def profile_view(user):
""" Retrieves basic user information """
controller = UserController(user_id=user.id)
return jsonify({
'user':
controller.get_user().to_dict(include_protected=True,
replace_id=True)
})
def edit_view(user):
""" Retrieves basic user information """
controller = UserController(user_id=user.id)
try:
controller.update_user(request.get_json())
except UserControllerException as exc:
LOGGER.error('Could not update user', **exc.errors)
response = jsonify({
'message': 'User update failed',
'errors': exc.errors
})
response.status_code = 400
return response
return jsonify({
'user':
controller.get_user().to_dict(include_protected=True,
replace_id=True)
})
async def update_password(recovery_token: str, update_password_request: UpdatePasswordRequest, request: Request):
user_controller = UserController(request=request)
user_controller.validate_recovery_password_token(recovery_token=recovery_token)
user_controller.update_password(
recovery_token=recovery_token,
update_password_request=update_password_request
)
return None
def registration_view():
""" Registers a new user """
user_controller = UserController()
try:
user = user_controller.create_user(request.get_json())
except UserControllerException as exc:
LOGGER.error('Could not register new user', **exc.errors)
response = jsonify({
'message': 'Registration Failed',
'errors': exc.errors
})
response.status_code = 400
return response
auth_token = AuthController().get_token(user).decode('utf-8')
response = jsonify({
'message':
'Registration successful',
'user':
user.to_dict(include_protected=True, replace_id=True),
})
response.set_cookie(Config.AUTH_TOKEN_NAME, auth_token)
return response
def login(self, data):
validator = LoginSchema()
try:
loaded_data = validator.load(data)
except ValidationError as error:
raise AuthControllerException(error.messages)
user: User = UserController().get_user(email=loaded_data['email'])
try:
assert checkpw(loaded_data['password'].encode('utf8'),
user.password)
except (AssertionError, AttributeError):
raise AuthControllerException(
{'invalid': 'Incorrect user and/or password'})
return user
def register_user():
"""
Required parameters :
email, password
:return:
"""
data = CommonUtility.get_request_data()
valid, schema = APIValidator.validate_register_user_api(data)
if not valid:
return schema, 400
email = data["email"]
password = data["password"]
user = UserController.register_user(email, password)
if user:
response = Response(ResponseInfo.CODE_SUCCESS,
ResponseInfo.MESSAGE_SUCCESS)
return jsonify(response.to_dict())
def get_user(id):
user = UserController.get_user(id)
return (dict(user=user))
async def login_for_access_token(form_data: OAuth2PasswordRequest, request: Request):
user_controller = UserController(request=request)
return user_controller.authenticate_user(email=form_data.email, password=form_data.password)
async def login_for_access_token(recovery_token: str, request: Request):
user_controller = UserController(request=request)
user_controller.validate_recovery_password_token(recovery_token=recovery_token)
return None
def edit_user(id):
return UserController().edit(id)
def delete_admin(id):
return UserController().delete(id)
def login_admin():
return UserController().login_admin()
class APIControl(object):
"""
Object used as a global API.
Data controllers are used for direct data manipulation.
Methods are used for complex (cross-data) manipulation.
TODO: create a brand new analysis scehduler working on database
samples status, and remove the analysis creation from this class.
"""
familycontrol = None
samplecontrol = None
usercontrol = None
analysiscontrol = None
familycontrol = FamilyController()
yaracontrol = YaraController()
samplecontrol = SampleController()
usercontrol = UserController()
analysiscontrol = AnalysisController(
app.config['ANALYSIS_PROCESS_POOL_SIZE'])
idacontrol = IDAActionsController()
def __init__(self):
"""
Initiate controllers.
"""
pass
def create_sample_and_run_analysis(self,
file_data_stream,
originate_filename,
user=None,
tlp_level=TLPLevel.TLPWHITE,
family=None):
"""
Creates a new sample and a schedule an analysis. We also check the
file header for ZIP pattern: if a ZIP pattern is found, any file
inside the archive will be imported and scheduled for analysis.
TODO: move this to the SampleController, and start directly on new
file submission.
"""
file_data = file_data_stream.read()
if file_data.startswith("PK"):
with zipfile.ZipFile(file_data, "r") as zcl:
for name in zcl.namelist():
mfile = zcl.open(name, "r")
sample = self.samplecontrol.create_sample_from_file(
mfile, name, user, tlp_level)
if family is not None:
self.familycontrol.add_sample(sample, family)
if sample.analysis_status == AnalysisStatus.TOSTART:
self.analysiscontrol.schedule_sample_analysis(
sample.id)
zcl.close()
return None
sample = self.samplecontrol.create_sample_from_file(
file_data, originate_filename, user, tlp_level)
if sample.analysis_status == AnalysisStatus.TOSTART:
self.analysiscontrol.schedule_sample_analysis(sample.id)
if family is not None:
self.familycontrol.add_sample(sample, family)
return sample
def add_actions_fromfunc_infos(self, funcinfos, sample_dst, sample_src):
for fid_dst, fid_src in funcinfos:
fsrc = FunctionInfo.query.get(fid_src)
fdst = FunctionInfo.query.get(fid_dst)
if fsrc is None or fdst is None:
return False
if fsrc not in sample_src.functions:
return False
if fdst not in sample_dst.functions:
return False
if fsrc.name.startswith("sub_"):
continue
act = self.idacontrol.add_name(int(fdst.address), fsrc.name)
self.samplecontrol.add_idaaction(sample_dst.id, act)
db.session.commit()
return True
def delete_user(id):
return UserController().delete(id)
def add_user(fname, lname):
user = UserController.add_user(fname, lname)
return (dict(user=user))
def search_fname(fname):
users = UserController.search_users(fname)
return (dict(users=users))
async def create_user(user_create: UserCreate, request: Request):
user_controller = UserController(request=request)
return await user_controller.create_user(user_create=user_create)
def input_admin():
return UserController().input()
async def get_user(request: Request,
jwt_token: JwtToken = Depends(verify_token)):
user_controller = UserController(request=request)
return user_controller.get_user(user_id=jwt_token.user_id)
async def login_for_access_token(form_data: RecoveryPasswordRequest, request: Request):
user_controller = UserController(request=request)
await user_controller.recovery_password(email=form_data.email)
return None
def input_user():
return UserController().input()