def api_post_scan_hostname(): # TODO: Allow people to accidentally use https://mozilla.org and convert to mozilla.org # Get the hostname hostname = request.args.get('host', '').lower() # Fail if it's not a valid hostname (not in DNS, not a real hostname, etc.) hostname = valid_hostname(hostname) or valid_hostname( 'www.' + hostname) # prepend www. if necessary if not hostname: return { 'error': '{hostname} is an invalid hostname'.format( hostname=request.args.get('host', '')) } # Get the site's id number try: site_id = database.select_site_id(hostname) except IOError: return {'error': 'Unable to connect to database'} # Next, let's see if there's a recent scan; if there was a recent scan, let's just return it # Setting rescan shortens what "recent" means rescan = True if request.form.get('rescan', 'false') == 'true' else False if rescan: row = database.select_scan_recent_scan(site_id, COOLDOWN) else: row = database.select_scan_recent_scan(site_id) # Otherwise, let's start up a scan if not row: hidden = request.form.get('hidden', 'false') # Begin the dispatch process if it was a POST if request.method == 'POST': try: # Connect to the backend and initiate a scan return requests.post(BACKEND_API_URL + '/analyze?host=' + hostname, data={ 'site_id': site_id, 'hidden': hidden, 'apikey': API_KEY }).json() except: return { 'error': 'scanner-backend-not-available-try-again-soon' } else: return {'error': 'recent-scan-not-found'} # If there was a rescan attempt and it returned a row, it's because the rescan was done within the cooldown window elif rescan and request.method == 'POST': return {'error': 'rescan-attempt-too-soon'} # Return the scan row return row
def api_post_scan_hostname(): # TODO: Allow people to accidentally use https://mozilla.org and convert to mozilla.org # Get the hostname hostname = request.args.get('host', '').lower() # Fail if it's not a valid hostname (not in DNS, not a real hostname, etc.) hostname = valid_hostname(hostname) or valid_hostname('www.' + hostname) # prepend www. if necessary if not hostname: return {'error': '{hostname} is an invalid hostname'.format(hostname=request.args.get('host', ''))} # Get the site's id number try: site_id = database.select_site_id(hostname) except IOError: return {'error': 'Unable to connect to database'} # Next, let's see if there's a recent scan; if there was a recent scan, let's just return it # Setting rescan shortens what "recent" means rescan = True if request.form.get('rescan', 'false') == 'true' else False if rescan: row = database.select_scan_recent_scan(site_id, COOLDOWN) else: row = database.select_scan_recent_scan(site_id) # Otherwise, let's start up a scan if not row: hidden = request.form.get('hidden', 'false') # Begin the dispatch process if it was a POST if request.method == 'POST': try: # Connect to the backend and initiate a scan return requests.post(BACKEND_API_URL + '/analyze?host=' + hostname, data={'site_id': site_id, 'hidden': hidden, 'apikey': API_KEY} ).json() except: return {'error': 'scanner-backend-not-available-try-again-soon'} else: return {'error': 'recent-scan-not-found'} # If there was a rescan attempt and it returned a row, it's because the rescan was done within the cooldown window elif rescan and request.method == 'POST': return {'error': 'rescan-attempt-too-soon'} # Return the scan row return row
def api_post_scan_hostname(): # TODO: Allow people to accidentally use https://mozilla.org and convert to mozilla.org # Get the hostname hostname = request.args.get('host', '').lower() # Fail if it's not a valid hostname (not in DNS, not a real hostname, etc.) hostname = valid_hostname(hostname) or valid_hostname( 'www.' + hostname) # prepend www. if necessary if not hostname: return { 'error': '{hostname} is an invalid hostname'.format( hostname=request.args.get('host', '')) } # Get the site's id number try: site_id = database.select_site_id(hostname) except IOError: return {'error': 'Unable to connect to database'} # Next, let's see if there's a recent scan; if there was a recent scan, let's just return it # Setting rescan shortens what "recent" means rescan = True if request.form.get('rescan', 'false') == 'true' else False if rescan: row = database.select_scan_recent_scan(site_id, COOLDOWN) else: row = database.select_scan_recent_scan(site_id) # Otherwise, let's start up a scan if not row: hidden = True if request.form.get('hidden', 'false') == 'true' else False # Begin the dispatch process if it was a POST if request.method == 'POST': row = database.insert_scan(site_id, hidden=hidden) scan_id = row['id'] scan.delay(hostname, site_id, scan_id) else: return {'error': 'recent-scan-not-found'} # If there was a rescan attempt and it returned a row, it's because the rescan was done within the cooldown window elif rescan and request.method == 'POST': return {'error': 'rescan-attempt-too-soon'} # Return the scan row return row
def api_post_scan_hostname(): # Abort if the API keys don't match if request.form.get('apikey', 'notatrueapikey') != API_KEY: abort(403) # Get the hostname, whether the scan is hidden, site_id, and scan_id try: hostname = request.args['host'] hidden = False if request.form['hidden'] == 'false' else True site_id = request.form['site_id'] except KeyError: return {'error': 'scan-missing-parameters'} # Sanity check to see that there are no scans pending; it's not a huge issue if we end up with duplicate # scans, but it's better not row = database.select_scan_recent_scan(site_id, COOLDOWN) # Start up the scan if not row: try: row = database.insert_scan(site_id, hidden=hidden) scan_id = row['id'] scan.delay(hostname, site_id, scan_id) except IOError: return {'error': 'scanner-down-try-again-soon'} # Return the scan row return jsonify(row)
def api_post_scan_hostname(): # TODO: Allow people to accidentally use https://mozilla.org and convert to mozilla.org # Get the hostname hostname = request.args.get('host', '').lower() # Fail if it's not a valid hostname (not in DNS, not a real hostname, etc.) hostname = valid_hostname(hostname) or valid_hostname('www.' + hostname) # prepend www. if necessary if not hostname: return {'error': '{hostname} is an invalid hostname'.format(hostname=request.args.get('host', ''))} # Get the site's id number try: site_id = database.select_site_id(hostname) except IOError: return {'error': 'Unable to connect to database'} # Next, let's see if there's a recent scan; if there was a recent scan, let's just return it # Setting rescan shortens what "recent" means rescan = True if request.form.get('rescan', 'false') == 'true' else False if rescan: row = database.select_scan_recent_scan(site_id, COOLDOWN) else: row = database.select_scan_recent_scan(site_id) # Otherwise, let's start up a scan if not row: hidden = True if request.form.get('hidden', 'false') == 'true' else False # Begin the dispatch process if it was a POST if request.method == 'POST': row = database.insert_scan(site_id, hidden=hidden) scan_id = row['id'] scan.delay(hostname, site_id, scan_id) else: return {'error': 'recent-scan-not-found'} # If there was a rescan attempt and it returned a row, it's because the rescan was done within the cooldown window elif rescan and request.method == 'POST': return {'error': 'rescan-attempt-too-soon'} # Return the scan row return row