def new(): if request.method == "GET": _whitelistesets = NaxsiWhitelistSets.query.all() return render_template('whitelists/new.html', matchzones=naxsi_mz, whitelistsets=_whitelistesets) logging.debug('Posted new request: %s', request.form) mz = request.form.getlist("mz") + request.form.getlist("custom_mz_val") wid = request.form.get('wl', '') whitelistset = request.form.get("whitelistset", '') if not wid: flash('Please enter a wl', category='error') return render_template('whitelists/new.html') elif not whitelistset: flash('Please enter a whitelistset', category='error') return render_template('whitelists/new.html') wlist = NaxsiWhitelist(wl=wid, timestamp=int(time()), whitelistset=whitelistset, mz=mz, active=1, negative=request.form.get("negative", "") == 'checked') errors, warnings = wlist.validate() if errors: flash(",".join(errors), 'error') return redirect(url_for('whitelists.new')) elif warnings: flash(",".join(warnings), 'warning') wlist.mz = '|'.join(wlist.mz) db.session.add(wlist) db.session.commit() return render_template('whitelists/index.html')
def explain_whitelist(): whitelist_get = request.args.get('whitelist', '') whitelist_post = request.form.get('whitelist', '') if whitelist_get.isdigit(): # explain a whitelist by id _wl = NaxsiWhitelist.query.filter(NaxsiWhitelist.id == whitelist_get).first() if _wl is None: flash('Not rule with id %s' % whitelist_get) return redirect(url_for("sandbox.index")) elif whitelist_get is not '': flash('Please provide a numeric id') return redirect(url_for("sandbox.index")) elif not whitelist_post: flash('Please provide a whitelist') return redirect(url_for("sandbox.index")) else: _wl = NaxsiWhitelist() errors, warnings, rdict = _wl.parse(whitelist_post) _wl = NaxsiWhitelist() _wl.from_dict(rdict) _wl.errors = errors _wl.warnings = warnings if _wl.errors: for error in _wl.errors: flash(error, category='error') return render_template("misc/sandbox.html", whitelist=_wl) if _wl.warnings: for warnings in _wl.warnings: flash(warnings, category='warning') return render_template("misc/sandbox.html", whitelist_explaination=_wl.explain(), whitelist=_wl)
def explain_whitelist(): whitelist_get = request.args.get("whitelist", "") whitelist_post = request.form.get("whitelist", "") if whitelist_get.isdigit(): # explain a whitelist by id _wl = NaxsiWhitelist.query.filter(NaxsiWhitelist.id == whitelist_get).first() if _wl is None: flash("Not rule with id %s" % whitelist_get) return redirect(url_for("sandbox.index")) elif whitelist_get is not "": flash("Please provide a numeric id") return redirect(url_for("sandbox.index")) elif not whitelist_post: flash("Please provide a whitelist") return redirect(url_for("sandbox.index")) else: _wl = NaxsiWhitelist() errors, warnings, rdict = _wl.parse(whitelist_post) _wl = NaxsiWhitelist() _wl.from_dict(rdict) _wl.errors = errors _wl.warnings = warnings if _wl.errors: for error in _wl.errors: flash(error, category="error") return render_template("misc/sandbox.html", whitelist=_wl) if _wl.warnings: for warnings in _wl.warnings: flash(warnings, category="warning") return render_template("misc/sandbox.html", whitelist_explaination=_wl.explain(), whitelist=_wl)
def __create_whitelist(): _wlist = NaxsiWhitelist(wl='wl:42', timestamp=int(time()), whitelistset='WORDPRESS', mz='BODY', active=1, negative=False) db.session.add(_wlist) db.session.commit() return NaxsiWhitelist.query.order_by( NaxsiWhitelist.id.desc()).first().id
def test_del(self): wlist = NaxsiWhitelist(wl='wl:42', timestamp=int(time()), whitelistset='WORDPRESS', mz='BODY', active=1, negative=False) db.session.add(wlist) db.session.commit() _id = NaxsiWhitelist.query.order_by( NaxsiWhitelist.id.desc()).first().id rv = self.app.get('/whitelists/del/%d' % (_id + 1)) self.assertEqual(302, rv.status_code) rv = self.app.get('/whitelists/del/%d' % _id, follow_redirects=True) self.assertIn('Successfully deleted %d' % _id, str(rv.data))