def listAdd(self):
cpe = request.args.get('cpe')
cpeType = request.args.get('type')
lst = request.args.get('list')
isglobal = False
if db.isMasterAccount(current_user.get_id()):
isglobal = True
logging.info(
"CPE:{0} cpeType:{1} lst:{2} isglobal:{3} user:{4}".format(
cpe, cpeType, lst, isglobal, current_user.get_id()))
if cpe and cpeType and lst:
status = "added_to_list" if self.addCPEToList(
cpe, lst, cpeType, isglobal,
current_user.get_id()) else "already_exists_in_list"
print(status)
returnList = db.getWhitelist(user=current_user.get_id(
)) if lst == "Whitelist" else db.getBlacklist(
user=current_user.get_id())
pprint(returnList)
return jsonify({
"status": status,
"rules": returnList,
"listType": lst.title()
})
else:
return jsonify({"status": "could_not_add_to_list"})
def check_is_master(self):
if db.isMasterAccount(self.user):
return True
else:
self.error = make_response(
jsonify(message="User {} need to be master".format(user)), 400)
return False
def masterLogin():
master = input("Master account username: "******"Master password:"), master):
if not dbLayer.isMasterAccount(master):
sys.exit(exits['noMaster'])
else:
sys.exit('Master user/password combination does not exist')
return True
def masterLogin():
master = input("Master account username: "******"Master password:"), master):
if not dbLayer.isMasterAccount(master):
sys.exit(exits['noMaster'])
else:
sys.exit('Master user/password combination does not exist')
return True
def admin(self):
if Configuration.loginRequired():
if not current_user.is_authenticated():
return render_template('login.html')
else:
person = User.get("_dummy_", self.auth_handler)
login_user(person)
output = None
master = db.isMasterAccount(current_user.get_id())
checked = ct.checkCronJobExists('cve_search')
if os.path.isfile(Configuration.getUpdateLogFile()):
with open(Configuration.getUpdateLogFile()) as updateFile:
separator = "==========================\n"
output = updateFile.read().split(separator)[-2:]
output = separator + separator.join(output)
return render_template('admin.html',
status="default",
master=master,
checked=checked,
**self.adminInfo(output))
def listManagementAdd(self):
# retrieve the separate item parts
item = request.args.get('item', type=str)
pprint("item0 {0}".format(item))
listType = request.args.get('list', type=str)
isadmin = db.isMasterAccount(current_user.get_id())
pattern = re.compile('^[a-z:0-9.~_%-]+$')
if pattern.match(item):
item = item.split(":")
added = False
if len(item) == 1:
# only vendor, so a check on cpe type is needed
logging.info(
"listManagementAdd: Adding from level 1:{0}".format(
item[0]))
if self.redisdb.sismember("t:/o", item[0]):
if self.addCPEToList("cpe:/o:" + item[0],
listType,
isglobal=isadmin,
user=current_user.get_id()):
added = True
if self.redisdb.sismember("t:/a", item[0]):
if self.addCPEToList("cpe:/a:" + item[0],
listType,
isglobal=isadmin,
user=current_user.get_id()):
added = True
if self.redisdb.sismember("t:/h", item[0]):
if self.addCPEToList("cpe:/h:" + item[0],
listType,
isglobal=isadmin,
user=current_user.get_id()):
added = True
elif 4 > len(item) > 1:
logging.info(
"size is bigger than, look for item[1]: {0}".format(
item[1]))
# cpe type can be found with a mongo regex query
result = db.getCVEs(query={'cpe_2_2': {
'$regex': item[1]
}},
collection="cpe")
if len(result) != 0:
prefix = ((result[0])['cpe_2_2'])[:7]
logging.info(
"listManagementAdd: Adding from level 2:{0}{1}{2}".
format(prefix, item[0], item[1]))
if len(item) == 2:
if self.addCPEToList(prefix + item[0] + ":" + item[1],
listType,
isglobal=isadmin,
user=current_user.get_id()):
added = True
if len(item) == 3:
if self.addCPEToList(prefix + item[0] + ":" + item[1] +
":" + item[2],
listType,
isglobal=isadmin,
user=current_user.get_id()):
added = True
status = "added_to_list" if added else "could_not_add_to_list"
else:
status = "invalid_cpe"
j = {"status": status, "listType": listType}
return jsonify(j)
