def post(self):
def count_total_records(key):
return db.get_session().query(DetectorRequestData).filter_by(detected=key).count()
def count_server_records(server_id, key):
return db.get_session().query(DetectorRequestData).filter_by(detected=key, to_server_id=server_id).count()
incoming_json = request.get_json()
errors = check_json_object(incoming_json, ["email"], "Could not find {} at the incoming json object.")
if len(errors) > 0:
log("[API][GetActiveServicesHandler] Could not process the request: {}".format(errors), LogLevel.INFO, self.post)
return False
user = db.get_session().query(Users).filter(Users.email == incoming_json["email"]).first()
if user is None:
log("[API][GetActiveServicesHandler] Could not find the user in the DB: {}".format(incoming_json["email"]), LogLevel.INFO, self.post)
return False
try:
joined_statuses = []
all_servers = db.get_session().query(Server).filter(Server.user_id == user.item_id).all()
log("[API][GetActiveServicesHandler] all_servers: {}".format(all_servers), LogLevel.INFO, self.post)
for server in all_servers:
log("[API][GetActiveServicesHandler] server: {}".format(server), LogLevel.INFO, self.post)
services = db.get_session().query(Services).filter(Services.server_id == server.item_id).first()
if services is None:
log("[API][GetActiveServicesHandler] Could not find the services in the DB: {}".format(
server.server_dns), LogLevel.INFO, self.post)
return False
jsoned_services = to_json(services, ignore_list=["server_id", "user_id", "id", "created_on"], to_str=True)
final_services_json = {
key: {
"state": value,
"count": count_total_records(key) if user.is_admin else count_server_records(server.item_id, key)
}
for key, value in jsoned_services.items()
}
log("[API][GetActiveServicesHandler] final_services_json: {}".format(final_services_json), LogLevel.INFO, self.post)
joined_object = {**final_services_json, **to_json(server, to_str=True)}
joined_object['website'] = joined_object['server_dns']
del joined_object['server_dns']
joined_statuses.append(joined_object)
log("[API][GetActiveServicesHandler] return {}".format(joined_statuses), LogLevel.DEBUG, self.post)
return joined_statuses
except Exception as e:
log("[API][GetActiveServicesHandler] Exception: {}".format(e), LogLevel.ERROR, self.post)
return False
def _list_of_detectors(self, server_id):
session = db.get_session()
services = session.query(Services).filter_by(
server_id=server_id).first()
services = to_json(services, ignore_list=self.kb["ignore_list"])
return [
self._detectors[key] for key in services
if key in self._detectors and services[key]
]
def post(self):
all_users = db.get_session().query(Users).all()
all_servers = db.get_session().query(Server).all()
all_services = db.get_session().query(Services).all()
joined_objects = []
for user in all_users:
current_object = to_json(user, to_str=True)
del current_object["password"]
for server in all_servers:
if server.user_id == user.item_id:
current_object = {**current_object, **to_json(server, to_str=True)}
for service in all_services:
if service.server_id == server.item_id:
current_object = {**current_object, **to_json(service, ignore_list=["server_id", "user_id", "id", "created_on"], to_str=True)}
joined_objects.append(current_object)
log("[API][GetUsersDataHandler] joined_objects: {}".format(joined_objects), LogLevel.DEBUG, self.post)
return joined_objects
def parse(self, data_to_parse, is_user_protection=False):
parsed_data = HttpResponse()
parsed_data.original = data_to_parse
parsed_data.text = data_to_parse.text
parsed_data.content = data_to_parse.text
parsed_data.headers = data_to_parse.headers
parsed_data.status_code = data_to_parse.status_code
parsed_data.cookies = data_to_parse.cookies
parsed_data.is_redirect = data_to_parse.is_redirect
parsed_data.response_url = data_to_parse.url
parsed_data.time_stamp = datetime.now()
if not is_user_protection:
parsed_data.from_server_id = self.__request.to_server_id
parsed_data.to_ip = self.__request.from_ip
