Esempio n. 1
0
def admin_update_check():
    if current_user.is_white_team:
        if "name" in request.form and "value" in request.form and "pk" in request.form:
            check = session.query(Check).get(int(request.form["pk"]))
            if check:
                modified_check = False
                if request.form["name"] == "check_value":
                    if request.form["value"] == "1":
                        check.result = True
                    elif request.form["value"] == "2":
                        check.result = False
                    modified_check = True
                elif request.form["name"] == "check_reason":
                    modified_check = True
                    check.reason = request.form["value"]
                if modified_check:
                    session.add(check)
                    session.commit()
                    update_scoreboard_data()
                    update_overview_data()
                    update_services_navbar(check.service.team.id)
                    update_team_stats(check.service.team.id)
                    update_services_data(check.service.team.id)
                    update_service_data(check.service.id)
                    return jsonify({"status": "Updated Property Information"})
            return jsonify({"error": "Incorrect permissions"})
    return jsonify({"error": "Incorrect permissions"})
Esempio n. 2
0
def admin_update_check():
    if current_user.is_white_team:
        if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
            check = session.query(Check).get(int(request.form['pk']))
            if check:
                modified_check = False
                if request.form['name'] == 'check_value':
                    if request.form['value'] == '1':
                        check.result = True
                    elif request.form['value'] == '2':
                        check.result = False
                    modified_check = True
                elif request.form['name'] == 'check_reason':
                    modified_check = True
                    check.reason = request.form['value']
                if modified_check:
                    session.add(check)
                    session.commit()
                    update_scoreboard_data()
                    update_overview_data()
                    update_services_navbar(check.service.team.id)
                    update_team_stats(check.service.team.id)
                    update_services_data(check.service.team.id)
                    update_service_data(check.service.id)
                    return jsonify({'status': 'Updated Property Information'})
            return jsonify({'error': 'Incorrect permissions'})
    return jsonify({'error': 'Incorrect permissions'})
Esempio n. 3
0
def update_team_score(team_id: int,
                      first_round: int,
                      last_round: int,
                      add: bool = False) -> None:
    """Update the scores of a specific team.

    Note that it doesn't really make sense to perform an update that doesn't continue
    all the way to the most recent round of scoring, since that will be used as the
    basis for the team's score for the next round.

    :param team_id: The ID of the team whose scores should be updated.
    :type team_id: int
    :param first_round: The first round that scores will be recalculated for.
    :type first_round: int
    :param last_round: The last round (inclusive) that scores will be recalculated for.
    :type last_round: int
    :param add: Whether to add new score objects if they don't exist. Defaults to False.
    :tpe add: bool
    """
    # Validate the first and last round
    if first_round < 1:
        first_round = 1
    max_round = Round.get_last_round_num(
    )  # save value so we only it database once
    if last_round > max_round:
        last_round = max_round

    # Get score of previous round
    score = 0
    if first_round > 1:
        prev_round = session.query(Round).filter_by(number=(first_round -
                                                            1)).first()
        prev_score = (session.query(Score).filter_by(
            team_id=team_id, round_id=prev_round.id).first())
        score = prev_score.value

    # Get all services for the team
    services = session.query(Service).filter_by(team_id=team_id).all()

    # Iterate through each round
    for round_num in range(first_round, last_round + 1):
        round_obj = session.query(Round).filter_by(number=round_num).first()

        # Determine the check result for each service
        for service_obj in services:
            # Get the service's check
            check_obj = (session.query(Check).filter_by(
                service_id=service_obj.id, round_id=round_obj.id).first())
            if check_obj.result:
                score += service_obj.points

