def delete_document(workspace, doc_id): validate_workspace(workspace) ws = server.database.get(workspace) couchdb_conn = ws.couchdb doc_rev = flask.request.args.get('rev', '') try: response = couchdb_conn.delete_doc({'_id': doc_id, '_rev': doc_rev}) except RequestFailed as e: response = flask.jsonify(json.loads(e.msg)) response.status_code = e.status_int return response except ResourceError as e: response = flask.jsonify({'error': e.message}) response.status_code = e.status_int return response if response.get('ok', False): doc_importer = server.database.DocumentImporter(ws.connector) doc_importer.delete_entity_from_doc_id(doc_id) return flask.jsonify(response)
def add_or_update_document(workspace, doc_id): validate_workspace(workspace) try: document = json.loads(flask.request.data) except ValueError: return build_bad_request_response('invalid json') document['_id'] = doc_id # document dictionary does not have id, add it ws = server.database.get(workspace) couchdb_conn = ws.couchdb is_update_request = bool(document.get('_rev', False)) try: response = couchdb_conn.save_doc(document) except RequestFailed as e: response = flask.jsonify(json.loads(e.msg)) response.status_code = e.status_int return response except ResourceError as e: response = flask.jsonify({'error': e.message}) response.status_code = e.status_int return response if response.get('ok', False): doc_importer = server.database.DocumentImporter(ws.connector) if is_update_request: doc_importer.update_entity_from_doc(document) else: doc_importer.add_entity_from_doc(document) return flask.jsonify(response)
def delete_document_and_children(workspace, doc_id): def delete_document(doc_id, doc_rev): try: response = couchdb_conn.delete_doc({'_id': doc_id, '_rev': doc_rev}) except RequestFailed as e: response = flask.jsonify(json.loads(e.msg)) response.status_code = e.status_int return response except ResourceError as e: response = flask.jsonify({'error': e.message}) response.status_code = e.status_int return response if response.get('ok', False): doc_importer = server.database.DocumentImporter(ws.connector) doc_importer.delete_entity_from_doc_id(doc_id) return flask.jsonify(response) validate_workspace(workspace) ws = server.database.get(workspace) couchdb_conn = ws.couchdb docs_to_delete = couchdb_conn.get_documents_starting_with_id(doc_id) docs_ids_to_delete = filter(lambda x: x is not None, (map(lambda d: d.get('id'), docs_to_delete))) docs_revs_to_delete = map(lambda d: d['doc']['_rev'], docs_to_delete) responses = map(delete_document, docs_ids_to_delete, docs_revs_to_delete) return responses[0]
def delete_document_and_children(workspace, doc_id): def delete_document(doc_id, doc_rev): try: response = couchdb_conn.delete_doc({ '_id': doc_id, '_rev': doc_rev }) except RequestFailed as e: response = flask.jsonify(json.loads(e.msg)) response.status_code = e.status_int return response except ResourceError as e: response = flask.jsonify({'error': e.message}) response.status_code = e.status_int return response if response.get('ok', False): doc_importer = server.database.DocumentImporter(ws.connector) doc_importer.delete_entity_from_doc_id(doc_id) return flask.jsonify(response) validate_workspace(workspace) ws = server.database.get(workspace) couchdb_conn = ws.couchdb docs_to_delete = couchdb_conn.get_documents_starting_with_id(doc_id) docs_ids_to_delete = filter(lambda x: x is not None, (map(lambda d: d.get('id'), docs_to_delete))) docs_revs_to_delete = map(lambda d: d['doc']['_rev'], docs_to_delete) responses = map(delete_document, docs_ids_to_delete, docs_revs_to_delete) return responses[0]
def list_services(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}".format(flask.request.args)) services_dao = ServiceDAO(workspace) services = services_dao.list(service_filter=flask.request.args) return flask.jsonify(services)
def workspace(workspace): validate_workspace(workspace) workspaces = list_workspaces_as_user( flask.request.cookies, get_basic_auth())['workspaces'] ws = get_workspace(workspace, flask.request.cookies, get_basic_auth()) if workspace in workspaces else None # TODO: When the workspace DAO is ready, we have to remove this next line if not ws.get('fdate'): ws['fdate'] = ws.get('duration').get('end') if not ws.get('description'): ws['description'] = '' return flask.jsonify(ws)
def list_interfaces(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}"\ .format(flask.request.args)) dao = InterfaceDAO(workspace) result = dao.list(interface_filter=flask.request.args) return flask.jsonify(result)
