def fill_random_answers(self, store, context_id, value=None):
"""
return randomly populated contexts associated to specified context
"""
answers = {}
steps = db_get_context_steps(store, context_id, 'en')
for step in steps:
for field in step['children']:
self.fill_random_field_recursively(answers, field)
return answers
def fill_random_answers(self, store, context_id, value=None):
"""
return randomly populated contexts associated to specified context
"""
answers = {}
steps = db_get_context_steps(store, context_id, 'en')
for step in steps:
for field in step['children']:
self.fill_random_field_recursively(answers, field)
return answers
def db_create_submission(store, request, uploaded_files, client_using_tor,
language):
answers = request['answers']
context = store.find(models.Context,
models.Context.id == request['context_id']).one()
if not context:
raise errors.ContextIdNotFound
submission = models.InternalTip()
submission.progressive = db_assign_submission_progressive(store)
if context.tip_timetolive > -1:
submission.expiration_date = get_expiration(context.tip_timetolive)
else:
submission.expiration_date = datetime_never()
# this is get from the client as it the only possibility possible
# that would fit with the end to end submission.
# the score is only an indicator and not a critical information so we can accept to
# be fooled by the malicious user.
submission.total_score = request['total_score']
# The status tor2web is used to keep track of the security level adopted by the whistleblower
submission.tor2web = not client_using_tor
submission.context_id = context.id
submission.enable_two_way_comments = context.enable_two_way_comments
submission.enable_two_way_messages = context.enable_two_way_messages
submission.enable_attachments = context.enable_attachments
submission.enable_whistleblower_identity = context.questionnaire.enable_whistleblower_identity
if submission.enable_whistleblower_identity and request[
'identity_provided']:
submission.identity_provided = True
submission.identity_provided_date = datetime_now()
try:
questionnaire = db_get_context_steps(store, context.id, None)
questionnaire_hash = unicode(sha256(json.dumps(questionnaire)))
submission.questionnaire_hash = questionnaire_hash
submission.preview = extract_answers_preview(questionnaire, answers)
store.add(submission)
db_archive_questionnaire_schema(store, questionnaire,
questionnaire_hash)
db_save_questionnaire_answers(store, submission.id, answers)
except Exception as excep:
log.err("Submission create: fields validation fail: %s" % excep)
raise excep
try:
for filedesc in uploaded_files:
new_file = models.InternalFile()
new_file.name = filedesc['name']
new_file.description = ""
new_file.content_type = filedesc['type']
new_file.size = filedesc['size']
new_file.internaltip_id = submission.id
new_file.submission = filedesc['submission']
new_file.file_path = filedesc['path']
store.add(new_file)
log.debug("=> file associated %s|%s (%d bytes)" %
(new_file.name, new_file.content_type, new_file.size))
except Exception as excep:
log.err("Submission create: unable to create db entry for files: %s" %
excep)
raise excep
receipt, wbtip = db_create_whistleblowertip(store, submission)
if submission.context.maximum_selectable_receivers > 0 and \
len(request['receivers']) > submission.context.maximum_selectable_receivers:
raise errors.SubmissionValidationFailure(
"selected an invalid number of recipients")
rtips = []
for receiver in store.find(models.Receiver,
In(models.Receiver.id, request['receivers'])):
if submission.context not in receiver.contexts:
continue
if not GLSettings.memory_copy.allow_unencrypted and len(
receiver.user.pgp_key_public) == 0:
continue
rtips.append(db_create_receivertip(store, receiver, submission))
if len(rtips) == 0:
raise errors.SubmissionValidationFailure("need at least one recipient")
log.debug("The finalized submission had created %d models.ReceiverTip(s)" %
len(rtips))
submission_dict = serialize_usertip(store, wbtip, language)
submission_dict.update({'receipt': receipt})
return submission_dict
def db_create_submission(store, token_id, request, t2w, language):
# the .get method raise an exception if the token is invalid
token = TokenList.get(token_id)
token.use()
answers = request['answers']
context = store.find(models.Context, models.Context.id == request['context_id']).one()
if not context:
raise errors.ContextIdNotFound
submission = models.InternalTip()
submission.progressive = db_assign_submission_progressive(store)
submission.expiration_date = utc_future_date(seconds=context.tip_timetolive)