        # Update the round's score
        score_obj = (session.query(Score).filter_by(
            team_id=team_id, round_id=round_obj.id).first())
        if (score_obj is None) and add:
            score_obj = Score(value=score, team_id=team_id, round=round_obj)
            session.add(score_obj)
        elif score_obj is not None:
            score_obj.value = score
        session.commit()
Esempio n. 4
0
def logout():
    user = current_user
    user.authenticated = False
    session.add(user)
    session.commit()
    logout_user()
    flash('You have successfully logged out.', 'success')
    return redirect(url_for('auth.login'))
Esempio n. 5
0
def admin_update_blueteam_edit_account_passwords():
    if current_user.is_white_team:
        setting = Setting.get_setting("blue_team_update_account_passwords")
        if setting.value is True:
            setting.value = False
        else:
            setting.value = True
        session.add(setting)
        session.commit()
        return redirect(url_for("admin.permissions"))
    return {"status": "Unauthorized"}, 403
Esempio n. 6
0
def admin_update_points():
    if current_user.is_white_team:
        if "name" in request.form and "value" in request.form and "pk" in request.form:
            service = session.query(Service).get(int(request.form["pk"]))
            if service:
                if request.form["name"] == "points":
                    service.points = int(request.form["value"])
                    session.add(service)
                    session.commit()
                    return jsonify({"status": "Updated Service Information"})
    return jsonify({"error": "Incorrect permissions"})
Esempio n. 7
0
def admin_update_blueteam_edit_account_usernames():
    if current_user.is_white_team:
        setting = Setting.get_setting('blue_team_update_account_usernames')
        if setting.value is True:
            setting.value = False
        else:
            setting.value = True
        session.add(setting)
        session.commit()
        return redirect(url_for('admin.permissions'))
    return {'status': 'Unauthorized'}, 403
Esempio n. 8
0
def admin_update_points():
    if current_user.is_white_team:
        if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
            service = session.query(Service).get(int(request.form['pk']))
            if service:
                if request.form['name'] == 'points':
                    service.points = int(request.form['value'])
                    session.add(service)
                    session.commit()
                    return jsonify({'status': 'Updated Service Information'})
    return jsonify({'error': 'Incorrect permissions'})
Esempio n. 9
0
def admin_update_blueteam_view_check_output():
    if current_user.is_white_team:
        setting = Setting.get_setting("blue_team_view_check_output")
        print(setting.__dict__)
        if setting.value is True:
            setting.value = False
        else:
            setting.value = True
        session.add(setting)
        session.commit()
        return redirect(url_for("admin.permissions"))
    return {"status": "Unauthorized"}, 403
Esempio n. 10
0
def admin_update_welcome_page_content():
    if current_user.is_white_team:
        if "welcome_page_content" in request.form:
            setting = Setting.get_setting("welcome_page_content")
            setting.value = request.form["welcome_page_content"]
            session.add(setting)
            session.commit()
            flash("Welcome Page Content Successfully Updated.", "success")
            return redirect(url_for("admin.settings"))
        flash("Error: welcome_page_content not specified.", "danger")
        return redirect(url_for("admin.manage"))
    return {"status": "Unauthorized"}, 403
Esempio n. 11
0
def admin_update_welcome_page_content():
    if current_user.is_white_team:
        if 'welcome_page_content' in request.form:
            setting = Setting.get_setting('welcome_page_content')
            setting.value = request.form['welcome_page_content']
            session.add(setting)
            session.commit()
            flash('Welcome Page Content Successfully Updated.', 'success')
            return redirect(url_for('admin.settings'))
        flash('Error: welcome_page_content not specified.', 'danger')
        return redirect(url_for('admin.manage'))
    return {'status': 'Unauthorized'}, 403
Esempio n. 12
0
def profile_update_password():
    if 'user_id' in request.form and 'password' in request.form:
        if str(current_user.id) == request.form['user_id']:
            current_user.update_password(html.escape(request.form['password']))
            current_user.authenticated = False
            session.add(current_user)
            session.commit()
            flash('Password Successfully Updated.', 'success')
            return redirect(url_for('profile.home'))
        else:
            return {'status': 'Unauthorized'}, 403
    else:
        return {'status': 'Unauthorized'}, 403
Esempio n. 13
0
def admin_update_environment():
    if current_user.is_white_team:
        if "name" in request.form and "value" in request.form and "pk" in request.form:
            environment = session.query(Environment).get(
                int(request.form["pk"]))
            if environment:
                if request.form["name"] == "matching_content":
                    environment.matching_content = html.escape(
                        request.form["value"])
                session.add(environment)
                session.commit()
                return jsonify({"status": "Updated Environment Information"})
            return jsonify({"error": "Incorrect permissions"})
    return jsonify({"error": "Incorrect permissions"})
Esempio n. 14
0
def admin_update_host():
    if current_user.is_white_team:
        if "name" in request.form and "value" in request.form and "pk" in request.form:
            service = session.query(Service).get(int(request.form["pk"]))
            if service:
                if request.form["name"] == "host":
                    service.host = html.escape(request.form["value"])
                    session.add(service)
                    session.commit()
                    update_overview_data()
                    update_services_data(service.team.id)
                    update_service_data(service.id)
                    return jsonify({"status": "Updated Service Information"})
    return jsonify({"error": "Incorrect permissions"})
Esempio n. 15
0
    def queue_update(self):
        """Queue a score update for this team.
        """
        teams_to_update = session.query(Setting).filter_by(
            name='teams_to_update').first()
        team_list = teams_to_update.value

