def _create_vuln_internal(vcdb_id=None):
try:
vulnerability_details = VulnerabilityDetails(vcdb_id)
vulnerability = vulnerability_details.get_or_create_vulnerability()
except InvalidIdentifierException as err:
return flash_error(str(err), "frontend.serve_index")
if vulnerability.id:
logging.debug("Preexisting vulnerability entry found: %r",
vulnerability.id)
delete_form = VulnerabilityDeleteForm()
if delete_form.validate_on_submit():
db.session.delete(vulnerability)
# Remove the entry.
db.session.commit()
flash("The entry was deleted.", "success")
return redirect("/")
form = VulnerabilityDetailsForm(obj=vulnerability)
commit = form.data["commits"][0]
if not commit["repo_name"]:
logging.info("Empty repository name. %r", commit)
repo_url = commit["repo_url"]
vcs_handler = get_vcs_handler(None, repo_url)
if vcs_handler:
logging.info("Found name. %r", vcs_handler.repo_name)
form.commits[0].repo_name.process_data(vcs_handler.repo_name)
if form.validate_on_submit():
try:
form.populate_obj(vulnerability)
db.session.add(vulnerability)
db.session.commit()
# TODO: Improve this hack to assign a new vcdb_id here.
# Currently, we are just piggy backing on the auto increment
# of the primary key to ensure uniqueness.
# This will likely be prone to race conditions.
vulnerability.vcdb_id = vulnerability.id
db.session.add(vulnerability)
db.session.commit()
logging.debug("Successfully created/updated entry: %r",
vulnerability.id)
flash("Successfully created/updated entry.", "success")
return redirect(
url_for("vuln.vuln_view", vcdb_id=vulnerability.vcdb_id))
except InvalidIdentifierException as err:
flash_error(str(err))
return render_template(
"vulnerability/create.html",
vulnerability_details=vulnerability_details,
form=form,
)
def _create_vuln_internal(vuln_id=None):
try:
vulnerability_details = VulnerabilityDetails(vuln_id)
vulnerability = vulnerability_details.get_or_create_vulnerability()
except InvalidIdentifierException as err:
return flashError(str(err), "serve_index")
if vulnerability.id:
logging.debug("Preexisting vulnerability entry found: %s",
vulnerability.id)
delete_form = VulnerabilityDeleteForm()
if delete_form.validate_on_submit():
db.session.delete(vulnerability)
# Remove the entry.
db.session.commit()
flash("The entry was deleted.", "success")
return redirect("/")
form = VulnerabilityDetailsForm(obj=vulnerability)
commit = form.data["commits"][0]
if not commit["repo_name"]:
logging.info("Empty repository name. %r", commit)
repo_url = commit["repo_url"]
vcs_handler = get_vcs_handler(None, repo_url)
if vcs_handler:
logging.info("Found name. %r", vcs_handler.repo_name)
form.commits[0].repo_name.process_data(vcs_handler.repo_name)
if form.validate_on_submit():
try:
form.populate_obj(vulnerability)
db.session.add(vulnerability)
db.session.commit()
logging.debug("Successfully created/updated entry: %s",
vulnerability.id)
flash("Successfully created/updated entry.", "success")
return redirect(url_for("vuln.vuln_view", vuln_id=vulnerability.id))
except InvalidIdentifierException as err:
flashError(str(err))
return render_template(
"create_entry.html",
vulnerability_details=vulnerability_details,
form=form)
def _edit_vuln_internal(vcdb_id: str = None):
try:
vulnerability_details = VulnerabilityDetails(vcdb_id)
vulnerability_view = vulnerability_details.vulnerability_view
vulnerability = vulnerability_details.get_or_create_vulnerability()
except InvalidIdentifierException as err:
return flash_error(str(err), "frontend.serve_index")
form = VulnerabilityDetailsForm(obj=vulnerability)
# Populate the form data from the vulnerability view if necessary.
if form.comment.data == "":
form.comment.data = vulnerability_view.comment
form_submitted = form.validate_on_submit()
if form_submitted and _can_add_proposal(vulnerability):
add_proposal(vulnerability, form)
return render_template("vulnerability/edit.html",
vulnerability_details=vulnerability_details,
form=form)
def _edit_vuln_internal(vcdb_id: str = None):
try:
vulnerability_details = VulnerabilityDetails(vcdb_id)
vulnerability_view = vulnerability_details.vulnerability_view
vulnerability = vulnerability_details.get_or_create_vulnerability()
except InvalidIdentifierException as err:
return flash_error(str(err), "frontend.serve_index")
form = VulnerabilityDetailsForm(obj=vulnerability)
# Populate the form data from the vulnerability view if necessary.
if form.comment.data == "":
form.comment.data = vulnerability_view.comment
form_submitted = form.validate_on_submit()
if form_submitted and _can_add_proposal(vulnerability):
# TODO: This is incomplete/incorrect as the attached relationships such a GitCommit objects get updated.
# We have to ensure everything is properly detached and gets copied before any modifications happen.
# Currently, this will incorrectly update relationship objects instead of copying them.
form.populate_obj(vulnerability)
add_proposal(vulnerability)
return render_template("vulnerability/edit.html",
vulnerability_details=vulnerability_details,
form=form)