def filter(self, workspace_name):
try:
filters = json.loads(request.args.get('q'))
except ValueError as ex:
flask.abort(400, "Invalid filters")
workspace = self._get_workspace(workspace_name)
marshmallow_params = {'many': True, 'context': {}, 'strict': True}
try:
normal_vulns = search(db.session,
Vulnerability,
filters)
normal_vulns = normal_vulns.filter_by(workspace_id=workspace.id)
normal_vulns = self.schema_class_dict['VulnerabilityWeb'](**marshmallow_params).dumps(normal_vulns.all())
normal_vulns_data = json.loads(normal_vulns.data)
except Exception:
normal_vulns_data = []
try:
web_vulns = search(db.session,
VulnerabilityWeb,
filters)
web_vulns = web_vulns.filter_by(workspace_id=workspace.id)
web_vulns = self.schema_class_dict['VulnerabilityWeb'](**marshmallow_params).dumps(web_vulns.all())
web_vulns_data = json.loads(web_vulns.data)
except Exception:
web_vulns_data = []
return self._envelope_list(normal_vulns_data + web_vulns_data)
def filter(self, workspace_name):
try:
filters = json.loads(request.args.get('q'))
except ValueError as ex:
flask.abort(400, "Invalid filters")
workspace = self._get_workspace(workspace_name)
marshmallow_params = {'many': True, 'context': {}, 'strict': True}
try:
normal_vulns = search(db.session, Vulnerability, filters)
normal_vulns = normal_vulns.filter_by(workspace_id=workspace.id)
normal_vulns = self.schema_class_dict['VulnerabilityWeb'](
**marshmallow_params).dumps(normal_vulns.all())
normal_vulns_data = json.loads(normal_vulns.data)
except Exception:
normal_vulns_data = []
try:
web_vulns = search(db.session, VulnerabilityWeb, filters)
web_vulns = web_vulns.filter_by(workspace_id=workspace.id)
web_vulns = self.schema_class_dict['VulnerabilityWeb'](
**marshmallow_params).dumps(web_vulns.all())
web_vulns_data = json.loads(web_vulns.data)
except Exception:
web_vulns_data = []
return self._envelope_list(normal_vulns_data + web_vulns_data)
def _filter(self, filters, workspace_name, confirmed=False):
try:
filters = json.loads(filters)
filters, hostname_filters = self._hostname_filters(
filters.get('filters', []))
except ValueError as ex:
flask.abort(400, "Invalid filters")
if confirmed:
if 'filters' not in filters:
filters = {}
filters['filters'] = []
filters['filters'].append({
"name": "confirmed",
"op": "==",
"val": "true"
})
workspace = self._get_workspace(workspace_name)
marshmallow_params = {'many': True, 'context': {}, 'strict': True}
try:
normal_vulns = search(db.session, Vulnerability,
{'filters': filters})
normal_vulns = normal_vulns.filter_by(workspace_id=workspace.id)
if hostname_filters:
or_filters = []
for hostname_filter in hostname_filters:
or_filters.append(Hostname.name == hostname_filter['val'])
normal_vulns_host = normal_vulns.join(Host).join(
Hostname).filter(or_(*or_filters))
normal_vulns = normal_vulns_host.union(
normal_vulns.join(Service).join(Host).join(
Hostname).filter(or_(*or_filters)))
normal_vulns = self.schema_class_dict['VulnerabilityWeb'](
**marshmallow_params).dumps(normal_vulns.all(),
cls=BytesJSONEncoder)
normal_vulns_data = json.loads(normal_vulns.data)
except Exception as ex:
logger.exception(ex)
normal_vulns_data = []
try:
web_vulns = search(db.session, VulnerabilityWeb,
{'filters': filters})
web_vulns = web_vulns.filter_by(workspace_id=workspace.id)
if hostname_filters:
or_filters = []
for hostname_filter in hostname_filters:
or_filters.append(Hostname.name == hostname_filter['val'])
web_vulns = web_vulns.join(Service).join(Host).join(
Hostname).filter(or_(*or_filters))
web_vulns = self.schema_class_dict['VulnerabilityWeb'](
**marshmallow_params).dumps(web_vulns.all(),
cls=BytesJSONEncoder)
web_vulns_data = json.loads(web_vulns.data)
except Exception as ex:
logger.exception(ex)
web_vulns_data = []
return normal_vulns_data + web_vulns_data