def submit_archive(group):
"""
Allows for authenticated users to submit archives
"""
user = '******' % api_request_user()
try:
if group not in groups():
raise ValueError('Invalid group specified')
if 'cves' not in request.args:
raise ValueError('CVE(s) required')
cves = [cve.strip() for cve in request.args['cves'].split(',')]
meta = {}
for field in current_app.config['SUBMISSION_GROUPS'].get(group):
if field in request.args:
value = request.args.get(field)
if len(value) > 0:
meta[field] = value
files = upload(group, request.files.get('archive', None), meta)
for (ondisk, filename, suffix) in files:
submit(user, ondisk, group, filename, suffix, cves, meta)
return success()
except ValueError as ve:
current_app.logger.info('Invalid submission by %s: %s' %
(user, ve.message))
return error(ve.message)
except Exception as e:
current_app.logger.info(e.message)
return error()
def process_submission(form):
try:
cves = []
for cve in form.cves.data.split(','):
cves.append(cve.strip())
group = form.group.data
coordinates = CoordinateDict({
coord: form._fields.get('%s_%s' % (group, coord)).data.strip()
for coord in SUBMISSION_GROUPS.get(group, [])
})
files = upload(group, request.files.get('archive', None), coordinates)
for (ondisk, filename, suffix) in files:
submit(
login.current_user.username, ondisk, group, filename, suffix,
cves, coordinates=coordinates
)
current_app.config['INDEX_REFRESH_FLAG'] = True
flash('Archive Submitted for processing', 'info')
except ValueError, ve:
flash(escape(ve.message), 'error')
def submit_archive(group):
"""
Allows for authenticated users to submit archives
"""
user = '******' % api_request_user()
try:
if group not in groups():
raise ValueError('Invalid group specified')
if 'cves' not in request.args:
raise ValueError('CVE(s) required')
cves = [cve.strip() for cve in request.args['cves'].split(',')]
coordinates = CoordinateDict({
coord: request.args.get(coord).strip()
for coord in SUBMISSION_GROUPS.get(group)
if coord in request.args
})
files = upload(group, request.files.get('archive', None), coordinates)
for (ondisk, filename, suffix) in files:
submit(
user, ondisk, group, filename, suffix, cves,
coordinates=coordinates
)
return success()
except ValueError as ve:
current_app.logger.info('Invalid submission by %s: %s' %
(user, ve.message))
return error(ve.message)
except Exception as e:
current_app.logger.info(e.message)
return error()
def process_submission(form, group=None):
try:
cves = []
for cve in form.cves.data.split(','):
cves.append(cve.strip())
if group is None:
group = form.group.data
coordinates = CoordinateDict({
coord: form._fields.get('%s' % coord).data.strip()
for coord in SUBMISSION_GROUPS.get(group, [])
})
# remove any empty values
coordinates = dict(
(k, v)
for k, v in coordinates.iteritems()
if v is not None and len(v) > 0
)
# if no coordinates given, make None
if len(coordinates) == 0:
coordinates = None
files = upload(group, request.files.get('archive', None), coordinates)
for (ondisk, filename, suffix) in files:
submit(
login.current_user.username, ondisk, group, filename, suffix,
cves, coordinates=coordinates
)
current_app.config['INDEX_REFRESH_FLAG'] = True
flash('Archive Submitted for processing', 'info')
except ValueError, ve:
flash(escape(ve.message), 'error')
def submit_hash(group):
"""
Allows for authenticated users to submit hashes via json.
"""
user = '******' % api_request_user()
try:
if group not in groups():
raise ValueError('Invalid group specified')
json_data = request.get_json()
if 'cves' not in json_data:
raise ValueError('No CVE provided')
entry = Hash()
entry.mongify(json_data)
entry.submitter = user
submit(
user, 'json-api-hash', group, suffix='Hash', entry=entry,
approval='PENDING_APPROVAL')
return success()
except ValueError as ve:
return error(ve.message)
except Exception as e:
current_app.logger.info('Invalid submission by %s' % (user))
current_app.logger.debug(e)
return error()
def handleCloseVersions(self,json):
version = json.version
depCves = json.cves
response = self.getClosestVersions(json)
response = response["response"]
numFound = response["numFound"]
if(int(numFound) == 0 ):
return 'Error - could not find dependency in maven central repo'
elif(int(numFound) == 1):
return 'There is only one version available, nothing to be done'
else:
deps = response["docs"]
noOfDeps = len(deps)
posOfDep = -1
for i in xrange(0,noOfDeps):
if(deps[i]["v"] == version):
posOfDep = i
break
if posOfDep == -1:
return 'Error - cannot find current version number in maven search'
else:
if posOfDep+1 >= 0:
for i in xrange(-1,2):
if (i != 0):
info = dict(groupId=str(deps[i]["g"]),artifactId=str(deps[i]["a"]),version=str(deps[posOfDep+i]["v"]))
javamanager = JavaManager()
artifact = javamanager.make_artifact(info)
for repo in javamanager.repos:
uri = repo.get_artifact_uri(artifact, 'jar')
sha1 = repo.download_check_sum('sha1', uri)
count = Submission.objects(entry=sha1).count();
if(str(count).isdigit()):
if(float(count) != 1):
#submit from submissions
downloadLocation = download('java',info)
return submit('similaritySearch', downloadLocation[0][0], group="java", filename=downloadLocation[0][0][downloadLocation[0][0].rindex("/")+1:], suffix=True, cves=depCves,
metadata=info, entry=False, approval='REQUESTED')
return "adding the new dependency"
else:
continue
else:
return 'No available dependencies in the maven central repository'