def is_valid_template_file(filename, file_path): """Check if it's a valid template file""" data = None ext = os.path.splitext(filename)[1] if ext.lower() in settings.OTHER_SCAN_FILE_EXTENSIONS: data = utils.unicode_safe_file_read(file_path) return data
def view_file(): """View File""" context = {"contents": "not_found"} path = request.form["path"] scan_hash = request.form["scan_hash"] if utils.sha2_match_regex(scan_hash): res = Results.query.filter(Results.scan_hash == scan_hash).first() if res: _, extension = os.path.splitext(path.lower()) if ((extension in settings.SCAN_FILES_EXTENSION) and (not utils.is_attack_pattern(path))): path = os.path.join(settings.UPLOAD_FOLDER, path) if os.path.isfile(path): contents = utils.unicode_safe_file_read(path) context = {"contents": contents} return jsonify(**context)
def is_valid_node(filename, file_path): """Make sure file is a Valid Node.js File""" # Files to be Scanned scan_file_extensions = settings.SCAN_FILES_EXTENSION # Files that doesn't needs to be scanned ignore_files = ["jquery.min.js", "bootstrap.js", "bootstrap-tour.js", "raphael-min.js", "tinymce.min.js", "tinymce.js", "codemirror-compressed.js", "codemirror.js"] ext = os.path.splitext(filename)[1] is_js_file = bool(ext.lower() in scan_file_extensions) ignore_file = bool(filename.lower() not in ignore_files) is_node_www = bool(file_path.lower().endswith("bin/www")) valid = (is_js_file or is_node_www) and ignore_file if valid: data = utils.unicode_safe_file_read(file_path) if re.search(r"require\(('|\")(.+?)('|\")\)|module\.exports {0,5}= {0,5}", data): # Possible Node.js Source Code return data return None