def delete_document(workspace, doc_id):
validate_workspace(workspace)
ws = server.database.get(workspace)
couchdb_conn = ws.couchdb
doc_rev = flask.request.args.get('rev', '')
try:
response = couchdb_conn.delete_doc({'_id': doc_id, '_rev': doc_rev})
except RequestFailed as e:
response = flask.jsonify(json.loads(e.msg))
response.status_code = e.status_int
return response
except ResourceError as e:
response = flask.jsonify({'error': e.message})
response.status_code = e.status_int
return response
if response.get('ok', False):
doc_importer = server.database.DocumentImporter(ws.connector)
doc_importer.delete_entity_from_doc_id(doc_id)
return flask.jsonify(response)
def add_or_update_document(workspace, doc_id):
validate_workspace(workspace)
try:
document = json.loads(flask.request.data)
except ValueError:
return build_bad_request_response('invalid json')
document['_id'] = doc_id # document dictionary does not have id, add it
ws = server.database.get(workspace)
couchdb_conn = ws.couchdb
is_update_request = bool(document.get('_rev', False))
try:
response = couchdb_conn.save_doc(document)
except RequestFailed as e:
response = flask.jsonify(json.loads(e.msg))
response.status_code = e.status_int
return response
except ResourceError as e:
response = flask.jsonify({'error': e.message})
response.status_code = e.status_int
return response
if response.get('ok', False):
doc_importer = server.database.DocumentImporter(ws.connector)
if is_update_request:
doc_importer.update_entity_from_doc(document)
else:
doc_importer.add_entity_from_doc(document)
return flask.jsonify(response)
def delete_document_and_children(workspace, doc_id):
def delete_document(doc_id, doc_rev):
try:
response = couchdb_conn.delete_doc({'_id': doc_id, '_rev': doc_rev})
except RequestFailed as e:
response = flask.jsonify(json.loads(e.msg))
response.status_code = e.status_int
return response
except ResourceError as e:
response = flask.jsonify({'error': e.message})
response.status_code = e.status_int
return response
if response.get('ok', False):
doc_importer = server.database.DocumentImporter(ws.connector)
doc_importer.delete_entity_from_doc_id(doc_id)
return flask.jsonify(response)
validate_workspace(workspace)
ws = server.database.get(workspace)
couchdb_conn = ws.couchdb
docs_to_delete = couchdb_conn.get_documents_starting_with_id(doc_id)
docs_ids_to_delete = filter(lambda x: x is not None, (map(lambda d: d.get('id'), docs_to_delete)))
docs_revs_to_delete = map(lambda d: d['doc']['_rev'], docs_to_delete)
responses = map(delete_document, docs_ids_to_delete, docs_revs_to_delete)
return responses[0]
def delete_document_and_children(workspace, doc_id):
def delete_document(doc_id, doc_rev):
try:
response = couchdb_conn.delete_doc({
'_id': doc_id,
'_rev': doc_rev
})
except RequestFailed as e:
response = flask.jsonify(json.loads(e.msg))
response.status_code = e.status_int
return response
except ResourceError as e:
response = flask.jsonify({'error': e.message})
response.status_code = e.status_int
return response
if response.get('ok', False):
doc_importer = server.database.DocumentImporter(ws.connector)
doc_importer.delete_entity_from_doc_id(doc_id)
return flask.jsonify(response)
validate_workspace(workspace)
ws = server.database.get(workspace)
couchdb_conn = ws.couchdb
docs_to_delete = couchdb_conn.get_documents_starting_with_id(doc_id)
docs_ids_to_delete = filter(lambda x: x is not None,
(map(lambda d: d.get('id'), docs_to_delete)))
docs_revs_to_delete = map(lambda d: d['doc']['_rev'], docs_to_delete)
responses = map(delete_document, docs_ids_to_delete, docs_revs_to_delete)
return responses[0]
def delete_document(workspace, doc_id):
validate_workspace(workspace)
ws = server.database.get(workspace)
couchdb_conn = ws.couchdb
doc_rev = flask.request.args.get('rev', '')
try:
response = couchdb_conn.delete_doc({'_id': doc_id, '_rev': doc_rev})
except RequestFailed as e:
response = flask.jsonify(json.loads(e.msg))
response.status_code = e.status_int
return response
except ResourceError as e:
response = flask.jsonify({'error': e.message})
response.status_code = e.status_int
return response
if response.get('ok', False):
doc_importer = server.database.DocumentImporter(ws.connector)
doc_importer.delete_entity_from_doc_id(doc_id)
return flask.jsonify(response)
def add_or_update_document(workspace, doc_id):
validate_workspace(workspace)
try:
document = json.loads(flask.request.data)
except ValueError:
return build_bad_request_response('invalid json')
document['_id'] = doc_id # document dictionary does not have id, add it
ws = server.database.get(workspace)
couchdb_conn = ws.couchdb
is_update_request = bool(document.get('_rev', False))
try:
