def queue(self, event, context):
# print("Event: {}, context: {}".format(event, context.invoked_function_arn))
source_event = Event(event, context)
data = source_event.parse()
if data:
target = Target(data.get('target'))
if not target:
self.logger.error("Target validation failed of: {}".format(target.name))
return Response({
"statusCode": 400,
"body": json.dumps({'error': 'Target was not valid or missing'})
}).with_security_headers()
scan_uuid = str(uuid.uuid4())
self.sqs_client.send_message(
QueueUrl=self.queueURL,
MessageBody="portscan|" + target.name
+ "|" + scan_uuid
)
# Use a UUID for the scan type and return it
return Response({
"statusCode": 200,
"body": json.dumps({'uuid': scan_uuid})
}).with_security_headers()
else:
self.logger.error("Unrecognized payload: {}".format(data))
return Response({
"statusCode": 400,
"body": json.dumps({'error': 'Unrecognized payload'})
}).with_security_headers()
def downloadResults(self, event, context):
# This is a lambda function called from API GW
# Event type will always be "api-gw"
source_event = Event(event, context)
data = source_event.parse()
if data:
target = Target(data.get('target'))
if not target:
self.logger.error("Target validation failed of: {}".format(
target.name))
return Response({
"statusCode":
400,
"body":
json.dumps({'error': 'Target was not valid or missing'})
}).with_security_headers()
results = Results(target.name, self.s3_client, self.bucket,
self.base_results_path)
# Always use the download route
scan_results, status = results.download()
if scan_results:
return Response({
"statusCode":
status,
"headers": {
"Content-Type":
"application/gzip",
"Content-Disposition":
"attachment; filename={}.tgz".format(target.name)
},
"body":
base64.b64encode(scan_results.getvalue()).decode("utf-8"),
"isBase64Encoded":
True
}).with_security_headers()
else:
if status == 404:
resp_body = 'No results found for target'
elif status == 500:
resp_body = 'Unable to download scan results'
else:
resp_body = 'Unknown error'
return Response({
"statusCode": status,
"body": json.dumps({'error': resp_body})
}).with_security_headers()
else:
self.logger.error("Unrecognized payload: {}".format(data))
return Response({
"statusCode":
400,
"body":
json.dumps({'error': 'Unrecognized payload'})
}).with_security_headers()
def test_without_security_headers(self):
original_response = {
"statusCode": 200,
"body": json.dumps({'foo': 'bar'})
}
response = Response(original_response)
assert type(Response(original_response)) == Response
assert response.without_security_headers() == {
'body': '{"foo": "bar"}',
'statusCode': 200
}
def process_connection(self, connection):
with connection:
r = b''
while True:
content = connection.recv(1024)
r += content
if len(content) != 1024:
break
log('request log:\n <{}>'.format(r))
r = r.decode()
if r:
request = Request(r)
response = Response()
m_num = len(self.middlewares)
if m_num > 0:
# 下一个中间件的 index
next_i = 0
def next():
nonlocal next_i
if next_i == m_num:
self.handle_path(request, response)
else:
m = self.middlewares[next_i]
next_i += 1
m(request, response, next)
next()
else:
self.handle_path(request, response)
# 把响应发送给客户端
connection.sendall(response.toHttp())
def test_movie_insert(api):
response = Response()
request_data = {
'companys': ['카카오', '토스'], 'directors': ['김택윤', '이운기'], 'genreAlt': '테스트', 'movieCd': '2',
'movieNm': '포스트테스트', 'movieNmEn': 'POSTTEST', 'nationAlt': '테스트', 'openDt': '20200101',
'prdtStatNm': '테스트', 'prdtYear': '2020', 'typeNm': '장편',
}
api_response = api.post(
'/movies',
data=json.dumps(request_data),
content_type="application/json"
)
assert api_response.status_code == 200
api_response = api.get(
'/movies/2'
)
payload = json.loads(api_response.data.decode('utf-8'))
payload = {key: value for key, value in dict(payload).items()}
assert api_response.status_code == 200
response_data = {
'companys': [{'id': 2, 'name': '카카오'}, {'id': 3, 'name': '토스'}],
'directors': [{'id': 2, 'name': '김택윤'}, {'id': 3, 'name': '이운기'}],
'genreAlt': '테스트', 'movieCd': '2', 'movieNm': '포스트테스트', 'movieNmEn': 'POSTTEST',
'nationAlt': '테스트', 'openDt': '20200101', 'prdtStatNm': '테스트', 'prdtYear': '2020', 'typeNm': '장편'
