def hash_submission(submission_id): """ Helper method to process an archive at source where possible from a submission. """ submission = Submission.objects(id=submission_id).first() if not submission: config.LOGGER.debug('Submission %s not found.' % (submission_id)) return if not submission.entry is None: submission.add_comment('Entry alread exits. Skipping hashing.') return if not isfile(submission.source): submission.add_comment('Source file not found.') return if submission.group not in config.HASHING_COMMANDS: submission.add_comment('Hashing command for this group not found.') return command = config.HASHING_COMMANDS[submission.group].format( archive=submission.source) try: output = check_output(command, shell=True).strip() count = 0 for line in output.split('\n'): json_data = loads(line) json_data['cves'] = submission.cves meta = json_data.get('metadata', []) if isinstance(meta, dict): meta = [meta] json_data['metadata'] = meta entry = Hash() entry.mongify(json_data) entry.status = 'SUBMITTED' entry.submitter = submission.submitter if count > 0: # create a new submission for each embedded entry s = deepcopy(submission) s.id = None else: s = submission s.entry = entry s.approval = 'PENDING_APPROVAL' s.validate() s.save() s.add_comment('Auto hash entry added') count += 1 # we are done safely, now remove the source submission.remove_source_file() except CalledProcessError as e: submission.add_comment(e) config.LOGGER.debug('Command execution failed for "%s"' % (command)) except Exception as e: submission.add_comment(e) config.LOGGER.warn('Failed to hash: ' + e.message)
def submit_hash(group): """ Allows for authenticated users to submit hashes via json. """ user = '******' % api_request_user() try: if group not in groups(): raise ValueError('Invalid group specified') json_data = request.get_json() if 'cves' not in json_data: raise ValueError('No CVE provided') entry = Hash() entry.mongify(json_data) entry.submitter = user submit( user, 'json-api-hash', group, suffix='Hash', entry=entry, approval='PENDING_APPROVAL') return success() except ValueError as ve: return error(ve.message) except Exception as e: current_app.logger.info('Invalid submission by %s' % (user)) current_app.logger.debug(e) return error()