response = couchdb_conn.save_doc(document)
except RequestFailed as e:
response = flask.jsonify(json.loads(e.msg))
response.status_code = e.status_int
return response
except ResourceError as e:
response = flask.jsonify({'error': e.message})
response.status_code = e.status_int
return response
if response.get('ok', False):
doc_importer = server.database.DocumentImporter(ws.connector)
if is_update_request:
doc_importer.update_entity_from_doc(document)
else:
doc_importer.add_entity_from_doc(document)
return flask.jsonify(response)
def list_services(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}".format(flask.request.args))
services_dao = ServiceDAO(workspace)
services = services_dao.list(service_filter=flask.request.args)
return flask.jsonify(services)
def workspace(workspace):
validate_workspace(workspace)
workspaces = list_workspaces_as_user(
flask.request.cookies, get_basic_auth())['workspaces']
ws = get_workspace(workspace, flask.request.cookies, get_basic_auth()) if workspace in workspaces else None
# TODO: When the workspace DAO is ready, we have to remove this next line
if not ws.get('fdate'): ws['fdate'] = ws.get('duration').get('end')
if not ws.get('description'): ws['description'] = ''
return flask.jsonify(ws)
def list_interfaces(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(flask.request.args))
dao = InterfaceDAO(workspace)
result = dao.list(interface_filter=flask.request.args)
return flask.jsonify(result)
def workspace(workspace):
validate_workspace(workspace)
workspaces = list_workspaces_as_user(flask.request.cookies,
get_basic_auth())['workspaces']
ws = get_workspace(workspace, flask.request.cookies,
get_basic_auth()) if workspace in workspaces else None
# TODO: When the workspace DAO is ready, we have to remove this next line
if not ws.get('fdate'): ws['fdate'] = ws.get('duration').get('end')
if not ws.get('description'): ws['description'] = ''
return flask.jsonify(ws)
def list_services(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(flask.request.args))
services_dao = ServiceDAO(workspace)
services = services_dao.list(service_filter=flask.request.args)
return flask.jsonify(services)
def count_notes(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(request.args))
services_dao = NoteDAO(workspace)
result = services_dao.count()
if result is None:
abort(400)
return jsonify(result)
def count_notes(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(request.args))
services_dao = NoteDAO(workspace)
result = services_dao.count()
if result is None:
abort(400)
return jsonify(result)
def list_commands(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug(
"Request parameters: {!r}".format(flask.request.args))
commands_filter = filter_request_args()
dao = CommandDAO(workspace)
result = dao.list(command_filter=commands_filter)
return flask.jsonify(result)
def count_services(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}".format(flask.request.args))
field = flask.request.args.get("group_by")
services_dao = ServiceDAO(workspace)
result = services_dao.count(group_by=field)
if result is None:
flask.abort(400)
return flask.jsonify(result)
def list_notes(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}".format(request.args))
note_filter = filter_request_args()
dao = NoteDAO(workspace)
result = dao.list(note_filter=note_filter)
return jsonify(result)
def list_services(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(flask.request.args))
port = get_integer_parameter('port', default=None)
services_dao = ServiceDAO(workspace)
services_by_host = services_dao.list(port)
result = {'hosts': services_by_host}
return flask.jsonify(result)
def list_services(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(flask.request.args))
port = get_integer_parameter('port', default=None)
services_dao = ServiceDAO(workspace)
services_by_host = services_dao.list(port)
result = { 'hosts': services_by_host }
return flask.jsonify(result)
def count_services(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(flask.request.args))
field = flask.request.args.get('group_by')
services_dao = ServiceDAO(workspace)
result = services_dao.count(group_by=field)
if result is None:
flask.abort(400)
return flask.jsonify(result)
def workspace_delete(workspace):
# only admins can delete workspaces
validate_admin_perm()
validate_workspace(workspace)
db_manager = get_manager()
if not db_manager.delete_workspace(workspace):
response = flask.jsonify({'error': "There was an error deleting the workspace"})
response.status_code = 500
return response
return flask.jsonify({'ok': True})
def workspace_delete(workspace):
# only admins can delete workspaces
validate_admin_perm()
