def post_attachment(self, workspace_name, vuln_id):
try:
validate_csrf(request.form.get('csrf_token'))
except wtforms.ValidationError:
flask.abort(403)
vuln_workspace_check = db.session.query(VulnerabilityGeneric, Workspace.id).join(
Workspace).filter(VulnerabilityGeneric.id == vuln_id,
Workspace.name == workspace_name).first()
if vuln_workspace_check:
if 'file' not in request.files:
flask.abort(400)
faraday_file = FaradayUploadedFile(request.files['file'].read())
filename = request.files['file'].filename
get_or_create(
db.session,
File,
object_id=vuln_id,
object_type='vulnerability',
name=filename,
filename=filename,
content=faraday_file
)
db.session.commit()
return flask.jsonify({'message': 'Evidence upload was successful'})
else:
flask.abort(404, "Vulnerability not found")
def post_attachment(self, workspace_name, vuln_id):
try:
validate_csrf(request.form.get('csrf_token'))
except wtforms.ValidationError:
flask.abort(403)
vuln_workspace_check = db.session.query(
VulnerabilityGeneric, Workspace.id).join(Workspace).filter(
VulnerabilityGeneric.id == vuln_id,
Workspace.name == workspace_name).first()
if vuln_workspace_check:
if 'file' not in request.files:
flask.abort(400)
faraday_file = FaradayUploadedFile(request.files['file'].read())
filename = request.files['file'].filename
get_or_create(db.session,
File,
object_id=vuln_id,
object_type='vulnerability',
name=filename,
filename=filename,
content=faraday_file)
db.session.commit()
return flask.jsonify({'message': 'Evidence upload was successful'})
else:
flask.abort(404, "Vulnerability not found")
def _perform_create(self, data, **kwargs):
hostnames = data.pop('hostnames', [])
host = super(HostsView, self)._perform_create(data, **kwargs)
for name in hostnames:
get_or_create(db.session, Hostname, name=name, host=host,
workspace=host.workspace)
db.session.commit()
return host
def _perform_create(self, data, **kwargs):
hostnames = data.pop('hostnames', [])
host = super(HostsView, self)._perform_create(data, **kwargs)
for name in hostnames:
get_or_create(db.session,
Hostname,
name=name,
host=host,
workspace=host.workspace)
db.session.commit()
return host
def _process_attachments(self, obj, attachments):
old_attachments = db.session.query(File).filter_by(
object_id=obj.id,
object_type='vulnerability',
)
for old_attachment in old_attachments:
db.session.delete(old_attachment)
for filename, attachment in attachments.items():
faraday_file = FaradayUploadedFile(b64decode(attachment['data']))
get_or_create(
db.session,
File,
object_id=obj.id,
object_type='vulnerability',
name=os.path.splitext(os.path.basename(filename))[0],
filename=os.path.basename(filename),
content=faraday_file,
)
def _process_attachments(self, obj, attachments):
old_attachments = db.session.query(File).filter_by(
object_id=obj.id,
object_type='vulnerability',
)
for old_attachment in old_attachments:
db.session.delete(old_attachment)
for filename, attachment in attachments.items():
faraday_file = FaradayUploadedFile(b64decode(attachment['data']))
get_or_create(
db.session,
File,
object_id=obj.id,
object_type='vulnerability',
name=os.path.splitext(os.path.basename(filename))[0],
filename=os.path.basename(filename),
content=faraday_file,
)
def add_custom_field_wizard():
print('This wizard will guide you to ADD custom field to the vulneraiblity model.')
field_name = click.prompt('Field name')
field_display_name = click.prompt('Display name')
field_type = click.prompt('Field type (int, str, list)', type=click.Choice(['int', 'str', 'list']))
custom_fields = db.session.query(CustomFieldsSchema)
#Checks the name of the fields wont be a duplicate
for custom_field in custom_fields:
if field_name == custom_field.field_name \
or field_display_name == custom_field.field_display_name:
print('Custom field already exists, skipping')
sys.exit(1)
current_used_orders = set()
if custom_fields.count():
print('Custom field current order')
for custom_field in custom_fields:
current_used_orders.add(custom_field.field_order)
print('Field {0}, order {1}'.format(custom_field.field_display_name, custom_field.field_order))
field_order = click.prompt('Field order index')
invalid_field_order = False
try:
int(field_order)
except ValueError:
invalid_field_order = True
while invalid_field_order or int(field_order) in current_used_orders:
print('Field order already used or invalid value, please choose another value')
field_order = click.prompt('Field order index')
try:
int(field_order)
except ValueError:
invalid_field_order = True
continue
invalid_field_order = False
confirmation = click.prompt('New CustomField will be added to vulnerability -> Order {order} ({0},{1},{2}) <-, confirm to continue (yes/no)'\
.format(field_name, field_display_name, field_type, order=field_order))
if not confirmation:
sys.exit(1)
custom_field_data, created = get_or_create(
db.session,
CustomFieldsSchema,
table_name='vulnerability',
field_name=field_name,
field_order=field_order,
)
if not created:
print('Custom field already exists, skipping')
sys.exit(1)
custom_field_data.field_display_name = field_display_name,
custom_field_data.field_type = field_type
db.session.commit()
def add_custom_field_wizard():
print(
'This wizard will guide you to ADD custom field to the vulneraiblity model.'
)
field_name = click.prompt('Field name')
field_display_name = click.prompt('Display name')
field_type = click.prompt('Field type (int, str, list)',
type=click.Choice(['int', 'str', 'list']))
custom_fields = db.session.query(CustomFieldsSchema)
current_used_orders = set()
if custom_fields.count():
print('Custom field current order')
for custom_field in custom_fields:
current_used_orders.add(custom_field.field_order)
print('Field {0}, order {1}'.format(custom_field.field_display_name,
custom_field.field_order))
field_order = click.prompt('Field order index')
invalid_field_order = False
try:
int(field_order)
except ValueError:
invalid_field_order = True
while invalid_field_order or int(field_order) in current_used_orders:
print(
'Field order already used or invalid value, please choose another value'
)
field_order = click.prompt('Field order index')
try:
int(field_order)
except ValueError:
invalid_field_order = True
continue
invalid_field_order = False
confirmation = click.prompt(
'New CustomField will be added to vulnerability -> Order {order} ({0},{1},{2}) <-, confirm to continue (yes/no)'
.format(field_name, field_display_name, field_type, order=field_order))
if not confirmation:
sys.exit(1)
custom_field_data, created = get_or_create(
db.session,
CustomFieldsSchema,
table_name='vulnerability',
field_name=field_name,
field_order=field_order,
)
if not created:
print('Custom field already exists, skipping')
sys.exit(1)
custom_field_data.field_display_name = field_display_name,
custom_field_data.field_type = field_type
db.session.commit()