def result(sha2): res = Results.query.filter(Results.scan_hash == sha2).first() if res: locations = utils.python_list(res.locations) context = { 'title': 'Scan Result', 'locations': locations, 'scan_hash': res.scan_hash, 'sha2_hashes': utils.python_list(res.sha2_hashes), 'security_issues': utils.python_dict(res.sec_issues), 'missing_headers': utils.python_dict(res.missing_sec_header), 'good_findings': utils.python_dict(res.good_finding), 'all_files': utils.python_list(res.files), 'total_count': utils.python_dict(res.total_count), 'vuln_n_count': utils.python_dict(res.vuln_count), 'resolved': utils.python_list(res.resolved), 'invalid': utils.python_list(res.invalid), } return render_template("result.html", **context) else: return jsonify({"error": "scan_not_found"})
def invalid(): """Mark the issue as invalid""" scan_hash = request.form["scan_hash"] invalid_hash = request.form["invalid_hash"] if utils.sha2_match_regex(scan_hash) and utils.sha2_match_regex( invalid_hash): res = Results.query.filter(Results.scan_hash == scan_hash) if res.count(): invld = utils.python_list(res[0].invalid) if invalid_hash not in invld: invld.append(invalid_hash) res.update({"invalid": invld}) db_session.commit() return jsonify({"status": "ok"}) return jsonify({"status": "failed"})
def revert(): """Revert not an issue to issue""" scan_hash = request.form["scan_hash"] finding_hash = request.form["finding_hash"] if utils.sha2_match_regex(scan_hash) and utils.sha2_match_regex( finding_hash): res = Results.query.filter(Results.scan_hash == scan_hash) if res.count(): reslvd = utils.python_list(res[0].resolved) if finding_hash in reslvd: reslvd.remove(finding_hash) res.update({"resolved": reslvd}) db_session.commit() return jsonify({"status": "ok"}) return jsonify({"status": "failed"})
def delete_scan(): """View File""" context = {"status": "failed"} scan_hash = request.form["scan_hash"] if utils.sha2_match_regex(scan_hash): res = Results.query.filter(Results.scan_hash == scan_hash).first() if res: locs = utils.python_list(res.locations) for loc in locs: shutil.rmtree(loc) ziploc = os.path.join(app.config['UPLOAD_FOLDER'], res.scan_file) os.remove(ziploc) db_session.delete(res) db_session.commit() context = {"status": "ok"} return jsonify(**context)
def search(): """Search in source files.""" matches = [] context = {} query = request.form['q'] scan_hash = request.form["scan_hash"] context = { 'contents': 'not_found', 'matches': matches, 'term': query, 'found': '0', 'scan_hash': '' } if utils.sha2_match_regex(scan_hash): res = Results.query.filter(Results.scan_hash == scan_hash).first() if res: locations = utils.python_list(res.locations) for loc in locations: for dir_name, _, files in os.walk(loc): for jfile in files: _, extension = os.path.splitext(jfile.lower()) if (extension in settings.JS_SCAN_FILE_EXTENSIONS) or ( extension in settings.OTHER_SCAN_FILE_EXTENSIONS): file_path = os.path.join(loc, dir_name, jfile) fileparam = file_path.replace( settings.UPLOAD_FOLDER, '') with io.open(file_path, mode='r', encoding="utf8", errors="ignore") as file_pointer: dat = file_pointer.read() if query in dat: matches.append({ "name": jfile, "path": fileparam }) context = { 'title': 'Search Results', 'matches': matches, 'term': query, 'found': len(matches), 'scan_hash': scan_hash, 'version': settings.VERSION, } return render_template("search.html", **context)