def workspace(workspace): validate_workspace(workspace) workspaces = list_workspaces_as_user(flask.request.cookies, get_basic_auth())['workspaces'] ws = get_workspace(workspace, flask.request.cookies, get_basic_auth()) if workspace in workspaces else None # TODO: When the workspace DAO is ready, we have to remove this next line if not ws.get('fdate'): ws['fdate'] = ws.get('duration').get('end') if not ws.get('description'): ws['description'] = '' return flask.jsonify(ws)
def list_services(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}"\ .format(flask.request.args)) services_dao = ServiceDAO(workspace) services = services_dao.list(service_filter=flask.request.args) return flask.jsonify(services)
def count_notes(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}"\ .format(request.args)) services_dao = NoteDAO(workspace) result = services_dao.count() if result is None: abort(400) return jsonify(result)
def list_commands(workspace=None): validate_workspace(workspace) get_logger(__name__).debug( "Request parameters: {!r}".format(flask.request.args)) commands_filter = filter_request_args() dao = CommandDAO(workspace) result = dao.list(command_filter=commands_filter) return flask.jsonify(result)
def count_services(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}".format(flask.request.args)) field = flask.request.args.get("group_by") services_dao = ServiceDAO(workspace) result = services_dao.count(group_by=field) if result is None: flask.abort(400) return flask.jsonify(result)
def list_notes(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}".format(request.args)) note_filter = filter_request_args() dao = NoteDAO(workspace) result = dao.list(note_filter=note_filter) return jsonify(result)
def list_services(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}"\ .format(flask.request.args)) port = get_integer_parameter('port', default=None) services_dao = ServiceDAO(workspace) services_by_host = services_dao.list(port) result = {'hosts': services_by_host} return flask.jsonify(result)
def list_services(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}"\ .format(flask.request.args)) port = get_integer_parameter('port', default=None) services_dao = ServiceDAO(workspace) services_by_host = services_dao.list(port) result = { 'hosts': services_by_host } return flask.jsonify(result)
def count_services(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}"\ .format(flask.request.args)) field = flask.request.args.get('group_by') services_dao = ServiceDAO(workspace) result = services_dao.count(group_by=field) if result is None: flask.abort(400) return flask.jsonify(result)
def workspace_delete(workspace): # only admins can delete workspaces validate_admin_perm() validate_workspace(workspace) db_manager = get_manager() if not db_manager.delete_workspace(workspace): response = flask.jsonify({'error': "There was an error deleting the workspace"}) response.status_code = 500 return response return flask.jsonify({'ok': True})
def list_credentials(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}"\ .format(flask.request.args)) cred_filter = filter_request_args() dao = CredentialDAO(workspace) result = dao.list(cred_filter=cred_filter) return flask.jsonify(result)
def list_notes(workspace=None): validate_workspace(workspace) get_logger(__name__).debug( "Request parameters: {!r}".format(request.args)) note_filter = filter_request_args() dao = NoteDAO(workspace) result = dao.list(note_filter=note_filter) return jsonify(result)
def create_csv_from_vulns(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}"\ .format(flask.request.args)) cred_filter = filter_request_args() dao = CredentialDAO(workspace) result = dao.list(cred_filter=cred_filter) return flask.jsonify(result)
def list_commands(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}".format( flask.request.args)) page = get_integer_parameter('page', default=0) page_size = get_integer_parameter('page_size', default=0) commands_filter = filter_request_args('page', 'page_size') dao = CommandDAO(workspace) result = dao.list(page=page, page_size=page_size, command_filter=commands_filter) return flask.jsonify(result)
def count_vulnerabilities(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}"\ .format(request.args)) field = request.args.get('group_by') search = request.args.get('search') vuln_filter = filter_request_args('search', 'group_by') vuln_dao = VulnerabilityDAO(workspace) result = vuln_dao.count(group_by=field, search=search, vuln_filter=vuln_filter) if result is None: abort(400) return jsonify(result)
