Ejemplo n.º 1
0
def vulnerabilities_detail():
    v_id = request.form.get("id", None)
    # query result/rules/vulnerabilities
    v_detail = CobraResults.query.filter_by(id=v_id).first()
    rule_info = CobraRules.query.filter_by(id=v_detail.rule_id).first()
    language_info = CobraLanguages.query.filter(
        CobraLanguages.id == rule_info.language).first()
    language = language_info.language
    vulnerabilities_description = CobraVuls.query.filter_by(
        id=rule_info.vul_id).first()

    if rule_info.author.strip() == '':
        rule_info.author = 'Undefined'

    # get code content
    project = CobraProjects.query.filter_by(id=v_detail.project_id).first()
    if project.repository[0] == '/':
        # upload directory
        project_code_path = project.repository
    else:
        # git
        project_path_split = project.repository.replace('.git', '').split('/')
        project_path = os.path.join(project_path_split[3],
                                    project_path_split[4])
        upload = os.path.join(
            config.Config('upload', 'directory').value, 'versions')
        project_code_path = os.path.join(upload, project_path)
    if v_detail.file[0] == '/':
        v_detail.file = v_detail.file[1:]
    file_path = os.path.join(project_code_path, v_detail.file)

    # https://codemirror.net/mode/clike/index.html
    mode_mime = {
        'javascript': 'javascript',
        'php': 'php',
        'python': 'python',
        'lua': 'lua',
        'ruby': 'ruby',
        'perl': 'perl',
        'go': 'go',
        'cmake': 'cmake',
        'html': 'htmlmixed',
        'jsp': 'htmlmixed',
        'xml': 'xml',
        'yaml': 'yaml',
        'css': 'css',
        'markdown': 'markdown',
        'shell': 'shell',
        'sql': 'sql',
        'c': 'text/x-csrc',
        'c++': 'text/x-c++src',
        'java': 'text/x-java',
        'c#': 'text/x-csharp',
        'objective-c': 'text/x-objectivec',
        'scale': 'text/x-scale',
        'shader': 'text/x-vertex',
        'squirrel': 'text/x-squirrel',
        'kotlin': 'text/x-kotlin',
        'ceylon': 'text/ceylon'
    }
    if language.lower() in mode_mime:
        mode = mode_mime[language.lower()]
    else:
        mode = 'htmlmixed'
        if '.' in file_path:
            ext = file_path.split('.')[-1:][0]
            if ext.lower() in mode_mime:
                mode = mode_mime[ext.lower()]

    if os.path.isfile(file_path) is not True:
        code_content = '// File does not exist'
        line_trigger = 1
        line_start = 1
        c_author = 'Not support'
        c_time = 'Not support'
        c_ret = False
    else:
        # get committer
        c_ret, c_author, c_time = Git.committer(v_detail.file,
                                                project_code_path,
                                                v_detail.line)
        if c_ret is not True:
            c_author = 'Not support'
            c_time = 'Not support'

        code_content = ''
        fp = open(file_path, 'r')
        block_lines = 50
        block_start = 0
        if v_detail.line < block_lines:
            block_end = v_detail.line + block_lines
        else:
            block_end = v_detail.line + block_lines
        for i, line in enumerate(fp):
            if block_start <= i <= block_end:
                code_content = code_content + line
        fp.close()

        line_trigger = v_detail.line - block_start
        line_start = block_start + 1

        try:
            jsonify(data=code_content)
        except Exception as e:
            code_content = '// The file encoding type is not supported'
            line_trigger = 1
            line_start = 1

