def authErrors():
# Check auth
if not request.headers.get('Authorization'):
return ({'status': 'error', 'reason': 'Authentication needed'}, 401)
method, name, token = Advanced_API.getAuth()
data = None
if method.lower() not in ['basic', 'token', 'session', 'bearer']:
data = ({'status': 'error', 'reason': 'Authorization method not allowed'}, 400)
else:
try:
authenticated = False
if method.lower() == 'basic':
authenticator = AuthenticationHandler()
if authenticator.validateUser(name, token): authenticated = True
elif method.lower() == 'bearer':
authenticated, name = db.isBearerAuthenticated(token)
elif method.lower() == 'token':
if db.getToken(name) == token: authenticated = True
elif method.lower() == 'session':
authenticator = AuthenticationHandler()
if authenticator.api_sessions.get(name) == token: authenticated = True
if not authenticated: data = ({'status': 'error', 'reason': 'Authentication failed'}, 401)
except Exception as e:
print(e)
data = ({'status': 'error', 'reason': 'Malformed Authentication String'}, 400)
if data:
return data
else: return None
def authErrors():
# Check auth
if not request.headers.get('Authorization'):
return ({'status': 'error', 'reason': 'Authentication needed'}, 401)
method, name, token = Advanced_API.getAuth()
data = None
if method.lower() not in ['basic', 'token', 'session']:
data = ({'status': 'error', 'reason': 'Authorization method not allowed'}, 400)
else:
try:
authenticated = False
if method.lower() == 'basic':
authenticator = AuthenticationHandler()
if authenticator.validateUser(name, token): authenticated = True
elif method.lower() == 'token':
if db.getToken(name) == token: authenticated = True
elif method.lower() == 'session':
authenticator = AuthenticationHandler()
if authenticator.api_sessions.get(name) == token: authenticated = True
if not authenticated: data = ({'status': 'error', 'reason': 'Authentication failed'}, 401)
except Exception as e:
print(e)
data = ({'status': 'error', 'reason': 'Malformed Authentication String'}, 400)
if data:
return data
else: return None
def authErrors(self):
# Check auth
if not request.headers.get("Authorization"):
return ({
"status": "error",
"reason": "Authentication needed"
}, 401)
method, name, token = Advanced_API.getAuth()
data = None
if method.lower() not in ["basic", "token", "session"]:
data = (
{
"status": "error",
"reason": "Authorization method not allowed"
},
400,
)
else:
try:
authenticated = False
if method.lower() == "basic":
authenticator = AuthenticationHandler()
if authenticator.validateUser(name, token):
authenticated = True
elif method.lower() == "token":
if db.getToken(name) == token:
authenticated = True
elif method.lower() == "session":
authenticator = AuthenticationHandler()
if authenticator.api_sessions.get(name) == token:
authenticated = True
if not authenticated:
data = ({
"status": "error",
"reason": "Authentication failed"
}, 401)
except Exception as e:
print(e)
data = (
{
"status": "error",
"reason": "Malformed Authentication String"
},
400,
)
if data:
return data
else:
return None
def authErrors():
db = DatabaseLayer(
) # Required to circumvent the use of self, because of this being a wrapper (This is one reason to use a singleton ;) )
# Check auth
if not request.headers.get('Authorization'):
return ({
'status': 'error',
'reason': 'Authentication needed'
}, 401)
method, name, token = Advanced_API.getAuth()
data = None
if method.lower() not in ['basic', 'token', 'session']:
data = ({
'status': 'error',
'reason': 'Authorization method not allowed'
}, 400)
else:
try:
authenticated = False
if method.lower() == 'basic':
authenticator = AuthenticationHandler()
if authenticator.validateUser(name, token):
authenticated = True
elif method.lower() == 'token':
if db.Users.getToken(name) == token: authenticated = True