validate_workspace(workspace)
db_manager = get_manager()
if not db_manager.delete_workspace(workspace):
response = flask.jsonify({'error': "There was an error deleting the workspace"})
response.status_code = 500
return response
return flask.jsonify({'ok': True})
def list_credentials(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(flask.request.args))
cred_filter = filter_request_args()
dao = CredentialDAO(workspace)
result = dao.list(cred_filter=cred_filter)
return flask.jsonify(result)
def list_notes(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug(
"Request parameters: {!r}".format(request.args))
note_filter = filter_request_args()
dao = NoteDAO(workspace)
result = dao.list(note_filter=note_filter)
return jsonify(result)
def create_csv_from_vulns(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(flask.request.args))
cred_filter = filter_request_args()
dao = CredentialDAO(workspace)
result = dao.list(cred_filter=cred_filter)
return flask.jsonify(result)
def list_commands(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}".format(
flask.request.args))
page = get_integer_parameter('page', default=0)
page_size = get_integer_parameter('page_size', default=0)
commands_filter = filter_request_args('page', 'page_size')
dao = CommandDAO(workspace)
result = dao.list(page=page,
page_size=page_size,
command_filter=commands_filter)
return flask.jsonify(result)
def count_vulnerabilities(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(request.args))
field = request.args.get('group_by')
search = request.args.get('search')
vuln_filter = filter_request_args('search', 'group_by')
vuln_dao = VulnerabilityDAO(workspace)
result = vuln_dao.count(group_by=field,
search=search,
vuln_filter=vuln_filter)
if result is None:
abort(400)
return jsonify(result)
def count_vulnerabilities(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(request.args))
field = request.args.get('group_by')
search = request.args.get('search')
vuln_filter = filter_request_args('search', 'group_by')
vuln_dao = VulnerabilityDAO(workspace)
result = vuln_dao.count(group_by=field,
search=search,
vuln_filter=vuln_filter)
if result is None:
abort(400)
return jsonify(result)
def list_commands(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug(
"Request parameters: {!r}".format(flask.request.args))
page = get_integer_parameter('page', default=0)
page_size = get_integer_parameter('page_size', default=0)
commands_filter = filter_request_args(
'page', 'page_size')
dao = CommandDAO(workspace)
result = dao.list(
page=page,
page_size=page_size,
command_filter=commands_filter)
return flask.jsonify(result)
def add_or_update_document(workspace, doc_id):
validate_workspace(workspace)
try:
document = json.loads(flask.request.data)
except ValueError:
return build_bad_request_response('invalid json')
document['_id'] = doc_id # document dictionary does not have id, add it
ws = server.database.get(workspace)
couchdb_conn = ws.couchdb
is_update_request = bool(document.get('_rev', False))
# change user in metadata based on session information
user = get_user_from_session(flask.request.cookies, get_basic_auth())
if document.get('metadata', {}).has_key('owner'):
document['metadata']['owner'] = user
if document.get('metadata', {}).has_key('update_user'):
document['metadata']['update_user'] = user
try:
response = couchdb_conn.save_doc(document)
except RequestFailed as e:
response = flask.jsonify(json.loads(e.msg))
response.status_code = e.status_int
return response
except ResourceError as e:
response = flask.jsonify({'error': e.message})
response.status_code = e.status_int
return response
if response.get('ok', False):
doc_importer = server.database.DocumentImporter(ws.connector)
if is_update_request:
doc_importer.update_entity_from_doc(document)
else:
doc_importer.add_entity_from_doc(document)
return flask.jsonify(response)
def workspace_summary(workspace=None):
validate_workspace(workspace)
services_count = ServiceDAO(workspace).count()
vuln_count = VulnerabilityDAO(workspace).count(vuln_filter=flask.request.args)
host_count = HostDAO(workspace).count()
iface_count = InterfaceDAO(workspace).count()
note_count = NoteDAO(workspace).count()
response = {
'stats': {
'services': services_count.get('total_count', 0),
'total_vulns': vuln_count.get('total_count', 0),
'web_vulns': vuln_count.get('web_vuln_count', 0),
'std_vulns': vuln_count.get('vuln_count', 0),
'hosts': host_count.get('total_count', 0),
'interfaces': iface_count.get('total_count', 0),
'notes': note_count.get('total_count', 0),
}
}
return flask.jsonify(response)
def add_or_update_document(workspace, doc_id):
validate_workspace(workspace)
try:
document = json.loads(flask.request.data)
