def Update(self,
plugin_group,
plugin_type,
plugin_code,
patch_data,
target_id=None):
plugin_dict = {
"plugin_group": plugin_group,
"plugin_type": plugin_type,
"plugin_code": plugin_code
}
query = self.GenerateQueryUsingSession(plugin_dict, target_id)
obj = query.first()
if obj:
try:
if patch_data.get("user_rank", None):
if isinstance(patch_data["user_rank"], list):
patch_data["user_rank"] = patch_data["user_rank"][0]
obj.user_rank = int(patch_data["user_rank"])
obj.owtf_rank = -1
if patch_data.get("user_notes", None):
if isinstance(patch_data["user_notes"], list):
patch_data["user_notes"] = patch_data["user_notes"][0]
obj.user_notes = patch_data["user_notes"]
self.db.session.merge(obj)
self.db.session.commit()
except ValueError:
raise InvalidParameterType(
"Integer has to be provided for integer fields")
def _generate_query(self, filter_data, session_id, for_stats=False):
query = self.db.session.query(models.Target).filter(
models.Target.sessions.any(id=session_id))
if filter_data.get("search") is not None:
if filter_data.get('target_url', None):
if isinstance(filter_data.get('target_url'), list):
filter_data['target_url'] = filter_data['target_url'][0]
query = query.filter(
models.Target.target_url.like("%%%s%%" %
filter_data['target_url']))
else:
if filter_data.get("target_url", None):
if isinstance(filter_data["target_url"], (str, unicode)):
query = query.filter_by(
target_url=filter_data["target_url"])
if isinstance(filter_data["target_url"], list):
query = query.filter(
models.Target.target_url.in_(
filter_data.get("target_url")))
if filter_data.get("host_ip", None):
if isinstance(filter_data["host_ip"], (str, unicode)):
query = query.filter_by(host_ip=filter_data["host_ip"])
if isinstance(filter_data["host_ip"], list):
query = query.filter(
models.Target.host_ip.in_(filter_data.get("host_ip")))
if filter_data.get("scope", None):
filter_data["scope"] = filter_data["scope"][0]
query = query.filter_by(scope=self.config.ConvertStrToBool(
filter_data.get("scope")))
if filter_data.get("host_name", None):
if isinstance(filter_data["host_name"], (str, unicode)):
query = query.filter_by(host_name=filter_data["host_name"])
if isinstance(filter_data["host_name"], list):
query = query.filter(
models.Target.host_name.in_(
filter_data.get("host_name")))
if filter_data.get("id", None):
if isinstance(filter_data["id"], (str, unicode)):
query = query.filter_by(id=filter_data["id"])
if isinstance(filter_data["id"], list):
query = query.filter(
models.Target.id.in_(filter_data.get("id")))
# This will allow new targets to be at the start
query = query.order_by(models.Target.id.desc())
if not for_stats: # query for stats shouldn't have limit and offset
try:
if filter_data.get('offset', None):
if isinstance(filter_data.get('offset'), list):
filter_data['offset'] = filter_data['offset'][0]
query = query.offset(int(filter_data['offset']))
if filter_data.get('limit', None):
if isinstance(filter_data.get('limit'), list):
filter_data['limit'] = filter_data['limit'][0]
query = query.limit(int(filter_data['limit']))
except ValueError:
raise InvalidParameterType(
"Invalid parameter type for target db for id[lt] or id[gt]"
)
return query
def GenerateQueryUsingSession(self, criteria, target_id, for_stats=False):
query = self.db.session.query(
models.Url).filter_by(target_id=target_id)
# Check if criteria is url search
if criteria.get('search', None):
if criteria.get('url', None):
if isinstance(criteria.get('url'), list):
criteria['url'] = criteria['url'][0]
query = query.filter(
models.Url.url.like('%%%s%%' % criteria['url']))
else: # If not search
if criteria.get('url', None):
if isinstance(criteria.get('url'), (str, unicode)):
query = query.filter_by(url=criteria['url'])
if isinstance(criteria.get('url'), list):
query = query.filter(models.Url.url.in_(criteria['url']))
