Esempio n. 1
0
def export_campaign_by_cid(cid):
    g.setdefault('cid', cid)

    download = request.args.get('download', default=False, type=str)
    if download is not False:
        # STart download process.
        filename = ExpoManager.get_encrypted_file(current_user.user_email, cid,
                                                  download)

        if filename is False:
            return "False"
        else:
            return send_file("../Storage/ExportedCampaigns/" + filename,
                             as_attachment=True,
                             attachment_filename="filename")
    else:
        export_result = ExpoManager.export_campaign_database(
            current_user.user_email, cid)
        if export_result is not False:
            return jsonify({
                "filename": export_result[0],
                "password": export_result[1]
            })

    return url_for("BaseImplantPage", cid=cid)
Esempio n. 2
0
def show_tags():
    g.setdefault(
        'image',
        cfg['awesome_image'])  # Flask.g: a way to pass var to a template
    #embed()
    # Note tags=Tag.all() ... another way to pass var to a Jinja2 template
    return render_template('index.html', tags=Tag.all())
Esempio n. 3
0
def after_execute(conn, elt, multiparams, params, result):
    duration = 1000 * (time.time() - conn.info['query_start_time'].pop(-1))
    action = elt.__class__.__name__

    if action == 'Select':
        t = elt.froms[0]
        while isinstance(t, _ORMJoin):
            t = t.left
        name = t.name
    elif action in ['Update', 'Insert', 'Delete']:
        name = elt.table.name
    else:
        # create/drop tables, sqlalchemy internal schema queries, etc
        return

    action = action.lower()

    statsd_client.timing('db.{}.{}'.format(name, action), duration)
    metrics_logger.debug("table=%s query=%s duration=%.2f", name, action,
                         duration)

    if has_request_context():
        g.setdefault('queries_count', 0)
        g.setdefault('queries_duration', 0)
        g.queries_count += 1
        g.queries_duration += duration

    return result
Esempio n. 4
0
def fetch_admin_well_known(realm: str = "master"):
    """
    Fetch and return the openid-configuration json object from
    the Keycloak admin realm. Can also specify a different realm.

    Requires an application context.
    """
    # we can cache it in app context to reuse in other functions
    cache_key = f"_{realm}_well_known"
    cached = g.get(cache_key)
    if cached is not None:
        return cached
    url = keycloak_host + f"/auth/realms/{realm}/.well-known/openid-configuration"
    response = requests.get(url)
    print(f"Well-known endpoint fetched at {url}")
    if response.ok:
        # https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
        endpoints = dict(response.json())
        set_g(cache_key, default=(endpoints))
        return endpoints
    app.logger.error(
        f"Well-known endpoint fetch failed: {response.status_code} - {response.text}"
    )
    g.setdefault(cache_key, default=(None))
    return None
Esempio n. 5
0
def CampaignGraph(cid):
    g.setdefault('cid', cid)
    # -- If we receive a POST request then we will populate the page, this will be called AFTER the page has loaded.
    if request.method=="POST":
        blah = {'a':"1",'b':"v"}
        return jsonify(blah)
    return render_template("CampaignGraph.html")
Esempio n. 6
0
def CampaignLogs(cid):
    g.setdefault('cid',cid)
    if request.method == "POST":
        # -- Replace with pre-organised campaign logs - simplifies JS component.
        # Get_CampaignLogs
        return jsonify(ImpMgmt.Get_CampaignLogs(current_user.user_email, cid))
    return render_template("CampaignLogs.html")
Esempio n. 7
0
def after_execute(conn, elt, multiparams, params, result):
    duration = 1000 * (time.time() - conn.info["query_start_time"].pop(-1))
    action = elt.__class__.__name__

    if action == "Select":
        name = "unknown"
        try:
            name = _table_name_from_select_element(elt)
        except Exception:
            logging.exception("Failed finding table name.")
    elif action in ["Update", "Insert", "Delete"]:
        name = elt.table.name
    else:
        # create/drop tables, sqlalchemy internal schema queries, etc
        return

    action = action.lower()

    metrics_logger.debug("table=%s query=%s duration=%.2f", name, action,
                         duration)