elif method.lower() == 'session':
authenticator = AuthenticationHandler()
if authenticator.api_sessions.get(name) == token:
authenticated = True
if not authenticated:
data = ({
'status': 'error',
'reason': 'Authentication failed'
}, 401)
except Exception as e:
print(e)
data = ({
'status': 'error',
'reason': 'Malformed Authentication String'
}, 400)
if data:
return data
else:
return None
def __init__(self):
# TODO: make auth handler and plugin manager singletons
Advanced_API.__init__(self)
Minimal.__init__(self)
self.minimal = False
self.auth_handler = AuthenticationHandler()
self.plugManager = PluginManager()
self.login_manager = LoginManager()
self.plugManager.loadPlugins()
self.login_manager.init_app(self.app)
self.login_manager.user_loader(self.load_user)
self.redisdb = Configuration.getRedisVendorConnection()
self.defaultFilters.update({'blacklistSelect': 'on', 'whitelistSelect': 'on',
'unlistedSelect': 'show',})
self.args.update({'minimal': False})
self.pluginArgs = {"current_user": current_user, "plugin_manager": self.plugManager}
routes = [{'r': '/cve/<cveid>', 'm': ['GET'], 'f': self.cve},
{'r': '/_get_plugins', 'm': ['GET'], 'f': self._get_plugins},
{'r': '/plugin/_get_cve_actions', 'm': ['GET'], 'f': self._get_cve_actions},
{'r': '/plugin/<plugin>', 'm': ['GET'], 'f': self.openPlugin},
{'r': '/plugin/<plugin>/subpage/<page>', 'm': ['GET'], 'f': self.openPluginSubpage},
{'r': '/plugin/<plugin>/_cve_action/<action>', 'm': ['GET'], 'f': self._jsonCVEAction},
{'r': '/login', 'm': ['POST'], 'f': self.login_check},
{'r': '/logout', 'm': ['POST'], 'f': self.logout},
{'r': '/admin', 'm': ['GET'], 'f': self.admin},
{'r': '/admin/', 'm': ['GET'], 'f': self.admin},
{'r': '/admin/change_pass', 'm': ['GET'], 'f': self.change_pass},
{'r': '/admin/request_token', 'm': ['GET'], 'f': self.request_token},
{'r': '/admin/updatedb', 'm': ['GET'], 'f': self.updatedb},
{'r': '/admin/whitelist/import', 'm': ['POST'], 'f': self.listImport},
{'r': '/admin/blacklist/import', 'm': ['POST'], 'f': self.listImport},
{'r': '/admin/whitelist/export', 'm': ['GET'], 'f': self.listExport},
{'r': '/admin/blacklist/export', 'm': ['GET'], 'f': self.listExport},
{'r': '/admin/whitelist/drop', 'm': ['POST'], 'f': self.listDrop},
{'r': '/admin/blacklist/drop', 'm': ['POST'], 'f': self.listDrop},
{'r': '/admin/whitelist', 'm': ['GET'], 'f': self.listView},
{'r': '/admin/blacklist', 'm': ['GET'], 'f': self.listView},
{'r': '/admin/addToList', 'm': ['GET'], 'f': self.listAdd},
{'r': '/admin/removeFromList', 'm': ['GET'], 'f': self.listRemove},
{'r': '/admin/editInList', 'm': ['GET'], 'f': self.listEdit},
{'r': '/admin/listmanagement', 'm': ['GET'], 'f': self.listManagement},
{'r': '/admin/listmanagement/<vendor>', 'm': ['GET'], 'f': self.listManagement},
{'r': '/admin/listmanagement/<vendor>/<product>', 'm': ['GET'], 'f': self.listManagement},
{'r': '/admin/listmanagement/add', 'm': ['GET'], 'f': self.listManagementAdd},
{'r': '/login', 'm': ['POST'], 'f': self.login_check},
{'r': '/ViewCveSlack', 'm': ['POST'], 'f': self.slack_cve},
{'r': '/ViewCveSlack', 'm': ['GET'], 'f': self.slack_cve}]
for route in routes: self.addRoute(route)
def __init__(self):
Advanced_API.__init__(self)
Minimal.__init__(self)
self.minimal = False
self.auth_handler = AuthenticationHandler()
self.plugManager = PluginManager()
self.login_manager = LoginManager()
self.plugManager.loadPlugins()
self.login_manager.init_app(self.app)
self.login_manager.user_loader(self.load_user)
self.redisdb = Configuration.getRedisVendorConnection()
self.args.update({'minimal': False})
self.pluginArgs = {
"current_user": current_user,
"plugin_manager": self.plugManager
}
def api_admin_start_session(self):
method, name, key = Advanced_API.getAuth()
return AuthenticationHandler().new_api_session(name)
def api_admin_get_session(self):
