def get_instance(cls, db_name):
if cls._connection_pools is None:
cls._connection_pools = {}
dbs = Config.get("redis", "dbs")
if not db_name in dbs:
raise NotARedisDBError(db_name, dbs)
db_number = dbs[db_name]
all_connection_config = Config.get("redis", "connection")
if db_name in all_connection_config:
connection_config = all_connection_config[db_name]
else:
connection_config = all_connection_config["default"]
if not db_number in cls._connection_pools:
cfg = copy(connection_config)
cfg["db"] = db_number
cls._connection_pools[db_number] = ConnectionPool(**cfg)
ins = cls(connection_pool=cls._connection_pools[db_number])
return ins
def _add_in_default_data(self, data):
ret = super()._add_in_default_data(data)
#add in the default file lists
for file_type in ["css", "js"]:
l = Config.get(file_type, "urls")
if file_type + "_" in ret:
custom_list = ret[file_type + "_"]
if type(custom_list) is str:
custom_list = [custom_list]
combined_list = l + custom_list
new_list = []
#dedupe and preserve order
seen_urls = {}
for url in combined_list:
if url not in seen_urls:
new_list.append(url)
seen_urls[url] = True
ret[file_type + "_"] = new_list
else:
ret[file_type + "_"] = l
#add in other things like title, meta
if not "title_" in ret:
ret['title_'] = Config.get("app", "name")
return ret
def initialisation_phase_1(root_dir, owtf_pid):
"""First phase of the initialization.
:param str root_dir: Absolute path to the OWTF root.
:param int owtf_pid: PID for the OWTF process.
"""
config = Config(root_dir, owtf_pid)
ErrorHandler()
DB()
try:
OWTFSessionDB()
except:
raise DatabaseNotRunningException()
WorklistManager()
db_config = ConfigDB()
CommandRegister()
TargetDB()
ResourceDB()
ErrorDB()
MappingDB()
Timer(db_config.Get('DATE_TIME_FORMAT'))
PluginDB()
zest = Zest()
URLManager()
TransactionManager()
config.init()
zest.init()
def initialisation_phase_1(root_dir, owtf_pid):
"""First phase of the initialization.
:param str root_dir: Absolute path to the OWTF root.
:param int owtf_pid: PID for the OWTF process.
"""
config = Config(root_dir, owtf_pid)
ErrorHandler()
DB()
try:
OWTFSessionDB()
except:
raise DatabaseNotRunningException()
WorklistManager()
db_config = ConfigDB()
CommandRegister()
TargetDB()
ResourceDB()
ErrorDB()
MappingDB()
Timer(db_config.Get('DATE_TIME_FORMAT'))
PluginDB()
zest = Zest()
URLManager()
TransactionManager()
config.init()
zest.init()
def _add_in_default_data(self, data):
#need to return clone so we don't append more than once
if self._template_data is not None:
ret = copy.copy(data)
else:
ret = {}
if not "config_" in ret:
app_config = Config.get("app")
app_config["www_url"] = AppUrl.get("web")
app_config["api_url"] = AppUrl.get("api")
app_config["assets_url"] = AppUrl.get("assets")
app_config["admin_url"] = AppUrl.get("admin")
ret['config_'] = {
"app" : app_config,
"www_url" : app_config["www_url"],
"api_url" : app_config["api_url"],
"assets_url" : app_config["assets_url"],
"admin_url" : app_config["admin_url"],
"app_json" : json.dumps(app_config)
}
if isinstance(self._user, Entity):
ret["user_"] =self._user.to_dict(True)
ret["user_json_"] =json.dumps(ret["user_"], default=self._json_helper)
return ret
def log_in(self, auth_class, provider_id, secret, user_agent, time = None):
"""
returns a user_id
else throws an authentication exception
"""
dao = AuthDAO()
# throws NoAuthFoundException
auth = dao.get_auth_by_provider_id(auth_class, provider_id)
if not auth.verify_secret(secret, time):
raise InvalidCredentialsException()
type_id = AuthDAO()._class_to_type_id(auth_class)
auth_config = Config.get("auth",["type_to_class",str(type_id)])
StatsTracker().track("auth.log_in." + auth_config['name'])
auth.after_login()
session_dao = framework.models.session.SessionDAO()
session = session_dao.new_session(auth, user_agent)
session_dao.save(session)
# update access token
dao.save(auth)