    return_data = {
        'detail': {
            'id': v_detail.id,
            'file': v_detail.file,
            'line_trigger': line_trigger,
            'line_start': line_start,
            'code': code_content,
            'c_ret': c_ret,
            'c_author': c_author,
            'c_time': c_time,
            'mode': mode,
            'repair':
            const.Vulnerabilities(v_detail.repair).repair_description(),
            'status':
            const.Vulnerabilities(v_detail.status).status_description(),
            'created': str(v_detail.created_at),
            'updated': str(v_detail.updated_at)
        },
        'rule': {
            'id': rule_info.id,
            'language': language,
            'description': rule_info.description,
            'repair': rule_info.repair,
            'author': rule_info.author,
            'level':
            const.Vulnerabilities(rule_info.level).level_description(),
            'status': rule_info.status,
            'created': str(rule_info.created_at),
            'updated': str(rule_info.updated_at)
        },
        'description': {
            'id': vulnerabilities_description.id,
            'name': vulnerabilities_description.name,
            'description': vulnerabilities_description.description,
            'repair': vulnerabilities_description.repair,
            'third_v_id': vulnerabilities_description.third_v_id
        }
    }
    return jsonify(status_code=1001, message='success', data=return_data)
Ejemplo n.º 2
0
def vulnerabilities_detail():
    v_id = request.form.get("id", None)
    # query result/rules/vulnerabilities
    v_detail = CobraResults.query.filter_by(id=v_id).first()
    rule_info = CobraRules.query.filter_by(id=v_detail.rule_id).first()
    vulnerabilities_description = CobraVuls.query.filter_by(
        id=rule_info.vul_id).first()

    if rule_info.author.strip() == '':
        rule_info.author = 'Undefined'

    # get code content
    project = CobraProjects.query.filter_by(id=v_detail.project_id).first()
    if project.repository[0] == '/':
        # upload directory
        project_code_path = project.repository
    else:
        # git
        project_path_split = project.repository.replace('.git', '').split('/')
        project_path = os.path.join(project_path_split[3],
                                    project_path_split[4])
        upload = os.path.join(
            config.Config('upload', 'directory').value, 'versions')
        project_code_path = os.path.join(upload, project_path)
    if v_detail.file[0] == '/':
        v_detail.file = v_detail.file[1:]
    file_path = os.path.join(project_code_path, v_detail.file)

    if os.path.isfile(file_path) is not True:
        code_content = '// There is no code snippet for this type of file'
        line_trigger = 1
        line_start = 1
        c_author = 'Not support'
        c_time = 'Not support'
        c_ret = False
    else:
        # get committer
        c_ret, c_author, c_time = Git.committer(v_detail.file,
                                                project_code_path,
                                                v_detail.line)
        if c_ret is not True:
            c_author = 'Not support'
            c_time = 'Not support'

        code_content = ''
        fp = open(file_path, 'r')
        block_lines = 50
        if v_detail.line < block_lines:
            block_start = 0
            block_end = v_detail.line + block_lines
        else:
            block_start = v_detail.line - block_lines
            block_end = v_detail.line + block_lines
        for i, line in enumerate(fp):
            if block_start <= i <= block_end:
                code_content = code_content + line
        fp.close()

        line_trigger = v_detail.line - block_start
        line_start = block_start + 1

        try:
            jsonify(data=code_content)
        except Exception as e:
            code_content = '// The encoding type code is not supported'
            line_trigger = 1
            line_start = 1

    return_data = {
        'detail': {
            'id': v_detail.id,
            'file': v_detail.file,
            'line_trigger': line_trigger,
            'line_start': line_start,
            'code': code_content,
            'c_ret': c_ret,
            'c_author': c_author,
            'c_time': c_time,
            'repair':
            const.Vulnerabilities(v_detail.repair).repair_description(),
            'status':
            const.Vulnerabilities(v_detail.status).status_description(),
            'created': v_detail.created_at,
            'updated': v_detail.updated_at
        },
        'rule': {
            'id': rule_info.id,
            'language': rule_info.language,
            'description': rule_info.description,
            'repair': rule_info.repair,
            'author': rule_info.author,
            'level':
            const.Vulnerabilities(rule_info.level).level_description(),
            'status': rule_info.status,
            'created': rule_info.created_at,
            'updated': rule_info.updated_at
        },
        'description': {
            'id': vulnerabilities_description.id,
            'name': vulnerabilities_description.name,
            'description': vulnerabilities_description.description,
            'repair': vulnerabilities_description.repair,
            'third_v_id': vulnerabilities_description.third_v_id
        }
    }
    return jsonify(status_code=1001, message='success', data=return_data)
Ejemplo n.º 3
0
def vulnerabilities_detail():
    v_id = request.form.get("id", None)
    # query result/rules/vulnerabilities
    v_detail = CobraResults.query.filter_by(id=v_id).first()
    rule_info = CobraRules.query.filter_by(id=v_detail.rule_id).first()
    language_info = CobraLanguages.query.filter(CobraLanguages.id == rule_info.language).first()
    language = language_info.language
    vulnerabilities_description = CobraVuls.query.filter_by(id=rule_info.vul_id).first()

    if rule_info.author.strip() == '':
        rule_info.author = 'Undefined'