        # Only add a preceeding comma if the list is not empty
        if team_list != '':
            team_list += ','

        team_list += str(self.id)
        teams_to_update.value = team_list
        session.commit()
Esempio n. 16
0
def admin_update_property():
    if current_user.is_white_team:
        if "name" in request.form and "value" in request.form and "pk" in request.form:
            property_obj = session.query(Property).get(int(request.form["pk"]))
            if property_obj:
                if request.form["name"] == "property_name":
                    property_obj.name = html.escape(request.form["value"])
                elif request.form["name"] == "property_value":
                    property_obj.value = html.escape(request.form["value"])
                session.add(property_obj)
                session.commit()
                return jsonify({"status": "Updated Property Information"})
            return jsonify({"error": "Incorrect permissions"})
    return jsonify({"error": "Incorrect permissions"})
Esempio n. 17
0
def admin_add_team():
    if current_user.is_white_team:
        if "name" in request.form and "color" in request.form:
            team_obj = Team(html.escape(request.form["name"]),
                            html.escape(request.form["color"]))
            session.add(team_obj)
            session.commit()
            flash("Team successfully added.", "success")
            return redirect(url_for("admin.manage"))
        else:
            flash("Error: Team name or color not defined.", "danger")
            return redirect(url_for("admin.manage"))
    else:
        return {"status": "Unauthorized"}, 403
Esempio n. 18
0
def admin_update_host():
    if current_user.is_white_team:
        if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
            service = session.query(Service).get(int(request.form['pk']))
            if service:
                if request.form['name'] == 'host':
                    service.host = html.escape(request.form['value'])
                    session.add(service)
                    session.commit()
                    update_overview_data()
                    update_services_data(service.team.id)
                    update_service_data(service.id)
                    return jsonify({'status': 'Updated Service Information'})
    return jsonify({'error': 'Incorrect permissions'})
Esempio n. 19
0
def admin_add_team():
    if current_user.is_white_team:
        if 'name' in request.form and 'color' in request.form:
            team_obj = Team(html.escape(request.form['name']),
                            html.escape(request.form['color']))
            session.add(team_obj)
            session.commit()
            flash('Team successfully added.', 'success')
            return redirect(url_for('admin.manage'))
        else:
            flash('Error: Team name or color not defined.', 'danger')
            return redirect(url_for('admin.manage'))
    else:
        return {'status': 'Unauthorized'}, 403
Esempio n. 20
0
def admin_update_property():
    if current_user.is_white_team:
        if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
            property_obj = session.query(Property).get(int(request.form['pk']))
            if property_obj:
                if request.form['name'] == 'property_name':
                    property_obj.name = html.escape(request.form['value'])
                elif request.form['name'] == 'property_value':
                    property_obj.value = html.escape(request.form['value'])
                session.add(property_obj)
                session.commit()
                return jsonify({'status': 'Updated Property Information'})
            return jsonify({'error': 'Incorrect permissions'})
    return jsonify({'error': 'Incorrect permissions'})
Esempio n. 21
0
def admin_update_environment():
    if current_user.is_white_team:
        if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
            environment = session.query(Environment).get(
                int(request.form['pk']))
            if environment:
                if request.form['name'] == 'matching_regex':
                    environment.matching_regex = html.escape(
                        request.form['value'])
                session.add(environment)
                session.commit()
                return jsonify({'status': 'Updated Environment Information'})
            return jsonify({'error': 'Incorrect permissions'})
    return jsonify({'error': 'Incorrect permissions'})
Esempio n. 22
0
def admin_update_round_time_sleep():
    if current_user.is_white_team:
        if 'round_time_sleep' in request.form:
            setting = Setting.get_setting('round_time_sleep')
            input_time = request.form['round_time_sleep']
            if not input_time.isdigit():
                flash('Error: Round Sleep Time must be an integer.', 'danger')
                return redirect(url_for('admin.settings'))
            setting.value = input_time
            session.add(setting)
            session.commit()
            flash('Round Sleep Time Successfully Updated.', 'success')
            return redirect(url_for('admin.settings'))
        flash('Error: round_time_sleep not specified.', 'danger')
        return redirect(url_for('admin.settings'))
    return {'status': 'Unauthorized'}, 403
Esempio n. 23
0
def admin_update_target_round_time():
    if current_user.is_white_team:
        if "target_round_time" in request.form:
            setting = Setting.get_setting("target_round_time")
            input_time = request.form["target_round_time"]
            if not input_time.isdigit():
                flash("Error: Target Round Time must be an integer.", "danger")
                return redirect(url_for("admin.settings"))
            setting.value = input_time
            session.add(setting)
            session.commit()
            flash("Target Round Time Successfully Updated.", "success")
            return redirect(url_for("admin.settings"))
        flash("Error: target_round_time not specified.", "danger")
        return redirect(url_for("admin.settings"))
    return {"status": "Unauthorized"}, 403
Esempio n. 24
0
def update_service_account_info():
    if current_user.is_white_team or current_user.is_blue_team:
        if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