# For the following section doesn't matter if filter/search because
# it doesn't make sense to search in a boolean column :P
if criteria.get('visited', None):
if isinstance(criteria.get('visited'), list):
criteria['visited'] = criteria['visited'][0]
query = query.filter_by(
visited=self.config.ConvertStrToBool(criteria['visited']))
if criteria.get('scope', None):
if isinstance(criteria.get('scope'), list):
criteria['scope'] = criteria['scope'][0]
query = query.filter_by(
scope=self.config.ConvertStrToBool(criteria['scope']))
if not for_stats: # Query for stats can't have limit and offset
try:
if criteria.get('offset', None):
if isinstance(criteria.get('offset'), list):
criteria['offset'] = criteria['offset'][0]
query = query.offset(int(criteria['offset']))
if criteria.get('limit', None):
if isinstance(criteria.get('limit'), list):
criteria['limit'] = criteria['limit'][0]
query = query.limit(int(criteria['limit']))
except ValueError:
raise InvalidParameterType(
"Invalid parameter type for transaction db")
return query
def GenerateQueryUsingSession(self,
filter_data,
target_id,
for_delete=False):
query = self.db.session.query(
models.PluginOutput).filter_by(target_id=target_id)
if filter_data.get("target_id", None):
query.filter_by(target_id=filter_data["target_id"])
if filter_data.get("plugin_key", None):
if isinstance(filter_data.get("plugin_key"), (str, unicode)):
query = query.filter_by(plugin_key=filter_data["plugin_key"])
if isinstance(filter_data.get("plugin_key"), list):
query = query.filter(
models.PluginOutput.plugin_key.in_(
filter_data["plugin_key"]))
if filter_data.get("plugin_type", None):
if isinstance(filter_data.get("plugin_type"), (str, unicode)):
query = query.filter_by(plugin_type=filter_data["plugin_type"])
if isinstance(filter_data.get("plugin_type"), list):
query = query.filter(
models.PluginOutput.plugin_type.in_(
filter_data["plugin_type"]))
if filter_data.get("plugin_group", None):
if isinstance(filter_data.get("plugin_group"), (str, unicode)):
query = query.filter_by(
plugin_group=filter_data["plugin_group"])
if isinstance(filter_data.get("plugin_group"), list):
query = query.filter(
models.PluginOutput.plugin_group.in_(
filter_data["plugin_group"]))
if filter_data.get("plugin_code", None):
if isinstance(filter_data.get("plugin_code"), (str, unicode)):
query = query.filter_by(plugin_code=filter_data["plugin_code"])
if isinstance(filter_data.get("plugin_code"), list):
query = query.filter(
models.PluginOutput.plugin_code.in_(
filter_data["plugin_code"]))
if filter_data.get("status", None):
if isinstance(filter_data.get("status"), (str, unicode)):
query = query.filter_by(status=filter_data["status"])
if isinstance(filter_data.get("status"), list):
query = query.filter(
models.PluginOutput.status.in_(filter_data["status"]))
try:
if filter_data.get("user_rank", None):
if isinstance(filter_data.get("user_rank"), (str, unicode)):
query = query.filter_by(
user_rank=int(filter_data["user_rank"]))
if isinstance(filter_data.get("user_rank"), list):
numbers_list = [int(x) for x in filter_data["user_rank"]]
query = query.filter(
models.PluginOutput.user_rank.in_(numbers_list))
if filter_data.get("owtf_rank", None):
if isinstance(filter_data.get("owtf_rank"), (str, unicode)):
query = query.filter_by(
owtf_rank=int(filter_data["owtf_rank"]))
if isinstance(filter_data.get("owtf_rank"), list):
numbers_list = [int(x) for x in filter_data["owtf_rank"]]
query = query.filter(
models.PluginOutput.owtf_rank.in_(numbers_list))
except ValueError:
raise InvalidParameterType(
"Integer has to be provided for integer fields")
if not for_delete:
query = query.order_by(models.PluginOutput.plugin_key.asc())
return query
def GenerateQueryUsingSession(self, criteria, target_id, for_stats=False):
query = self.db.session.query(
models.Transaction).filter_by(target_id=target_id)
