def update_plan(plan_name): plan = Plan.get_plan(plan_name) if not plan: return jsonify(success=False, reason='no-such-plan') new_plan = request.json new_workflow = create_workflows_from_json(new_plan['workflow']) if not new_workflow: return jsonify(success=False, reason='invalid-plan') plan.name = new_plan.get("name", plan.name) plan.description = new_plan.get("description", plan.description) old_flows = map(lambda x: x, plan.workflows) for flow in old_flows: plan.workflows.remove(flow) for new_flow in new_workflow: db.session.add(new_flow) plan.workflows.append(new_flow) db.session.commit() return jsonify(success=True, plan=sanitize_plan(Plan.get_plan(plan.name)))
def create_plan(): plan = request.json # Verify incoming plan if Plan.get_plan(plan['name']) is not None: return jsonify(success=False, reason='plan-already-exists') workflows = create_workflows_from_json(plan['workflow']) if not workflows: return jsonify(success=False, reason='invalid-plan-exists') # Create the plan new_plan = Plan() new_plan.name = plan['name'] new_plan.description = plan['description'] db.session.add(new_plan) db.session.commit() for workflow in workflows: db.session.add(workflow) new_plan.workflows.append(workflow) db.session.commit() plan = Plan.get_plan(new_plan.name) # Return the new plan if not plan: return jsonify(success=False) return jsonify(success=True, plan=sanitize_plan(plan))
def delete_plan(plan_name): plan = Plan.get_plan(plan_name) if not plan: return jsonify(success=False, reason="Plan does not exist.") # XX assess the impact of deleting a plan against existing scans? db.session.delete(plan) db.session.commit() return jsonify(success=True)
def create_site(): site = request.json # Verify incoming site: url must be valid, groups must exist, plans must exist if not _check_site_url(site.get('url')): return jsonify(success=False, reason='invalid-url') if not site.get('url', None): return jsonify(success=False, reason='missing-required-field') for group in site.get('groups', []): if not Group.get_group(group): return jsonify(success=False, reason='unknown-group') for plan_name in site.get('plans', []): if not Plan.get_plan(plan_name): return jsonify(success=False, reason='unknown-plan') if Site.get_site_by_url(site['url']) is not None: return jsonify(success=False, reason='site-already-exists') # Create the site new_site = Site(site['url']) for plan in site.get('plans', []): new_site.plans.append(Plan.get_plan(plan)) new_site.created = datetime.datetime.utcnow() for group in site.get('groups', []): new_site.groups.append(Group.get_group(group)) if site.get('verification',{}).get('enabled',False): new_site.verification_enabled = True new_site.verification_value = str(uuid.uuid4()) else: new_site.verification_enabled = False new_site.verification_value = None db.session.add(new_site) db.session.commit() new_site = Site.get_site(new_site.site_uuid) # Return the new site return jsonify(success=True, site=new_site.dict())
def update_site(site_id): new_site = request.json # Verify incoming site. It must exist, groups must exist, plans must exist. site = Site.get_site(site_id) if not site: return jsonify(success=False, reason='no-such-site') for group in new_site.get('groups', []): if not Group.get_group(group): return jsonify(success=False, reason='unknown-group') for plan_name in new_site.get('plans', []): if not Plan.get_plan(plan_name): return jsonify(success=False, reason='unknown-plan') if 'groups' in new_site: # purge groups for group in site.groups: site.groups.remove(group) # insert desired groups for group_name in new_site.get('groups', []): site.groups.append(Group.get_group(group_name)) if 'plans' in new_site: #purge plans for plan in site.plans: site.plans.remove(plan) #add new plans for plan_name in new_site['plans']: site.plans.append(Plan.get_plan(plan_name)) db.session.commit() # Return the updated site site = Site.get_site(site_id) if not site: return jsonify(success=False, reason='no-such-site') return jsonify(success=True, site=site.dict())
def get_plans(): name = request.args.get('name') if name: plan = Plan.get_plan(name) if not plan: return jsonify(success=False, reason="no-such-plan") else: return jsonify(success=True, plans=[plan.dict()]) else: email = request.args.get('email') if email: plans = get_plans_by_email(email) else: plans = map(lambda x : x.dict(), Plan.query.all()) return jsonify(success=True, plans=plans)
def post_scan_create(): # try to decode the configuration configuration = request.json # See if the plan exists plan = Plan.get_plan(configuration['plan']) if not plan: return jsonify(success=False) # Merge the configuration # Create a scan object scan = Scan() scan.meta = json.dumps({ "user": configuration['user'], "tags": [] } ) scan.configuration = json.dumps(configuration['configuration']) scan.site = Site.get_site_by_url(configuration['configuration']['target']) scan.plan = json.dumps( { "name": plan.name, "revision": 0 }) db.session.add(scan) db.session.commit() for step in plan.workflows: session_configuration = {} if step.configuration: session_configuration = json.loads(step.configuration) session_configuration.update(configuration['configuration']) session = Session() session.configuration = json.dumps(session_configuration) session.description = step.description session.plugin = json.dumps(Plugin.plugins[step.plugin_name]['descriptor']) scan.sessions.append(session) db.session.add(session) db.session.commit() db.session.commit() return jsonify(success=True, scan=sanitize_scan(scan))
def setCredentials(): cred_data = request.json site = Site.get_site_by_url(cred_data.get('site')) if not site: return jsonify(message="no-such-site", success=False) plan = Plan.get_plan(cred_data.get('plan')) if not plan: return jsonify(message="no-such-site", success=False) authData = cred_data.get('authData') siteCreds = SiteCredential.get_credential(site.id, plan.id) if not siteCreds: siteCreds = SiteCredential(site.id, plan.id) db.session.add(siteCreds) #update all fields, preserving values for which none was provided siteCreds.site_id = site.id siteCreds.plan_id = plan.id siteCreds.username = authData.get('username', siteCreds.username) siteCreds.emailaddress = authData.get('email', siteCreds.emailaddress) siteCreds.script = authData.get('script', siteCreds.script) siteCreds.url = authData.get('url', siteCreds.url) siteCreds.username_path = authData.get('meusername_field_xpathhod', siteCreds.username_path) siteCreds.password_path = authData.get('password_field_xpath', siteCreds.password_path) siteCreds.method = authData.get('method', siteCreds.method) siteCreds.cookies = authData.get('expected_cookies', siteCreds.cookies) siteCreds.before_login_path = authData.get('before_login_element_xpath', siteCreds.before_login_path) siteCreds.after_login_path = authData.get('after_login_element_xpath', siteCreds.after_login_path) siteCreds.button_path = authData.get('before_login_element_xpath', siteCreds.button_path) db.session.commit() return jsonify(credential = siteCreds.dict(), success=True)
def get_plan_by_plan_name(plan_name): return Plan.get_plan(plan_name)