def render(self, path, values=None, status=200): """Write HTML response.""" if values is None: values = {} values['menu_items'] = _MENU_ITEMS values['is_oss_fuzz'] = utils.is_oss_fuzz() values['is_development'] = ( environment.is_running_on_app_engine_development()) values['is_logged_in'] = bool(helpers.get_user_email()) # Only track analytics for non-admin users. values['ga_tracking_id'] = ( local_config.GAEConfig().get('ga_tracking_id') if not auth.is_current_user_admin() else None) if values['is_logged_in']: values['switch_account_url'] = make_login_url(request.url) values['logout_url'] = make_logout_url(dest_url=request.url) template = _JINJA_ENVIRONMENT.get_template(path) response = Response() response = self._add_security_response_headers(response) response.headers['Content-Type'] = 'text/html' response.data = template.render(values) response.status_code = status return response
def check_public_testcase(self, blob_info, testcase): """Check public testcase.""" if blob_info.key() != testcase.minimized_keys: return False if not testcase.bug_information: return False issue_tracker = issue_tracker_utils.get_issue_tracker_for_testcase( testcase) issue = issue_tracker.get_issue(testcase.bug_information) if not issue: return False # If the issue is explicitly marked as view restricted to committers only # (OSS-Fuzz only), then don't allow public download. if 'restrict-view-commit' in issue.labels: return False # For OSS-Fuzz, delay the disclosure of the reproducer by 30 days. # If the deadline had previously exceeded, the reproducer was made public # already so exclude that case. if (utils.is_oss_fuzz() and 'deadline-exceeded' not in issue.labels and issue.closed_time and not dates.time_has_expired( issue.closed_time, days=_OSS_FUZZ_REPRODUCER_DELAY)): return False return True
def get(self, resource=None): """Handle a get request with resource.""" testcase = None testcase_id = request.args.get('testcase_id') if not testcase_id and not resource: raise helpers.EarlyExitException('No file requested.', 400) if testcase_id: try: testcase = data_handler.get_testcase_by_id(testcase_id) except errors.InvalidTestcaseError: raise helpers.EarlyExitException('Invalid testcase.', 400) if not resource: if testcase.minimized_keys and testcase.minimized_keys != 'NA': resource = testcase.minimized_keys else: resource = testcase.fuzzed_keys fuzzer_binary_name = None if testcase: fuzzer_binary_name = testcase.get_metadata('fuzzer_binary_name') resource = str(urllib.parse.unquote(resource)) blob_info = blobs.get_blob_info(resource) if not blob_info: raise helpers.EarlyExitException('File does not exist.', 400) if (testcase and testcase.fuzzed_keys != blob_info.key() and testcase.minimized_keys != blob_info.key()): raise helpers.EarlyExitException('Invalid testcase.', 400) if (utils.is_oss_fuzz() and testcase and self.check_public_testcase(blob_info, testcase)): # Public OSS-Fuzz testcase. return self._send_blob(blob_info, testcase.key.id(), is_minimized=True, fuzzer_binary_name=fuzzer_binary_name) is_minimized = testcase and blob_info.key() == testcase.minimized_keys if access.has_access(): # User has general access. return self._send_blob(blob_info, testcase_id, is_minimized, fuzzer_binary_name) # If this blobstore file is for a testcase, check if the user has access to # the testcase. if not testcase: raise helpers.AccessDeniedException() if access.can_user_access_testcase(testcase): return self._send_blob(blob_info, testcase_id, is_minimized, fuzzer_binary_name) raise helpers.AccessDeniedException()
def get(self): """Handle a get request.""" if utils.is_oss_fuzz(): manager_class = OssFuzzClustersManager else: manager_class = ClustersManager for project_id in _get_project_ids(): manager = manager_class(project_id) manager.update_clusters()
def _allow_unprivileged_metadata(testcase_metadata): """Returns whether or not the provided testcase metadata can be set by an unprivileged user.""" if utils.is_oss_fuzz(): # Labels in OSS-Fuzz are privileged and control things like disclosure # deadlines. Do not let these be editable. return False # Allow *only* issue labels to be set. return len(testcase_metadata) == 1 and 'issue_labels' in testcase_metadata
def run_server(): """Start a HTTP server to respond to the health checker.""" if utils.is_oss_fuzz(): # OSS-Fuzz's multiple instances per host model isn't supported yet. return health_check_responder_server = HTTPServer((RESPONDER_IP, RESPONDER_PORT), RequestHandler) server_thread = threading.Thread( target=health_check_responder_server.serve_forever) server_thread.start()
def register_routes(flask_app, routes): """Utility function to register all routes to the flask app.""" for route, handler in routes: flask_app.add_url_rule(route, view_func=handler.as_view(route)) # Add item to the navigation menu. Order is important. base_handler.add_menu('Testcases', '/testcases') base_handler.add_menu('Fuzzer Statistics', '/fuzzer-stats') base_handler.add_menu('Crash Statistics', '/crash-stats') base_handler.add_menu('Upload Testcase', '/upload-testcase') _is_chromium = utils.is_chromium() _is_oss_fuzz = utils.is_oss_fuzz() if _is_chromium: base_handler.add_menu('Crashes by range', '/commit-range') if not _is_oss_fuzz: base_handler.add_menu('Fuzzers', '/fuzzers') base_handler.add_menu('Corpora', '/corpora') base_handler.add_menu('Bots', '/bots') base_handler.add_menu('Jobs', '/jobs') base_handler.add_menu('Configuration', '/configuration') base_handler.add_menu('Report Bug', '/report-bug') base_handler.add_menu('Documentation', '/docs') # We need to separate routes for cron to avoid redirection.
def is_admin_or_not_oss_fuzz(): """Return True if the current user is an admin or if this is not OSS-Fuzz.""" return not utils.is_oss_fuzz() or auth.is_current_user_admin()
def wrapper(self): """Wrapper.""" if utils.is_oss_fuzz(): return check_admin_access(func)(self) return func(self)