            account = session.query(Account).get(int(request.form['pk']))
            if current_user.team == account.service.team or current_user.is_white_team:
                if account:
                    if request.form['name'] == 'username':
                        account.username = html.escape(request.form['value'])
                    elif request.form['name'] == 'password':
                        account.password = html.escape(request.form['value'])
                    session.add(account)
                    session.commit()
                    return jsonify({'status': 'Updated Account Information'})
                return jsonify({'error': 'Incorrect permissions'})
            return jsonify({'error': 'Incorrect permissions'})
    return jsonify({'error': 'Incorrect permissions'})
Esempio n. 25
0
def admin_update_worker_refresh_time():
    if current_user.is_white_team:
        if 'worker_refresh_time' in request.form:
            setting = Setting.get_setting('worker_refresh_time')
            input_time = request.form['worker_refresh_time']
            if not input_time.isdigit():
                flash('Error: Worker Refresh Time must be an integer.',
                      'danger')
                return redirect(url_for('admin.settings'))
            setting.value = input_time
            session.add(setting)
            session.commit()
            flash('Worker Refresh Time Successfully Updated.', 'success')
            return redirect(url_for('admin.settings'))
        flash('Error: worker_refresh_time not specified.', 'danger')
        return redirect(url_for('admin.settings'))
    return {'status': 'Unauthorized'}, 403
Esempio n. 26
0
def admin_add_user():
    if current_user.is_white_team:
        if 'username' in request.form and 'password' in request.form and 'team_id' in request.form:
            team_obj = session.query(Team).filter(
                Team.id == request.form['team_id']).one()
            user_obj = User(username=html.escape(request.form['username']),
                            password=html.escape(request.form['password']),
                            team=team_obj)
            session.add(user_obj)
            session.commit()
            flash('User successfully added.', 'success')
            return redirect(url_for('admin.manage'))
        else:
            flash('Error: Username, Password, or Team ID not specified.',
                  'danger')
            return redirect(url_for('admin.manage'))
    else:
        return {'status': 'Unauthorized'}, 403
Esempio n. 27
0
def update_port():
    if current_user.is_blue_team:
        if 'name' in request.form and 'value' in request.form and 'pk' in request.form:
            service = session.query(Service).get(int(request.form['pk']))
            if service:
                if service.team == current_user.team and request.form[
                        'name'] == 'port':
                    modify_port_setting = Setting.get_setting(
                        'blue_team_update_port').value
                    if modify_port_setting is not True:
                        return jsonify({'error': 'Incorrect permissions'})
                    service.port = int(html.escape(request.form['value']))
                    session.add(service)
                    session.commit()
                    update_overview_data()
                    update_services_data(service.team.id)
                    update_service_data(service.id)
                    return jsonify({'status': 'Updated Service Information'})
    return jsonify({'error': 'Incorrect permissions'})
Esempio n. 28
0
def admin_update_password():
    if current_user.is_white_team:
        if 'user_id' in request.form and 'password' in request.form:
            try:
                user_obj = session.query(User).filter(
                    User.id == request.form['user_id']).one()
            except NoResultFound:
                return redirect(url_for('auth.login'))
            user_obj.update_password(html.escape(request.form['password']))
            user_obj.authenticated = False
            session.add(user_obj)
            session.commit()
            flash('Password Successfully Updated.', 'success')
            return redirect(url_for('admin.manage'))
        else:
            flash('Error: user_id or password not specified.', 'danger')
            return redirect(url_for('admin.manage'))
    else:
        return {'status': 'Unauthorized'}, 403
Esempio n. 29
0
def update_host():
    if current_user.is_blue_team:
        if "name" in request.form and "value" in request.form and "pk" in request.form:
            service = session.query(Service).get(int(request.form["pk"]))
            if service:
                if service.team == current_user.team and request.form[
                        "name"] == "host":
                    modify_hostname_setting = Setting.get_setting(
                        "blue_team_update_hostname").value
                    if modify_hostname_setting is not True:
                        return jsonify({"error": "Incorrect permissions"})
                    service.host = html.escape(request.form["value"])
                    session.add(service)
                    session.commit()
                    update_overview_data()
                    update_services_data(service.team.id)
                    update_service_data(service.id)
                    return jsonify({"status": "Updated Service Information"})
    return jsonify({"error": "Incorrect permissions"})
Esempio n. 30
0
def admin_update_password():
    if current_user.is_white_team:
        if "user_id" in request.form and "password" in request.form:
            try:
                user_obj = (session.query(User).filter(
                    User.id == request.form["user_id"]).one())
            except NoResultFound:
                return redirect(url_for("auth.login"))
            user_obj.update_password(html.escape(request.form["password"]))
            user_obj.authenticated = False
            session.add(user_obj)
            session.commit()
            flash("Password Successfully Updated.", "success")
            return redirect(url_for("admin.manage"))
        else:
            flash("Error: user_id or password not specified.", "danger")
            return redirect(url_for("admin.manage"))
    else:
        return {"status": "Unauthorized"}, 403