def process_submission(form):
try:
cves = []
for cve in form.cves.data.split(','):
cves.append(cve.strip())
group = form.group.data
coordinates = CoordinateDict({
coord: form._fields.get('%s_%s' % (group, coord)).data.strip()
for coord in SUBMISSION_GROUPS.get(group, [])
})
files = upload(group, request.files.get('archive', None), coordinates)
for (ondisk, filename, suffix) in files:
submit(
login.current_user.username, ondisk, group, filename, suffix,
cves, coordinates=coordinates
)
current_app.config['INDEX_REFRESH_FLAG'] = True
flash('Archive Submitted for processing', 'info')
except ValueError, ve:
flash(escape(ve.message), 'error')
def submit_archive(group):
"""
Allows for authenticated users to submit archives
"""
user = '******' % api_request_user()
try:
if group not in groups():
raise ValueError('Invalid group specified')
if 'cves' not in request.args:
raise ValueError('CVE(s) required')
cves = [cve.strip() for cve in request.args['cves'].split(',')]
coordinates = CoordinateDict({
coord: request.args.get(coord).strip()
for coord in SUBMISSION_GROUPS.get(group)
if coord in request.args
})
files = upload(group, request.files.get('archive', None), coordinates)
for (ondisk, filename, suffix) in files:
submit(
user, ondisk, group, filename, suffix, cves,
coordinates=coordinates
)
return success()
except ValueError as ve:
current_app.logger.info('Invalid submission by %s: %s' %
(user, ve.message))
return error(ve.message)
except Exception as e:
current_app.logger.info(e.message)
return error()
def group_coordinates():
keys = []
for coords in SUBMISSION_GROUPS.values():
for key in coords:
if key not in keys:
keys.append(key)
return keys
def cves(group):
"""
Get cves that match the given coordinates for the specified group.
Expectes coordinates as arguments.
:Parameters:
- `group`: The group for which to search in
"""
try:
validkeys = CoordinateDict().validkeys
kwargs = {
'coordinates__%s' % (coord): request.args.get(coord).strip()
for coord in SUBMISSION_GROUPS.get(group)
if coord in request.args and coord in validkeys
}
if len(kwargs) == 0:
raise ValueError('No coordinates given')
kwargs['group'] = group
fields = ['cves', 'coordinates']
cves = Hash.objects.only(*fields).filter(**kwargs)
return stream_items(cves, fields)
except ValueError as ve:
return error(ve.message)
except Exception as e:
current_app.logger.debug(e.message)
return error()
def submit_archive():
form = ArchiveSubmit()
if form.validate_on_submit():
process_submission(form)
return redirect(url_for('ui.index'))
elif request.method == 'POST':
flash_errors(form)
return render_template(
'submit_archive.html', form=form, groups=SUBMISSION_GROUPS.keys())
def update_front_page_stats():
stats = {}
stats['hashes'] = Hash.objects(status='RELEASED').only('group')
stats['submitted'] = Submission.objects(
approval='REQUESTED').only('group')
stats['pending'] = Submission.objects(
approval='PENDING_APPROVAL').only('group')
# Generate counts for objects and for each format
# data will contain hashes, hashes_jars, hashes_eggs etc.
groups = SUBMISSION_GROUPS.keys()
groups.sort()
data = {'groups': groups, 'stats': {}}
for group in groups:
stat = {}
for key in stats:
if group == 'all':
stat[key] = len(stats[key])
else:
stat[key] = len(stats[key].filter(group=group))
data['stats'][group] = stat
_CONFIG.front_page_stats = data
def process_submission(form, group=None):
try:
cves = []
for cve in form.cves.data.split(','):
cves.append(cve.strip())
if group is None:
group = form.group.data
coordinates = CoordinateDict({
coord: form._fields.get('%s' % coord).data.strip()
for coord in SUBMISSION_GROUPS.get(group, [])
})
# remove any empty values
coordinates = dict(
(k, v)
for k, v in coordinates.iteritems()
if v is not None and len(v) > 0
)
# if no coordinates given, make None
if len(coordinates) == 0:
coordinates = None
files = upload(group, request.files.get('archive', None), coordinates)
for (ondisk, filename, suffix) in files:
submit(
login.current_user.username, ondisk, group, filename, suffix,
cves, coordinates=coordinates
)
current_app.config['INDEX_REFRESH_FLAG'] = True
flash('Archive Submitted for processing', 'info')
except ValueError, ve:
flash(escape(ve.message), 'error')
def group_choices():
choices = []
for group in SUBMISSION_GROUPS.keys():
choices.append((group, group))
return choices
Return the status of the service.
"""
data = json.dumps({
'eol': EOL,
'supported': True,
'version': '2',
'recommended': True,
'endpoint': '/service/v2/'
})
return make_response(data)
# Routing Regexes
_SINCE_REGEX = '<regex("[0-9\-]{8,}T[0-9:]{8}"):since>'
_GROUP_REGEX = '<regex("%s"):group>' % ('|'.join(SUBMISSION_GROUPS.keys()))
_START_DATE = '1970-01-01T00:00:00'
@v2.route('/update/%s/' % (_GROUP_REGEX), defaults={'since': _START_DATE})
@v2.route('/update/%s/' % (_SINCE_REGEX), defaults={'group': DEFAULT_GROUP})
@v2.route('/update/%s/<since>/' % (_GROUP_REGEX), methods=['GET'])
def update(group, since):
"""
Returns all items updated past a specific date in utc.
:Parameters:
- `since`: a specific date in utc
- `group`: group to limit items to
"""
try:
cves = fields.StringField('CVE(s)', validators=[
validators.Regexp(
'^CVE-\d+-\d+(\s*,\s*CVE-\d+-\d+)*$',
message='Invalid CVE. Multiple CVEs can seperated with commas.'
),
validators.required(),
])
archive = fields.FileField('Archive')
# Dynamic creation of submission forms
SUBMISSION_FORMS = {}
# Validator of archive vs coordinate based submission
_validator = RequiredIfNoneValid([HasFile('archive')])
for (group, coordinates) in SUBMISSION_GROUPS.items():
classname = '%sArtifactSubmit' % (group.title())
group_fields = []
for coord in coordinates:
group_fields.append(
'exec("%s = fields.StringField(\'%s\', [_validator])")'
% (coord, coord)
)
exec('class %s(ArtifactSubmit): %s' % (classname, ';'.join(group_fields)))
SUBMISSION_FORMS[group] = eval(classname)
class RegistrationForm(Form):
"""
Registration Form
"""