Exemple #1
0
def update_plan(plan_name):
    plan = Plan.get_plan(plan_name)

    if not plan:
        return jsonify(success=False, reason='no-such-plan')

    new_plan = request.json

    new_workflow = create_workflows_from_json(new_plan['workflow'])
    if not new_workflow:
        return jsonify(success=False, reason='invalid-plan')

    plan.name = new_plan.get("name", plan.name)
    plan.description = new_plan.get("description", plan.description)

    old_flows = map(lambda x: x, plan.workflows)
    for flow in old_flows:
        plan.workflows.remove(flow)    

    for new_flow in new_workflow:
        db.session.add(new_flow)
        plan.workflows.append(new_flow)        
    
    db.session.commit()

    return jsonify(success=True, plan=sanitize_plan(Plan.get_plan(plan.name)))
Exemple #2
0
def create_plan():
    plan = request.json

    # Verify incoming plan
    if Plan.get_plan(plan['name']) is not None:
        return jsonify(success=False, reason='plan-already-exists')

    workflows = create_workflows_from_json(plan['workflow'])
    if not workflows:
        return jsonify(success=False, reason='invalid-plan-exists')

    # Create the plan
    new_plan = Plan()
    new_plan.name = plan['name']
    new_plan.description = plan['description']

    db.session.add(new_plan)
    db.session.commit()

    for workflow in workflows:
        db.session.add(workflow)
        new_plan.workflows.append(workflow)
        db.session.commit()

    plan = Plan.get_plan(new_plan.name)
    # Return the new plan
    if not plan:
        return jsonify(success=False)
    return jsonify(success=True, plan=sanitize_plan(plan))
Exemple #3
0
def delete_plan(plan_name):
    plan = Plan.get_plan(plan_name)
    if not plan:
        return jsonify(success=False, reason="Plan does not exist.")

    # XX assess the impact of deleting a plan against existing scans?
    db.session.delete(plan)
    db.session.commit()
    return jsonify(success=True)
Exemple #4
0
def create_site():
    site = request.json
    # Verify incoming site: url must be valid, groups must exist, plans must exist

    if not _check_site_url(site.get('url')):
        return jsonify(success=False, reason='invalid-url')
    if not site.get('url', None):
        return jsonify(success=False, reason='missing-required-field')
    for group in site.get('groups', []):
        if not Group.get_group(group):
            return jsonify(success=False, reason='unknown-group')
    for plan_name in site.get('plans', []):
        if not Plan.get_plan(plan_name):
            return jsonify(success=False, reason='unknown-plan')
    if Site.get_site_by_url(site['url']) is not None:
        return jsonify(success=False, reason='site-already-exists')




    # Create the site
    new_site = Site(site['url'])

    for plan in site.get('plans', []):
        new_site.plans.append(Plan.get_plan(plan))
    new_site.created = datetime.datetime.utcnow()

    for group in site.get('groups', []):
        new_site.groups.append(Group.get_group(group))

    if site.get('verification',{}).get('enabled',False):
        new_site.verification_enabled = True
        new_site.verification_value = str(uuid.uuid4())
    else:
        new_site.verification_enabled = False
        new_site.verification_value = None

    db.session.add(new_site)
    db.session.commit()
    new_site = Site.get_site(new_site.site_uuid)
    # Return the new site
    return jsonify(success=True, site=new_site.dict())
Exemple #5
0
def update_site(site_id):
    new_site = request.json
    # Verify incoming site. It must exist, groups must exist, plans must exist.
    site = Site.get_site(site_id)

    if not site:
        return jsonify(success=False, reason='no-such-site')
    
    for group in new_site.get('groups', []):
        if not Group.get_group(group):
            return jsonify(success=False, reason='unknown-group')
    for plan_name in new_site.get('plans', []):
        if not Plan.get_plan(plan_name):
            return jsonify(success=False, reason='unknown-plan')

    

    if 'groups' in new_site:
        # purge groups
        for group in site.groups:
            site.groups.remove(group)

