def test_get_vulnweb_evidence(vulnerability_web_factory, depotfile, session): # Use vuln web to ensure its parent is a service and not a host all_vulns = vulnerability_web_factory.create_batch(10) session.commit() vuln = all_vulns[0] correct_file = File(filename='faraday.png', object_id=vuln.id, object_type='vulnerability', content=depotfile) session.add( File(filename='faraday.png', object_id=vuln.service_id, object_type='service', content=depotfile)) session.add(correct_file) for other_vuln in all_vulns[1:]: session.add( File(filename='faraday.png', object_id=other_vuln.id, object_type='vulnerability', content=depotfile)) session.add( File(filename='faraday.png', object_id=other_vuln.service_id, object_type='service', content=depotfile)) session.commit() assert vuln.evidence == [correct_file]
def upload_file(): if request.method == 'POST' and 'file' in request.files: f = request.files.get('file') #filename = rename_image(f.filename) filename = f.filename print("filename:", filename) f.save(os.path.join(current_app.config['ABE_UPLOAD_PATH'], filename)) ext = os.path.splitext(filename)[1] if ext != ".jpg" and ext != ".png": print("not image") file = File(filename=filename, author=current_user._get_current_object() # timestamp = fake.date_time_this_year() ) db.session.add(file) db.session.commit() else: filename_s = resize_image( f, filename, current_app.config['ABE_PHOTO_SIZE']['small']) filename_m = resize_image( f, filename, current_app.config['ABE_PHOTO_SIZE']['medium']) photo = Photo(filename=filename, filename_s=filename_s, filename_m=filename_m, author=current_user._get_current_object()) db.session.add(photo) db.session.commit() print("test, inter uplaod file, type f is :", type(f)) return render_template('main/upload.html')
def test_add_vulnweb_evidence(vulnerability_web, depotfile, session): session.commit() file_ = File(filename='faraday.png', content=depotfile) vulnerability_web.evidence.append(file_) session.commit() assert len(vulnerability_web.evidence) == 1 assert vulnerability_web.evidence[0].object_type == 'vulnerability' assert vulnerability_web.evidence[0].object_id == vulnerability_web.id
def fake_file(count=10): # photos upload_path = current_app.config['ABE_UPLOAD_PATH'] i = random.randint(1, count) filename = 'random_%d.txt' % i file = File(description=fake.text(), filename=filename, author=User.query.get(random.randint(1, User.query.count())), timestamp=fake.date_time_this_year()) db.session.add(file) print("add file ok.") db.session.commit()
async def get_file_by_id_or_filename(self, id_or_filename): query = "SELECT * FROM files WHERE id=$1 OR filename=$1;" record = await self.pool.fetchrow(query, id_or_filename) if not record: return None return File( id=record["id"], filename=record["filename"], user_id=record["user_id"], views=record["views"], uploaded_at=record["uploaded_at"], state=self.app, )
async def get_files(self, *, user_id=None): if user_id: query = "SELECT * FROM files WHERE user_id=$1 ORDER BY uploaded_at DESC;" records = await self.pool.fetch(query, user_id) else: query = "SELECT * FROM files ORDER BY uploaded_at DESC;" records = await self.pool.fetch(query) if not records: return [] return [ File( id=record["id"], filename=record["filename"], user_id=record["user_id"], views=record["views"], uploaded_at=record["uploaded_at"], state=self.app, ) for record in records ]
def get_or_create_file(data): auth_token = data.get('auth_token') user = User.query.filter_by(user_id=get_user_by_auth_token(auth_token)).first() sample = get_or_create_sample(data.get('sample_name'), user.user_id) access = Access.query.filter_by(auth_token=auth_token).first() file = File.query.filter_by(identifier=data.get('identifier')).first() if not file: file = File() file.identifier = data.get('identifier') file.filename = data.get('filename') file.total_size = data.get('total_size') file.file_type = data.get('file_type') file.user_id = user.user_id file.access_id = access.id file.readset = data.get('readset') file.platform = data.get('platform') file.run_type = data.get('run_type') file.capture_kit = data.get('capture_kit') file.library = data.get('library') file.reference = data.get('reference') file.upload_status = 'ongoing' file.upload_start_date = dt.datetime.today() file.is_archived = 0 # Attach the file to this sample and access objects sample.files.append(file) access.files.append(file) db.session.add(file) db.session.commit() return file
def file_upload(): ''' 파일 업로드 upload file path :원본 파일: server/uploads/<projName>/origin/<filename> :비교 파일: server/uploads/<projName>/compare/<filename> ''' global origin_file global comp_file if not session['projID'] or session['projID'] is None: return redirect(url_for('dashboard')) else: projID = session['projID'] project = Project.query.get(projID) projName = project.projName if request.method == 'POST': post_type = request.form.get('post_type') if not post_type: file = request.files['file'] if file and allowed_file(file.filename): filename = secure_filename(file.filename) file_type = request.form.get('file_type') if file_type == "origin_file": if not os.path.exists( join(app.config['UPLOAD_FOLDER'], projID, 'origin')): os.makedirs( join(app.config['UPLOAD_FOLDER'], projID, 'origin')) file.save( join(app.config['UPLOAD_FOLDER'], projID, 'origin', filename)) origin_file = join(app.config['UPLOAD_FOLDER'], projID, 'origin', filename) elif file_type == "compare_file": if not os.path.exists( join(app.config['UPLOAD_FOLDER'], projID, 'compare')): os.makedirs( join(app.config['UPLOAD_FOLDER'], projID, 'compare')) file.save( join(app.config['UPLOAD_FOLDER'], projID, 'compare', filename)) # comp_file = zipfile.ZipFile(os.path.join(app.config['UPLOAD_FOLDER'], projName, 'compare', filename)) comp_file = join(app.config['UPLOAD_FOLDER'], projID, 'compare', filename) else: