def inject_respond(id):
session = getSession()
inject = session.query(tables.AssignedInject).filter(tables.AssignedInject.id == id).first()
if inject and not inject.should_show:
if request.method == "POST":
sub = tables.TeamInjectSubmission()
sub.assignedinjectid = id
sub.when = datetime.now()
sub.body = request.form['body']
sub.points = 0
sub.teamid = current_user.team
session.add(sub)
session.commit()
if 'file' in request.files and request.files['file'].filename != '':
fi = request.files['file']
a = tables.TeamInjectSubmissionAttachment()
f = tables.Attachment()
a.teaminjectid = sub.id
a.attachment_id = f.id
f.filename = fi.filename
f.data = fi.read()
f.size = len(f.data)
session.add(f)
session.add(a)
session.commit()
return render_template(
'inject/respond.html',
title=inject.subject,
year=datetime.now().year,
inject=inject
)
return page_not_found(None)
def edituser(user):
dbsession = getSession()
users = dbsession.query(tables.User).filter(tables.User.name.ilike(user))
if users.count() > 0:
dbuser = users[0]
if request.method == 'POST':
dbuser.name = request.form["name"]
dbuser.username = request.form["username"]
dbuser.team = request.form["team"]
dbuser.group = request.form["group"]
if str(request.form["password"]).strip() != "":
dbuser.set_password(request.form['password'])
dbsession.commit()
return redirect(url_for('adminuser', user=dbuser.name))
else:
teams = dbsession.query(tables.Team).all()
return render_template(
'admin/user/edit.html',
title='Edit Team',
year=datetime.now().year,
dbuser=dbuser,
teams=teams
)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def servereditservice(server, service):
dbsession = getSession()
server = dbsession.query(
tables.Server).filter(tables.Server.id == server).first()
services = dbsession.query(
tables.Service).filter(tables.Service.id == service)
if server and services.count() > 0:
service = services[0]
if request.method == 'POST':
service.name = request.form['name']
service.typeid = request.form['type']
if request.form['port'] != "":
service.port = request.form['port']
service.enabled = 'enabled' in request.form
dbsession.commit()
return redirect(url_for('server', server=server.id))
else:
types = dbsession.query(tables.ServiceType).order_by(
tables.ServiceType.name.asc()).all()
return render_template('admin/server/editservice.html',
title='Edit Server',
year=datetime.now().year,
types=types,
service=service,
server=server)
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def injectmanager_inject_assign(id):
db = getSession()
if request.method == "POST":
ai = tables.AssignedInject()
ai.injectid = id
tz = pytz.timezone(config.get_item("default_timezone"))
if "timezone" in current_user.settings:
tz = pytz.timezone(current_user.settings['timezone'])
localwhen = tz.localize(
datetime.strptime(request.form['when'], '%Y-%m-%d %H:%M'))
ai.when = localwhen.astimezone(pytz.UTC)
ai.subject = request.form['subject']
ai.duration = request.form['duration']
ai.points = request.form['points']
ai.body = request.form['body']
ai.eventid = request.form['event']
ai.allowlate = 'late' in request.form
db.add(ai)
db.commit()
return redirect(url_for('injectmanager_inject', id=id))
inject = db.query(tables.Inject).filter(tables.Inject.id == id).first()
if inject:
categories = db.query(tables.InjectCategory).filter(
tables.InjectCategory.parentid == None)
events = db.query(tables.Event).filter(tables.Event.end == None)
return render_template('injectmanager/assigninject.html',
title="Assign Inject - " + inject.subject,
inject=inject,
categories=categories,
events=events)
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def user(user):
user = getSession().query(tables.User).filter(
tables.User.username.ilike(user)).first()
if user:
if user.id == current_user.id or current_user.group >= 4:
if request.method == "POST":
if request.form['password'] != "":
user.set_password(request.form['password'])
user.name = request.form['name']
user.set_user_setting("timezone", request.form['timezone'])
getSession().commit()
return render_template('user/view.html',
title='Home Page',
year=datetime.now().year,
dbuser=user,
timezones=pytz.common_timezones,
config=config)
else:
return render_template(
'errors/403.html',
title='403 Access Denied',
year=datetime.now().year,
message="You do not have permission to use this resource")
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def injectmanager_inject(id):
db = getSession()
inject = db.query(tables.Inject).filter(tables.Inject.id == id).first()
if inject:
return render_template('injectmanager/inject.html',
title="Inject - " + inject.subject,
inject=inject)
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def inject_score_event_inject(event, inject):
session = getSession()
inject = session.query(tables.AssignedInject).filter(
tables.AssignedInject.id == inject).first()
if inject:
return render_template('injectscore/inject.html',
