def embed(vuln_id):
try:
section_id = int(request.args.get("sid", -1))
start_line = int(request.args.get("start_line", 1))
end_line = int(request.args.get("end_line", -1))
vulnerability_details = VulnerabilityDetails(vuln_id)
vulnerability_details.validate()
vuln_view = vulnerability_details.vulnerability_view
if not vuln_view:
return bp.make_response(("No vulnerability found", 404))
if not vuln_view.master_commit:
return bp.make_response(
("Vuln (id: {:d}) has no linked Git commits!".format(
vuln_view.id), 404))
master_commit = vulnerability_details.getMasterCommit()
files_schema = RepositoryFilesSchema(many=True)
# Hack to quickly retrieve the full data.
custom_data = json.loads(
files_schema.jsonify(master_commit.repository_files).data)
settings = {
"section_id": section_id,
"startLine": start_line,
"endLine": end_line,
"entry_data": custom_data,
}
return render_template(
"embedded.html",
vulnerability_details=vulnerability_details,
embed_settings=settings,
)
except (ValueError, InvalidIdentifierException):
abort(404)
def bug_save_editor_data():
try:
vulnerability_details = VulnerabilityDetails()
vulnerability_details.validate()
except InvalidIdentifierException as e:
return create_json_response(str(e), 400)
vuln_view = vulnerability_details.vulnerability_view
if request.method == "POST":
if not vuln_view:
return create_json_response("Please create an entry first", 404)
if not vuln_view.master_commit:
current_app.logger.error(
f"Vuln (id: {vuln_view.id}) has no linked Git commits!")
return create_json_response("Entry has no linked Git link!", 404)
master_commit = vulnerability_details.getMasterCommit()
# print("DATA: {request.json}"
old_files = master_commit.repository_files
current_app.logger.debug("%d old files", len(old_files))
# Flush any old custom content of this vulnerability first.
new_files = []
for file in request.get_json():
for of in old_files:
if of.file_path == file["path"] or of.file_hash == file["hash"]:
current_app.logger.debug(
"Found old file: %s",
(file["path"], file["hash"], file["name"]))
file_obj = of
break
else:
current_app.logger.debug(
"Creating new file: %s",
(file["path"], file["hash"], file["name"]))
file_obj = RepositoryFiles(
file_name=file["name"],
file_path=file["path"],
file_patch="DEPRECATED",
file_hash=file["hash"],
)
# Create comment objects.
new_comments = []
for comment in file["comments"]:
comment_obj = RepositoryFileComments(
row_from=comment["row_from"],
row_to=comment["row_to"],
text=comment["text"],
sort_pos=comment["sort_pos"],
creator=g.user,
)
new_comments.append(comment_obj)
update_file_comments(file_obj, new_comments)
# Create marker objects.
new_markers = []
for marker in file["markers"]:
marker_obj = RepositoryFileMarkers(
row_from=marker["row_from"],
row_to=marker["row_to"],
column_from=marker["column_from"],
column_to=marker["column_to"],
marker_class=marker["class"],
creator=g.user,
)
new_markers.append(marker_obj)
update_file_markers(file_obj, new_markers)
new_files.append(file_obj)
current_app.logger.debug("Setting %d files", len(new_files))
master_commit.repository_files = new_files
# Update / Insert entries into the database.
db.session.commit()
return create_json_response("Update successful.")
return create_json_response("Accepting only POST requests.", 400)