    if has_request_context():
        g.setdefault("queries_count", 0)
        g.setdefault("queries_duration", 0)
        g.queries_count += 1
        g.queries_duration += duration

    return result
Esempio n. 8
0
def after_execute(conn, elt, multiparams, params, result):
    duration = 1000 * (time.time() - conn.info['query_start_time'].pop(-1))
    action = elt.__class__.__name__

    if action == 'Select':
        name = 'unknown'
        try:
            name = _table_name_from_select_element(elt)
        except Exception:
            logging.exception('Failed finding table name.')
    elif action in ['Update', 'Insert', 'Delete']:
        name = elt.table.name
    else:
        # create/drop tables, sqlalchemy internal schema queries, etc
        return

    action = action.lower()

    statsd_client.timing('db.{}.{}'.format(name, action), duration)
    metrics_logger.debug("table=%s query=%s duration=%.2f", name, action,
                         duration)

    if has_request_context():
        g.setdefault('queries_count', 0)
        g.setdefault('queries_duration', 0)
        g.queries_count += 1
        g.queries_duration += duration

    return result
Esempio n. 9
0
def get_all_rules(auth):
    key = FLASK_RULES_KEY
    if key not in g:
        all_rules = gs_util.get_all_security_acl_rules(auth)
        g.setdefault(key, all_rules)

    return g.get(key)
Esempio n. 10
0
def after_execute(conn, elt, multiparams, params, result):
    duration = 1000 * (time.time() - conn.info['query_start_time'].pop(-1))
    action = elt.__class__.__name__

    if action == 'Select':
        name = 'unknown'
        try:
            name = _table_name_from_select_element(elt)
        except Exception:
            logging.exception('Failed finding table name.')
    elif action in ['Update', 'Insert', 'Delete']:
        name = elt.table.name
    else:
        # create/drop tables, sqlalchemy internal schema queries, etc
        return

    action = action.lower()

    statsd_client.timing('db.{}.{}'.format(name, action), duration)
    metrics_logger.debug("table=%s query=%s duration=%.2f", name, action,
                         duration)

    if has_request_context():
        g.setdefault('queries_count', 0)
        g.setdefault('queries_duration', 0)
        g.queries_count += 1
        g.queries_duration += duration

    return result
Esempio n. 11
0
def generate_image_gallery():

    # get the database if it does not exist
    if not (app.config['DB_PARAM'] in g):
        g.setdefault(app.config['DB_PARAM'],
                     default=get_database(app.config['DB_NAME']))
    db = g.get(app.config['DB_PARAM'])
    db_cursor = db.cursor()

    # try to authenticate the user
    check_session_token(db, db_cursor)
    current_user = g.get(app.config['USER_PARAM'])

    # check for unread messages
    check_unread_messages(db_cursor, current_user)

    display_images = []

    db_cursor.execute('SELECT userid, imgfile FROM images')

    # get data on each image
    for (userid, imgfile) in db_cursor:
        image = ImageInfo()
        image.userid = userid
        image.path = url_for('send_user_image', img_name=imgfile)
        display_images.append(image)

    return render_template('images.html',
                           images=display_images,
                           cur_user=current_user)
Esempio n. 12
0
def generate_user_list():

    # get the database if it does not exist
    if not (app.config['DB_PARAM'] in g):
        g.setdefault(app.config['DB_PARAM'],
                     default=get_database(app.config['DB_NAME']))
    db = g.get(app.config['DB_PARAM'])
    db_cursor = db.cursor()

    # try to authenticate the user
    check_session_token(db, db_cursor)
    current_user = g.get(app.config['USER_PARAM'])

    # check for unread messages
    check_unread_messages(db_cursor, current_user)

    user_list = []

    db_cursor.execute('SELECT userid, username FROM users')

    for (userid, username) in db_cursor:
        user = UserInfo()
        user.id = userid
        user.name = username
        user_list.append(user)

