def api_post_mass_analyze():
# Abort if the API keys don't match
if request.form.get('apikey', 'notatrueapikey') != API_KEY:
abort(403)
# Get the hostnames
try:
hostnames = request.form['hosts']
except KeyError:
return {'error': 'scan-missing-parameters'}
# Fail if it's not a valid hostname (not in DNS, not a real hostname, etc.)
for host in hostnames.split(','):
hostname = valid_hostname(host) or valid_hostname('www.' + host) # prepend www. if necessary
if not hostname:
continue
# Get the site's id number
try:
site_id = database.select_site_id(hostname)
except IOError:
return {'error': 'Unable to connect to database'}
# And start up a scan
row = database.insert_scan(site_id)
try:
scan.delay(hostname, site_id, row['id'])
except redis.exceptions.ConnectionError:
database.update_scan_state(row['id'], STATE_ABORTED, error='redis down')
return {'error': 'Unable to connect to task system'}
return jsonify({'state': 'OK'})
def api_post_scan_hostname():
# Abort if the API keys don't match
if request.form.get('apikey', 'notatrueapikey') != API_KEY:
abort(403)
# Get the hostname, whether the scan is hidden, site_id, and scan_id
try:
hostname = request.args['host']
hidden = False if request.form['hidden'] == 'false' else True
site_id = request.form['site_id']
except KeyError:
return {'error': 'scan-missing-parameters'}
# Sanity check to see that there are no scans pending; it's not a huge issue if we end up with duplicate
# scans, but it's better not
row = database.select_scan_recent_scan(site_id, COOLDOWN)
# Start up the scan
if not row:
try:
row = database.insert_scan(site_id, hidden=hidden)
scan_id = row['id']
scan.delay(hostname, site_id, scan_id)
except IOError:
return {'error': 'scanner-down-try-again-soon'}
# Return the scan row
return jsonify(row)
def __start_scan(hostname, site_id):
row = database.insert_scan(site_id)
try:
scan.delay(hostname, site_id, row['id'])
except redis.exceptions.ConnectionError:
database.update_scan_state(row['id'], STATE_ABORTED, error='redis down')
return {'error': 'Unable to connect to task system'}
def api_post_scan_hostname():
# TODO: Allow people to accidentally use https://mozilla.org and convert to mozilla.org
# Get the hostname
hostname = request.args.get('host', '').lower()
# Fail if it's not a valid hostname (not in DNS, not a real hostname, etc.)
hostname = valid_hostname(hostname) or valid_hostname(
'www.' + hostname) # prepend www. if necessary
if not hostname:
return {
'error':
'{hostname} is an invalid hostname'.format(
hostname=request.args.get('host', ''))
}
# Get the site's id number
try:
site_id = database.select_site_id(hostname)
except IOError:
return {'error': 'Unable to connect to database'}
# Next, let's see if there's a recent scan; if there was a recent scan, let's just return it
# Setting rescan shortens what "recent" means
rescan = True if request.form.get('rescan', 'false') == 'true' else False
if rescan:
row = database.select_scan_recent_scan(site_id, COOLDOWN)
else:
row = database.select_scan_recent_scan(site_id)
# Otherwise, let's start up a scan
if not row:
hidden = True if request.form.get('hidden',
'false') == 'true' else False
# Begin the dispatch process if it was a POST
if request.method == 'POST':
row = database.insert_scan(site_id, hidden=hidden)
scan_id = row['id']
scan.delay(hostname, site_id, scan_id)
else:
return {'error': 'recent-scan-not-found'}
# If there was a rescan attempt and it returned a row, it's because the rescan was done within the cooldown window
elif rescan and request.method == 'POST':
return {'error': 'rescan-attempt-too-soon'}
# Return the scan row
return row
def api_post_scan_hostname():
# TODO: Allow people to accidentally use https://mozilla.org and convert to mozilla.org
# Get the hostname
hostname = request.args.get('host', '').lower()
# Fail if it's not a valid hostname (not in DNS, not a real hostname, etc.)
hostname = valid_hostname(hostname) or valid_hostname('www.' + hostname) # prepend www. if necessary
if not hostname:
return {'error': '{hostname} is an invalid hostname'.format(hostname=request.args.get('host', ''))}
# Get the site's id number
try:
site_id = database.select_site_id(hostname)
except IOError:
return {'error': 'Unable to connect to database'}
# Next, let's see if there's a recent scan; if there was a recent scan, let's just return it
# Setting rescan shortens what "recent" means
rescan = True if request.form.get('rescan', 'false') == 'true' else False
if rescan:
row = database.select_scan_recent_scan(site_id, COOLDOWN)
else:
row = database.select_scan_recent_scan(site_id)
# Otherwise, let's start up a scan
if not row:
hidden = True if request.form.get('hidden', 'false') == 'true' else False
# Begin the dispatch process if it was a POST
if request.method == 'POST':
row = database.insert_scan(site_id, hidden=hidden)
scan_id = row['id']
scan.delay(hostname, site_id, scan_id)
else:
return {'error': 'recent-scan-not-found'}
# If there was a rescan attempt and it returned a row, it's because the rescan was done within the cooldown window
elif rescan and request.method == 'POST':
return {'error': 'rescan-attempt-too-soon'}
# Return the scan row
return row