def process_sources(self):
splitted_source = ""
for file_name, file_source in self.project_files:
ast_source = remove_Directives(file_source)
# print "@file_source[%s]"%file_name #,file_source
try:
# ast = get_ast_from_text(file_source)
ast = None
except Exception, e:
print e
debuglines = 8
line = int(str(e).split(':')[1])
for i in range(debuglines):
try:
print "INFO file[%s] line[%s]: %s" % (
file_name, line + i - debuglines / 2 + 1,
file_source.split('\n')[line + i - debuglines / 2])
except:
pass
ast = None
if ast is not None:
#ast.show()
# print ast.ext
pass
holsted, mackkeib, jilb, sloc = (function(
file_source, ast) for function in (get_holsted, get_mackkeib,
get_jilb, get_sloc))
#BUF to fix
if holsted != (-1, -1, -1):
splitted_source += "\n" + file_source
vulns = get_vulns_count(file_source, ast)
metrix = Metrix(holsted=str(holsted),
mackkeib=str(mackkeib),
jilb=str(jilb),
sloc=str(sloc))
metrix.put()
vulnerability = Vulnerability(vulnerability=str(vulns))
vulnerability.put()
potential = self.calc_potential(holsted[0], mackkeib, jilb, vulns)
p = self.calc_p(potential)
short = self.project.short + md5(file_name).hexdigest()
# print ("filename & sloc & holsted & mackkeib & jilb & vulns & potential & p")
print("{} & {} & {} & {} & {} & {} & {} & {}\\\\".format(
file_name, sloc, holsted[0], mackkeib, jilb, vulns, potential,
p))
source = Source(project=self.project,
file_name=file_name,
file_source=file_source,
file_db_item=SourceFile(
short=short,
project=self.project,
name=file_name,
source=file_source,
metrix=metrix,
vulnerability=vulnerability,
potential=potential,
p=p),
holsted=holsted,
mackkeib=mackkeib,
jilb=jilb,
sloc=sloc,
vulns=vulns,
potential=potential,
p=p)
source.file_db_item.put()
self.files.append(source)
def import_hof(filename):
"""Import Hall of Fame records from initial PoC"""
dos = {}
staff = User.query.filter_by(role_id=1).all()
for do in staff:
name = ''.join([n[0] for n in do.name.split()])
if name == 'VRR':
dos['VR'] = do.id
dos[name] = do.id
constituents = {}
orgs = Organization.query.filter_by(group_id=1).all()
for org in orgs:
constituents[org.abbreviation] = org.id
with open(filename) as f:
hof = json.loads(f.read())
for entry in hof:
vuln_exist = Vulnerability.query.\
filter_by(url=entry['url']).\
count()
if vuln_exist != 0:
print('Entry already exist')
else:
print('Adding')
print(entry['url'])
if entry['published'] == 'yes':
published = True
else:
published = False
if entry['scanable'] == 'yes':
scanable = True
else:
scanable = False
user_id = dos.get(entry['DO'], 1)
org_id = constituents.get(entry['constituent'], 1)
list_types = []
vtype = entry['type']
if Tag.query.filter_by(name=vtype).first():
list_types.append(Tag.query.filter_by(name=vtype).first())
else:
list_types.append(Tag(name=vtype))
vuln = Vulnerability(
user_id=user_id,
check_string=entry['check_string'],
updated=datetime.datetime.now(),
reporter_name=entry['reporter'],
url=entry['url'],
request_data=json.dumps(entry['data']),
request_method=entry['method'],
test_type='request',
request_response_code=entry['test_status'],
tested=entry['last_test'],
reported=entry['report_date'],
patched=entry['patched_date'],
published=published,
scanable=scanable,
incident_id=entry['Incident'],
organization_id=org_id,
labels_=list_types)
db.session.add(vuln)
db.session.commit()
print('Done')
sloc = reduce(lambda x, y: x + y, map(lambda x: x.sloc, self.files))
holsted = get_holsted(splitted_source, None)
mackkeib = get_mackkeib(splitted_source, None)
jilb = get_jilb(splitted_source, None)
vulns = reduce(lambda x, y: (x + y), map(lambda x: x.vulns,
self.files))
potential = reduce(lambda x, y: x if x > y else y,
map(lambda x: x.potential, self.files))
p = reduce(lambda x, y: x if x > y else y,
map(lambda x: x.p, self.files))
self.project.potential = potential
self.project.p = p
metrix = Metrix(sloc=str(sloc),
holsted=str(holsted),
mackkeib=str(mackkeib),
jilb=str(jilb))
metrix.put()
self.project.metrix = metrix
vulnerability = Vulnerability(vulnerability=str(vulns))
vulnerability.put()
self.project.vulnerability = vulnerability
__author__ = 'andrew.vasyltsiv'