    return render_template('userlist.html',
                           users=user_list,
                           cur_user=current_user)
Esempio n. 13
0
 def pre_handler(search_params=None, **kw):
     query = search_params.pop('search', None)
     #print(query, file=sys.stderr)
     if query is not None:
         hits, total = cls.search(query, 1, 64)
         g.setdefault('search_ids', hits)
         if ('order_by' in search_params):
             g.setdefault('has_order', True)
Esempio n. 14
0
def BaseImplantPage(cid):
    g.setdefault('cid', cid)
    # -- This needs to return the implant_input.html template if any implants exist, if not reuturn ImplantMain
    # --    also need to work out the CID across the pages...
    Implants = db.Get_AllCampaignImplants(cid)
    if len(Implants) >0:
        return render_template("implant_input.html", Implants=Implants)
    return render_template("ImplantMain.html",cid=cid, Msg="No implants have called back in association with this campaign - create an implant base and use the stager page.")
Esempio n. 15
0
def get_all_active_implants(cid):
    g.setdefault('cid', cid)
    implant_list = UsrMgmt.campaign_get_all_implant_base_from_cid(current_user.user_email, cid)
    if implant_list is not False:
        if len(implant_list) > 0:
            return render_template("implant_input.html", Implants=implant_list)

    msg = "No implants have called back in association with this campaign - create an implant base and use the stager page."
    return render_template("ImplantMain.html", cid=cid, Msg=msg)
Esempio n. 16
0
 def decorated_function(*args, **kwargs):
     workspace = request.view_args['workspace']
     mapname = request.view_args['mapname']
     info = get_complete_map_info(workspace, mapname)
     assert FLASK_INFO_KEY not in g, g.get(FLASK_INFO_KEY)
     # current_app.logger.info(f"Setting INFO of map {workspace}:{mapname}")
     g.setdefault(FLASK_INFO_KEY, info)
     result = function(*args, **kwargs)
     return result
Esempio n. 17
0
def BaseImplantSettings(cid):
    # Allows updating the permissions of users in a campaign, and the visualisation of allowed users.
    g.setdefault('cid', cid)
    if request.method == "POST":
        UsrMgmt.AddUserToCampaign(current_user.user_email, request.form, cid)
        return redirect(url_for('BaseImplantSettings', cid=cid))
    else:
        users = UsrMgmt.get_current_campaign_users_settings_list(current_user.user_email, cid)
        return render_template("settings/CampaignSettings.html", users=users)
Esempio n. 18
0
def display_active_implant(cid, uik=None):
    g.setdefault('cid', cid)
    implants = ImpMgmt.get_active_campaign_implants(current_user.user_email, cid)
    if uik is not None:
        if type(implants) == list:
            for implant in implants:
                if int(implant['unique_implant_id']) == int(uik):
                    return render_template("implant/ActiveImplants.html", imp=implants, render=implant)
    return render_template("implant/ActiveImplants.html", imp=implants)
Esempio n. 19
0
def NewImplant(cid):
    # -- set SID and user DB to convert --#
    g.setdefault('cid',cid)
    if request.method =="POST":
        result, result_text= ImpMgmt.CreateNewImplant(cid, request.form, current_user.user_email)
        if result==True:
            return render_template('CreateImplant.html', success=result_text)
        else:
            return render_template('CreateImplant.html', error=result_text)
    return render_template('CreateImplant.html')
 def get_sftp(self):
     ssh_client = g.get('ssh_%s' % self.name, None)
     if ssh_client is None:
         ssh_client = paramiko.SSHClient()
         ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
         ssh_client.connect(**self.ssh_options)
         g.setdefault('ssh_%s' % self.name, ssh_client)
     sftp = g.get('sftp_%s' % self.name, None)
     if sftp is None or sftp.sock.closed:
         g.setdefault('sftp_%s' % self.name, ssh_client.open_sftp())
Esempio n. 21
0
def set_g(name: str, default: Any = None):
    """
    Helper function. Overwrite the given key name in g with default.

