Ejemplo n.º 1
0
    def _filter(self, filters, workspace_name):
        try:
            filters = FlaskRestlessSchema().load(json.loads(filters)) or {}
            hostname_filters = []
            if filters:
                filters['filters'], hostname_filters = self._hostname_filters(
                    filters.get('filters', []))
        except (ValidationError, JSONDecodeError) as ex:
            logger.exception(ex)
            flask.abort(400, "Invalid filters")

        workspace = self._get_workspace(workspace_name)
        marshmallow_params = {
            'many': True,
            'context': {},
            'exclude': ('_attachments', )
        }
        if 'group_by' not in filters:
            offset = None
            limit = None
            if 'offset' in filters:
                offset = filters.pop('offset')
            if 'limit' in filters:
                limit = filters.pop(
                    'limit')  # we need to remove pagination, since

            try:
                vulns = self._generate_filter_query(VulnerabilityGeneric,
                                                    filters, hostname_filters,
                                                    workspace,
                                                    marshmallow_params)
            except AttributeError as e:
                flask.abort(400, e)
            total_vulns = vulns
            if limit:
                vulns = vulns.limit(limit)
            if offset:
                vulns = vulns.offset(offset)

            vulns = self.schema_class_dict['VulnerabilityWeb'](
                **marshmallow_params).dump(vulns.all())
            return vulns, total_vulns.count()
        else:
            vulns = self._generate_filter_query(
                VulnerabilityGeneric,
                filters,
                hostname_filters,
                workspace,
                marshmallow_params,
            )
            column_names = ['count'] + [
                field['field'] for field in filters.get('group_by', [])
            ]
            rows = [list(zip(column_names, row)) for row in vulns.all()]
            vulns_data = []
            for row in rows:
                vulns_data.append({field[0]: field[1] for field in row})

            return vulns_data, len(rows)
Ejemplo n.º 2
0
    def _filter(self, filters, workspace_name, confirmed=False):
        try:
            filters = FlaskRestlessSchema().load(json.loads(filters))
            _, hostname_filters = self._hostname_filters(filters.get('filters', []))
        except (ValidationError, JSONDecodeError) as ex:
            logger.exception(ex)
            flask.abort(400, "Invalid filters")
        if confirmed:
            if 'filters' not in filters:
                filters = {}
                filters['filters'] = []
            filters['filters'].append({
                "name": "confirmed",
                "op": "==",
                "val": "true"
            })

        workspace = self._get_workspace(workspace_name)
        marshmallow_params = {'many': True, 'context': {}}
        normal_vulns_data = self._filter_vulns(Vulnerability, filters, hostname_filters, workspace, marshmallow_params, False)
        web_vulns_data = self._filter_vulns(VulnerabilityWeb, filters, hostname_filters, workspace, marshmallow_params, True)
        return normal_vulns_data + web_vulns_data