def process_submission(form): try: cves = [] for cve in form.cves.data.split(','): cves.append(cve.strip()) group = form.group.data coordinates = CoordinateDict({ coord: form._fields.get('%s_%s' % (group, coord)).data.strip() for coord in SUBMISSION_GROUPS.get(group, []) }) files = upload(group, request.files.get('archive', None), coordinates) for (ondisk, filename, suffix) in files: submit( login.current_user.username, ondisk, group, filename, suffix, cves, coordinates=coordinates ) current_app.config['INDEX_REFRESH_FLAG'] = True flash('Archive Submitted for processing', 'info') except ValueError, ve: flash(escape(ve.message), 'error')
def submit_archive(group): """ Allows for authenticated users to submit archives """ user = '******' % api_request_user() try: if group not in groups(): raise ValueError('Invalid group specified') if 'cves' not in request.args: raise ValueError('CVE(s) required') cves = [cve.strip() for cve in request.args['cves'].split(',')] coordinates = CoordinateDict({ coord: request.args.get(coord).strip() for coord in SUBMISSION_GROUPS.get(group) if coord in request.args }) files = upload(group, request.files.get('archive', None), coordinates) for (ondisk, filename, suffix) in files: submit( user, ondisk, group, filename, suffix, cves, coordinates=coordinates ) return success() except ValueError as ve: current_app.logger.info('Invalid submission by %s: %s' % (user, ve.message)) return error(ve.message) except Exception as e: current_app.logger.info(e.message) return error()
def group_coordinates(): keys = [] for coords in SUBMISSION_GROUPS.values(): for key in coords: if key not in keys: keys.append(key) return keys
def cves(group): """ Get cves that match the given coordinates for the specified group. Expectes coordinates as arguments. :Parameters: - `group`: The group for which to search in """ try: validkeys = CoordinateDict().validkeys kwargs = { 'coordinates__%s' % (coord): request.args.get(coord).strip() for coord in SUBMISSION_GROUPS.get(group) if coord in request.args and coord in validkeys } if len(kwargs) == 0: raise ValueError('No coordinates given') kwargs['group'] = group fields = ['cves', 'coordinates'] cves = Hash.objects.only(*fields).filter(**kwargs) return stream_items(cves, fields) except ValueError as ve: return error(ve.message) except Exception as e: current_app.logger.debug(e.message) return error()
def submit_archive(): form = ArchiveSubmit() if form.validate_on_submit(): process_submission(form) return redirect(url_for('ui.index')) elif request.method == 'POST': flash_errors(form) return render_template( 'submit_archive.html', form=form, groups=SUBMISSION_GROUPS.keys())
def update_front_page_stats(): stats = {} stats['hashes'] = Hash.objects(status='RELEASED').only('group') stats['submitted'] = Submission.objects( approval='REQUESTED').only('group') stats['pending'] = Submission.objects( approval='PENDING_APPROVAL').only('group') # Generate counts for objects and for each format # data will contain hashes, hashes_jars, hashes_eggs etc. groups = SUBMISSION_GROUPS.keys() groups.sort() data = {'groups': groups, 'stats': {}} for group in groups: stat = {} for key in stats: if group == 'all': stat[key] = len(stats[key]) else: stat[key] = len(stats[key].filter(group=group)) data['stats'][group] = stat _CONFIG.front_page_stats = data
def process_submission(form, group=None): try: cves = [] for cve in form.cves.data.split(','): cves.append(cve.strip()) if group is None: group = form.group.data coordinates = CoordinateDict({ coord: form._fields.get('%s' % coord).data.strip() for coord in SUBMISSION_GROUPS.get(group, []) }) # remove any empty values coordinates = dict( (k, v) for k, v in coordinates.iteritems() if v is not None and len(v) > 0 ) # if no coordinates given, make None if len(coordinates) == 0: coordinates = None files = upload(group, request.files.get('archive', None), coordinates) for (ondisk, filename, suffix) in files: submit( login.current_user.username, ondisk, group, filename, suffix, cves, coordinates=coordinates ) current_app.config['INDEX_REFRESH_FLAG'] = True flash('Archive Submitted for processing', 'info') except ValueError, ve: flash(escape(ve.message), 'error')
def group_choices(): choices = [] for group in SUBMISSION_GROUPS.keys(): choices.append((group, group)) return choices
Return the status of the service. """ data = json.dumps({ 'eol': EOL, 'supported': True, 'version': '2', 'recommended': True, 'endpoint': '/service/v2/' }) return make_response(data) # Routing Regexes _SINCE_REGEX = '<regex("[0-9\-]{8,}T[0-9:]{8}"):since>' _GROUP_REGEX = '<regex("%s"):group>' % ('|'.join(SUBMISSION_GROUPS.keys())) _START_DATE = '1970-01-01T00:00:00' @v2.route('/update/%s/' % (_GROUP_REGEX), defaults={'since': _START_DATE}) @v2.route('/update/%s/' % (_SINCE_REGEX), defaults={'group': DEFAULT_GROUP}) @v2.route('/update/%s/<since>/' % (_GROUP_REGEX), methods=['GET']) def update(group, since): """ Returns all items updated past a specific date in utc. :Parameters: - `since`: a specific date in utc - `group`: group to limit items to """ try:
cves = fields.StringField('CVE(s)', validators=[ validators.Regexp( '^CVE-\d+-\d+(\s*,\s*CVE-\d+-\d+)*$', message='Invalid CVE. Multiple CVEs can seperated with commas.' ), validators.required(), ]) archive = fields.FileField('Archive') # Dynamic creation of submission forms SUBMISSION_FORMS = {} # Validator of archive vs coordinate based submission _validator = RequiredIfNoneValid([HasFile('archive')]) for (group, coordinates) in SUBMISSION_GROUPS.items(): classname = '%sArtifactSubmit' % (group.title()) group_fields = [] for coord in coordinates: group_fields.append( 'exec("%s = fields.StringField(\'%s\', [_validator])")' % (coord, coord) ) exec('class %s(ArtifactSubmit): %s' % (classname, ';'.join(group_fields))) SUBMISSION_FORMS[group] = eval(classname) class RegistrationForm(Form): """ Registration Form """