}
assert payload == response(status='NORMAL', data=response_data, unit_test=True)
def test_with_security_headers(self):
original_response = {
"statusCode": 200,
"body": json.dumps({'foo': 'bar'})
}
new_headers_expectation = Response.SECURITY_HEADERS
response = Response(original_response)
assert type(Response(original_response)) == Response
assert response.with_security_headers() == {
'body': '{"foo": "bar"}',
'headers': new_headers_expectation,
'statusCode': 200
}
def test_ping(api):
response = Response()
api_response = api.get('/ping')
payload = json.loads(api_response.data.decode('utf-8'))
assert api_response.status_code == 200
assert payload == response(status='NORMAL', data=payload['data'], unit_test=True)
def test_get_formatted_content_success(self):
resp = Response(SUCCESS, "id:13~result:success~ip:127.0.0.1")
self.assertEquals(resp.get_formatted_content(), {
'id': '13',
'result': 'success',
'ip': '127.0.0.1'
})
def decorate_function(*args, **kwargs):
response = Response()
if request.method in ['PUT', 'POST']:
content_type = request.headers.get('Content-Type')
if str(content_type) != 'application/json':
return response(status='NOT_ACCEPTABLE', data='None')
return f(*args, **kwargs)
def test_with_security_headers_preexisting_sec(self):
original_headers = {'Content-Security-Policy': 'nope'}
original_response = {
"statusCode": 200,
"body": json.dumps({'foo': 'bar'}),
# We're adding to make sure it's not overwritten
'headers': original_headers
}
new_headers_expectation = {}
new_headers_expectation.update(Response.SECURITY_HEADERS)
new_headers_expectation['Content-Security-Policy'] = 'nope'
response = Response(original_response)
assert type(Response(original_response)) == Response
assert response.with_security_headers() == {
'body': '{"foo": "bar"}',
'headers': new_headers_expectation,
'statusCode': 200
}
def create_endpoints(app, services):
response = Response()
movie_service = services.movie_service
@app.route('/ping', methods=['GET'])
def ping():
status, data = movie_service.ping()
return response(status=status, data=data)
@app.route('/movies', methods=['GET', 'POST', 'PUT'])
@content_type_check
def movie_list():
if request.method == 'GET':
pagination_data = {
'page': int(request.args.get('page', 1)),
'per_page': int(request.args.get('per_page', 20)),
}
status, data, pagination = movie_service.get_movie_list(pagination_data)
return response(status=status, data=data, pagination=pagination)
elif request.method == 'POST':
new_movie_data = request.json
status, data = movie_service.post_movie_list(new_movie_data)
return response(status=status, data=data)
elif request.method == 'PUT':
print(request.json)
modify_movie_data = request.json
status, data = movie_service.put_movie_list(modify_movie_data)
return response(status=status, data=data)
@app.route('/movies/<int:movie_cd>', methods=['GET', 'DELETE'])
@content_type_check
def movie_detail(movie_cd):
if request.method == 'GET':
status, data = movie_service.get_movie_detail(movie_cd)
return response(status=status, data=data)
elif request.method == 'DELETE':
status, data = movie_service.delete_movie_detail(movie_cd)
return response(status=status, data=data)
@app.errorhandler(405)
def error_handler(error):
return response(status='METHOD_NOT_ALLOWED', data='None')
def test_movie_delete(api):
response = Response()
api_response = api.delete(
'/movies/1',
)
assert api_response.status_code == 200
api_response = api.get(
'/movies/1',
)
payload = json.loads(api_response.data.decode('utf-8'))
payload = {key: value for key, value in dict(payload).items()}
assert api_response.status_code == 200
assert payload == response(status='NOT_FOUND', data='None', unit_test=True)
def test_movie_list(api):
response = Response()
api_response = api.get('/movies')
payload = json.loads(api_response.data.decode('utf-8'))
payload = {key: value for key, value in dict(payload).items()}
# status 상태 확인:
assert api_response.status_code == 200
data = {
'movies': [{
'movieCd': '1', 'genreAlt': '테스트', 'movieNm': '테스트',
'movieNmEn': 'TEST', 'nationAlt': '테스트', 'openDt': '20200101'
}]
}