title="Score " + inject.subject,
inject=inject)
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def inject(id):
session = getSession()
inject = session.query(tables.AssignedInject).filter(tables.AssignedInject.id == id).first()
if inject and not inject.should_show:
return render_template(
'inject/view.html',
title=inject.subject,
year=datetime.now().year,
inject=inject
)
return page_not_found(None)
def stopevent(event):
dbsession = getSession()
events = dbsession.query(tables.Event).filter(tables.Event.id == event)
if events.count() > 0:
event = events[0]
event.current = False
event.end = datetime.utcnow()
dbsession.commit()
return redirect(url_for("events"))
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def injectmanager_category_delete(id):
db = getSession()
cat = db.query(
tables.InjectCategory).filter(tables.InjectCategory.id == id).first()
if cat:
if request.method == "POST":
db.delete(cat)
db.commit()
return redirect(url_for('injectmanager'))
return render_template('injectmanager/delete_category.html',
title='Delete Category',
category=cat)
return page_not_found(None)
def inject_score_event(event):
session = getSession()
event = session.query(
tables.Event).filter(tables.Event.id == event).first()
if event:
injects = session.query(tables.AssignedInject).filter(
tables.AssignedInject.eventid == event.id)
return render_template('injectscore/event.html',
title="Inject Scoring",
injects=injects,
datetime=datetime,
event=event)
return page_not_found(None)
def inject_score_event_inject_remove(event, inject):
session = getSession()
inject = session.query(tables.AssignedInject).filter(
tables.AssignedInject.id == inject).first()
if inject:
if request.method == "POST":
session.delete(inject)
session.commit()
return redirect(url_for('inject_score_event', event=event))
return render_template("injectscore/delete_inject.html",
inject=inject,
event=event)
return page_not_found(None)
def team(team):
dbsession = getSession()
teams = dbsession.query(tables.Team).filter(tables.Team.name.ilike(team))
if teams.count() > 0:
team = teams[0]
return render_template(
'admin/team/view.html',
title=team.name,
year=datetime.now().year,
team=team,
)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def adminuser(user):
dbsession = getSession()
users = dbsession.query(tables.User).filter(tables.User.name.ilike(user))
if users.count() > 0:
user = users[0]
return render_template(
'admin/user/view.html',
title=user.name,
year=datetime.now().year,
dbuser=user,
)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def server(server):
dbsession = getSession()
servers = dbsession.query(tables.Server).filter(tables.Server.id == server)
if servers.count() > 0:
server = servers[0]
return render_template(
'admin/server/view.html',
title=server.name,
year=datetime.now().year,
server=server,
)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def passdb(passdb):
dbsession = getSession()
passdbs = dbsession.query(tables.PasswordDatabase).filter(
tables.PasswordDatabase.name.ilike(passdb))
if passdbs.count() > 0:
passdb = passdbs[0]
return render_template(
'admin/passdb/view.html',
title=passdb.name,
year=datetime.now().year,
passdb=passdb,
)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def editevent(event):
dbsession = getSession()
event = dbsession.query(
tables.Event).filter(tables.Event.id == event).first()
if event:
if request.method == "POST":
event.name = request.form['name']
dbsession.commit()
return redirect(url_for('events'))
return render_template("admin/event/edit.html",
title="Edit Event " + str(event.id),
event=event)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def inject_score_event_inject_response(event, inject, response):
session = getSession()
inject = session.query(tables.AssignedInject).filter(
tables.AssignedInject.id == inject).first()
if inject:
resp = session.query(tables.TeamInjectSubmission).filter(
tables.TeamInjectSubmission.id == response).first()
if resp:
if request.method == 'POST':
resp.points = request.form['score']
session.commit()
return render_template('injectscore/inject.html',
title="Score " + inject.subject,
inject=inject,
event=event)
return page_not_found(None)
def teamserver(teamid, serverid):
dbsession = getSession()
logger.debug("teamid: %s" % teamid)
team = dbsession.query(
tables.Team).filter(tables.Team.name == teamid).first()
if team:
server = dbsession.query(tables.TeamServer).filter(
tables.and_(tables.TeamServer.teamid == team.id,
tables.TeamServer.serverid == serverid)).first()
if server:
return render_template('admin/team/server.html',
title='Server',
year=datetime.now().year,
team=team,
server=server)
return page_not_found(None)
def service(id):
dbsession = getSession()
service = dbsession.query(
tables.ServiceType).filter(tables.ServiceType.id == id).first()
if service:
m = __import__(service.tester)
func = getattr(m, "options")
pp(func())
"""Renders the home page."""
