def result(sha2):
res = Results.query.filter(Results.scan_hash == sha2).first()
if res:
locations = utils.python_list(res.locations)
context = {
'title': 'Scan Result',
'locations': locations,
'scan_hash': res.scan_hash,
'sha2_hashes': utils.python_list(res.sha2_hashes),
'security_issues': utils.python_dict(res.sec_issues),
'missing_headers': utils.python_dict(res.missing_sec_header),
'good_findings': utils.python_dict(res.good_finding),
'all_files': utils.python_list(res.files),
'total_count': utils.python_dict(res.total_count),
'vuln_n_count': utils.python_dict(res.vuln_count),
'resolved': utils.python_list(res.resolved),
'invalid': utils.python_list(res.invalid),
}
return render_template("result.html", **context)
else:
return jsonify({"error": "scan_not_found"})
def invalid():
"""Mark the issue as invalid"""
scan_hash = request.form["scan_hash"]
invalid_hash = request.form["invalid_hash"]
if utils.sha2_match_regex(scan_hash) and utils.sha2_match_regex(
invalid_hash):
res = Results.query.filter(Results.scan_hash == scan_hash)
if res.count():
invld = utils.python_list(res[0].invalid)
if invalid_hash not in invld:
invld.append(invalid_hash)
res.update({"invalid": invld})
db_session.commit()
return jsonify({"status": "ok"})
return jsonify({"status": "failed"})
def revert():
"""Revert not an issue to issue"""
scan_hash = request.form["scan_hash"]
finding_hash = request.form["finding_hash"]
if utils.sha2_match_regex(scan_hash) and utils.sha2_match_regex(
finding_hash):
res = Results.query.filter(Results.scan_hash == scan_hash)
if res.count():
reslvd = utils.python_list(res[0].resolved)
if finding_hash in reslvd:
reslvd.remove(finding_hash)
res.update({"resolved": reslvd})
db_session.commit()
return jsonify({"status": "ok"})
return jsonify({"status": "failed"})
def delete_scan():
"""View File"""
context = {"status": "failed"}
scan_hash = request.form["scan_hash"]
if utils.sha2_match_regex(scan_hash):
res = Results.query.filter(Results.scan_hash == scan_hash).first()
if res:
locs = utils.python_list(res.locations)
for loc in locs:
shutil.rmtree(loc)
ziploc = os.path.join(app.config['UPLOAD_FOLDER'], res.scan_file)
os.remove(ziploc)
db_session.delete(res)
db_session.commit()
context = {"status": "ok"}
return jsonify(**context)
def search():
"""Search in source files."""
matches = []
context = {}
query = request.form['q']
scan_hash = request.form["scan_hash"]
context = {
'contents': 'not_found',
'matches': matches,
'term': query,
'found': '0',
'scan_hash': ''
}
if utils.sha2_match_regex(scan_hash):
res = Results.query.filter(Results.scan_hash == scan_hash).first()
if res:
locations = utils.python_list(res.locations)
for loc in locations:
for dir_name, _, files in os.walk(loc):
for jfile in files:
_, extension = os.path.splitext(jfile.lower())
if (extension in settings.JS_SCAN_FILE_EXTENSIONS) or (
extension
in settings.OTHER_SCAN_FILE_EXTENSIONS):
file_path = os.path.join(loc, dir_name, jfile)
fileparam = file_path.replace(
settings.UPLOAD_FOLDER, '')
with io.open(file_path,
mode='r',
encoding="utf8",
errors="ignore") as file_pointer:
dat = file_pointer.read()
if query in dat:
matches.append({
"name": jfile,
"path": fileparam
})
context = {
'title': 'Search Results',
'matches': matches,
'term': query,
'found': len(matches),
'scan_hash': scan_hash,
'version': settings.VERSION,
}
return render_template("search.html", **context)