print("upload type error", file=sys.stderr) else: print("only zip file", file=sys.stderr) elif post_type == 'file_upload': if not origin_file or not comp_file: # file miss print("no file", file=sys.stderr) pass else: origin_file = zipfile.ZipFile(origin_file) comp_file = zipfile.ZipFile(comp_file) origin_file.extractall( join(app.config['UPLOAD_FOLDER'], projID, 'origin', 'files')) comp_file.extractall( join(app.config['UPLOAD_FOLDER'], projID, 'compare', 'files')) origin_path = join(app.config['UPLOAD_FOLDER'], projID, 'origin', 'files') comp_path = join(app.config['UPLOAD_FOLDER'], projID, 'compare', 'files') file_data = File(origin_path, comp_path) if not File.query.filter( File.originPath == origin_path).filter( File.compPath == comp_path).first(): db.session.add(file_data) db.session.commit() file_data = File.query.filter( File.originPath == origin_path).first() project.fileNum = file_data.fileID db.session.commit() return redirect(url_for('tuple')) else: pass else: pass return render_template('/file_upload.html', projName=projName, origin_file=origin_file, comp_file=comp_file)
def get_or_create_file(data): auth_token = data.get('auth_token') user = User.query.filter_by( user_id=get_user_by_auth_token(auth_token)).first() sample = get_or_create_sample(data.get('sample_name'), user.user_id) access = Access.query.filter_by(auth_token=auth_token).first() file = File.query.filter_by(identifier=data.get('identifier')).first() if not file: file = File() file.identifier = data.get('identifier') file.filename = data.get('filename') file.total_size = data.get('total_size') file.file_type = data.get('file_type') file.user_id = user.user_id file.access_id = access.id file.readset = data.get('readset') file.platform = data.get('platform') file.run_type = data.get('run_type') file.capture_kit = data.get('capture_kit') file.library = data.get('library') file.reference = data.get('reference') file.upload_status = 'ongoing' file.upload_start_date = dt.datetime.today() file.is_archived = 0 # Attach the file to this sample and access objects sample.files.append(file) access.files.append(file) db.session.add(file) db.session.commit() return file
def populate(self, workspace, service, session, user, vulnerability_factory, credential_factory, empty_command_factory): session.commit() self.session = session assert service.workspace_id == workspace.id workspace.set_scope(['*.infobytesec.com', '192.168.1.0/24']) self.user = user self.workspace = workspace self.permission = WorkspacePermission(user=user, workspace=workspace) session.add(self.permission) self.host = service.host self.host.set_hostnames(['a.com', 'b.com']) self.service = service self.host_cred = credential_factory.create( host=self.host, service=None, workspace=workspace, creator=user, ) self.service_cred = credential_factory.create( host=None, service=service, workspace=workspace, creator=user, ) self.host_vuln = vulnerability_factory.create( host=self.host, service=None, workspace=workspace, creator=user, ) self.service_vuln = vulnerability_factory.create( host=None, service=service, workspace=workspace, creator=user, ) session.flush() for vuln in [self.host_vuln, self.service_vuln]: vuln.references = ['CVE-1234', 'CVE-4331'] vuln.policy_violations = ["PCI-DSS"] self.attachment = File( name='test.png', filename='test.png', content='test', object_type='vulnerability', object_id=self.service_vuln.id, creator=user, ) self.session.add(self.attachment) self.host_attachment = File( name='test.png', filename='test.png', content='test', object_type='host', object_id=self.host.id, creator=user, ) self.session.add(self.host_attachment) self.comment = Comment( text="test", object_type='host', object_id=self.host.id, workspace=self.workspace, creator=user, ) self.session.add(self.comment) self.reply_comment = Comment( text="ok", object_type='host', object_id=self.host.id, workspace=self.workspace, reply_to=self.comment, creator=user, ) self.command = empty_command_factory.create(workspace=workspace, creator=user) CommandObject.create(self.host_vuln, self.command) CommandObject.create(self.service_vuln, self.command) self.methodology_template = MethodologyTemplate(name="test", ) session.add(self.methodology_template) self.methodology_template_task = TaskTemplate( name="aaaa", template=self.methodology_template) session.add(self.methodology_template) self.methodology = Methodology(name="test", template=self.methodology_template, workspace=self.workspace) session.add(self.methodology) self.methodology_task = Task(name="aaaa", workspace=self.workspace, template=self.methodology_template_task, methodology=self.methodology) session.add(self.methodology_template_task) self.methodology_task_assigned = TaskAssignedTo( task=self.methodology_task, user=self.user, ) session.add(self.methodology_task_assigned) session.commit()
def post(self, request): bodyUnicode = request.body.decode('utf-8') jsonRequestData = json.loads(bodyUnicode) fileName = jsonRequestData.get("name", "") fileContent = jsonRequestData.get("content", "") username = jsonRequestData.get("username", "") password = jsonRequestData.get("password", "") # Check user authentication user = authenticate(username=username, password=password) if (user is None): return JsonResponse({ "status": "error", "message": "Autenticação falhou. Utilizador ou password errados." }) file = File() file.setName(fileName) file.setContent(fileContent) file.setOwner(user) try: file.save() except Exception as ex: return JsonResponse({ 'status': "error", "message": "Ocorreu um erro ao criar o ficheiro. " + str(ex) }) return JsonResponse({ 'status': "success", 'file': { 'id': file.getId(), 'name': file.getName(), 'owner': file.getOwner().getId(), "corrupted": file.isCorrupted(), 'permissions': { 'read': True, 'write': True, }, } })