    # get code content
    project = CobraProjects.query.filter_by(id=v_detail.project_id).first()
    if project.repository[0] == '/':
        # upload directory
        project_code_path = project.repository
    else:
        # git
        project_path_split = project.repository.replace('.git', '').split('/')
        project_path = os.path.join(project_path_split[3], project_path_split[4])
        upload = os.path.join(config.Config('upload', 'directory').value, 'versions')
        project_code_path = os.path.join(upload, project_path)
    if v_detail.file[0] == '/':
        v_detail.file = v_detail.file[1:]
    file_path = os.path.join(project_code_path, v_detail.file)

    # https://codemirror.net/mode/clike/index.html
    mode_mime = {
        'javascript': 'javascript',
        'php': 'php',
        'python': 'python',
        'lua': 'lua',
        'ruby': 'ruby',
        'perl': 'perl',
        'go': 'go',
        'cmake': 'cmake',
        'html': 'htmlmixed',
        'jsp': 'htmlmixed',
        'xml': 'xml',
        'yaml': 'yaml',
        'css': 'css',
        'markdown': 'markdown',
        'shell': 'shell',
        'sql': 'sql',
        'c': 'text/x-csrc',
        'c++': 'text/x-c++src',
        'java': 'text/x-java',
        'c#': 'text/x-csharp',
        'objective-c': 'text/x-objectivec',
        'scale': 'text/x-scale',
        'shader': 'text/x-vertex',
        'squirrel': 'text/x-squirrel',
        'kotlin': 'text/x-kotlin',
        'ceylon': 'text/ceylon'
    }
    if language.lower() in mode_mime:
        mode = mode_mime[language.lower()]
    else:
        mode = 'htmlmixed'
        if '.' in file_path:
            ext = file_path.split('.')[-1:][0]
            if ext.lower() in mode_mime:
                mode = mode_mime[ext.lower()]

    if os.path.isfile(file_path) is not True:
        code_content = '// File does not exist'
        line_trigger = 1
        line_start = 1
        c_author = 'Not support'
        c_time = 'Not support'
        c_ret = False
    else:
        # get committer
        c_ret, c_author, c_time = Git.committer(v_detail.file, project_code_path, v_detail.line)
        if c_ret is not True:
            c_author = 'Not support'
            c_time = 'Not support'

        # get code content
        code_content = ''
        fp = open(file_path, 'r')
        block_lines = 50
        block_start = 0
        if v_detail.line < block_lines:
            block_end = v_detail.line + block_lines
        else:
            block_end = v_detail.line + block_lines
        for i, line in enumerate(fp):
            if i == 0 and len(line) > 1024:
                code_content = '// Compressed file preview is not supported'
                break
            else:
                if block_start <= i <= block_end:
                    code_content = code_content + line
        fp.close()

        line_trigger = v_detail.line - block_start
        line_start = block_start + 1

        try:
            jsonify(data=code_content)
        except Exception as e:
            code_content = '// The file encoding type is not supported'
            line_trigger = 1
            line_start = 1

    return_data = {
        'detail': {
            'id': v_detail.id,
            'file': v_detail.file,
            'line_trigger': line_trigger,
            'line_start': line_start,
            'code': code_content,
            'c_ret': c_ret,
            'c_author': c_author,
            'c_time': c_time,
            'mode': mode,
            'repair': const.Vulnerabilities(v_detail.repair).repair_description(),
            'status': const.Vulnerabilities(v_detail.status).status_description(),
            'created': str(v_detail.created_at),
            'updated': str(v_detail.updated_at)
        },
        'rule': {
            'id': rule_info.id,
            'language': language,
            'description': rule_info.description,
            'repair': rule_info.repair,
            'author': rule_info.author,
            'level': const.Vulnerabilities(rule_info.level).level_description(),
            'status': rule_info.status,
            'created': str(rule_info.created_at),
            'updated': str(rule_info.updated_at)
        },
        'description': {
            'id': vulnerabilities_description.id,
            'name': vulnerabilities_description.name,
            'description': vulnerabilities_description.description,
            'repair': vulnerabilities_description.repair,
            'third_v_id': vulnerabilities_description.third_v_id
        }
    }
    return jsonify(status_code=1001, message='success', data=return_data)