def _init_repo_data(self):
if self.commit_link and 'github.com' in self.commit_link:
resource_url = self.commit_link
else:
resource_url = self.repo_url if self.repo_url else self.commit_link
logging.info('Searching VCS handler for %s', resource_url)
if not resource_url:
return False
vcs_handler = getVcsHandler(current_app, resource_url)
if not vcs_handler:
raise InvalidIdentifierException(
'Please provide a valid resource link.')
self.repo_name = vcs_handler.repo_name
self.file_provider_url = vcs_handler.getFileProviderUrl()
self.file_ref_provider_url = vcs_handler.getRefFileProviderUrl()
self.file_url = vcs_handler.getFileUrl()
self.tree_url = vcs_handler.getTreeUrl()
self.commit_hash = (self.commit_hash
if self.commit_hash else vcs_handler.commit_hash)
if not self.commit_hash:
raise InvalidIdentifierException(
'Couldn\'t extract commit hash from given resource URL.')
return True
def __init__(self,
commit_link=None,
repo_owner=None,
repo_name=None,
repo_url=None,
commit_hash=None):
self.repo_owner = repo_owner
self.repo_name = repo_name
if repo_url:
vcs_handler = getVcsHandler(None, repo_url)
if not vcs_handler:
raise InvalidIdentifierException(
'Please provide a valid git repo URL.')
self.repo_url = repo_url
self.commit_link = commit_link
self.commit_hash = commit_hash
def _create_vuln_internal(vuln_id=None):
try:
vulnerability_details = VulnerabilityDetails(vuln_id)
vulnerability = vulnerability_details.get_or_create_vulnerability()
except InvalidIdentifierException as e:
return flashError(str(e), 'serve_index')
if vulnerability.id:
logging.debug('Preexisting vulnerability entry found: %s',
vulnerability.id)
delete_form = VulnerabilityDeleteForm()
if delete_form.validate_on_submit():
db.session.delete(vulnerability)
# Remove the entry.
db.session.commit()
flash('The entry was deleted.', 'success')
return redirect('/')
form = VulnerabilityDetailsForm(obj=vulnerability)
commit = form.data['commits'][0]
if not commit['repo_name']:
logging.info('Empty repository name. %r', commit)
repo_url = commit['repo_url']
vcs_handler = getVcsHandler(None, repo_url)
if vcs_handler:
logging.info('Found name. %r', vcs_handler.repo_name)
form.commits[0].repo_name.process_data(vcs_handler.repo_name)
if form.validate_on_submit():
try:
form.populate_obj(vulnerability)
db.session.add(vulnerability)
db.session.commit()
logging.debug('Successfully created/updated entry: %s',
vulnerability.id)
flash('Successfully created/updated entry.', 'success')
return redirect(url_for('vuln.vuln_view',
vuln_id=vulnerability.id))
except InvalidIdentifierException as e:
flashError(str(e))
return render_template('create_entry.html',
cfg=cfg,
vulnerability_details=vulnerability_details,
form=form)
def nvdToVcdb(nvd, commit_link):
vcs_handler = getVcsHandler(app, commit_link)
if not vcs_handler:
print("Can't parse Vcs link: {}".format(commit_link))
#print(vars(nvd))
return None
vulnerability = Vulnerability(
cve_id=nvd.cve_id,
commits=[
VulnerabilityGitCommits(commit_link=commit_link,
commit_hash=vcs_handler.commit_hash,
repo_name=vcs_handler.repo_name,
repo_owner=vcs_handler.repo_owner,
repo_url=vcs_handler.repo_url)
],
comment='',
)
return vulnerability
def main_api():
commit_hash = request.args.get('commit_hash', 0, type=str)
item_hash = request.args.get('item_hash', 0, type=str)
item_path = request.args.get('item_path', None, type=str)
commit_link = request.args.get('commit_link', '', type=str)
repo_url = request.args.get('repo_url', '', type=str)
if 'github.com' in commit_link:
resource_url = commit_link
else:
resource_url = repo_url if repo_url else commit_link
vcs_handler = getVcsHandler(app, resource_url)
if not vcs_handler:
return createJsonResponse('Please provide a valid resource URL.', 400)
#try:
# Return a specific file's content if requested instead.
if item_hash:
content = vcs_handler.getFileContent(item_hash, item_path)
logging.info('Retrieved %s: %d bytes', item_hash, len(content))
return content
return vcs_handler.fetchCommitData(commit_hash)