def dump(): if not authorized(request.query.key): raise HTTPError(status=403) response.content_type = 'application/json' return json.dumps(data)
def login(email, password): id = u.login(email, password) if id: return JwtPlugin.encode({'id': id}) else: raise HTTPError(401)
def assert_user_exists(self, user): if not self.has_user(user): raise HTTPError(404, 'No Such User')
def post_tasks(): data = request.json if data is None: logger.error("No JSON content in task response request!") raise HTTPError(400) try: jsonschema.validate(data, task_response_schema) except jsonschema.ValidationError as e: logger.error("Invalid JSON in task reponse: {0}".format(e)) raise HTTPError(400) protocol = int(data['protocol']) task_id = str(data['task_id']) # Only protocol 1 supported for now if protocol != 1: logger.error("Invalid protocol in task response: {0}".format(protocol)) raise HTTPError(400) try: session = create_session() except: logger.error("Failed to create database session for task result POST") raise HTTPError(500) try: task = session.query(Task).filter(Task.uuid == str(task_id)).one() if task.claimed is None or (task.completed is not None or task.failed is not None): logger.error("Incomplete task posted!") session.close() raise HTTPError(400) result = "" if 'task_data' in data: task.result_data = json.dumps(data['task_data']) task.completed = datetime.utcnow() result = json.dumps(task.result_data) elif 'task_error' in data: task.error = data['task_error'] task.failed = datetime.utcnow() result = task.error session.add(task) except NoResultFound: logger.error("No matching task in for task response!") session.close() raise HTTPError(400) try: session.commit() except Exception: session.rollback() logger.error("Failed to commit database changes for task result POST") raise HTTPError(500) finally: session.close() logger.info( "An agent returned task with results - uuid: {}, end results: {}". format(task_id, result))
def _raise_error(self, code, message='not_found'): result = {'error': message} #result.update(kwargs) response.status = code raise HTTPError(code, message, exception=result)
def heat(db, z, x, y): COUNT = 32 lon1, lat2 = tiles.tile2lonlat(x, y, z) lon2, lat1 = tiles.tile2lonlat(x + 1, y + 1, z) params = Params() items = query._build_where_item(params.item, "items") params.tilex = x params.tiley = y params.zoom = z params.lat = None params.lon = None if params.zoom > 18: return db.execute(""" SELECT SUM((SELECT SUM(t) FROM UNNEST(number) t)) FROM items WHERE """ + items) limit = db.fetchone() if limit and limit[0]: limit = float(limit[0]) else: return HTTPError(404) join, where = query._build_param(db, None, params.source, params.item, params.level, params.users, params.classs, params.country, params.useDevItem, params.status, params.tags, params.fixable, tilex=params.tilex, tiley=params.tiley, zoom=params.zoom) join = join.replace("%", "%%") where = where.replace("%", "%%") sql = """ SELECT COUNT(*), ((lon-%(lon1)s) * %(count)s / (%(lon2)s-%(lon1)s) + 0.5)::int AS latn, ((lat-%(lat1)s) * %(count)s / (%(lat2)s-%(lat1)s) + 0.5)::int AS lonn, mode() WITHIN GROUP (ORDER BY items.marker_color) AS color FROM """ + join + """ WHERE """ + where + """ GROUP BY latn, lonn """ db.execute(sql, { "lon1": lon1, "lat1": lat1, "lon2": lon2, "lat2": lat2, "count": COUNT }) features = [] for row in db.fetchall(): count, x, y, color = row count = max( int( math.log(count) / math.log(limit / ((z - 4 + 1 + math.sqrt(COUNT))**2)) * 255), 1 if count > 0 else 0) if count > 0: count = 255 if count > 255 else count features.append({ "geometry": Polygon([(x, y), (x - 1, y), (x - 1, y - 1), (x, y - 1)]), "properties": { "color": int(color[1:], 16), "count": count } }) response.content_type = 'application/vnd.mapbox-vector-tile' return mapbox_vector_tile.encode([{ "name": "issues", "features": features }], extents=COUNT)
def validate(request, token): if request.forms.get('csrf_token') != token: raise HTTPError(403, output="CSRF Attack Detected (bad or missing token)")
def error(code, msg): return HTTPError(code, json.dumps(msg), **dict(response.headers))
if not x or not y or x == "session": continue kwargs[x] = loads(unquote(y)) try: result = getattr(api, func)(*args, **kwargs) # null is invalid json response if result is None: result = True return dumps(result) except ExceptionObject, e: return HTTPError(400, dumps(e)) except Exception, e: print_exc() return HTTPError( 500, dumps({ "error": e.message, "traceback": format_exc() })) @route("/api/login") @route("/api/login", method="POST") def login(): add_header(response) username = request.params.get("username") password = request.params.get("password") user = PYLOAD.checkAuth(username, password, request.environ.get('REMOTE_ADDR', None))
def fail_dir(): F_OUTPUT = HTTPError(500, 'Internal Server Error') raise RuntimeError('There is an error of /fail and Heroku') return F_OUTPUT
def crash_dir(): C_OUTPUT = HTTPError(500, 'Internal Server Error') return C_OUTPUT
def send_file(id, filename, rdb): return static_file("%s.%s" % (id, filename), root=MEDIA_ROOT) return HTTPError(404, 'File not found.')
