Exemple #1
0
def new_empty_command(workspace: Workspace):
    command = Command()
    command.workspace = workspace
    command.start_date = datetime.now()
    command.import_source = 'report'
    command.tool = "In progress"
    command.command = "In progress"
    db.session.commit()
    return command
def file_upload(workspace=None):
    """
    Upload a report file to Server and process that report with Faraday client plugins.
    """
    logger.info("Importing new plugin report in server...")
    # Authorization code copy-pasted from server/api/base.py
    ws = Workspace.query.filter_by(name=workspace).first()
    if not ws or not ws.active:
        # Don't raise a 403 to prevent workspace name enumeration
        abort(404, f"Workspace disabled: {workspace}")

    if 'file' not in request.files:
        abort(400)

    try:
        validate_csrf(request.form.get('csrf_token'))
    except ValidationError:
        abort(403)

    report_file = request.files['file']

    if report_file:

        chars = string.ascii_uppercase + string.digits
        random_prefix = ''.join(random.choice(chars)
                                for x in range(12))  # nosec
        raw_report_filename = f'{random_prefix}_{secure_filename(report_file.filename)}'

        try:
            file_path = CONST_FARADAY_HOME_PATH / 'uploaded_reports' \
                        / raw_report_filename
            with file_path.open('wb') as output:
                output.write(report_file.read())
        except AttributeError:
            logger.warning(
                "Upload reports in WEB-UI not configurated, run Faraday client and try again..."
            )
            abort(
                make_response(
                    jsonify(
                        message=
                        "Upload reports not configurated: Run faraday client and start Faraday server again"
                    ), 500))
        else:
            logger.info(f"Get plugin for file: {file_path}")
            plugin = report_analyzer.get_plugin(file_path)
            if not plugin:
                logger.info("Could not get plugin for file")
                abort(
                    make_response(jsonify(message="Invalid report file"), 400))
            else:
                logger.info(
                    f"Plugin for file: {file_path} Plugin: {plugin.id}")
                workspace_instance = Workspace.query.filter_by(
                    name=workspace).one()
                command = Command()
                command.workspace = workspace_instance
                command.start_date = datetime.now()
                command.import_source = 'report'
                # The data will be updated in the bulk_create function
                command.tool = "In progress"
                command.command = "In progress"

                db.session.add(command)
                db.session.commit()

                REPORTS_QUEUE.put((workspace_instance.name, command.id,
                                   file_path, plugin.id, flask.g.user.id))
                return make_response(
                    jsonify(message="ok", command_id=command.id), 200)
    else:
        abort(make_response(jsonify(message="Missing report file"), 400))