc_info with a true value, e.g.
logger.critical(“Houston, we have a %s”, “hell of a problem”, exc_info=1)
:param msg: Message to log
:type msg: str
"""
msg = colors.color("{}".format(msg),
fg=HelperLogger.level_map["critical"])
return super(HelperLogger, self).critical(msg, *args, **kwargs)
@staticmethod
def testLogging(log):
"""
Static method for creating missing log directories and testing log operation.
Returns True if logging is possible and False on any failure.
:param log: Path to the log file to test/create.
:type log: str (or os.PathLike object)
"""
logFile = os.path.realpath(log)
logPath = os.path.dirname(logFile)
try:
if not os.path.exists(logPath):
os.makedirs(logPath)
with open(logFile, "a"):
os.utime(logFile, None)
except:
print("Warning! Could not write log to {}. Disabling temporarily.".
format(logFile))
return False
return True
