def rfxss(self, processor):
rfxss_case_list = []
if processor.reflect:
request = processor.request
method, url, headers, body = request.method, request.url, request.headers, request.body
reflect = processor.reflect
if method == 'GET':
for i in reflect:
param, value, position = i[0], i[1], i[2]
for location, payload, match in self.PAYLOADS:
if location in position:
new_url = change_by_param(url, param, payload)
case = Case(vul='Reflected XSS',
method='GET',
url=new_url,
headers=headers,
body='',
args=(location, match, param, value))
rfxss_case_list.append(case)
return rfxss_case_list
elif method == 'POST':
for i in reflect:
param, value, position = i[0], i[1], i[2]
for location, payload, match in self.PAYLOADS:
if location in position:
new_body = body.replace(value, payload)
case = Case(vul='Reflected XSS',
method='POST',
url=url,
headers=headers,
body=new_body,
args=(location, match, param, value))
rfxss_case_list.append(case)
return rfxss_case_list
def create_case(self, user, case_name, conf_builder, project_name, flow_name, properties=None, start=True):
case = Case(
owner_id=user.id,
name=case_name,
project_name=project_name,
flow_name=flow_name,
conf=conf_builder.get_conf(),
properties=Data.element(properties))
session = db.Session()
session.add(case)
session.commit()
engine_case_name = "{}-{}".format(user.nick, case_name)
#while self.engine.exists_case(engine_case_name):
# engine_case_name = "{}-{}".format(user.nick, uuid4().hex[-6:])
engine_case = self.engine.create_case(engine_case_name, conf_builder, project_name, flow_name, engine_case_name)
case.created = engine_case.created
case.engine_name = engine_case_name
session.commit()
if start:
engine_case.start()
return case
def update_data_from_api_response(db_cities):
update_data = requests.get(URL_UPDATE_DATA)
# dumps --> takes in Python obj and convert it to string
# loads --> Take JSON string and convert to Python obj
dataset_update = json.loads(update_data.text)
status_data = {
'state': None,
'city': None,
'confirmed': None,
'deaths': None,
'recovered': None,
'active': None,
'date': None,
'city_id': None,
}
for dict_ in dataset_update:
city = dict_['City']
state = dict_['Province']
status_data['state'] = state
status_data['city'] = city + "," + " " + state
if (city + "," + " " + state) in db_cities:
status_data['city_id'] = db_cities[city + "," + " " + state]
confirmed = dict_['Confirmed']
status_data['confirmed'] = confirmed
deaths = dict_['Deaths']
status_data['deaths'] = deaths
recovered = dict_['Recovered']
status_data['recovered'] = recovered
active = dict_['Active']
status_data['active'] = active
date = dict_['Date']
date = datetime.strptime(date[0:10], '%Y-%m-%d')
status_data['date'] = date
cases = Case(confirmed=status_data['confirmed'],
deaths=status_data['deaths'],
recovered=status_data['recovered'],
active=status_data['active'],
date=status_data['date'],
county_id=status_data['city_id'],
state_name=status_data['state'])
db.session.add(cases)
db.session.commit()
print(f"Successfully created {cases}")
engine_case_name = "{}-{}".format(user.nick, case_name)
exists_in_db = lambda: Case.query.filter(
Case.owner_id == user.id, Case.name == case_name).count() > 0
return self.engine.exists_case(engine_case_name) or exists_in_db()
def create_case(self,
user,
case_name,
conf_builder,
project_name,
flow_name,
properties=None,
start=True):
case = Case(owner_id=user.id,
name=case_name,
project_name=project_name,
flow_name=flow_name,
conf=conf_builder.get_conf(),
properties=Data.element(properties))
session = db.Session()
session.add(case)
session.commit()
engine_case_name = "{}-{}".format(user.nick, case_name)
#while self.engine.exists_case(engine_case_name):
# engine_case_name = "{}-{}".format(user.nick, uuid4().hex[-6:])
engine_case = self.engine.create_case(engine_case_name, conf_builder,
project_name, flow_name)
case.created = engine_case.created
from crud import Session, create_database, drop_database, recreate_database
from model import Case, Member, CaseDetermination
recreate_database()
s = Session()
member = Member(client_id="abc", external_member_id="123", person_code="01")
s.add(member)
s.commit()
case0 = Case(
case_number=1000000000,
rn="rn0",
drug_ndc="drug_ndc0",
origin="fax",
member_id=member.id,
prescriber_npi="0123456789",
requester_type="pharmacy",
)
s.add(case0)
case1 = Case(
case_number=1000000001,
rn="rn1",
drug_ndc="drug_ndc1",
origin="epa",
member_id=member.id,
prescriber_npi="0123456789",
requester_type="prescriber",
original_case_number=1000000000,