def embed(vcdb_id):
try:
section_id = int(request.args.get("sid", -1))
start_line = int(request.args.get("start_line", 1))
end_line = int(request.args.get("end_line", -1))
vulnerability_details = VulnerabilityDetails(vcdb_id)
vulnerability_details.validate_and_simplify_id()
view = vulnerability_details.vulnerability_view
if not view:
return make_response(("No vulnerability found", 404))
if not view.master_commit:
return make_response(
(f"Vuln (id: {view.id}) has no linked Git commits!", 404)
)
master_commit = vulnerability_details.get_master_commit()
files_schema = RepositoryFilesSchema(many=True)
# Hack to quickly retrieve the full data.
custom_data = json.loads(
files_schema.jsonify(master_commit.repository_files).data
)
settings = {
"section_id": section_id,
"startLine": start_line,
"endLine": end_line,
"entry_data": custom_data,
}
return render_template(
"vulnerability/embedded.html",
vulnerability_details=vulnerability_details,
embed_settings=settings,
)
except (ValueError, InvalidIdentifierException):
return make_response(("No vulnerability found", 404))
def embed(vuln_id):
try:
section_id = int(request.args.get('sid', -1))
start_line = int(request.args.get('start_line', 1))
end_line = int(request.args.get('end_line', -1))
vulnerability_details = VulnerabilityDetails(vuln_id)
vulnerability_details.validate()
vuln_view = vulnerability_details.vulnerability_view
if not vuln_view:
return bp.make_response(('No vulnerability found', 404))
if not vuln_view.master_commit:
return bp.make_response(
('Vuln (id: {:d}) has no linked Git commits!'.format(vuln_view.id),
404))
master_commit = vulnerability_details.getMasterCommit()
files_schema = RepositoryFilesSchema(many=True)
# Hack to quickly retrieve the full data.
custom_data = json.loads(
files_schema.jsonify(master_commit.repository_files).data)
settings = {
'section_id': section_id,
'startLine': start_line,
'endLine': end_line,
'entry_data': custom_data
}
return render_template(
'embedded.html',
cfg=cfg,
vulnerability_details=vulnerability_details,
embed_settings=settings)
except (ValueError, InvalidIdentifierException):
abort(404)
def has_custom_data(self):
master_commit = self.get_master_commit()
if not master_commit or not master_commit.repository_files:
return False
files_schema = RepositoryFilesSchema(many=True)
custom_data = files_schema.dump(master_commit.repository_files).data
return custom_data
def annotation_data(vcdb_id):
vulnerability_details = get_vulnerability_details(vcdb_id)
vulnerability_details.validate_and_simplify_id()
view = vulnerability_details.vulnerability_view
master_commit = view.master_commit
if not master_commit:
logging.error("Vuln (id: %r) has no linked Git commits!", view.id)
return create_json_response("Entry has no linked Git link!", 404)
master_commit = vulnerability_details.get_master_commit()
files_schema = RepositoryFilesSchema(many=True)
return files_schema.jsonify(master_commit.repository_files)
def annotation_data(vuln_id):
vulnerability_details = _get_vulnerability_details(vuln_id)
vulnerability_details.validate()
vuln_view = vulnerability_details.vulnerability_view
master_commit = vuln_view.master_commit
if not master_commit:
logging.error(f"Vuln (id: {vuln_view.id}) has no linked Git commits!")
return create_json_response("Entry has no linked Git link!", 404)
master_commit = vulnerability_details.getMasterCommit()
files_schema = RepositoryFilesSchema(many=True)
return files_schema.jsonify(master_commit.repository_files)
def getSettings(self):
parent_hash = (None,)
if self.vulnerability_view:
parent_hash = self.vulnerability_view.parent_commit
file_provider_url = self.file_provider_url
if file_provider_url:
file_provider_url = self.file_provider_url.replace(
VULN_ID_PLACEHOLDER, self.id)
file_ref_provider_url = self.file_ref_provider_url
if file_ref_provider_url:
file_ref_provider_url = self.file_ref_provider_url.replace(
VULN_ID_PLACEHOLDER, self.id)
data = {
"commit_link":
self.commit_link,
"commit_hash":
self.commit_hash,
"repo_url":
self.repo_url,
"repo_name":
self.repo_name,
"tree_url":
url_for("vuln.vuln_file_tree", vuln_id=self.id),
"annotation_data_url":
url_for("vuln.annotation_data", vuln_id=self.id),
"file_provider_url":
file_provider_url,
"file_ref_provider_url":
file_ref_provider_url,
"file_url":
self.file_url,
"id":
self.id,
"parent_hash":
parent_hash,
"HASH_PLACEHOLDER":
HASH_PLACEHOLDER,
"PATH_PLACEHOLDER":
PATH_PLACEHOLDER,
}
if self.vulnerability_view.annotated:
master_commit = self.getMasterCommit()
if master_commit:
files_schema = RepositoryFilesSchema(many=True)
# TODO: Consider refactoring this section. We currently also fetch
# custom data from the backend.
# Hack to quickly retrieve the full data.
data["custom_data"] = json.loads(
files_schema.jsonify(master_commit.repository_files).data)
return data
def getSettings(self):
parent_hash = (None, )
if self.vulnerability_view:
parent_hash = self.vulnerability_view.parent_commit
file_provider_url = self.file_provider_url
if file_provider_url:
file_provider_url = self.file_provider_url.replace(
VULN_ID_PLACEHOLDER, self.id)
file_ref_provider_url = self.file_ref_provider_url
if file_ref_provider_url:
file_ref_provider_url = self.file_ref_provider_url.replace(
VULN_ID_PLACEHOLDER, self.id)
data = {
'commit_link': self.commit_link,
'commit_hash': self.commit_hash,
'repo_url': self.repo_url,
'repo_name': self.repo_name,
'tree_url': url_for('vuln.vuln_file_tree', vuln_id=self.id),
'annotation_data_url': url_for('vuln.annotation_data',
vuln_id=self.id),
'file_provider_url': file_provider_url,
'file_ref_provider_url': file_ref_provider_url,
'file_url': self.file_url,
'id': self.id,
'parent_hash': parent_hash,
'HASH_PLACEHOLDER': HASH_PLACEHOLDER,
'PATH_PLACEHOLDER': PATH_PLACEHOLDER,
}
if self.vulnerability_view.annotated:
master_commit = self.getMasterCommit()
if master_commit:
files_schema = RepositoryFilesSchema(many=True)
# TODO: Consider refactoring this section. We currently also fetch
# custom data from the backend.
# Hack to quickly retrieve the full data.
data['custom_data'] = json.loads(
files_schema.jsonify(master_commit.repository_files).data)
#if request.path == ''
return data
