Exemple #1
0
def embed(vuln_id):
    try:
        section_id = int(request.args.get("sid", -1))
        start_line = int(request.args.get("start_line", 1))
        end_line = int(request.args.get("end_line", -1))
        vulnerability_details = VulnerabilityDetails(vuln_id)
        vulnerability_details.validate()
        vuln_view = vulnerability_details.vulnerability_view
        if not vuln_view:
            return bp.make_response(("No vulnerability found", 404))
        if not vuln_view.master_commit:
            return bp.make_response(
                ("Vuln (id: {:d}) has no linked Git commits!".format(
                    vuln_view.id), 404))

        master_commit = vulnerability_details.getMasterCommit()
        files_schema = RepositoryFilesSchema(many=True)
        # Hack to quickly retrieve the full data.
        custom_data = json.loads(
            files_schema.jsonify(master_commit.repository_files).data)
        settings = {
            "section_id": section_id,
            "startLine": start_line,
            "endLine": end_line,
            "entry_data": custom_data,
        }
        return render_template(
            "embedded.html",
            vulnerability_details=vulnerability_details,
            embed_settings=settings,
        )
    except (ValueError, InvalidIdentifierException):
        abort(404)
Exemple #2
0
def bug_save_editor_data():
    try:
        vulnerability_details = VulnerabilityDetails()
        vulnerability_details.validate()
    except InvalidIdentifierException as e:
        return create_json_response(str(e), 400)
    vuln_view = vulnerability_details.vulnerability_view

    if request.method == "POST":
        if not vuln_view:
            return create_json_response("Please create an entry first", 404)

        if not vuln_view.master_commit:
            current_app.logger.error(
                f"Vuln (id: {vuln_view.id}) has no linked Git commits!")
            return create_json_response("Entry has no linked Git link!", 404)

        master_commit = vulnerability_details.getMasterCommit()

        # print("DATA: {request.json}"
        old_files = master_commit.repository_files
        current_app.logger.debug("%d old files", len(old_files))
        # Flush any old custom content of this vulnerability first.
        new_files = []
        for file in request.get_json():
            for of in old_files:
                if of.file_path == file["path"] or of.file_hash == file["hash"]:
                    current_app.logger.debug(
                        "Found old file: %s",
                        (file["path"], file["hash"], file["name"]))
                    file_obj = of
                    break
            else:
                current_app.logger.debug(
                    "Creating new file: %s",
                    (file["path"], file["hash"], file["name"]))
                file_obj = RepositoryFiles(
                    file_name=file["name"],
                    file_path=file["path"],
                    file_patch="DEPRECATED",
                    file_hash=file["hash"],
                )
            # Create comment objects.
            new_comments = []
            for comment in file["comments"]:
                comment_obj = RepositoryFileComments(
                    row_from=comment["row_from"],
                    row_to=comment["row_to"],
                    text=comment["text"],
                    sort_pos=comment["sort_pos"],
                    creator=g.user,
                )
                new_comments.append(comment_obj)
            update_file_comments(file_obj, new_comments)
            # Create marker objects.
            new_markers = []
            for marker in file["markers"]:
                marker_obj = RepositoryFileMarkers(
                    row_from=marker["row_from"],
                    row_to=marker["row_to"],
                    column_from=marker["column_from"],
                    column_to=marker["column_to"],
                    marker_class=marker["class"],
                    creator=g.user,
                )
                new_markers.append(marker_obj)
            update_file_markers(file_obj, new_markers)
            new_files.append(file_obj)

        current_app.logger.debug("Setting %d files", len(new_files))
        master_commit.repository_files = new_files

        # Update / Insert entries into the database.
        db.session.commit()
        return create_json_response("Update successful.")
    return create_json_response("Accepting only POST requests.", 400)