Ejemplo n.º 1
0
def update(group, since):
    """
    Returns all items updated  past a specific date in utc.

    :Parameters:
       - `since`: a specific date in utc
       - `group`: group to limit items to
    """
    try:
        items = Hash.objects(
            date__gt=datetime.datetime.strptime(since, "%Y-%m-%dT%H:%M:%S"),
            group=group
        )

        fields = API_UPDATES_DEFAULT_FIELDS

        fields_arg = request.args.get('fields', None)
        if fields_arg is not None:
            fields = [
                Hash.modelname(field)
                for field in fields_arg.replace(' ', '').split(',')
            ]

        items = items.only(*fields)
        return stream_items(items, fields)
    except Exception as e:
        current_app.logger.debug(e)
        return error()
Ejemplo n.º 2
0
def update_for_group(group, since):
    """
    Returns all items updated  past a specific date in utc.

    :Parameters:
       - `since`: a specific date in utc
       - `group`: group to limit items to
    """
    try:

        items = Hash.objects(
            date__gt=datetime.datetime.strptime(since, "%Y-%m-%dT%H:%M:%S"),
            group=group
        )
        fields = None
        if request.args.get('fields', None):
            fields = []
            for field in request.args.get(
                    'fields').replace(' ', '').split(','):
                inmodel = Hash.fieldname(field)
                if inmodel:
                    fields.append(inmodel)

            items = items.only(*fields)
        return stream_items(items, fields)
    except Exception as e:
        current_app.logger.debug(e)
        return error()
Ejemplo n.º 3
0
def hash_submission(submission_id):
    """
    Helper method to process an archive at source where possible from a
    submission.
    """
    submission = Submission.objects(id=submission_id).first()

    if not submission:
        config.LOGGER.debug('Submission %s not found.' % (submission_id))
        return

    if not submission.entry is None:
        submission.add_comment('Entry alread exits. Skipping hashing.')
        return

    if not isfile(submission.source):
        submission.add_comment('Source file not found.')
        return

    if submission.group not in config.HASHING_COMMANDS:
        submission.add_comment('Hashing command for this group not found.')
        return

    command = config.HASHING_COMMANDS[submission.group].format(
        archive=submission.source)
    try:
        output = check_output(command, shell=True).strip()
        count = 0
        for line in output.split('\n'):
            json_data = loads(line)
            json_data['cves'] = submission.cves
            meta = json_data.get('metadata', [])
            if isinstance(meta, dict):
                meta = [meta]
            json_data['metadata'] = meta
            entry = Hash()
            entry.mongify(json_data)
            entry.status = 'SUBMITTED'
            entry.submitter = submission.submitter
            if count > 0:
                # create a new submission for each embedded entry
                s = deepcopy(submission)
                s.id = None
            else:
                s = submission
            s.entry = entry
            s.approval = 'PENDING_APPROVAL'
            s.validate()
            s.save()
            s.add_comment('Auto hash entry added')
            count += 1
        # we are done safely, now remove the source
        submission.remove_source_file()
    except CalledProcessError as e:
        submission.add_comment(e)
        config.LOGGER.debug('Command execution failed for "%s"' % (command))
    except Exception as e:
        submission.add_comment(e)
        config.LOGGER.warn('Failed to hash: ' + e.message)
Ejemplo n.º 4
0
 def get_hash_entry(self):
     entry = Hash()
     entry.group = 'ruby'
     entry.submitter = 'plugin.rubysec'
     entry.append_cves([
         'CVE-%s' % (cve) for cve in self.cve.strip().split(',')
     ])
     return entry
Ejemplo n.º 5
0
def hashes(format=None):
    hashes = Hash.objects(status='RELEASED')

    group = request.args.get('group', 'all')
    if group != 'all':
        if format not in Hash.objects.distinct('group'):
            flash('Group of hashes not found', 'error')
        else:
            hashes = hashes.filter(group=group)

    return render_template('hashes.html', hashes=hashes)
Ejemplo n.º 6
0
def submit_hash(group):
    """
    Allows for authenticated users to submit hashes via json.
    """
    user = '******' % api_request_user()
    try:
        if group not in groups():
            raise ValueError('Invalid group specified')
        json_data = request.get_json()
        if 'cves' not in json_data:
            raise ValueError('No CVE provided')
        entry = Hash()
        entry.mongify(json_data)
        entry.submitter = user
        submit(
            user, 'json-api-hash', group, suffix='Hash', entry=entry,
            approval='PENDING_APPROVAL')
        return success()
    except ValueError as ve:
        return error(ve.message)
    except Exception as e:
        current_app.logger.info('Invalid submission by %s' % (user))
        current_app.logger.debug(e)
        return error()
Ejemplo n.º 7
0
def update(revision):
    try:
        revision = int(revision)
        result = []
        for item in Hash.objects(_v1__db_version__gte=int(revision)):
            newitem = {}
            newitem['name'] = item['name']
            newitem['vendor'] = item['vendor']
            newitem['status'] = 'In Database'
            newitem['format'] = item['format'].upper()
            newitem['version'] = item['version']
            newitem['submitter'] = item['submitter']
            newitem['hash'] = item['hashes']['sha512']['combined']
            newitem['db_version'] = int(item['_v1']['db_version'])
            newitem['cves'] = ','.join(item.cve_list())
            newitem['submitter'] = str(item['submitter'])
            result.append({'fields': newitem})
        return make_response(json.dumps(result))
    except:
        return error()
Ejemplo n.º 8
0
def update_front_page_stats():
    stats = {}
    stats['hashes'] = Hash.objects(status='RELEASED').only('group')
    stats['submitted'] = Submission.objects(
        approval='REQUESTED').only('group')
    stats['pending'] = Submission.objects(
        approval='PENDING_APPROVAL').only('group')

    # Generate counts for objects and for each format
    # data will contain hashes, hashes_jars, hashes_eggs etc.
    groups = SUBMISSION_GROUPS.keys()
    groups.sort()
    data = {'groups': groups, 'stats': {}}
    for group in groups:
        stat = {}
        for key in stats:
            if group == 'all':
                stat[key] = len(stats[key])
            else:
                stat[key] = len(stats[key].filter(group=group))
        data['stats'][group] = stat
    _CONFIG.front_page_stats = data
Ejemplo n.º 9
0
def hashes(groups):
    hashes = Hash.objects(
        status='RELEASED', group__in=groups
    ).only('name', 'version', 'hashes.sha512.combined')
    return render_template('hashes.html', hashes=hashes)
Ejemplo n.º 10
0
def getInfoFromDb(rowId):
    return Hash.objects(id=rowId).first()