def embed(vcdb_id): try: section_id = int(request.args.get("sid", -1)) start_line = int(request.args.get("start_line", 1)) end_line = int(request.args.get("end_line", -1)) vulnerability_details = VulnerabilityDetails(vcdb_id) vulnerability_details.validate_and_simplify_id() view = vulnerability_details.vulnerability_view if not view: return make_response(("No vulnerability found", 404)) if not view.master_commit: return make_response( (f"Vuln (id: {view.id}) has no linked Git commits!", 404) ) master_commit = vulnerability_details.get_master_commit() files_schema = RepositoryFilesSchema(many=True) # Hack to quickly retrieve the full data. custom_data = json.loads( files_schema.jsonify(master_commit.repository_files).data ) settings = { "section_id": section_id, "startLine": start_line, "endLine": end_line, "entry_data": custom_data, } return render_template( "vulnerability/embedded.html", vulnerability_details=vulnerability_details, embed_settings=settings, ) except (ValueError, InvalidIdentifierException): return make_response(("No vulnerability found", 404))
def embed(vuln_id): try: section_id = int(request.args.get('sid', -1)) start_line = int(request.args.get('start_line', 1)) end_line = int(request.args.get('end_line', -1)) vulnerability_details = VulnerabilityDetails(vuln_id) vulnerability_details.validate() vuln_view = vulnerability_details.vulnerability_view if not vuln_view: return bp.make_response(('No vulnerability found', 404)) if not vuln_view.master_commit: return bp.make_response( ('Vuln (id: {:d}) has no linked Git commits!'.format(vuln_view.id), 404)) master_commit = vulnerability_details.getMasterCommit() files_schema = RepositoryFilesSchema(many=True) # Hack to quickly retrieve the full data. custom_data = json.loads( files_schema.jsonify(master_commit.repository_files).data) settings = { 'section_id': section_id, 'startLine': start_line, 'endLine': end_line, 'entry_data': custom_data } return render_template( 'embedded.html', cfg=cfg, vulnerability_details=vulnerability_details, embed_settings=settings) except (ValueError, InvalidIdentifierException): abort(404)
def has_custom_data(self): master_commit = self.get_master_commit() if not master_commit or not master_commit.repository_files: return False files_schema = RepositoryFilesSchema(many=True) custom_data = files_schema.dump(master_commit.repository_files).data return custom_data
def annotation_data(vcdb_id): vulnerability_details = get_vulnerability_details(vcdb_id) vulnerability_details.validate_and_simplify_id() view = vulnerability_details.vulnerability_view master_commit = view.master_commit if not master_commit: logging.error("Vuln (id: %r) has no linked Git commits!", view.id) return create_json_response("Entry has no linked Git link!", 404) master_commit = vulnerability_details.get_master_commit() files_schema = RepositoryFilesSchema(many=True) return files_schema.jsonify(master_commit.repository_files)
def annotation_data(vuln_id): vulnerability_details = _get_vulnerability_details(vuln_id) vulnerability_details.validate() vuln_view = vulnerability_details.vulnerability_view master_commit = vuln_view.master_commit if not master_commit: logging.error(f"Vuln (id: {vuln_view.id}) has no linked Git commits!") return create_json_response("Entry has no linked Git link!", 404) master_commit = vulnerability_details.getMasterCommit() files_schema = RepositoryFilesSchema(many=True) return files_schema.jsonify(master_commit.repository_files)
def getSettings(self): parent_hash = (None,) if self.vulnerability_view: parent_hash = self.vulnerability_view.parent_commit file_provider_url = self.file_provider_url if file_provider_url: file_provider_url = self.file_provider_url.replace( VULN_ID_PLACEHOLDER, self.id) file_ref_provider_url = self.file_ref_provider_url if file_ref_provider_url: file_ref_provider_url = self.file_ref_provider_url.replace( VULN_ID_PLACEHOLDER, self.id) data = { "commit_link": self.commit_link, "commit_hash": self.commit_hash, "repo_url": self.repo_url, "repo_name": self.repo_name, "tree_url": url_for("vuln.vuln_file_tree", vuln_id=self.id), "annotation_data_url": url_for("vuln.annotation_data", vuln_id=self.id), "file_provider_url": file_provider_url, "file_ref_provider_url": file_ref_provider_url, "file_url": self.file_url, "id": self.id, "parent_hash": parent_hash, "HASH_PLACEHOLDER": HASH_PLACEHOLDER, "PATH_PLACEHOLDER": PATH_PLACEHOLDER, } if self.vulnerability_view.annotated: master_commit = self.getMasterCommit() if master_commit: files_schema = RepositoryFilesSchema(many=True) # TODO: Consider refactoring this section. We currently also fetch # custom data from the backend. # Hack to quickly retrieve the full data. data["custom_data"] = json.loads( files_schema.jsonify(master_commit.repository_files).data) return data
def getSettings(self): parent_hash = (None, ) if self.vulnerability_view: parent_hash = self.vulnerability_view.parent_commit file_provider_url = self.file_provider_url if file_provider_url: file_provider_url = self.file_provider_url.replace( VULN_ID_PLACEHOLDER, self.id) file_ref_provider_url = self.file_ref_provider_url if file_ref_provider_url: file_ref_provider_url = self.file_ref_provider_url.replace( VULN_ID_PLACEHOLDER, self.id) data = { 'commit_link': self.commit_link, 'commit_hash': self.commit_hash, 'repo_url': self.repo_url, 'repo_name': self.repo_name, 'tree_url': url_for('vuln.vuln_file_tree', vuln_id=self.id), 'annotation_data_url': url_for('vuln.annotation_data', vuln_id=self.id), 'file_provider_url': file_provider_url, 'file_ref_provider_url': file_ref_provider_url, 'file_url': self.file_url, 'id': self.id, 'parent_hash': parent_hash, 'HASH_PLACEHOLDER': HASH_PLACEHOLDER, 'PATH_PLACEHOLDER': PATH_PLACEHOLDER, } if self.vulnerability_view.annotated: master_commit = self.getMasterCommit() if master_commit: files_schema = RepositoryFilesSchema(many=True) # TODO: Consider refactoring this section. We currently also fetch # custom data from the backend. # Hack to quickly retrieve the full data. data['custom_data'] = json.loads( files_schema.jsonify(master_commit.repository_files).data) #if request.path == '' return data