def list_commands(workspace=None): validate_workspace(workspace) get_logger(__name__).debug( "Request parameters: {!r}".format(flask.request.args)) page = get_integer_parameter('page', default=0) page_size = get_integer_parameter('page_size', default=0) commands_filter = filter_request_args( 'page', 'page_size') dao = CommandDAO(workspace) result = dao.list( page=page, page_size=page_size, command_filter=commands_filter) return flask.jsonify(result)
def add_or_update_document(workspace, doc_id): validate_workspace(workspace) try: document = json.loads(flask.request.data) except ValueError: return build_bad_request_response('invalid json') document['_id'] = doc_id # document dictionary does not have id, add it ws = server.database.get(workspace) couchdb_conn = ws.couchdb is_update_request = bool(document.get('_rev', False)) # change user in metadata based on session information user = get_user_from_session(flask.request.cookies, get_basic_auth()) if document.get('metadata', {}).has_key('owner'): document['metadata']['owner'] = user if document.get('metadata', {}).has_key('update_user'): document['metadata']['update_user'] = user try: response = couchdb_conn.save_doc(document) except RequestFailed as e: response = flask.jsonify(json.loads(e.msg)) response.status_code = e.status_int return response except ResourceError as e: response = flask.jsonify({'error': e.message}) response.status_code = e.status_int return response if response.get('ok', False): doc_importer = server.database.DocumentImporter(ws.connector) if is_update_request: doc_importer.update_entity_from_doc(document) else: doc_importer.add_entity_from_doc(document) return flask.jsonify(response)
def workspace_summary(workspace=None): validate_workspace(workspace) services_count = ServiceDAO(workspace).count() vuln_count = VulnerabilityDAO(workspace).count(vuln_filter=flask.request.args) host_count = HostDAO(workspace).count() iface_count = InterfaceDAO(workspace).count() note_count = NoteDAO(workspace).count() response = { 'stats': { 'services': services_count.get('total_count', 0), 'total_vulns': vuln_count.get('total_count', 0), 'web_vulns': vuln_count.get('web_vuln_count', 0), 'std_vulns': vuln_count.get('vuln_count', 0), 'hosts': host_count.get('total_count', 0), 'interfaces': iface_count.get('total_count', 0), 'notes': note_count.get('total_count', 0), } } return flask.jsonify(response)
def list_hosts(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}"\ .format(flask.request.args)) page = get_integer_parameter('page', default=0) page_size = get_integer_parameter('page_size', default=0) search = flask.request.args.get('search') order_by = flask.request.args.get('sort') order_dir = flask.request.args.get('sort_dir') host_filter = filter_request_args('page', 'page_size', 'search', 'sort', 'sort_dir') dao = HostDAO(workspace) result = dao.list(search=search, page=page, page_size=page_size, order_by=order_by, order_dir=order_dir, host_filter=host_filter) return flask.jsonify(result)
def get_vulnerabilities(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}"\ .format(request.args)) page = get_integer_parameter('page', default=0) page_size = get_integer_parameter('page_size', default=0) search = request.args.get('search') order_by = request.args.get('sort') order_dir = request.args.get('sort_dir') vuln_filter = filter_request_args( 'page', 'page_size', 'search', 'sort', 'sort_dir') vuln_dao = VulnerabilityDAO(workspace) result = vuln_dao.list(search=search, page=page, page_size=page_size, order_by=order_by, order_dir=order_dir, vuln_filter=vuln_filter) return jsonify(result)
def get_vulnerabilities(workspace=None): validate_workspace(workspace) get_logger(__name__).debug("Request parameters: {!r}"\ .format(request.args)) page = get_integer_parameter('page', default=0) page_size = get_integer_parameter('page_size', default=0) search = request.args.get('search') order_by = request.args.get('sort') order_dir = request.args.get('sort_dir') vuln_filter = filter_request_args('page', 'page_size', 'search', 'sort', 'sort_dir') vuln_dao = VulnerabilityDAO(workspace) result = vuln_dao.list(search=search, page=page, page_size=page_size, order_by=order_by, order_dir=order_dir, vuln_filter=vuln_filter) return jsonify(result)
def get_document(workspace, doc_id): validate_workspace(workspace) ws = server.database.get(workspace) couchdb_conn = ws.couchdb response = couchdb_conn.get_document(doc_id) return flask.jsonify(response)