def insert():
gigya_id = request.form.get('gigya_id')
payload = request.form.get('payload')
row = Payload(gigya_id, payload)
db.session.add(row)
db.session.commit()
return '{}'.format(row.id)
def inventoryformaction ():
if request.method == 'POST':
if 'gcs_user' in session and session ['gcs_logged_in']:
type_str = request.form ['type']
item= request.form ['item']
storage_type = request.form ['storageType']
item_type = request.form['itemType']
item_weight = request.form['weight']
uom = request.form['uom']
stock = request.form ['stock']
value = request.form['value']
payload = Payload (type_str,item,storage_type,item_type,item_weight,uom,
stock,value)
db.session.add (payload)
db.session.commit ()
return redirect ('/inventory',code = 302)
else:
return redirect ('/gcslogin',code = 302)
else:
return redirect ('/gcsportal',code = 302)
def batchinventory_action ():
if request.method == 'POST':
if 'gcs_user' in session and session ['gcs_logged_in']:
if not 'file' in request.files:
return 'error:no file'
inputfile = request.files.get ('file')
if inputfile is None:
return "Error!"
if csv_allowed_file (inputfile.filename):
filename = inputfile.filename
outpath = os.path.join (application.config['UPLOAD_FOLDER'],filename)
inputfile.save (outpath)
df = pd.read_table (outpath,sep=',')
read_columns = list (df.columns.values)
if Counter (read_columns) == Counter (application.config['ACCEPTABLE_COLUMNS']):
for index,row in df.iterrows():
inventory_item = Payload (row['type'],row['item'],row['storage_type'],
row['item_type'],int(row['weight']),row['uom'],
int(row['stock']),float(row['value']))
db.session.add (inventory_item)
db.session.commit ()
os.remove (outpath)
else:
return "The uploaded csv file is of invalid format"
return redirect ('/inventory',code = 302)
else:
return "Invalid file format"
else:
return redirect ('/gcslogin',code = 302)
else:
return "ERROR"
def post(self, *args, **kwargs):
uuid = self.get_argument('uuid', '')
payload = Payload.by_uuid(uuid)
user = self.get_current_user()
if payload is not None and payload in user.history:
dbsession.delete(payload)
dbsession.flush()
self.redirect('/history')
async def post_position(
payload: Payload): ## Payload from pydantic model in models.py
r = payload.dict(
) ## Pydantic model parsed to dictionary with the received data from owntracks app
d = db.update(
r, 'viiobn6mj1pf') ## Updates the database with the key 'viiobn6mj1pf'
##This string value can be modified but must be changed in the base.py and all the other fields to match
return r
def post(self, *args, **kwargs):
uuid = self.get_argument('uuid', '')
payload = Payload.by_uuid(uuid)
user = self.get_current_user()
if payload is not None and payload in user.history:
dbsession.delete(payload)
dbsession.flush()
self.redirect('/history')
def get(self, *args, **kwargs):
user = self.get_current_user()
uuid = self.get_argument('uuid', None)
if uuid is not None:
payload = Payload.by_uuid(uuid)
if payload is not None and payload in user.history:
self.render('history/view_payload.html', payload=payload)
else:
self.render('history/view_table.html',
payloads=user.chronological_history)
def api():
token = request.headers.get('Authorization')
content = request.json
if token and token.startswith('Basic') and len(content):
fetched_content = content.pop()
parsed_key = base64.b64decode(token.split()[1]).decode('utf-8')
user = User.get_user(parsed_key)
if user and fetched_content:
payload = dict()
payload['user_last_name'] = user.last_name
payload_for_today = Payload.check_today(user.last_name)
current_month = Month.check_month(user.last_name)
if payload_for_today:
last_time = payload_for_today.last_time
current_time = get_time(fetched_content['time'])
delta = hms_to_m(make_delta(last_time, current_time))
if delta > 10:
payload_for_today.last_time = current_time
db.session.commit()
return Response(status='200')
current_day = Day.get_current_day(user.last_name)
payload['date'] = get_today()
payload['running_min'] = delta
if current_day:
current_day_running_min = current_day.running_min
current_day.running_min = current_day_running_min + delta
else:
db.session.add(Day(**payload))
if current_month:
current_month_running_min = current_month.running_min
current_month.running_min = current_month_running_min + delta
else:
db.session.add(Month(**payload))