method, name, key = Advanced_API.getAuth()
_session = AuthenticationHandler().get_api_session(name)
if not _session: raise (APIError("Session not started", 412))
return _session
from sbin.db_blacklist import *
# parse command line arguments
argparser = argparse.ArgumentParser(
description='Start CVE-Search web component')
argparser.add_argument('-v', action='store_true', help='verbose output')
args = argparser.parse_args()
# variables
app = Flask(__name__, static_folder='static', static_url_path='/static')
app.config['MONGO_DBNAME'] = Configuration.getMongoDB()
app.config['SECRET_KEY'] = str(random.getrandbits(256))
pageLength = Configuration.getPageLength()
listLogin = Configuration.listLoginRequired()
plugManager = PluginManager()
auth_handler = AuthenticationHandler()
defaultFilters = {
'blacklistSelect': 'on',
'whitelistSelect': 'on',
'unlistedSelect': 'show',
'timeSelect': 'all',
'startDate': '',
'endDate': '',
'timeTypeSelect': 'Modified',
'cvssSelect': 'all',
'cvss': '',
'rejectedSelect': 'hide'
}
# login manager
login_manager = LoginManager()
def __init__(self):
# TODO: make auth handler and plugin manager singletons
Advanced_API.__init__(self)
Minimal.__init__(self)
self.minimal = False
self.auth_handler = AuthenticationHandler()
self.plugManager = PluginManager()
self.login_manager = LoginManager()
self.plugManager.loadPlugins()
self.login_manager.init_app(self.app)
self.login_manager.user_loader(self.load_user)
self.redisdb = Configuration.getRedisVendorConnection()
self.defaultFilters.update({
"blacklistSelect": "on",
"whitelistSelect": "on",
"unlistedSelect": "show",
})
self.args.update({"minimal": False})
self.pluginArgs = {
"current_user": current_user,
"plugin_manager": self.plugManager,
}
routes = [
{
"r": "/cve/<cveid>",
"m": ["GET"],
"f": self.cve
},
{
"r": "/_get_plugins",
"m": ["GET"],
"f": self._get_plugins
},
{
"r": "/plugin/_get_cve_actions",
"m": ["GET"],
"f": self._get_cve_actions
},
{
"r": "/plugin/<plugin>",
"m": ["GET"],
"f": self.openPlugin
},
{
"r": "/plugin/<plugin>/subpage/<page>",
"m": ["GET"],
"f": self.openPluginSubpage,
},
{
"r": "/plugin/<plugin>/_cve_action/<action>",
"m": ["GET"],
"f": self._jsonCVEAction,
},
{
"r": "/login",
"m": ["POST"],
"f": self.login_check
},
{
"r": "/logout",
"m": ["GET"],
"f": self.logout
},
{
"r": "/admin",
"m": ["GET"],
"f": self.admin
},
{
"r": "/admin/",
"m": ["GET"],
"f": self.admin
},
{
"r": "/admin/change_pass",
"m": ["GET"],
"f": self.change_pass
},
{
"r": "/admin/request_token",
"m": ["GET"],
"f": self.request_token
},
{
"r": "/admin/updatedb",
"m": ["GET"],
"f": self.updatedb
},
{
"r": "/admin/whitelist/import",
"m": ["POST"],
"f": self.listImport
},
{
"r": "/admin/blacklist/import",
"m": ["POST"],
"f": self.listImport
},
{
"r": "/admin/whitelist/export",
"m": ["GET"],
"f": self.listExport
},
{
"r": "/admin/blacklist/export",
"m": ["GET"],
"f": self.listExport
},
{
"r": "/admin/whitelist/drop",
"m": ["POST"],
"f": self.listDrop
},
{
"r": "/admin/blacklist/drop",
"m": ["POST"],
"f": self.listDrop
},
{
"r": "/admin/whitelist",
"m": ["GET"],
"f": self.listView
},
{
"r": "/admin/blacklist",
"m": ["GET"],
"f": self.listView
},
{
"r": "/admin/addToList",
"m": ["GET"],
"f": self.listAdd
},
{
"r": "/admin/removeFromList",
"m": ["GET"],
"f": self.listRemove
},
{
"r": "/admin/editInList",
"m": ["GET"],
"f": self.listEdit
},
{
"r": "/admin/listmanagement",
"m": ["GET"],
"f": self.listManagement
},
{
"r": "/admin/listmanagement/<vendor>",
"m": ["GET"],
"f": self.listManagement,
},
{
"r": "/admin/listmanagement/<vendor>/<product>",
"m": ["GET"],
"f": self.listManagement,
},
{
"r": "/admin/listmanagement/add",
"m": ["GET"],
"f": self.listManagementAdd,
},
{
"r": "/login",
"m": ["POST"],
"f": self.login_check
},
]
for route in routes:
self.addRoute(route)