# If transaction search is being done
if criteria.get('search', None):
if criteria.get('url', None):
if isinstance(criteria.get('url'), list):
criteria['url'] = criteria['url'][0]
query = query.filter(
models.Transaction.url.like('%%%s%%' % criteria['url']))
if criteria.get('method', None):
if isinstance(criteria.get('method'), list):
criteria['method'] = criteria['method'][0]
query = query.filter(
models.Transaction.method.like('%%%s%%' %
criteria.get('method')))
if criteria.get('data', None):
if isinstance(criteria.get('data'), list):
criteria['data'] = criteria['data'][0]
query = query.filter(
models.Transaction.data.like('%%%s%%' %
criteria.get('data')))
if criteria.get('raw_request', None):
if isinstance(criteria.get('raw_request'), list):
criteria['raw_request'] = criteria['raw_request'][0]
query = query.filter(
models.Transaction.raw_request.like(
'%%%s%%' % criteria.get('raw_request')))
if criteria.get('response_status', None):
if isinstance(criteria.get('response_status'), list):
criteria['response_status'] = criteria['response_status'][
0]
query = query.filter(
models.Transaction.response_status.like(
'%%%s%%' % criteria.get('response_status')))
if criteria.get('response_headers', None):
if isinstance(criteria.get('response_headers'), list):
criteria['response_headers'] = criteria[
'response_headers'][0]
query = query.filter(
models.Transaction.response_headers.like(
'%%%s%%' % criteria.get('response_headers')))
if criteria.get('response_body', None):
if isinstance(criteria.get('response_body'), list):
criteria['response_body'] = criteria['response_body'][0]
query = query.filter(
models.Transaction.binary_response is False,
models.Transaction.response_body.like(
'%%%s%%' % criteria.get('response_body')))
else: # If transaction filter is being done
if criteria.get('url', None):
if isinstance(criteria.get('url'), (str, unicode)):
query = query.filter_by(url=criteria['url'])
if isinstance(criteria.get('url'), list):
query = query.filter(
models.Transaction.url.in_(criteria.get('url')))
if criteria.get('method', None):
if isinstance(criteria.get('method'), (str, unicode)):
query = query.filter_by(method=criteria['method'])
if isinstance(criteria.get('method'), list):
query = query.filter(
models.Transaction.method.in_(criteria.get('method')))
if criteria.get('data', None):
if isinstance(criteria.get('data'), (str, unicode)):
query = query.filter_by(data=criteria['data'])
if isinstance(criteria.get('data'), list):
query = query.filter(
models.Transaction.data.in_(criteria.get('data')))
# For the following section doesn't matter if filter/search because
# it doesn't make sense to search in a boolean column :P
if criteria.get('scope', None):
if isinstance(criteria.get('scope'), list):
criteria['scope'] = criteria['scope'][0]
query = query.filter_by(
scope=self.config.ConvertStrToBool(criteria['scope']))
if criteria.get('binary_response', None):
if isinstance(criteria.get('binary_response'), list):
criteria['binary_response'] = criteria['binary_response'][0]
query = query.filter_by(
binary_response=self.config.ConvertStrToBool(
criteria['binary_response']))
if not for_stats: # query for stats shouldn't have limit and offset
try:
query.order_by(models.Transaction.local_timestamp)
if criteria.get('offset', None):
if isinstance(criteria.get('offset'), list):
criteria['offset'] = int(criteria['offset'][0])
if criteria['offset'] >= 0:
query = query.offset(criteria['offset'])
if criteria.get('limit', None):
if isinstance(criteria.get('limit'), list):
criteria['limit'] = int(criteria['limit'][0])
if criteria['limit'] >= 0:
query = query.limit(criteria['limit'])
else: # It is too dangerous without a limit argument
query.limit(10) # Default limit value is 10
except ValueError:
raise InvalidParameterType(
"Invalid parameter type for transaction db")
return query