# this is get from the client as it the only possibility possible
# that would fit with the end to end submission.
# the score is only an indicator and not a critical information so we can accept to
# be fooled by the malicious user.
submission.total_score = request['total_score']
# The use of Tor2Web is detected by the basehandler and the status forwared here;
# The status is used to keep track of the security level adopted by the whistleblower
submission.tor2web = t2w
submission.context_id = context.id
submission.enable_two_way_comments = context.enable_two_way_comments
submission.enable_two_way_messages = context.enable_two_way_messages
submission.enable_attachments = context.enable_attachments
submission.enable_whistleblower_identity = context.questionnaire.enable_whistleblower_identity
if submission.enable_whistleblower_identity and request['identity_provided']:
submission.identity_provided = True
submission.identity_provided_date = datetime_now()
try:
questionnaire = db_get_context_steps(store, context.id, None)
questionnaire_hash = unicode(sha256(json.dumps(questionnaire)))
submission.questionnaire_hash = questionnaire_hash
submission.preview = extract_answers_preview(questionnaire, answers)
store.add(submission)
db_archive_questionnaire_schema(store, questionnaire, questionnaire_hash)
db_save_questionnaire_answers(store, submission.id, answers)
except Exception as excep:
log.err("Submission create: fields validation fail: %s" % excep)
raise excep
try:
import_receivers(store, submission, request['receivers'])
except Exception as excep:
log.err("Submission create: receivers import fail: %s" % excep)
raise excep
try:
for filedesc in token.uploaded_files:
new_file = models.InternalFile()
new_file.name = filedesc['filename']
new_file.description = ""
new_file.content_type = filedesc['content_type']
new_file.size = filedesc['body_len']
new_file.internaltip_id = submission.id
new_file.submission = filedesc['submission']
new_file.file_path = filedesc['encrypted_path']
store.add(new_file)
log.debug("=> file associated %s|%s (%d bytes)" % (
new_file.name, new_file.content_type, new_file.size))
except Exception as excep:
log.err("Submission create: unable to create db entry for files: %s" % excep)
raise excep
receipt, wbtip = db_create_whistleblower_tip(store, submission)
submission_dict = serialize_usertip(store, wbtip, language)
submission_dict.update({'receipt': receipt})
return submission_dict
def db_create_submission(store, token_id, request, t2w, language):
# the .get method raise an exception if the token is invalid
token = TokenList.get(token_id)
token.use()
answers = request['answers']
context = store.find(models.Context, models.Context.id == request['context_id']).one()
if not context:
raise errors.ContextIdNotFound
submission = models.InternalTip()
submission.progressive = db_assign_submission_progressive(store)
submission.expiration_date = utc_future_date(seconds=context.tip_timetolive)
# The use of Tor2Web is detected by the basehandler and the status forwared here;
# The status is used to keep track of the security level adopted by the whistleblower
submission.tor2web = t2w
submission.context_id = context.id
submission.enable_two_way_comments = context.enable_two_way_comments
submission.enable_two_way_messages = context.enable_two_way_messages
submission.enable_attachments = context.enable_attachments
submission.enable_whistleblower_identity = context.enable_whistleblower_identity
if context.enable_whistleblower_identity and request['identity_provided']:
submission.identity_provided = True
submission.identity_provided_date = datetime_now()
try:
questionnaire = db_get_context_steps(store, context.id, None)
questionnaire_hash = unicode(sha256(json.dumps(questionnaire)))
submission.questionnaire_hash = questionnaire_hash
submission.preview = extract_answers_preview(questionnaire, answers)
store.add(submission)
db_archive_questionnaire_schema(store, questionnaire, questionnaire_hash)
db_save_questionnaire_answers(store, submission.id, answers)
except Exception as excep:
log.err("Submission create: fields validation fail: %s" % excep)
raise excep
try:
import_receivers(store, submission, request['receivers'])
except Exception as excep:
log.err("Submission create: receivers import fail: %s" % excep)