return render_template('admin/service/view.html',
title='Service Types',
year=datetime.now().year,
service=service,
options=func())
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def file_download(id):
session = getSession()
f = session.query(
tables.Attachment).filter(tables.Attachment.id == id).first()
if f:
if config.get_item(
"clam/enabled"
) and 'ignore_virus' not in request.args and not f.ignore_virus:
if config.get_item("clam/stream_limit") < f.size:
return render_template("injectscore/virus_error.html", )
try:
if config.has_item("clam/path"):
cd = ClamdUnixSocket(config.get_item("clam/path"))
elif config.has_item("clam/address"):
cd = ClamdNetworkSocket(
config.get_item("clam/address").encode('ascii'),
config.get_item("clam/port"))
cd.ping()
logger.debug(cd.version())
virus_info = cd.scan_stream(f.data)
logger.debug(virus_info)
if virus_info is not None:
return render_template("injectscore/virus.html",
virus_info=virus_info,
title="Virus Found")
except ConnectionError as ce:
logger.error(ce.message)
return render_template("injectscore/virus_error.html", )
except BufferTooLongError as btle:
logger.error(btle.message)
return render_template("injectscore/virus_error.html", )
except error as se:
logger.error(se.message)
return render_template("injectscore/virus_error.html")
r = make_response(f.data)
r.headers[
'Content-Disposition'] = 'inline; filename="' + f.filename + '"'
ty, _ = guess_type(f.filename)
if ty:
r.mimetype = ty
else:
r.mimetype = 'application/octet-stream'
return r
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def injectmanager_category_edit(id):
db = getSession()
cat = db.query(
tables.InjectCategory).filter(tables.InjectCategory.id == id).first()
if cat:
if request.method == "POST":
if request.form['category'] != '-1':
cat.parentid = request.form['category']
cat.name = request.form['name']
db.commit()
return redirect(url_for('injectmanager') + "#" + str(cat.id))
categories = db.query(tables.InjectCategory).filter(
tables.InjectCategory.parentid == None)
return render_template('injectmanager/editcategory.html',
title='Edit Category',
categories=categories,
category=cat)
return page_not_found(None)
def editservice(service):
dbsession = getSession()
services = dbsession.query(
tables.ServiceType).filter(tables.ServiceType.id == service)
if services.count() > 0:
service = services[0]
if request.method == 'POST':
service.name = request.form['name']
service.tester = request.form['tester']
dbsession.commit()
return redirect(url_for('services'))
else:
return render_template('admin/service/edit.html',
title='Edit Team',
year=datetime.now().year,
service=service)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def editteam(team):
dbsession = getSession()
teams = dbsession.query(tables.Team).filter(tables.Team.name.ilike(team))
if teams.count() > 0:
team = teams[0]
if request.method == 'POST':
team.name = request.form['name']
team.network = request.form['network']
team.enabled = 'enabled' in request.form
dbsession.commit()
return redirect(url_for('team', team=team.name))
else:
return render_template('admin/team/edit.html',
title='Edit Team',
year=datetime.now().year,
team=team)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def injectmanager_inject_edit(id):
db = getSession()
inject = db.query(tables.Inject).filter(tables.Inject.id == id).first()
if inject:
if request.method == "POST":
inject.categoryid = request.form['category']
inject.subject = request.form['subject']
inject.duration = request.form['duration']
inject.points = request.form['points']
inject.body = request.form['body']
db.commit()
return redirect(url_for('injectmanager_inject', id=inject.id))
categories = db.query(tables.InjectCategory).filter(
tables.InjectCategory.parentid == None)
return render_template('injectmanager/editinject.html',
title="Edit Inject - " + inject.subject,
inject=inject,
categories=categories)
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def editserver(server):
dbsession = getSession()
servers = dbsession.query(tables.Server).filter(tables.Server.id == server)
if servers.count() > 0:
server = servers[0]
if request.method == 'POST':
server.name = request.form['name']
if request.form['ip3'].strip() == "":
server.ip_3 = None
else:
server.ip_3 = request.form['ip3']
server.ip_4 = request.form['ip4']
server.enabled = 'enabled' in request.form
dbsession.commit()
return redirect(url_for('server', server=server.id))
else:
return render_template('admin/server/edit.html',
title='Edit Team',
year=datetime.now().year,
server=server)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
def teamaddserver(team):
dbsession = getSession()
teams = dbsession.query(tables.Team).filter(tables.Team.name.ilike(team))
if teams.count() > 0:
team = teams[0]
if request.method == 'POST':
s = tables.TeamServer()
s.serverid = request.form['server']
s.teamid = team.id
dbsession.add(s)
dbsession.commit()
return redirect(url_for('team', team=team.name))
else:
servers = dbsession.query(
tables.Server).filter(~tables.Server.teams.any(
tables.TeamServer.teamid == team.id))
return render_template('admin/team/addserver.html',
title='Add Server',
year=datetime.now().year,
team=team,
servers=servers)
else:
from ScoringEngine.web.views.errors import page_not_found
return page_not_found(None)