parsed_data.from_dns_name = self.__request.host_name
log("The Parsed data is: {}".format(to_json(parsed_data)), LogLevel.DEBUG, self.parse)
log("Finish parsing the request.", LogLevel.INFO, self.parse)
return parsed_data
def parse(self, data_to_parse):
parsed_data = HttpRequest()
log("Parse the url {}".format(data_to_parse.url), LogLevel.DEBUG, self.parse)
url = urlparse(data_to_parse.url)
log("The Parsed url is: {}".format(url), LogLevel.DEBUG, self.parse)
parsed_data.method = "{}".format(data_to_parse.method).upper()
parsed_data.content = data_to_parse.get_data()
parsed_data.headers = data_to_parse.headers
parsed_data.query = '{uri.query}'.format(uri=url)
parsed_data.path = '{uri.path}'.format(uri=url)
parsed_data.host_name = '{uri.netloc}'.format(uri=url)
parsed_data.from_ip = data_to_parse.remote_addr
parsed_data.time_stamp = datetime.now()
parsed_data.args = data_to_parse.args
parsed_data.form = data_to_parse.form
log("The Parsed data is: {}".format(to_json(parsed_data)), LogLevel.DEBUG, self.parse)
log("Finish parsing the request.", LogLevel.INFO, self.parse)
return parsed_data
def request_handler():
# try:
log("Is the request is HTTPS? ", LogLevel.INFO, request_handler)
if not request.is_secure:
return Response(status=301, headers=hsts.enforce(request.url))
log("Start parsing the request", LogLevel.INFO, request_handler)
parser = FlaskHTTPRequestParser()
parsed_request = parser.parse(request)
log("Creating Controller", LogLevel.INFO, request_handler)
log("The Controller Detectors are {}".format(detectors), LogLevel.DEBUG,
request_handler)
controller = ElroController(detectors=detectors)
log("Activating controller request handler", LogLevel.INFO,
request_handler)
response_code, send_to, new_request, parsed_request = controller.request_handler(
parsed_request, request)
log("Controller response is: {} {}".format(response_code, send_to),
LogLevel.DEBUG, request_handler)
url = 'https://{}{}?{}'.format(parsed_request.host_name,
parsed_request.path, parsed_request.query)
if response_code == ControllerResponseCode.NotValid:
log("The Request for {} is not valid.".format(request.url),
LogLevel.INFO, request_handler)
log("Redirecting to {}".format(url), LogLevel.INFO, request_handler)
response = Response(status=302, headers={"Location": url})
elif response_code == ControllerResponseCode.Valid:
send_headers = {key: value for key, value in new_request.headers}
log("The Request for {} valid and OK".format(request.url),
LogLevel.INFO, request_handler)
resp = requests.request(method=parsed_request.method,
url=url,
verify=True,
json=new_request.get_json(),
headers=send_headers,
params=new_request.args,
data=new_request.form)
log("The Response is {}".format(to_json(resp)), LogLevel.DEBUG,
request_handler)
parser = HTTPResponseParser(parsed_request)
log("Parse the response", LogLevel.INFO, request_handler)
parsed_response = parser.parse(resp)
log("Activating controller response handler", LogLevel.INFO,
request_handler)
response_code, send_to, new_content = controller.response_handler(
parsed_response, resp)
log("Controller response is: {} {}".format(response_code, send_to),
LogLevel.DEBUG, request_handler)
if response_code == ControllerResponseCode.NotValid:
send_content = new_content
elif response_code == ControllerResponseCode.Valid:
send_content = resp.content
else:
send_content = None
excluded_headers = [
'content-encoding', 'content-length', 'transfer-encoding',
'connection'
]
headers = [(name, value) for (name, value) in resp.raw.headers.items()
if name.lower() not in excluded_headers]
log("Generating response...", LogLevel.INFO, request_handler)
response = Response(status=403) if send_content is None else Response(
send_content, resp.status_code, headers)
else:
log(
"The Request for {} is not found in the database".format(
request.url), LogLevel.INFO, request_handler)
response = Response(status=404)
abort(404) # Abort the request.
log("Sending response", LogLevel.INFO, request_handler)
return response