def is_valid_template_file(filename, file_path):
"""Check if it's a valid template file"""
data = None
ext = os.path.splitext(filename)[1]
if ext.lower() in settings.OTHER_SCAN_FILE_EXTENSIONS:
data = utils.unicode_safe_file_read(file_path)
return data
def view_file():
"""View File"""
context = {"contents": "not_found"}
path = request.form["path"]
scan_hash = request.form["scan_hash"]
if utils.sha2_match_regex(scan_hash):
res = Results.query.filter(Results.scan_hash == scan_hash).first()
if res:
_, extension = os.path.splitext(path.lower())
if ((extension in settings.SCAN_FILES_EXTENSION)
and (not utils.is_attack_pattern(path))):
path = os.path.join(settings.UPLOAD_FOLDER, path)
if os.path.isfile(path):
contents = utils.unicode_safe_file_read(path)
context = {"contents": contents}
return jsonify(**context)
def is_valid_node(filename, file_path):
"""Make sure file is a Valid Node.js File"""
# Files to be Scanned
scan_file_extensions = settings.SCAN_FILES_EXTENSION
# Files that doesn't needs to be scanned
ignore_files = ["jquery.min.js", "bootstrap.js", "bootstrap-tour.js",
"raphael-min.js", "tinymce.min.js", "tinymce.js",
"codemirror-compressed.js", "codemirror.js"]
ext = os.path.splitext(filename)[1]
is_js_file = bool(ext.lower() in scan_file_extensions)
ignore_file = bool(filename.lower() not in ignore_files)
is_node_www = bool(file_path.lower().endswith("bin/www"))
valid = (is_js_file or is_node_www) and ignore_file
if valid:
data = utils.unicode_safe_file_read(file_path)
if re.search(r"require\(('|\")(.+?)('|\")\)|module\.exports {0,5}= {0,5}", data):
# Possible Node.js Source Code
return data
return None