pagination = {'page': 1, 'per_page': 20, 'limit': 1}
assert payload == response(status='NORMAL', data=data, pagination=pagination, unit_test=True)
def dispatch(self):
cookie = Cookie.SimpleCookie(self.environ.get("HTTP_COOKIE",""))
if 'authToken' in cookie:
token = cookie["authToken"].value
self.checkAuthByToken(token)
if not self.loggedUser:
self.checkAuth()
path = os.path.join(os.path.dirname(__file__), "..", "templates", "login.html")
htmlFile = open(path, "r")
content = htmlFile.read()
htmlFile.close()
r = Response(content, encoder=None)
r.setHeaders([
('Content-type', "text/html")
])
return r
def _post_index(self):
""" 请求Customer的列表数据 """
result = {
'total': 0, # 当前页面的customer数量
'page': 0, # 当面页码
'pages': 0, # 总页码
'customers': list() # 当前customer的数据
}
# argument的获取与校验
self.parser.add_argument('page', type=int, default=1)
self.parser.add_argument('per_page', type=int, default=20)
args = self.parser.parse_args()
page = args.get('page', 1)
per_page = args.get('per_page', 20)
# 如果page小于等于0,返回错误
if page <= 0:
return Response(*CommonPrompt.INVALID_PAGE)
# 获取customer数据
try:
customers_page = Customer.query.order_by(Customer.id) \
.paginate(page=page, per_page=per_page)
pages = customers_page.pages
customers_data = customers_page.items
customers_json = [
customer.to_json() for customer in customers_data
]
# 构造result
result['total'] = len(customers_json)
result['page'] = page
result['pages'] = pages
result['customers'] = customers_json
except Exception as e:
return Response.error('请求出错', str(e))
return result
def test_movie_detail(api):
response = Response()
api_response = api.get('/movies/1')
payload = json.loads(api_response.data.decode('utf-8'))
payload = {key: value for key, value in dict(payload).items()}
assert api_response.status_code == 200
data = {
'companys': [{'id': 1, 'name': '테스트 컴패니'}], 'directors': [{'id': 1, 'name': '테스트 디렉터'}], 'genreAlt': '테스트',
'movieCd': '1', 'movieNm': '테스트', 'movieNmEn': 'TEST', 'nationAlt': '테스트',
'openDt': '20200101', 'prdtStatNm': '테스트', 'prdtYear': '2020', 'typeNm': '장편'
}
assert payload == response(status='NORMAL', data=data, unit_test=True)
## 없는 데이터 조회 했을때
api_response = api.get('/movies/2')
payload = json.loads(api_response.data.decode('utf-8'))
assert api_response.status_code == 200
assert payload == response(status='NOT_FOUND', data='None', unit_test=True)
def request(self):
try:
requests.packages.urllib3.disable_warnings()
response = self.session.get(self.url,
headers=self.headers,
proxies=self.proxy,
allow_redirects=False,
verify=False,
cookies=self.cookies)
except (requests.exceptions.MissingSchema,
requests.exceptions.InvalidSchema):
# if something wrong in schema
print("*Wrong schema*:", self.url)
return None
except (requests.exceptions.ConnectionError):
print("*Connection refused*:", self.url)
return None
result = Response(response.status_code, response.headers,
response.text, response.content, self.url)
return result
def test_get_formatted_content_doublecolon(self):
resp = Response(SUCCESS, "id:13~key:this:contains:double:colon")
self.assertEquals(resp.get_formatted_content(), {
'id': '13',
'key': 'this:contains:double:colon'
})
def test_get_formatted_content_empty(self):
resp = Response(SUCCESS, "id:13~novaluekey")
self.assertEquals(resp.get_formatted_content(), {
'id': '13',
'novaluekey': ''
})
def test_response_successful(self):
resp = Response(SUCCESS, "OK")
self.assertEquals(resp.is_success(), SUCCESS)
self.assertEquals(resp.get_status(), SUCCESS)
self.assertEquals(resp.get_content(), "OK")
def home(req):
print(req.headers)
print(req.method)
return Response(html="<h1>hi</h1>", status=200)
def test_get_formatted_content_failure(self):
resp = Response(FAILURE, "Any error test")
self.assertEquals(resp.get_formatted_content(), {})
def getResults(self, event, context):
# print("Event: {}, context: {}".format(event, context))
source_event = Event(event, context)
data = source_event.parse()
print(source_event.type)
if data:
target = Target(data.get('target'))
if not target:
self.logger.error("Target validation failed of: {}".format(
target.name))
return Response({
"statusCode":
400,
"body":
