def clone(self, request, short_name=''):
from oda.apps.odaweb.views import make_copy
oda_master = OdaMaster.get_by_short_name(short_name)
if oda_master.owner == request.user:
raise OdaRestException("Don't copy an oda_master you already own")
the_copy = make_copy(oda_master, request.user)
return Response(the_copy.short_name)
def load_examples(owner=None):
EXAMPLES_DIR = os.path.join(
os.path.dirname(oda.apps.odaweb.examples.__file__), 'examples')
for example in Examples:
short_name = example['short_name']
valid_file_storage_id = True
if OdaMaster.objects.filter(short_name=short_name).exists():
print('Example %s already exists in the database' % short_name)
oda_master = OdaMaster.objects.filter(
short_name=short_name).first()
else:
oda_master = OdaMaster(
short_name=short_name,
project_name=example['project_name'],
owner=owner,
default_permission=OdaMasterPermissionLevel.read.value)
print('Adding example %s to database' % short_name)
if 'data' in example:
example_data = ''.join(example['data'].split())
odb_file = OdbFile(
BinaryString(example_data, example['options']['architecture']))
elif 'file_name' in example:
odb_file = OdbFile(
BinaryFile(os.path.join(EXAMPLES_DIR, example['file_name']),
example['options']['target'],
example['options']['architecture']))
odb_file.execute(LoadOperation())
odb_file.execute(PassiveScanOperation())
if 'comments' in example:
for vma, msg in example['comments']:
odb_file.execute(CreateCommentOperation(vma, msg))
print("Adding Comment %s To %s" % (msg, str(odb_file)))
if 'labels' in example:
for vma, label in example['labels']:
odb_file.execute(CreateLabelOperation(vma, label))
print("Saving label %s To %s" % (label, str(odb_file)))
oda_master.odb_file = odb_file
oda_master.save()
def can_edit(self, request, **kwargs):
oda_master = OdaMaster.get_by_short_name(kwargs['short_name'])
if oda_master == None:
return Response(status=status.HTTP_404_NOT_FOUND,
data='This document cannot be found')
own = (oda_master.get_user_permission_level(
request.user) == OdaMasterPermissionLevel.edit)
return Response(own)
def permissions(self, request, **kwargs):
oda_master = OdaMaster.get_by_short_name(kwargs['short_name'])
if not oda_master:
raise OdaRestException('ODA Master ' + kwargs['short_name'] +
' not found.')
permissions = oda_master.odamasterpermission_set.all()
serializer = OdaMasterPermissionSerializer(permissions, many=True)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data,
status=status.HTTP_200_OK,
headers=headers)
def test_list_permissions_on_oda_master(self):
otheruser = OdaUser(username='******')
otheruser.save()
oda_master = OdaMaster.get_by_short_name('mkdir')
perm = Permission.objects.get(codename='read_odamaster')
OdaMasterPermission.objects.create(master=oda_master,
user=otheruser,
permission=perm)
response = self.client.get('/odaweb/api/masters/mkdir/', format='json')
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data['permissions'][0]['username'],
'otheruser')
self.assertEqual(response.data['permissions'][0]['permission'], 'read')
def permission(self, request, **kwargs):
permission = self.request.data.get('permission')
username = self.request.data.get('username')
usergroup = self.request.data.get('usergroup')
if permission is None or (username is None and usergroup is None):
raise OdaRestException(
'Must specify permission and username or usergroup.')
oda_master = OdaMaster.get_by_short_name(kwargs['short_name'])
if not oda_master:
raise OdaRestException('ODA Master ' + kwargs['short_name'] +
' not found.')
not_found = None
try:
perm = Permission.objects.get(codename=permission + '_odamaster')
user = OdaUser.objects.get_by_natural_key(
username) if username else None
group = self.request.user.groups.get(
name=usergroup) if usergroup else None
if not user and not group:
raise OdaRestException('Must specify user or group.')
args = {'master': oda_master, 'permission': perm}
if user:
args['user'] = user
if group:
args['group'] = group
if request.method == 'POST':
OdaMasterPermission.objects.create(**args)
serializer = self.get_serializer(oda_master)
headers = self.get_success_headers(serializer.data)
return Response(serializer.data,
status=status.HTTP_201_CREATED,
headers=headers)
if request.method == 'DELETE':
OdaMasterPermission.objects.get(**args).delete()
return Response(status=status.HTTP_204_NO_CONTENT)
except OdaUser.DoesNotExist:
not_found = 'User'
except OdaMasterPermission.DoesNotExist:
not_found = 'OdaMasterPermission'
except Group.DoesNotExist:
not_found = 'Group'
except Permission.DoesNotExist:
not_found = 'Permission'
if not_found:
raise OdaRestException(not_found + ' not found.')