    Requires an application context.
    """
    # Flask's g object is like a dict in every way except this
    if name in g:
        g.pop(name)
    g.setdefault(name, default=default)
Esempio n. 22
0
 def decorator(*args, **kwargs):
     token = _token_extractor()
     user = _user_decode(token)
     g.setdefault('user', user)
     auth_func = auth_kwargs.pop('auth_func', None)
     auth_cls = auth_kwargs.pop('auth_cls', None)
     callback = _get_authorization_callback(auth_func, auth_cls, args)
     # jwt_authorize params take preference to Flask route params in case of name collision.
     kwargs.update(auth_kwargs)
     _check_authorization(user, callback, **kwargs)
     return fn(*args, **kwargs)
Esempio n. 23
0
def BaseImplantSettings(cid):
    # -- Gather Data for settings:
    # -- Users + read/write/none
    # -- Implant List
    g.setdefault('cid', cid)
    Users = db.Get_SettingsUsers(cid, current_user.user_email)
    if request.method == "POST":
        print(request.form)
        UsrMgmt.AddUserToCampaign(current_user.user_email, request.form, cid)
        return redirect(url_for('BaseImplantSettings', cid=cid))
    else:
        print(Users)
        return render_template("settings/CampaignSettings.html", users=Users)
Esempio n. 24
0
def display_active_implant(cid, uik=None):
    g.setdefault('cid', cid)
    implants = ImpMgmt.get_active_campaign_implants(current_user.user_email, cid)
    print("::",uik)
    if uik is not None:
        print("aa")
        if type(implants) == list:
            for x in implants:
                print("! {}::{}",uik,x['unique_implant_id'])
                if int(x['unique_implant_id']) == int(uik):
                    print("aaaaa")
                    return render_template("implant/ActiveImplants.html", imp=implants, render=x)
    return render_template("implant/ActiveImplants.html", imp=implants)
Esempio n. 25
0
def ImplantStager(cid):
    g.setdefault('cid', cid)
    # -- get request: return list of implants --
    # -- Will update to a dropdown when exporting Word docs etc is possible -- #
    if request.method == "POST":
        if 'id' in request.args:
            try:
                if int(request.args['id']):
                    print("this is int")
            except:
                print("error")
        # TODO: Replace with content from webpage request.
        return send_file(StagerGen.GenerateSingleStagerFile(cid, current_user.user_email,"docx"), attachment_filename='file.docx')
    return render_template("ImplantStagerPage.html", implantList=StagerGen.GenerateStaticStagers(cid, current_user.user_email))
Esempio n. 26
0
    def send(cls, notification, skipQueue=False):
        if isinstance(notification, dict):
            # Wrap a raw dictionary in a notification class
            from indico.legacy.webinterface.mail import GenericNotification
            notification = GenericNotification(notification)
        # enqueue emails if we have a rh and do not skip queuing, otherwise send immediately
        rh = g.get('rh')
        mailData = cls._prepare(notification)

        if mailData:
            if skipQueue or not rh:
                cls._send(mailData)
            else:
                g.setdefault('email_queue', []).append(mailData)
Esempio n. 27
0
def process_like():

    # get the database if it does not exist
    if not (app.config['DB_PARAM'] in g):
        g.setdefault(app.config['DB_PARAM'],
                     default=get_database(app.config['DB_NAME']))
    db = g.get(app.config['DB_PARAM'])
    db_cursor = db.cursor()

    # try to authenticate the user
    check_session_token(db, db_cursor)
    current_user = g.get(app.config['USER_PARAM'])

    # if not authenticated reject
    if not current_user:
        return 'Not Authenticated!', 403

    imageid = request.form['imgid']

    # make sure the image exists
    db_cursor.execute('SELECT userid FROM images WHERE imageid=%s',
                      (imageid, ))
    if (len(db_cursor.fetchall())) != 1:
        return 'Image does not exist!', 400

    # check if user already liked post
    db_cursor.execute(
        'SELECT userid FROM likes WHERE userid=%s AND likesthisimageid=%s',
        (current_user.id, imageid))
    post_like = db_cursor.fetchall()
    if len(post_like) != 0:
        return 'Already Liked Image!', 400

    # add current user to list of users that liked post
    db_cursor.execute(
        'INSERT INTO likes (userid, likesthisimageid) VALUES (%s, %s)',
        (current_user.id, imageid))

    # now increment the like count
    db_cursor.execute('UPDATE images SET likes=likes+1 WHERE imageid=%s',
                      (imageid, ))
    db.commit()

    # now send the new like to all connected clients
    send_data = {}
    send_data['imageid'] = imageid
    new_app.emit('new-like', send_data, room='general-notifications')

    return 'Successfully submitted like!'
Esempio n. 28
0
def process_comment():