return session
def add_auth_to_user(self, user, auth_class, provider_id, secret, user_agent, expires_ts=None):
"""
returns a session
else throws an authentication exception
"""
dao = AuthDAO()
try:
auth = dao.get_auth_by_provider_id(auth_class, provider_id)
raise ProviderIdTakenException(auth)
except (NoAuthFoundException, framework.models.data_access_object.RowDeletedException):
pass
type_id = AuthDAO()._class_to_type_id(auth_class)
auth_config = Config.get("auth",["type_to_class",str(type_id)])
StatsTracker().track("auth.connect." + auth_config['name'])
# can throw exceptions if these credentials don't work
auth = dao.new_auth(auth_class, provider_id, secret, user, expires_ts)
dao.save(auth)
auth.after_connect()
auth.after_login()
session_dao = framework.models.session.SessionDAO()
session = session_dao.new_session(auth, user_agent)
session_dao.save(session)
return session
def get_subdomain(self):
environ = self.environ
http_host = environ.get("HTTP_HOST")
if not http_host:
return None
host_list = Config.get("app","hosts")
for host in host_list.values():
try:
server_name_index = http_host.index("." + host["server_name"])
if server_name_index > 0:
subdomain = http_host[:server_name_index]
for k, v in host.get("subdomains").items():
if v == subdomain:
return k
return subdomain
else:
return None
except Exception as e:
pass
return None
def log_in(self, auth_class, provider_id, secret, user_agent, time=None):
"""
returns a user_id
else throws an authentication exception
"""
dao = AuthDAO()
# throws NoAuthFoundException
auth = dao.get_auth_by_provider_id(auth_class, provider_id)
if not auth.verify_secret(secret, time):
raise InvalidCredentialsException()
type_id = AuthDAO()._class_to_type_id(auth_class)
auth_config = Config.get("auth", ["type_to_class", str(type_id)])
StatsTracker(ua_string=user_agent).track("auth.log_in." +
auth_config['name'])
auth.after_login()
session_dao = framework.models.session.SessionDAO()
session = session_dao.new_session(auth, user_agent)
session_dao.save(session)
# update access token
dao.save(auth)
return session
def get_subdomain(self):
environ = self.environ
http_host = environ.get("HTTP_HOST")
if not http_host:
return None
host_list = Config.get("app", "hosts")
for host in host_list.values():
try:
server_name_index = http_host.index("." + host["server_name"])
if server_name_index > 0:
subdomain = http_host[:server_name_index]
for k, v in host.get("subdomains").items():
if v == subdomain:
return k
return subdomain
else:
return None
except Exception as e:
pass
return None
def get(cls,
subdomain_type="web",
host_type="main",
include_protocol=True):
config = Config.get("app", ["hosts", host_type])
host = config.get("server_name")
alias_config = cls._get_alias_config(config)
proto = alias_config.get("default_protocol")
subdomain = alias_config.get("subdomains").get(subdomain_type)
if subdomain is not None:
if subdomain:
full_host = subdomain + "." + host
else:
#handle blank subdomain
full_host = host
elif subdomain_type:
full_host = subdomain_type + "." + host
else:
full_host = host
if include_protocol:
return proto + "://" + full_host
else:
return full_host
def get_current_host_type(cls, request):
domain = cls.get_current(request, "", False)
host_list = Config.get("app", ["hosts"])
for host_type, host in host_list.items():
if host['server_name'] == domain:
return host_type
return None
def __init__(self, pool_id = 0):
self._id = pool_id
self._shards = {}
pool_config = Config.get("mysql","pools")
if pool_id < 0 or pool_id >= len(pool_config):
raise PoolIdOutOfRangeError(pool_id)
self._config = pool_config[str(pool_id)]
def __init__(self, pool_id=0):
self._id = pool_id
self._shards = {}
pool_config = Config.get("mysql", "pools")
if pool_id < 0 or pool_id >= len(pool_config):
raise PoolIdOutOfRangeError(pool_id)