raise excep
try:
for filedesc in token.uploaded_files:
associated_f = models.InternalFile()
associated_f.name = filedesc['filename']
associated_f.description = ""
associated_f.content_type = filedesc['content_type']
associated_f.size = filedesc['body_len']
associated_f.internaltip_id = submission.id
associated_f.file_path = filedesc['encrypted_path']
store.add(associated_f)
log.debug("=> file associated %s|%s (%d bytes)" % (
associated_f.name, associated_f.content_type, associated_f.size))
except Exception as excep:
log.err("Submission create: unable to create db entry for files: %s" % excep)
raise excep
receipt, wbtip = db_create_whistleblower_tip(store, submission)
submission_dict = serialize_usertip(store, wbtip, language)
submission_dict.update({'receipt': receipt})
return submission_dict
def db_create_submission(store, request, uploaded_files, t2w, language):
answers = request['answers']
context = store.find(models.Context, models.Context.id == request['context_id']).one()
if not context:
raise errors.ContextIdNotFound
submission = models.InternalTip()
submission.progressive = db_assign_submission_progressive(store)
if context.tip_timetolive > -1:
submission.expiration_date = utc_future_date(days=context.tip_timetolive)
else:
submission.expiration_date = datetime_never()
# this is get from the client as it the only possibility possible
# that would fit with the end to end submission.
# the score is only an indicator and not a critical information so we can accept to
# be fooled by the malicious user.
submission.total_score = request['total_score']
# The use of Tor2Web is detected by the basehandler and the status forwared here;
# The status is used to keep track of the security level adopted by the whistleblower
submission.tor2web = t2w
submission.context_id = context.id
submission.enable_two_way_comments = context.enable_two_way_comments
submission.enable_two_way_messages = context.enable_two_way_messages
submission.enable_attachments = context.enable_attachments
submission.enable_whistleblower_identity = context.questionnaire.enable_whistleblower_identity
if submission.enable_whistleblower_identity and request['identity_provided']:
submission.identity_provided = True
submission.identity_provided_date = datetime_now()
try:
questionnaire = db_get_context_steps(store, context.id, None)
questionnaire_hash = unicode(sha256(json.dumps(questionnaire)))
submission.questionnaire_hash = questionnaire_hash
submission.preview = extract_answers_preview(questionnaire, answers)
store.add(submission)
db_archive_questionnaire_schema(store, questionnaire, questionnaire_hash)
db_save_questionnaire_answers(store, submission.id, answers)
except Exception as excep:
log.err("Submission create: fields validation fail: %s" % excep)
raise excep
try:
for filedesc in uploaded_files:
new_file = models.InternalFile()
new_file.name = filedesc['name']
new_file.description = ""
new_file.content_type = filedesc['type']
new_file.size = filedesc['size']
new_file.internaltip_id = submission.id
new_file.submission = filedesc['submission']
new_file.file_path = filedesc['path']
store.add(new_file)
log.debug("=> file associated %s|%s (%d bytes)" % (
new_file.name, new_file.content_type, new_file.size))
except Exception as excep:
log.err("Submission create: unable to create db entry for files: %s" % excep)
raise excep
receipt, wbtip = db_create_whistleblowertip(store, submission)
if submission.context.maximum_selectable_receivers > 0 and \
len(request['receivers']) > submission.context.maximum_selectable_receivers:
raise errors.SubmissionValidationFailure("provided an invalid number of receivers")
rtips = []
for receiver in store.find(models.Receiver, In(models.Receiver.id, request['receivers'])):
if submission.context not in receiver.contexts:
continue
if not GLSettings.memory_copy.allow_unencrypted and len(receiver.user.pgp_key_public) == 0:
continue
rtips.append(db_create_receivertip(store, receiver, submission))
if len(rtips) == 0:
raise errors.SubmissionValidationFailure("needed almost one receiver")
log.debug("The finalized submission had created %d models.ReceiverTip(s)" % len(rtips))
submission_dict = serialize_usertip(store, wbtip, language)
submission_dict.update({'receipt': receipt})
return submission_dict