def pre_check_slot_id(slot_id): expected_slot_id = dbusctl.get_slot_id() if str(expected_slot_id) == str(slot_id): return else: raise HTTPError(status=403, body="System is not present.")
def decorated(*args, **kwargs): s = self.session.get() if not s.get('auth_on', False): return HTTPError(401, 'Not authorized') return callback(*args, **kwargs)
def docs(filename): if filename != "privacy.html" and filename != "support.html" and filename != "about.html" and filename != "consent.html" and filename != "approval_letter.pdf": logging.error("Request for unknown filename "% filename) return HTTPError(404, "Don't try to hack me, you evil spammer") else: return static_file(filename, "%s/%s" % (static_path, "docs"))
def tasks_report(task_id, report_format="json"): formats = { "json": "report.json", "html": "report.html", "htmlsumary": "summary-report.html", "pdf": "report.pdf", "maec": "report.maec-4.1.xml", "metadata": "report.metadata.xml", } bz_formats = { "all": { "type": "-", "files": ["memory.dmp"] }, "dropped": { "type": "+", "files": ["files"] }, "dist": { "type": "+", "files": ["shots", "reports"] }, "dist2": { "type": "-", "files": ["shots", "reports", "binary"] }, } tar_formats = { "bz2": "w:bz2", "gz": "w:gz", "tar": "w", } if report_format.lower() in formats: report_path = os.path.join(CUCKOO_ROOT, "storage", "analyses", "%d" % task_id, "reports", formats[report_format.lower()]) elif report_format.lower() in bz_formats: bzf = bz_formats[report_format.lower()] srcdir = os.path.join(CUCKOO_ROOT, "storage", "analyses", "%d" % task_id) s = StringIO() # By default go for bz2 encoded tar files (for legacy reasons.) tarmode = tar_formats.get(request.GET.get("tar"), "w:bz2") tar = tarfile.open(fileobj=s, mode=tarmode) for filedir in os.listdir(srcdir): if bzf["type"] == "-" and filedir not in bzf["files"]: tar.add(os.path.join(srcdir, filedir), arcname=filedir) if bzf["type"] == "+" and filedir in bzf["files"]: tar.add(os.path.join(srcdir, filedir), arcname=filedir) if report_format.lower() == "dist" and FULL_DB: buf = results_db.analysis.find_one({"info.id": task_id}) tarinfo = tarfile.TarInfo("mongo.json") buf_dumped = json_util.dumps(buf) tarinfo.size = len(buf_dumped) buf = StringIO(buf_dumped) tar.addfile(tarinfo, buf) tar.close() response.content_type = "application/x-tar; charset=UTF-8" return s.getvalue() else: return HTTPError(400, "Invalid report format") if os.path.exists(report_path): return open(report_path, "rb").read() else: return HTTPError(404, "Report not found")
def docs(filename): if filename != "privacy" and filename != "support" and filename != "about" and filename != "consent": return HTTPError(404, "Don't try to hack me, you evil spammer") else: return static_file("%s.html" % filename, "%s/%s" % (static_path, "docs"))
def _getbp(name: str) -> str: if name in breakpoints: return breakpoints[name].state raise HTTPError(404)
def validate(request, token): referer = request.get_header("referer", "") if referer != "" and referer.find("http://eecs388.org/") != 0: raise HTTPError(403, output="CSRF Attack Detected (bad referer)")
def _getprocess(name: str): if name not in breakpoints: raise HTTPError(404) return tojson(breakpoints[name].processes)
def serve(self, session, filename=None): if filename in session['scripts'] or filename in session['stylesheets']: return StaticFileProvider.serve(self, session, filename) raise HTTPError(404)
def get_challenge_by_skill_id_and_challenge_id(skill_id, challenge_id, db): row = db.execute('SELECT * FROM challenges WHERE skill_id=? AND id=?', (skill_id, challenge_id)).fetchone() if row: return {'title': row['title']} return HTTPError(404, 'Page not found')