payload_for_today.last_time = current_time
db.session.commit()
else:
payload['last_time'] = get_time(fetched_content['time'])
db.session.add(Payload(**payload))
db.session.commit()
return Response(status='200')
def get(self, *args, **kwargs):
user = self.get_current_user()
uuid = self.get_argument('uuid', None)
if uuid is not None:
payload = Payload.by_uuid(uuid)
if payload is not None and payload in user.history:
self.render('history/view_payload.html', payload=payload)
else:
self.render('history/view_table.html',
payloads=user.chronological_history
)
def load_payload():
full = []
for i in range(100):
out = {}
out['gigya_id'] = random.randrange(100000, 120000)
out['docs'] = []
for ii in range(random.randrange(2, 7)):
docs = {}
docs['MRN'] = random.randrange(2000, 7000)
docs['name'] = names.get_full_name()
out['docs'].append(docs)
full.append(out)
row = Payload(out['gigya_id'], json.dumps(out))
session.add(row)
session.commit()
def download_rc(self):
user = self.get_current_user()
uuid = self.get_argument('uuid', '')
payload = Payload.by_uuid(uuid)
if payload is not None and payload in user.history:
data = payload.get_rc_file()
self.set_header('Content-Type', 'text/plain')
self.set_header('Content-Length', len(data))
self.set_header('Content-Disposition', 'attachment; filename=%s' %
payload.rc_file_name.replace('\n', '') # Shouldn't be any
)
self.write(data)
self.finish()
else:
self.render('public/404.html')
def download_exe(self):
user = self.get_current_user()
uuid = self.get_argument('uuid', '')
payload = Payload.by_uuid(uuid)
if payload is not None and payload in user.history:
f = open(payload.file_path, 'r')
data = f.read()
self.set_header('Content-Type', 'application/x-msdos-program')
self.set_header('Content-Length', len(data))
self.set_header('Content-Disposition', 'attachment; filename=%s' %
payload.file_name.replace('\n', '') # Shouldn't be any
)
self.write(data)
f.close()
self.finish()
else:
self.render('public/404.html')
def download_rc(self):
user = self.get_current_user()
uuid = self.get_argument('uuid', '')
payload = Payload.by_uuid(uuid)
if payload is not None and payload in user.history:
data = payload.get_rc_file()
self.set_header('Content-Type', 'text/plain')
self.set_header('Content-Length', len(data))
self.set_header(
'Content-Disposition',
'attachment; filename=%s' %
payload.rc_file_name.replace('\n', '') # Shouldn't be any
)
self.write(data)
self.finish()
else:
self.render('public/404.html')
def download_exe(self):
user = self.get_current_user()
uuid = self.get_argument('uuid', '')
payload = Payload.by_uuid(uuid)
if payload is not None and payload in user.history:
f = open(payload.file_path, 'r')
data = f.read()
self.set_header('Content-Type', 'application/x-msdos-program')
self.set_header('Content-Length', len(data))
self.set_header(
'Content-Disposition',
'attachment; filename=%s' %
payload.file_name.replace('\n', '') # Shouldn't be any
)
self.write(data)
f.close()
self.finish()
else:
self.render('public/404.html')
def create_payload(self,
lport,
msfpayload,
protocol,
cryptor,
lhost="0.0.0.0",
rhost="0.0.0.0"):
''' Save new payload in database '''
user = self.get_current_user()
payload = Payload(
user_id=user.id,
lhost=lhost,
rhost=rhost,
lport=lport,
msfpayload=msfpayload,
protocol=protocol,
cryptor=cryptor,
)
dbsession.add(payload)
dbsession.flush()
return payload
def submit_profiles(request):
if request.method != 'POST':
return HttpResponseNotFound('No POST data sent')
submission = request.POST
serial = submission.get('serial').upper()
machine = None
if serial:
try:
machine = Machine.objects.get(serial=serial)
except Machine.DoesNotExist:
return HttpResponseNotFound('Serial Number not found')
compression_type = 'base64bz2'
if 'base64bz2profiles' in submission:
compressed_profiles = submission.get('base64bz2profiles')
elif 'base64profiles' in submission:
compressed_profiles = submission.get('base64bz2profiles')
compression_type = 'base64'
if compressed_profiles:
compressed_profiles = compressed_profiles.replace(" ", "+")
profiles_str = text_utils.decode_to_string(compressed_profiles,
compression_type)
try:
profiles_list = plistlib.readPlistFromString(profiles_str)
except Exception:
profiles_list = None
profiles_to_be_added = []
machine.profile_set.all().delete()
if '_computerlevel' in profiles_list:
