def process_sources(self): splitted_source = "" for file_name, file_source in self.project_files: ast_source = remove_Directives(file_source) # print "@file_source[%s]"%file_name #,file_source try: # ast = get_ast_from_text(file_source) ast = None except Exception, e: print e debuglines = 8 line = int(str(e).split(':')[1]) for i in range(debuglines): try: print "INFO file[%s] line[%s]: %s" % ( file_name, line + i - debuglines / 2 + 1, file_source.split('\n')[line + i - debuglines / 2]) except: pass ast = None if ast is not None: #ast.show() # print ast.ext pass holsted, mackkeib, jilb, sloc = (function( file_source, ast) for function in (get_holsted, get_mackkeib, get_jilb, get_sloc)) #BUF to fix if holsted != (-1, -1, -1): splitted_source += "\n" + file_source vulns = get_vulns_count(file_source, ast) metrix = Metrix(holsted=str(holsted), mackkeib=str(mackkeib), jilb=str(jilb), sloc=str(sloc)) metrix.put() vulnerability = Vulnerability(vulnerability=str(vulns)) vulnerability.put() potential = self.calc_potential(holsted[0], mackkeib, jilb, vulns) p = self.calc_p(potential) short = self.project.short + md5(file_name).hexdigest() # print ("filename & sloc & holsted & mackkeib & jilb & vulns & potential & p") print("{} & {} & {} & {} & {} & {} & {} & {}\\\\".format( file_name, sloc, holsted[0], mackkeib, jilb, vulns, potential, p)) source = Source(project=self.project, file_name=file_name, file_source=file_source, file_db_item=SourceFile( short=short, project=self.project, name=file_name, source=file_source, metrix=metrix, vulnerability=vulnerability, potential=potential, p=p), holsted=holsted, mackkeib=mackkeib, jilb=jilb, sloc=sloc, vulns=vulns, potential=potential, p=p) source.file_db_item.put() self.files.append(source)
def import_hof(filename): """Import Hall of Fame records from initial PoC""" dos = {} staff = User.query.filter_by(role_id=1).all() for do in staff: name = ''.join([n[0] for n in do.name.split()]) if name == 'VRR': dos['VR'] = do.id dos[name] = do.id constituents = {} orgs = Organization.query.filter_by(group_id=1).all() for org in orgs: constituents[org.abbreviation] = org.id with open(filename) as f: hof = json.loads(f.read()) for entry in hof: vuln_exist = Vulnerability.query.\ filter_by(url=entry['url']).\ count() if vuln_exist != 0: print('Entry already exist') else: print('Adding') print(entry['url']) if entry['published'] == 'yes': published = True else: published = False if entry['scanable'] == 'yes': scanable = True else: scanable = False user_id = dos.get(entry['DO'], 1) org_id = constituents.get(entry['constituent'], 1) list_types = [] vtype = entry['type'] if Tag.query.filter_by(name=vtype).first(): list_types.append(Tag.query.filter_by(name=vtype).first()) else: list_types.append(Tag(name=vtype)) vuln = Vulnerability( user_id=user_id, check_string=entry['check_string'], updated=datetime.datetime.now(), reporter_name=entry['reporter'], url=entry['url'], request_data=json.dumps(entry['data']), request_method=entry['method'], test_type='request', request_response_code=entry['test_status'], tested=entry['last_test'], reported=entry['report_date'], patched=entry['patched_date'], published=published, scanable=scanable, incident_id=entry['Incident'], organization_id=org_id, labels_=list_types) db.session.add(vuln) db.session.commit() print('Done')
sloc = reduce(lambda x, y: x + y, map(lambda x: x.sloc, self.files)) holsted = get_holsted(splitted_source, None) mackkeib = get_mackkeib(splitted_source, None) jilb = get_jilb(splitted_source, None) vulns = reduce(lambda x, y: (x + y), map(lambda x: x.vulns, self.files)) potential = reduce(lambda x, y: x if x > y else y, map(lambda x: x.potential, self.files)) p = reduce(lambda x, y: x if x > y else y, map(lambda x: x.p, self.files)) self.project.potential = potential self.project.p = p metrix = Metrix(sloc=str(sloc), holsted=str(holsted), mackkeib=str(mackkeib), jilb=str(jilb)) metrix.put() self.project.metrix = metrix vulnerability = Vulnerability(vulnerability=str(vulns)) vulnerability.put() self.project.vulnerability = vulnerability __author__ = 'andrew.vasyltsiv'