def request_tasks(): data = request.json if data is None: raise HTTPError(400) try: jsonschema.validate(data, task_request_schema) except jsonschema.ValidationError: raise HTTPError(400) protocol = int(data['protocol']) agent_uuid = str(data['agent_id']) agent_name = str(data['agent_name']) agent_time = data['agent_time'] agent_capabilities = data['agent_capabilities'] max_tasks = int(data['max_tasks']) agent_location = data[ 'agent_location'] if 'agent_location' in data else None # Only protocol 1 supported for now if protocol != 1: raise HTTPError(400) try: session = create_session() except: logger.error("Failed to create database session for task request") raise HTTPError(500) try: query = session.query(Agent) agent = query.filter(Agent.uuid == agent_uuid).one() session.query(AgentCapability).filter( AgentCapability.agent_uuid == agent.uuid).delete() except NoResultFound: agent = Agent(uuid=agent_uuid, name=agent_name) session.add(agent) for agent_capability, agent_capability_info in agent_capabilities.items(): capability = AgentCapability(type=agent_capability, version=int( agent_capability_info['version']), agent=agent) session.add(capability) # Find all non-claimed tasks that the agent is able to handle and assign them to the agent query = session.query(AgentCapability, Task).filter(Task.assigned_agent_uuid.is_(None)).\ filter(AgentCapability.agent_uuid == agent.uuid).\ filter(and_(AgentCapability.type == Task.type, AgentCapability.version == Task.version)) tasks = [] # Assign available tasks to the agent and mark them as being in process for _, task in query[0:max_tasks]: task.assigned_agent_uuid = agent.uuid task.claimed = datetime.utcnow() tasks.append({ 'task_id': task.uuid, 'task_type': task.type, 'task_version': task.version, 'task_data': json.loads(task.data) }) agent.last_seen = datetime.utcnow() try: session.commit() except Exception: session.rollback() logger.error("Failed to commit database changes for task request") raise HTTPError(500) finally: session.close() logger.info( "Agent requested tasks - Agent's name and uuid: {}, {} - Agent was given following tasks: {}" .format(agent_name, agent_uuid, tasks)) return { "tasks": tasks, "return_time": (datetime.now(tz.tzlocal()) + timedelta(0, Settings.agent_return_time)).isoformat() }
def abort_custom(code, msg): error = HTTPError(code, msg) error.status = "%s %s" % (code, msg) raise error
def wrapped(*args, **kwargs): if is_authenticated(request): return func(*args, **kwargs) return HTTPError(404, "File does not exist.")
def abort_authenticate(msg="authentication required"): err = HTTPError(401, msg) err.add_header(str('WWW-Authenticate'), 'Basic realm="pypi"') err.add_header(str('location'), "/+login") raise err
def fail_dir(): F_OUTPUT = HTTPError(500, 'Internal Server Error') return F_OUTPUT
s['account_id'] = account._id s['account_user'] = account.user s['account_group'] = account.group s['account_groups'] = account.groups s['auth_on'] = True s.save() output = [ account.dump() ] output = {'total': len(output), 'success': True, 'data': output} return output else: logger.debug(" + Invalid password ...") except Exception, err: logger.error(err) return HTTPError(403, "Forbidden") @get('/autoLogin/:key',skip=['checkAuthPlugin']) def autoLogin(key=None): if not key: return HTTPError(400, "No key provided") #---------------------Get storage/account------------------- storage = get_storage(namespace='object') mfilter = { 'crecord_type':'account', 'authkey':key, } logger.debug('Try to find %s key' % key)
def assert_logged_in(self): try: self.cork.require(role='archivist') except Exception: raise HTTPError(404, 'Not Logged In')
def div(x, y): if y == 0: result = HTTPError(400, "zero_division") else: result = str(x / y) return result