json.dumps({'error': 'Target was not valid or missing'})
}).with_security_headers()
results = Results(target.name, self.s3_client, self.bucket,
self.base_results_path)
if source_event.type == "step-function":
# Use generateURL route
download_url, status = results.generateDownloadURL()
if download_url:
return Response({
"statusCode": status,
"body": json.dumps({'url': download_url})
}).with_security_headers()
else:
if status == 404:
resp_body = 'No results found for target'
else:
resp_body = 'Unknown error'
return Response({
"statusCode": status,
"body": json.dumps({'error': resp_body})
}).with_security_headers()
else:
# Use download route
scan_results, status = results.download()
if scan_results:
return Response({
"statusCode":
status,
"headers": {
"Content-Type":
"application/gzip",
"Content-Disposition":
"attachment; filename={}.tgz".format(target.name)
},
"body":
base64.b64encode(
scan_results.getvalue()).decode("utf-8"),
"isBase64Encoded":
True
}).with_security_headers()
else:
if status == 404:
resp_body = 'No results found for target'
elif status == 500:
resp_body = 'Unable to download scan results'
else:
resp_body = 'Unknown error'
return Response({
"statusCode": status,
"body": json.dumps({'error': resp_body})
}).with_security_headers()
else:
self.logger.error("Unrecognized payload: {}".format(data))
return Response({
"statusCode":
400,
"body":
json.dumps({'error': 'Unrecognized payload'})
}).with_security_headers()
def wrapper(*args, **kwargs):
response = Response()
response.set_header('nida', utils.nida())
return func(res=response, *args, **kwargs)
def wrapper(*args, **kwargs):
response = Response()
return func(res=response, *args, **kwargs)
def dispatch(self):
#URL mapovani na objekty
print "POST", self.post
print "GET", self.get
dispatcherMethod = None
url = re.findall(r'([^/]+)', self.environ['PATH_INFO'])
if len(url) == 0 or (len(url) == 1 and url[0] == "logout"):
if len(url) == 1 and url[0] == "logout":
cookie = Cookie.SimpleCookie(
self.environ.get("HTTP_COOKIE", ""))
if 'authToken' in cookie:
token = cookie["authToken"].value
conn = datasources.postgres.SQLTransaction()
cursor = conn.cursor()
cursor.execute(
"DELETE FROM pim.users_tokens WHERE user_id = %s AND token = %s",
(self.session['user_id'], token))
conn.commit()
conn.close()
self.session['user_id'] = None
self.session.invalidate()
path = os.path.join(os.path.dirname(__file__), "..", "templates",
"index.html")
htmlFile = open(path, "r")
content = htmlFile.read()
htmlFile.close()
r = Response(content, encoder=None)
r.setHeaders([('Content-type', "text/html")])
if 'authToken' in self.session:
expiration = datetime.datetime.now() + datetime.timedelta(
days=30)
cookie = Cookie.SimpleCookie()
cookie['authToken'] = self.session['authToken']
cookie['authToken']['expires'] = expiration.strftime(
'%a, %d %b %Y %H:%M:%S GMT')
r.addHeaders([('Set-Cookie',
cookie['authToken'].OutputString())])
return r
dispatcherClass = None
dispatcherMethod = '__default__'
#root node
pointer = modules
for part in url:
if hasattr(pointer, part) and type(getattr(
pointer, part)) in [types.ClassType, types.ModuleType]:
pointer = getattr(pointer, part)
dispatcherClass = pointer
continue
dispatcherMethod = part
#deprecated
if not dispatcherClass:
dispatcherClass = errors
dispatcherMethod = "notFound"
dispatcher = dispatcherClass(self.session)
calee = getattr(dispatcher, dispatcherMethod)
attrs = inspect.getargspec(calee)[0]
requestData = {}
if 'request' in self.request:
print self.request['request'].encode("utf8")
requestData = json.loads(self.request['request'].encode("utf8"))
print "REQUEST", requestData
for parameter in requestData.keys():
if parameter not in attrs:
del requestData[parameter]
return Response(calee(**requestData), encoder=self.format)
def _application(self, environ, start_response):
'''handle request for this router'''
req = Request(environ)
res = Response()
pipeline = self.tree.build_pipeline(req)
return pipeline.handler(req, res)(environ, start_response)
def test_response_failed(self):
resp = Response(FAILURE, "Error here")
self.assertEquals(resp.is_success(), FAILURE)