profiles_list = profiles_list['_computerlevel']
for profile in profiles_list:
parsed_date = dateutil.parser.parse(
profile.get('ProfileInstallDate'))
profile_item = Profile(
machine=machine,
identifier=profile.get('ProfileIdentifier', ''),
display_name=profile.get('ProfileDisplayName', ''),
description=profile.get('ProfileDescription', ''),
organization=profile.get('ProfileOrganization', ''),
uuid=profile.get('ProfileUUID', ''),
verification_state=profile.get('ProfileVerificationState',
''),
install_date=parsed_date)
if utils.is_postgres():
profiles_to_be_added.append(profile_item)
else:
profile_item.save()
if utils.is_postgres():
Profile.objects.bulk_create(profiles_to_be_added)
stored_profiles = machine.profile_set.all()
payloads_to_save = []
for stored_profile in stored_profiles:
uuid = stored_profile.uuid
identifier = stored_profile.identifier
for profile in profiles_list:
profile_uuid = profile.get('ProfileUUID', '')
profile_id = profile.get('ProfileIdentifier', '')
if uuid == profile_uuid and identifier == profile_id:
payloads = profile.get('ProfileItems', [])
for payload in payloads:
payload_item = Payload(
profile=stored_profile,
identifier=payload.get('PayloadIdentifier',
''),
uuid=payload.get('PayloadUUID', ''),
payload_type=payload.get('PayloadType', ''))
if utils.is_postgres():
payloads_to_save.append(payload_item)
else:
payload_item.save()
break
if utils.is_postgres():
Payload.objects.bulk_create(payloads_to_save)
return HttpResponse("Profiles submitted for %s.\n" %
submission.get('serial'))
return HttpResponse("No profiles submitted.\n")
def submit_profiles(request):
submission = request.POST
serial = submission.get('serial').upper()
machine = None
if serial:
try:
machine = Machine.objects.get(serial=serial)
except Machine.DoesNotExist:
return HttpResponseNotFound('Serial Number not found')
compression_type = 'base64bz2'
compressed_profiles = None
if 'base64bz2profiles' in submission:
compressed_profiles = submission.get('base64bz2profiles')
elif 'base64profiles' in submission:
compressed_profiles = submission.get('base64bz2profiles')
compression_type = 'base64'
if compressed_profiles:
compressed_profiles = compressed_profiles.replace(" ", "+")
profiles_str = text_utils.decode_to_string(compressed_profiles, compression_type)
try:
profiles_list = plistlib.readPlistFromString(profiles_str)
except Exception:
profiles_list = None
profiles_to_be_added = []
machine.profile_set.all().delete()
if '_computerlevel' in profiles_list:
profiles_list = profiles_list['_computerlevel']
for profile in profiles_list:
parsed_date = dateutil.parser.parse(profile.get('ProfileInstallDate'))
profile_item = Profile(
machine=machine,
identifier=profile.get('ProfileIdentifier', ''),
display_name=profile.get('ProfileDisplayName', ''),
description=profile.get('ProfileDescription', ''),
organization=profile.get('ProfileOrganization', ''),
uuid=profile.get('ProfileUUID', ''),
verification_state=profile.get('ProfileVerificationState', ''),
install_date=parsed_date
)
if utils.is_postgres():
profiles_to_be_added.append(profile_item)
else:
profile_item.save()
if utils.is_postgres():
Profile.objects.bulk_create(profiles_to_be_added)
stored_profiles = machine.profile_set.all()
payloads_to_save = []
for stored_profile in stored_profiles:
uuid = stored_profile.uuid
identifier = stored_profile.identifier
for profile in profiles_list:
profile_uuid = profile.get('ProfileUUID', '')
profile_id = profile.get('ProfileIdentifier', '')
if uuid == profile_uuid and identifier == profile_id:
payloads = profile.get('ProfileItems', [])
for payload in payloads:
payload_item = Payload(
profile=stored_profile,
identifier=payload.get('PayloadIdentifier', ''),
uuid=payload.get('PayloadUUID', ''),
payload_type=payload.get('PayloadType', '')
)
if utils.is_postgres():
payloads_to_save.append(payload_item)
else:
payload_item.save()
break
if utils.is_postgres():
Payload.objects.bulk_create(payloads_to_save)
utils.run_profiles_plugin_processing(machine, profiles_list)
return HttpResponse("Profiles submitted for %s.\n" %
submission.get('serial'))
return HttpResponse("No profiles submitted.\n")
async def post_position(payload: Payload):
r = payload.dict()
d = db.update(r, 'viiobn6mj1pf')
return r
async def post_position(payload: Payload):
r = payload.dict()
d = db.insert(r)
return r