def embed(vuln_id):
try:
section_id = int(request.args.get('sid', -1))
start_line = int(request.args.get('start_line', 1))
end_line = int(request.args.get('end_line', -1))
vulnerability_details = VulnerabilityDetails(vuln_id)
vulnerability_details.validate()
vuln_view = vulnerability_details.vulnerability_view
if not vuln_view:
return bp.make_response(('No vulnerability found', 404))
if not vuln_view.master_commit:
return bp.make_response(
('Vuln (id: {:d}) has no linked Git commits!'.format(vuln_view.id),
404))
master_commit = vulnerability_details.getMasterCommit()
files_schema = RepositoryFilesSchema(many=True)
# Hack to quickly retrieve the full data.
custom_data = json.loads(
files_schema.jsonify(master_commit.repository_files).data)
settings = {
'section_id': section_id,
'startLine': start_line,
'endLine': end_line,
'entry_data': custom_data
}
return render_template(
'embedded.html',
cfg=cfg,
vulnerability_details=vulnerability_details,
embed_settings=settings)
except (ValueError, InvalidIdentifierException):
abort(404)
def view_vuln(vuln_id, use_template):
try:
vulnerability_details = VulnerabilityDetails(vuln_id)
vulnerability_details.validate()
except InvalidIdentifierException as err:
return flashError(str(err), 'serve_index')
return render_template(
use_template, cfg=cfg, vulnerability_details=vulnerability_details)
def _get_vulnerability_details(vuln_id):
try:
vulnerability_details = VulnerabilityDetails(vuln_id)
vulnerability_details.validate()
# Drop everything else.
if not vulnerability_details.vulnerability_view:
abort(404)
return vulnerability_details
except InvalidIdentifierException:
abort(404)
def _create_vuln_internal(vuln_id=None):
try:
vulnerability_details = VulnerabilityDetails(vuln_id)
vulnerability = vulnerability_details.get_or_create_vulnerability()
except InvalidIdentifierException as e:
return flashError(str(e), 'serve_index')
if vulnerability.id:
logging.debug('Preexisting vulnerability entry found: %s',
vulnerability.id)
delete_form = VulnerabilityDeleteForm()
if delete_form.validate_on_submit():
db.session.delete(vulnerability)
# Remove the entry.
db.session.commit()
flash('The entry was deleted.', 'success')
return redirect('/')
form = VulnerabilityDetailsForm(obj=vulnerability)
commit = form.data['commits'][0]
if not commit['repo_name']:
logging.info('Empty repository name. %r', commit)
repo_url = commit['repo_url']
vcs_handler = getVcsHandler(None, repo_url)
if vcs_handler:
logging.info('Found name. %r', vcs_handler.repo_name)
form.commits[0].repo_name.process_data(vcs_handler.repo_name)
if form.validate_on_submit():
try:
form.populate_obj(vulnerability)
db.session.add(vulnerability)
db.session.commit()
logging.debug('Successfully created/updated entry: %s',
vulnerability.id)
flash('Successfully created/updated entry.', 'success')
return redirect(url_for('vuln.vuln_view',
vuln_id=vulnerability.id))
except InvalidIdentifierException as e:
flashError(str(e))
return render_template('create_entry.html',
cfg=cfg,
vulnerability_details=vulnerability_details,
form=form)
def bug_save_editor_data():
try:
vulnerability_details = VulnerabilityDetails()
vulnerability_details.validate()
except InvalidIdentifierException as e:
return createJsonResponse(str(e), 400)
vuln_view = vulnerability_details.vulnerability_view
if request.method == 'POST':
if not vuln_view:
return createJsonResponse('Please create an entry first', 404)
if not vuln_view.master_commit:
current_app.logger.error(
'Vuln (id: {:d}) has no linked Git commits!'.format(vuln_view.id))
return createJsonResponse('Entry has no linked Git link!', 404)
master_commit = vulnerability_details.getMasterCommit()
#print("DATA: {:s}".format(str(request.json)))
old_files = master_commit.repository_files
current_app.logger.debug('%d old files', len(old_files))
# Flush any old custom content of this vulnerability first.
new_files = []
for file in request.get_json():
for of in old_files:
if of.file_path == file['path'] or of.file_hash == file['hash']:
current_app.logger.debug('Found old file: %s',
(file['path'], file['hash'], file['name']))
file_obj = of
break
else:
current_app.logger.debug('Creating new file: %s',
(file['path'], file['hash'], file['name']))
file_obj = RepositoryFiles(
file_name=file['name'],
file_path=file['path'],
file_patch='DEPRECATED',
file_hash=file['hash'],
)
# Create comment objects.
new_comments = []
for comment in file['comments']:
comment_obj = RepositoryFileComments(
row_from=comment['row_from'],
row_to=comment['row_to'],
text=comment['text'],
sort_pos=comment['sort_pos'],
creator=g.user,
)
new_comments.append(comment_obj)
update_file_comments(file_obj, new_comments)
# Create marker objects.
new_markers = []
for marker in file['markers']:
marker_obj = RepositoryFileMarkers(
row_from=marker['row_from'],
row_to=marker['row_to'],
column_from=marker['column_from'],
column_to=marker['column_to'],
marker_class=marker['class'],
creator=g.user,
)
new_markers.append(marker_obj)
update_file_markers(file_obj, new_markers)
new_files.append(file_obj)
current_app.logger.debug('Setting %d files', len(new_files))
master_commit.repository_files = new_files
# Update / Insert entries into the database.
db.session.commit()
return createJsonResponse('Update successful.')
return createJsonResponse('Accepting only POST requests.', 400)