    # get the database if it does not exist
    if not (app.config['DB_PARAM'] in g):
        g.setdefault(app.config['DB_PARAM'],
                     default=get_database(app.config['DB_NAME']))
    db = g.get(app.config['DB_PARAM'])
    db_cursor = db.cursor()

    # try to authenticate the user
    check_session_token(db, db_cursor)
    current_user = g.get(app.config['USER_PARAM'])

    # if not authenticated reject
    if not current_user:
        return 'Not Authenticated!', 403

    imageid = request.form['imgid']
    comtext = request.form['comment'].strip()

    if len(comtext) == 0:
        return 'Cannot send blank comment!', 400

    if len(comtext) > app.config['MAX_COMMENT_LENGTH']:
        return 'Comment too long!', 400

    # make sure the image exists
    db_cursor.execute('SELECT userid FROM images WHERE imageid=%s',
                      (imageid, ))
    if (len(db_cursor.fetchall())) != 1:
        return 'Image does not exist!', 400

    # now add the comment to the database
    db_cursor.execute(
        'INSERT INTO comments (imageid, userid, comtext) VALUES (%s, %s, %s)',
        (imageid, current_user.id, comtext))
    db.commit()

    # now send the new comment to all connected clients
    send_data = {}
    com_info = MessageInfo()
    com_info.userid = current_user.id
    com_info.username = current_user.name
    com_info.message = comtext
    send_data['imageid'] = imageid
    send_data['html'] = render_template('one-comment.html', comment=com_info)
    new_app.emit('new-comment-full', send_data, room='general-notifications')

    return 'Successfully submitted comment!'
Esempio n. 29
0
def validate_auth(user, password):
    user_collection = app.db.users
    user = user_collection.find_one({'username': user})

    if user is None:
        return False
    else:
        # check if the hash we generate based on auth matches stored hash
        encodedPassword = password.encode('utf-8')
        if bcrypt.hashpw(encodedPassword,
                         user['password']) == user['password']:
            g.setdefault('user', user)
            return True
        else:
            return False
Esempio n. 30
0
def check_session_token(db, cursor):

    # try to get token from cookies
    token = request.cookies.get(app.config['SESSION_COOKIE_NAME'])

    if not token:
        g.setdefault(app.config['USER_PARAM'], default=None)
        return

    try:
        token_hash = hashlib.scrypt(b''.fromhex(token),
                                    salt=app.config['TOKEN_SALT'],
                                    n=app.config['SC_N'],
                                    r=app.config['SC_R'],
                                    p=app.config['SC_P'])
    except Exception:
        g.setdefault(app.config['USER_PARAM'], default=None)
        return

    cursor.execute(
        'SELECT userid, username, sessionexpiration, csrftoken FROM users WHERE sessioncookiehash=%s',
        (token_hash.hex(), ))
    data = cursor.fetchall()

    if not (len(data) == 1):
        g.setdefault(app.config['USER_PARAM'], default=None)
        return

    # get information about user
    user = UserInfo()

    for (userid, username, sessionexpiration, csrftoken) in data:
        user.id = userid
        user.name = username
        user.session_expiration = sessionexpiration
        user.csrf_token = csrftoken

    # make sure the token has not expired, update db if so
    if user.session_expiration <= datetime.date.today():
        cursor.execute(
            'UPDATE users SET sessioncookiehash=NULL, csrftoken=NULL WHERE userid=%s',
            (user.id, ))
        db.commit()
        g.setdefault(app.config['USER_PARAM'], default=None)
        return

    # now set the actual user
    g.setdefault(app.config['USER_PARAM'], default=user)
Esempio n. 31
0
    def preload_relationships(cls, query, *relationships, **kwargs):
        """Preload relationships for all objects from a query.