raise OdaRestException
def test_permission_delete_group(self):
group = Group.objects.create(name='mygroup')
self.user.groups.add(group)
oda_master = OdaMaster.get_by_short_name('mkdir')
perm = Permission.objects.get(codename='read_odamaster')
OdaMasterPermission.objects.create(master=oda_master,
group=group,
permission=perm)
response = self.client.delete('/odaweb/api/masters/mkdir/permission/',
{
'usergroup': 'mygroup',
'permission': 'read',
},
format='json')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
def test_permission_delete_user(self):
otheruser = OdaUser(username='******')
otheruser.save()
oda_master = OdaMaster.get_by_short_name('mkdir')
perm = Permission.objects.get(codename='read_odamaster')
OdaMasterPermission.objects.create(master=oda_master,
user=otheruser,
permission=perm)
response = self.client.delete('/odaweb/api/masters/mkdir/permission/',
{
'username': '******',
'permission': 'read',
},
format='json')
self.assertEqual(response.status_code, status.HTTP_204_NO_CONTENT)
def has_permission(self, request, view):
if isinstance(view, OdaMasterViewSet):
# Permission enforcement for OdaMaster listing is done using queryset
if view.action == 'list':
return True
short_name = view.kwargs.get('short_name') or request.query_params.get(
'short_name') or request.data.get('short_name')
if short_name is not None:
oda_master = OdaMaster.get_by_short_name(short_name)
if oda_master is not None:
permission_level = oda_master.get_user_permission_level(
request.user)
if permission_level == OdaMasterPermissionLevel.edit:
return True
if permission_level == OdaMasterPermissionLevel.read and request.method == 'GET':
return True
return False
raise OdaRestException('Bad or missing short_name')
def set_default_permission_level(self, request, **kwargs):
oda_master = OdaMaster.get_by_short_name(kwargs['short_name'])
new_permission_level = OdaMasterPermissionLevel[
request.data['permission_level']]
oda_master.set_default_permission_level(new_permission_level)
return Response({'permission_level': new_permission_level.value})
def branches(self, request, **kwargs):
oda_master = OdaMaster.get_by_short_name(kwargs['short_name'])
odb_file = oda_master.odb_file
branches = odb_file.get_structure_list(Branch)
return Response(
{'branches': [BranchSerializer(x).data for x in branches]})
def upload(request):
form = UploadFileForm(request.POST, request.FILES)
status = 200
filename = 'unknown'
if 'filedata' in request.FILES:
filename = request.FILES['filedata'].name
if form.is_valid():
project_name = form.cleaned_data['project_name']
default_sharing_level = OdaMasterPermissionLevel[
form.cleaned_data['default_sharing_level']]
filedata = form.cleaned_data['filedata']
idbImport = IdbImport(filedata)
if idbImport.is_idb():
binary_file = BinaryFile.create_from_idb(filedata)
binary_file.save()
arch, target = idbImport.guess_arch()
description = idbImport.describe()
else:
binary_file = BinaryFile.create(filedata)
binary_file.save()
description = binary_file.desc()
arch, target = Disassembler.guess_bfd_arch(
binary_file.file_handle().name)
oda_master = OdaMaster(short_name=id_generator(),
project_name=project_name,
default_permission=default_sharing_level.value,
ipAddress=request.META.get('REMOTE_ADDR'))
if request.user.is_authenticated():
oda_master.owner = request.user
oda_master.save()
request.session["disassembly_id"] = oda_master.short_name
request.session["disassembly_token"] = {
'id': oda_master.short_name,
'version': 0
}
binary_file.binary_options.architecture = arch
binary_file.binary_options.target = target
binary_file.binary_options.save()
odb_file = OdbFile(BinaryFileModel(binary_file.id))
# todo this should not be saved until after user has committed options
oda_master.odb_file = odb_file
oda_master.save()
data = {
'short_name': oda_master.short_name,
'revision': oda_master.revision,
'arch': arch,
'target': target,
'file_format': description,
}
else:
status = 413
data = {
'error':
'Invalid File "%s", maximum size is %d kb' %
(filename, UploadFileForm.MAX_UPLOAD_SIZE_KB)
}
return HttpResponse(json.dumps(data),
content_type='application/json',
status=status)