        # insert desired groups
        for group_name in new_site.get('groups', []):
            site.groups.append(Group.get_group(group_name))

    if 'plans' in new_site:
        #purge plans
        for plan in site.plans:
            site.plans.remove(plan)
        #add new plans
        for plan_name in new_site['plans']:
            site.plans.append(Plan.get_plan(plan_name))

    db.session.commit()
    # Return the updated site
    site = Site.get_site(site_id)
    if not site:
        return jsonify(success=False, reason='no-such-site')
    return jsonify(success=True, site=site.dict())
Exemple #6
0
def get_plans():
    name = request.args.get('name')
    if name:
        plan = Plan.get_plan(name)
        if not plan:
            return jsonify(success=False, reason="no-such-plan")
        else:
            return jsonify(success=True, plans=[plan.dict()])
    else:
        email = request.args.get('email')
        if email:
            plans = get_plans_by_email(email)
        else:
            plans = map(lambda x : x.dict(), Plan.query.all())
        return jsonify(success=True, plans=plans)
Exemple #7
0
def post_scan_create():
    # try to decode the configuration
    configuration = request.json
    
    # See if the plan exists
    plan = Plan.get_plan(configuration['plan'])
    if not plan:
        return jsonify(success=False)
    # Merge the configuration
    # Create a scan object

    scan = Scan()

    scan.meta = json.dumps({ "user": configuration['user'], "tags": [] } )

    scan.configuration = json.dumps(configuration['configuration'])
    scan.site = Site.get_site_by_url(configuration['configuration']['target'])

    scan.plan = json.dumps( { "name": plan.name, "revision": 0 })

    db.session.add(scan)
    db.session.commit()
    for step in plan.workflows:

        session_configuration = {}
        if step.configuration:
         session_configuration = json.loads(step.configuration)
        session_configuration.update(configuration['configuration'])


        session = Session()
        session.configuration = json.dumps(session_configuration)
        session.description = step.description

        session.plugin = json.dumps(Plugin.plugins[step.plugin_name]['descriptor'])

        scan.sessions.append(session)
        db.session.add(session)
        db.session.commit()

    db.session.commit()

    return jsonify(success=True, scan=sanitize_scan(scan))
Exemple #8
0
def setCredentials():
    cred_data = request.json
    site = Site.get_site_by_url(cred_data.get('site'))
    if not site:
        return jsonify(message="no-such-site", success=False)
    plan = Plan.get_plan(cred_data.get('plan'))
    if not plan:
        return jsonify(message="no-such-site", success=False)

    authData = cred_data.get('authData')


    siteCreds = SiteCredential.get_credential(site.id, plan.id)

    if not siteCreds:
        siteCreds = SiteCredential(site.id, plan.id)
        db.session.add(siteCreds)

    #update all fields, preserving values for which none was provided
    siteCreds.site_id = site.id
    siteCreds.plan_id = plan.id
    siteCreds.username = authData.get('username', siteCreds.username)
    siteCreds.emailaddress = authData.get('email', siteCreds.emailaddress)
    siteCreds.script = authData.get('script', siteCreds.script)
    siteCreds.url = authData.get('url', siteCreds.url)
    siteCreds.username_path = authData.get('meusername_field_xpathhod', siteCreds.username_path)
    siteCreds.password_path = authData.get('password_field_xpath', siteCreds.password_path)
    siteCreds.method = authData.get('method', siteCreds.method)
    siteCreds.cookies = authData.get('expected_cookies', siteCreds.cookies)
    siteCreds.before_login_path = authData.get('before_login_element_xpath', siteCreds.before_login_path)
    siteCreds.after_login_path = authData.get('after_login_element_xpath', siteCreds.after_login_path)
    siteCreds.button_path = authData.get('before_login_element_xpath', siteCreds.button_path)


    db.session.commit()
    return jsonify(credential = siteCreds.dict(), success=True)
Exemple #9
0
def get_plan_by_plan_name(plan_name):
    return Plan.get_plan(plan_name)