self._config = pool_config[str(pool_id)]
def __init__(self, temp_bucket=False):
config = copy.deepcopy(Config.get("s3"))
if temp_bucket:
config["default_bucket"] = config["temp_bucket"]
if "temp_bucket" in config:
del config["temp_bucket"]
super().__init__(**config)
def get_instance(cls):
if not cls._instance:
servers = []
servers = map(
lambda c:(c['host'] + ":" + str(c['port']), c['weight']),
Config.get("memcache", "servers")
)
cls._instance = cls(servers,pickleProtocol=4)
return cls._instance
def get_instance(cls, db_name):
if cls._connection_pools is None:
cls._connection_pools = {}
dbs = Config.get("redis","dbs")
if not db_name in dbs:
raise NotARedisDBError(db_name,dbs)
db_number = dbs[db_name]
if not db_number in cls._connection_pools:
cfg = copy(Config.get("redis","connection"))
cfg["db"] = db_number
cls._connection_pools[db_number] = ConnectionPool(**cfg)
ins = cls(connection_pool=cls._connection_pools[db_number])
return ins
def is_male_name(full_name):
MALE_TITLES = ["MR", "MR.", "SR", "SR."]
male_names = Config.get("names", "male_name_list")
split_name = full_name.split()
split_name = [n.strip() for n in split_name if n.strip()]
if not len(split_name):
return False
first_name = split_name[0].upper()
if first_name in MALE_TITLES or first_name in male_names:
return True
return False
def get_host(self):
environ = self.environ
http_host = environ.get("HTTP_HOST")
if not http_host:
return None
host_list = Config.get("app","hosts")
for host_name, host in host_list.items():
try:
server_name_index = http_host.index("." + host["server_name"])
if server_name_index > 0:
return host_name
except Exception as e:
pass
return None
def get_host(self):
environ = self.environ
http_host = environ.get("HTTP_HOST")
if not http_host:
return None
host_list = Config.get("app", "hosts")
for host_name, host in host_list.items():
try:
server_name_index = http_host.index("." + host["server_name"])
if server_name_index > 0:
return host_name
except Exception as e:
pass
return None
def is_male_name(full_name):
MALE_TITLES = ["MR", "MR.", "SR", "SR."]
male_names = Config.get("names", "male_name_list")
split_name = full_name.split()
split_name = [n.strip() for n in split_name if n.strip()]
if not len(split_name):
return False
first_name = split_name[0].upper()
if first_name in MALE_TITLES or first_name in male_names:
return True
return False
def add_auth_to_user(self,
user,
auth_class,
provider_id,
secret,
user_agent,
expires_ts=None):
"""
returns a session
else throws an authentication exception
"""
dao = AuthDAO()
try:
auth = dao.get_auth_by_provider_id(auth_class, provider_id)
raise ProviderIdTakenException(auth)
except (NoAuthFoundException,
framework.models.data_access_object.RowDeletedException):
pass
type_id = AuthDAO()._class_to_type_id(auth_class)
auth_config = Config.get("auth", ["type_to_class", str(type_id)])
StatsTracker(ua_string=user_agent).track("auth.connect." +
auth_config['name'])
# can throw exceptions if these credentials don't work
auth = dao.new_auth(auth_class, provider_id, secret, user, expires_ts)
dao.save(auth)
auth.after_connect()
auth.after_login()
session_dao = framework.models.session.SessionDAO()
session = session_dao.new_session(auth, user_agent)
session_dao.save(session)
return session
def _add_in_default_data(self, data):
#need to return clone so we don't append more than once
if self._template_data is not None:
ret = copy.copy(data)
else:
ret = {}
if not "config_" in ret:
app_config = Config.get("app")
host_list = app_config['hosts']
#populate alias keys
for host_type, host_config in host_list.items():
if 'host_alias' in host_config:
alias_config = host_list[host_config['host_alias']]
for k, v in alias_config.items():
if k not in host_config:
host_config[k] = v
host_type = self._host_type or "main"
app_config["host_type"] = host_type
app_config["www_url"] = AppUrl.get("web", host_type)