        :param query: A SQLAlchemy query object.
        :param relationships: The names of relationships to preload.
        :param strategy: The loading strategy to use for the
                         relationships.  Defaults to `joinedload` and
                         can be any callable that takes a relationship
                         name and returns a query option.
        """
        assert cls.allow_relationship_preloading
        strategy = kwargs.pop('strategy', joinedload)
        assert not kwargs  # no other kwargs allowed
        cache = g.setdefault('relationship_cache',
                             {}).setdefault(cls, {
                                 'data': {},
                                 'relationships': set()
                             })
        missing_relationships = set(relationships) - cache['relationships']
        if not missing_relationships:
            return
        query = query.options(*map(strategy, missing_relationships))
        data_cache = cache['data']
        for obj in query:
            obj_cache = data_cache.setdefault(obj, {})
            for rel in missing_relationships:
                obj_cache[rel] = getattr(obj, rel)
        cache['relationships'] |= missing_relationships
Esempio n. 32
0
def NewImplant(cid):
    # -- set SID and user DB to convert --#
    g.setdefault('cid', cid)
    profiles = ImpMgmt.get_network_profile_options()
    if request.method == "POST":
        result, result_text = ImpMgmt.create_new_implant(
            cid, request.form, current_user.user_email)
        if result is True:
            return render_template('CreateImplant.html',
                                   profiles=profiles,
                                   success=result_text), 200
        else:
            return render_template('CreateImplant.html',
                                   profiles=profiles,
                                   error=result_text), 409
    return render_template('CreateImplant.html', profiles=profiles)
Esempio n. 33
0
    def allocate_friendly_ids(cls, event, n):
        """Allocate n Contribution friendly_ids.

        This is needed so that we can allocate all IDs in one go. Not doing
        so could result in DB deadlocks. All operations that create more than
        one contribution should use this method.

        :param event: the :class:`Event` in question
        :param n: the number of ids to pre-allocate
        """
        from indico.modules.events import Event
        fid = increment_and_get(Event._last_friendly_contribution_id, Event.id == event.id, n)
        friendly_ids = g.setdefault('friendly_ids', {})
        friendly_ids.setdefault(cls, {})[event.id] = range(fid - n + 1, fid + 1)
Esempio n. 34
0
def preload_events(ids, lightweight=True, persons=False):
    """Preload events so they are in SA's identity cache

    This is useful for legacy pages where we have to show large
    numbers of events without being able to query them from the
    db cleanly.

    :param ids: An iterable of IDs or Conference objects
    :param lightweight: Only load dates and title
    :param persons: Also load the person links
    """
    cache = g.setdefault('_event_cache', {})
    ids = {int(getattr(id_, 'id', id_)) for id_ in ids} - cache.viewkeys()
    query = Event.find(Event.id.in_(ids))
    if lightweight:
        query = query.options(load_only('id', 'title', 'start_dt', 'end_dt', 'timezone'))
    if persons:
        query = query.options(joinedload('person_links'))
    cache.update((e.id, e) for e in query)
Esempio n. 35
0
    def preload_relationships(cls, query, *relationships, **kwargs):
        """Preload relationships for all objects from a query.

        :param query: A SQLAlchemy query object.
        :param relationships: The names of relationships to preload.
        :param strategy: The loading strategy to use for the
                         relationships.  Defaults to `joinedload` and
                         can be any callable that takes a relationship
                         name and returns a query option.
        """
        assert cls.allow_relationship_preloading
        strategy = kwargs.pop('strategy', joinedload)
        assert not kwargs  # no other kwargs allowed
        cache = g.setdefault('relationship_cache', {}).setdefault(cls, {'data': {}, 'relationships': set()})
        missing_relationships = set(relationships) - cache['relationships']
        if not missing_relationships:
            return
        query = query.options(*map(strategy, missing_relationships))
        data_cache = cache['data']
        for obj in query:
            obj_cache = data_cache.setdefault(obj, {})
            for rel in missing_relationships:
                obj_cache[rel] = getattr(obj, rel)
        cache['relationships'] |= missing_relationships
Esempio n. 36
0
def _event_moved(conf, old_parent, new_parent, **kwargs):
    if new_parent.getCategoryPath()[0] != '0':
        g.setdefault('detached_events_moved', set()).add(conf.as_event)
        return
    event = conf.as_event
    event.category_id = int(new_parent.id)
Esempio n. 37
0
def _init_livesync_g():
    g.setdefault('livesync_changes', defaultdict(set))
Esempio n. 38
0
def init_email_queue():
    """Enable email queueing for the current context."""
    g.setdefault('email_queue', [])