except ValueError:
return build_bad_request_response('invalid json')
document['_id'] = doc_id # document dictionary does not have id, add it
ws = server.database.get(workspace)
couchdb_conn = ws.couchdb
is_update_request = bool(document.get('_rev', False))
# change user in metadata based on session information
user = get_user_from_session(flask.request.cookies, get_basic_auth())
if document.get('metadata', {}).has_key('owner'):
document['metadata']['owner'] = user
if document.get('metadata', {}).has_key('update_user'):
document['metadata']['update_user'] = user
try:
response = couchdb_conn.save_doc(document)
except RequestFailed as e:
response = flask.jsonify(json.loads(e.msg))
response.status_code = e.status_int
return response
except ResourceError as e:
response = flask.jsonify({'error': e.message})
response.status_code = e.status_int
return response
if response.get('ok', False):
doc_importer = server.database.DocumentImporter(ws.connector)
if is_update_request:
doc_importer.update_entity_from_doc(document)
else:
doc_importer.add_entity_from_doc(document)
return flask.jsonify(response)
def list_hosts(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(flask.request.args))
page = get_integer_parameter('page', default=0)
page_size = get_integer_parameter('page_size', default=0)
search = flask.request.args.get('search')
order_by = flask.request.args.get('sort')
order_dir = flask.request.args.get('sort_dir')
host_filter = filter_request_args('page', 'page_size', 'search', 'sort', 'sort_dir')
dao = HostDAO(workspace)
result = dao.list(search=search,
page=page,
page_size=page_size,
order_by=order_by,
order_dir=order_dir,
host_filter=host_filter)
return flask.jsonify(result)
def workspace_summary(workspace=None):
validate_workspace(workspace)
services_count = ServiceDAO(workspace).count()
vuln_count = VulnerabilityDAO(workspace).count(vuln_filter=flask.request.args)
host_count = HostDAO(workspace).count()
iface_count = InterfaceDAO(workspace).count()
note_count = NoteDAO(workspace).count()
response = {
'stats': {
'services': services_count.get('total_count', 0),
'total_vulns': vuln_count.get('total_count', 0),
'web_vulns': vuln_count.get('web_vuln_count', 0),
'std_vulns': vuln_count.get('vuln_count', 0),
'hosts': host_count.get('total_count', 0),
'interfaces': iface_count.get('total_count', 0),
'notes': note_count.get('total_count', 0),
}
}
return flask.jsonify(response)
def list_hosts(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(flask.request.args))
page = get_integer_parameter('page', default=0)
page_size = get_integer_parameter('page_size', default=0)
search = flask.request.args.get('search')
order_by = flask.request.args.get('sort')
order_dir = flask.request.args.get('sort_dir')
host_filter = filter_request_args('page', 'page_size', 'search', 'sort',
'sort_dir')
dao = HostDAO(workspace)
result = dao.list(search=search,
page=page,
page_size=page_size,
order_by=order_by,
order_dir=order_dir,
host_filter=host_filter)
return flask.jsonify(result)
def get_vulnerabilities(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(request.args))
page = get_integer_parameter('page', default=0)
page_size = get_integer_parameter('page_size', default=0)
search = request.args.get('search')
order_by = request.args.get('sort')
order_dir = request.args.get('sort_dir')
vuln_filter = filter_request_args(
'page', 'page_size', 'search', 'sort', 'sort_dir')
vuln_dao = VulnerabilityDAO(workspace)
result = vuln_dao.list(search=search,
page=page,
page_size=page_size,
order_by=order_by,
order_dir=order_dir,
vuln_filter=vuln_filter)
return jsonify(result)
def get_vulnerabilities(workspace=None):
validate_workspace(workspace)
get_logger(__name__).debug("Request parameters: {!r}"\
.format(request.args))
page = get_integer_parameter('page', default=0)
page_size = get_integer_parameter('page_size', default=0)
search = request.args.get('search')
order_by = request.args.get('sort')
order_dir = request.args.get('sort_dir')
vuln_filter = filter_request_args('page', 'page_size', 'search', 'sort',
'sort_dir')
vuln_dao = VulnerabilityDAO(workspace)
result = vuln_dao.list(search=search,
page=page,
page_size=page_size,
order_by=order_by,
order_dir=order_dir,
vuln_filter=vuln_filter)
return jsonify(result)
def get_document(workspace, doc_id):
validate_workspace(workspace)
ws = server.database.get(workspace)
couchdb_conn = ws.couchdb
response = couchdb_conn.get_document(doc_id)
return flask.jsonify(response)
def get_document(workspace, doc_id):
validate_workspace(workspace)
ws = server.database.get(workspace)
couchdb_conn = ws.couchdb
response = couchdb_conn.get_document(doc_id)
return flask.jsonify(response)
