def _create_vuln_internal(vcdb_id=None): try: vulnerability_details = VulnerabilityDetails(vcdb_id) vulnerability = vulnerability_details.get_or_create_vulnerability() except InvalidIdentifierException as err: return flash_error(str(err), "frontend.serve_index") if vulnerability.id: logging.debug("Preexisting vulnerability entry found: %r", vulnerability.id) delete_form = VulnerabilityDeleteForm() if delete_form.validate_on_submit(): db.session.delete(vulnerability) # Remove the entry. db.session.commit() flash("The entry was deleted.", "success") return redirect("/") form = VulnerabilityDetailsForm(obj=vulnerability) commit = form.data["commits"][0] if not commit["repo_name"]: logging.info("Empty repository name. %r", commit) repo_url = commit["repo_url"] vcs_handler = get_vcs_handler(None, repo_url) if vcs_handler: logging.info("Found name. %r", vcs_handler.repo_name) form.commits[0].repo_name.process_data(vcs_handler.repo_name) if form.validate_on_submit(): try: form.populate_obj(vulnerability) db.session.add(vulnerability) db.session.commit() # TODO: Improve this hack to assign a new vcdb_id here. # Currently, we are just piggy backing on the auto increment # of the primary key to ensure uniqueness. # This will likely be prone to race conditions. vulnerability.vcdb_id = vulnerability.id db.session.add(vulnerability) db.session.commit() logging.debug("Successfully created/updated entry: %r", vulnerability.id) flash("Successfully created/updated entry.", "success") return redirect( url_for("vuln.vuln_view", vcdb_id=vulnerability.vcdb_id)) except InvalidIdentifierException as err: flash_error(str(err)) return render_template( "vulnerability/create.html", vulnerability_details=vulnerability_details, form=form, )
def _create_vuln_internal(vuln_id=None): try: vulnerability_details = VulnerabilityDetails(vuln_id) vulnerability = vulnerability_details.get_or_create_vulnerability() except InvalidIdentifierException as err: return flashError(str(err), "serve_index") if vulnerability.id: logging.debug("Preexisting vulnerability entry found: %s", vulnerability.id) delete_form = VulnerabilityDeleteForm() if delete_form.validate_on_submit(): db.session.delete(vulnerability) # Remove the entry. db.session.commit() flash("The entry was deleted.", "success") return redirect("/") form = VulnerabilityDetailsForm(obj=vulnerability) commit = form.data["commits"][0] if not commit["repo_name"]: logging.info("Empty repository name. %r", commit) repo_url = commit["repo_url"] vcs_handler = get_vcs_handler(None, repo_url) if vcs_handler: logging.info("Found name. %r", vcs_handler.repo_name) form.commits[0].repo_name.process_data(vcs_handler.repo_name) if form.validate_on_submit(): try: form.populate_obj(vulnerability) db.session.add(vulnerability) db.session.commit() logging.debug("Successfully created/updated entry: %s", vulnerability.id) flash("Successfully created/updated entry.", "success") return redirect(url_for("vuln.vuln_view", vuln_id=vulnerability.id)) except InvalidIdentifierException as err: flashError(str(err)) return render_template( "create_entry.html", vulnerability_details=vulnerability_details, form=form)
def _edit_vuln_internal(vcdb_id: str = None): try: vulnerability_details = VulnerabilityDetails(vcdb_id) vulnerability_view = vulnerability_details.vulnerability_view vulnerability = vulnerability_details.get_or_create_vulnerability() except InvalidIdentifierException as err: return flash_error(str(err), "frontend.serve_index") form = VulnerabilityDetailsForm(obj=vulnerability) # Populate the form data from the vulnerability view if necessary. if form.comment.data == "": form.comment.data = vulnerability_view.comment form_submitted = form.validate_on_submit() if form_submitted and _can_add_proposal(vulnerability): add_proposal(vulnerability, form) return render_template("vulnerability/edit.html", vulnerability_details=vulnerability_details, form=form)
def _edit_vuln_internal(vcdb_id: str = None): try: vulnerability_details = VulnerabilityDetails(vcdb_id) vulnerability_view = vulnerability_details.vulnerability_view vulnerability = vulnerability_details.get_or_create_vulnerability() except InvalidIdentifierException as err: return flash_error(str(err), "frontend.serve_index") form = VulnerabilityDetailsForm(obj=vulnerability) # Populate the form data from the vulnerability view if necessary. if form.comment.data == "": form.comment.data = vulnerability_view.comment form_submitted = form.validate_on_submit() if form_submitted and _can_add_proposal(vulnerability): # TODO: This is incomplete/incorrect as the attached relationships such a GitCommit objects get updated. # We have to ensure everything is properly detached and gets copied before any modifications happen. # Currently, this will incorrectly update relationship objects instead of copying them. form.populate_obj(vulnerability) add_proposal(vulnerability) return render_template("vulnerability/edit.html", vulnerability_details=vulnerability_details, form=form)