app_config["api_url"] = AppUrl.get("api", host_type)
app_config["assets_url"] = AppUrl.get("assets", host_type)
app_config["admin_url"] = AppUrl.get("admin", host_type)
ret['config_'] = {
"app": app_config,
"www_url": app_config["www_url"],
"api_url": app_config["api_url"],
"assets_url": app_config["assets_url"],
"admin_url": app_config["admin_url"],
"app_json": json.dumps(app_config)
}
if isinstance(self._user, Entity):
ret["user_"] = self._user.to_dict(True,
optional_keys=["email"])
ret["user_json_"] = json.dumps(ret["user_"],
default=self._json_helper)
return ret
def __init__(self, temp_bucket=False, zip_bucket=False):
key_whitelist = [
"access_key", "secret_key", "default_bucket", "tls", "endpoint"
]
config = Config.get("s3")
temp_config = {}
if temp_bucket:
temp_config["default_bucket"] = config["temp_bucket"]
elif zip_bucket:
temp_config["default_bucket"] = config["zip_bucket"]
else:
temp_config["default_bucket"] = config["default_bucket"]
#copy over remaining keys
for key in key_whitelist:
if key in config and key not in temp_config:
temp_config[key] = config[key]
super().__init__(**temp_config)
def _get_routes_dict(self):
"""
needs to return a dictionary in the format:
{
"subdomain" : [
{
"route" : "path",
"endpoint" : "controller method"
//route info
},
{
"route" : "path",
"endpoint" : "controller method"
//route info
}
]
}
this can be saved as a config or written inline
"""
return Config.get("routes")
def _get_routes_dict(self):
"""
needs to return a dictionary in the format:
{
"subdomain" : [
{
"route" : "path",
"endpoint" : "controller method"
//route info
},
{
"route" : "path",
"endpoint" : "controller method"
//route info
}
]
}
this can be saved as a config or written inline
"""
return Config.get("routes")
def _get_graphite_endpoint(self):
return Config.get("graphite", "endpoint")
from framework.config.config import Config
"""
Exports config variables for rq worker to read.
Usage:
cd /srv/www/photo_app
export ENV=<DEV|STAGE|PROD>
rq worker -c framework.config.rq_worker_settings
"""
connection_config = Config.get("redis", "connection")
dbs_config = Config.get("redis", "dbs")
REDIS_HOST = connection_config.get("host")
REDIS_PORT = connection_config.get("port")
REDIS_DB = dbs_config.get("queue")
QUEUES = ['high', 'default', 'low']
def __init__(self, config_name):
#throws config exceptions
self._config_name = config_name
self._map = Config.get(config_name, "type_to_class")
def __init__(self, ua_string=None):
config = Config.get("statsd")
super().__init__(**config)
self._ua_string = ua_string
def get_server_name(self):
return Config.get("app", "server_name")
def _get_token_cookie_name(self):
app_name = Config.get("app","app_key")
return app_name + "_s_t"
def get_conn_mgr(cls):
if cls._conn_mgr is None:
cls._conn_mgr = MySQLConnectionManager(Config.get("mysql"))
return cls._conn_mgr
def __call__(self):
self._create_core_mock()
config = Config(RootDir=ROOT_DIR, CoreObj=self.core_mock)
config.Plugin = self._get_plugin_config_instance()
return config
def __init__(self, ua_string=None):
config = Config.get("statsd")
super().__init__(**config)
self._ua_string=ua_string
def connect(self, auth_class, auth_response, current_session = None, user_agent_string = None):
"""
service_type: 1-N the id of the auth service from auth.json
credentials: a dictionary containing whatever we get from the api
current_session
user_agent_string: in case we're creating a new session
"""
#get auth class
type_id = AuthDAO()._class_to_type_id(auth_class)
auth_config = Config.get("auth",["type_to_class",str(type_id)])
try:
user_data = auth_class.get_user_data_from_auth_response(auth_response)
except Exception:
raise Unauthorized()
#provider id
provider_id = user_data["id"]
secret = user_data["secret"]
with MySQLTransaction():
#if we can log in then we're done here.
if auth_config["login_type"]:
#--- STEP 2. Try to log in
try:
return self.log_in(
auth_class,
provider_id,
secret,
user_agent_string)
except NoAuthFoundException as e:
if user_data.get("skip_signup"):
raise e
#--- STEP 3. Create a new user or use logged in one
if not current_session or current_session.is_logged_out():
user = self.sign_up(user_data, user_agent_string=user_agent_string)
StatsTracker().track("auth.install." + auth_config['name'])
else:
user = current_session.user
elif current_session and not current_session.is_logged_out():
user = current_session.user
else:
raise Unauthorized()
#--- STEP 4. Add Google login info to user
try:
current_session = self.add_auth_to_user(user,
auth_class,
provider_id,
secret,
user_agent_string)
except ProviderIdTakenException as e:
#either we have a session, and this session already owns this auth
#or something went wrong
if (user.id != e.auth.user.id):
raise e
return current_session
def get_conn_mgr(cls):
if cls._conn_mgr is None:
cls._conn_mgr = MySQLConnectionManager(Config.get("mysql"))
return cls._conn_mgr
def _get_cookie_domain(self):
if self._request:
server_name=AppUrl.get_current_cookie_domain(self._request)
else:
server_name="."+Config.get("app",["hosts", "main", "server_name"])
return server_name
def _get_graphite_session_id(self):
return Config.get("graphite", ["session", "id"])
def _get_graphite_session_token(self):
return Config.get("graphite", ["session", "token"])
def _get_alias_config(cls, config):
if config.get("host_alias"):
return Config.get("app", ["hosts", config['host_alias']])
else:
return config
def get_server_name(self):
return Config.get("app","server_name")
def __init__(self, config_name):
#throws config exceptions
self._config_name = config_name
self._map = Config.get(config_name, "type_to_class")
def connect(self,
auth_class,
auth_response,
current_session=None,
user_agent_string=None,
referrer=None):
"""
service_type: 1-N the id of the auth service from auth.json
credentials: a dictionary containing whatever we get from the api
current_session
user_agent_string: in case we're creating a new session
"""
#get auth class
type_id = AuthDAO()._class_to_type_id(auth_class)
auth_config = Config.get("auth", ["type_to_class", str(type_id)])
try:
user_data = auth_class.get_user_data_from_auth_response(
auth_response)
except Exception:
raise Unauthorized()
#provider id
provider_id = user_data["id"]
secret = user_data["secret"]
with MySQLTransaction():
#if we can log in then we're done here.
if auth_config["login_type"]:
#--- STEP 2. Try to log in
try:
return self.log_in(auth_class, provider_id, secret,
user_agent_string)
except NoAuthFoundException as e:
if user_data.get("skip_signup"):
raise e
#--- STEP 3. Create a new user or use logged in one
if not current_session or current_session.is_logged_out():
user = self.sign_up(user_data,
user_agent_string=user_agent_string,
referrer=referrer)
StatsTracker(
ua_string=user_agent_string).track("auth.install." +
auth_config['name'])
else:
user = current_session.user
elif current_session and not current_session.is_logged_out():
user = current_session.user
else:
raise Unauthorized()
#--- STEP 4. Add Google login info to user
try:
current_session = self.add_auth_to_user(
user, auth_class, provider_id, secret, user_agent_string)
except ProviderIdTakenException as e:
#either we have a session, and this session already owns this auth
#or something went wrong
if (user.id != e.auth.user.id):
raise e
return current_session
def _get_cookie_domain(self):
server_name = Config.get("app",["hosts", "main", "server_name"])
return "." + server_name
def _get_token_cookie_name(self):
app_name = Config.get("app","app_key")
return app_name + "_s_t"
def __call__(self):
self._create_core_mock()
config = Config(RootDir=ROOT_DIR, CoreObj=self.core_mock)
config.Plugin = self._get_plugin_config_instance()
return config
