コード例 #1
0
def _create_vuln_internal(vcdb_id=None):
    try:
        vulnerability_details = VulnerabilityDetails(vcdb_id)
        vulnerability = vulnerability_details.get_or_create_vulnerability()
    except InvalidIdentifierException as err:
        return flash_error(str(err), "frontend.serve_index")

    if vulnerability.id:
        logging.debug("Preexisting vulnerability entry found: %r",
                      vulnerability.id)
        delete_form = VulnerabilityDeleteForm()
        if delete_form.validate_on_submit():
            db.session.delete(vulnerability)
            # Remove the entry.
            db.session.commit()
            flash("The entry was deleted.", "success")
            return redirect("/")

    form = VulnerabilityDetailsForm(obj=vulnerability)
    commit = form.data["commits"][0]
    if not commit["repo_name"]:
        logging.info("Empty repository name. %r", commit)
        repo_url = commit["repo_url"]
        vcs_handler = get_vcs_handler(None, repo_url)
        if vcs_handler:
            logging.info("Found name. %r", vcs_handler.repo_name)
            form.commits[0].repo_name.process_data(vcs_handler.repo_name)

    if form.validate_on_submit():
        try:
            form.populate_obj(vulnerability)
            db.session.add(vulnerability)
            db.session.commit()
            # TODO: Improve this hack to assign a new vcdb_id here.
            #       Currently, we are just piggy backing on the auto increment
            #       of the primary key to ensure uniqueness.
            #       This will likely be prone to race conditions.
            vulnerability.vcdb_id = vulnerability.id
            db.session.add(vulnerability)
            db.session.commit()

            logging.debug("Successfully created/updated entry: %r",
                          vulnerability.id)
            flash("Successfully created/updated entry.", "success")
            return redirect(
                url_for("vuln.vuln_view", vcdb_id=vulnerability.vcdb_id))
        except InvalidIdentifierException as err:
            flash_error(str(err))

    return render_template(
        "vulnerability/create.html",
        vulnerability_details=vulnerability_details,
        form=form,
    )
コード例 #2
0
def _create_vuln_internal(vuln_id=None):
    try:
        vulnerability_details = VulnerabilityDetails(vuln_id)
        vulnerability = vulnerability_details.get_or_create_vulnerability()
    except InvalidIdentifierException as err:
        return flashError(str(err), "serve_index")

    if vulnerability.id:
        logging.debug("Preexisting vulnerability entry found: %s",
                      vulnerability.id)
        delete_form = VulnerabilityDeleteForm()
        if delete_form.validate_on_submit():
            db.session.delete(vulnerability)
            # Remove the entry.
            db.session.commit()
            flash("The entry was deleted.", "success")
            return redirect("/")

    form = VulnerabilityDetailsForm(obj=vulnerability)
    commit = form.data["commits"][0]
    if not commit["repo_name"]:
        logging.info("Empty repository name. %r", commit)
        repo_url = commit["repo_url"]
        vcs_handler = get_vcs_handler(None, repo_url)
        if vcs_handler:
            logging.info("Found name. %r", vcs_handler.repo_name)
            form.commits[0].repo_name.process_data(vcs_handler.repo_name)

    if form.validate_on_submit():
        try:
            form.populate_obj(vulnerability)
            db.session.add(vulnerability)
            db.session.commit()
            logging.debug("Successfully created/updated entry: %s",
                          vulnerability.id)
            flash("Successfully created/updated entry.", "success")
            return redirect(url_for("vuln.vuln_view", vuln_id=vulnerability.id))
        except InvalidIdentifierException as err:
            flashError(str(err))

    return render_template(
        "create_entry.html",
        vulnerability_details=vulnerability_details,
        form=form)
コード例 #3
0
ファイル: routes.py プロジェクト: lepture/vulncode-db
def _edit_vuln_internal(vcdb_id: str = None):
    try:
        vulnerability_details = VulnerabilityDetails(vcdb_id)
        vulnerability_view = vulnerability_details.vulnerability_view
        vulnerability = vulnerability_details.get_or_create_vulnerability()
    except InvalidIdentifierException as err:
        return flash_error(str(err), "frontend.serve_index")
    form = VulnerabilityDetailsForm(obj=vulnerability)

    # Populate the form data from the vulnerability view if necessary.
    if form.comment.data == "":
        form.comment.data = vulnerability_view.comment

    form_submitted = form.validate_on_submit()
    if form_submitted and _can_add_proposal(vulnerability):
        add_proposal(vulnerability, form)

    return render_template("vulnerability/edit.html",
                           vulnerability_details=vulnerability_details,
                           form=form)
コード例 #4
0
ファイル: routes.py プロジェクト: threatintel-c/vulncode-db
def _edit_vuln_internal(vcdb_id: str = None):
    try:
        vulnerability_details = VulnerabilityDetails(vcdb_id)
        vulnerability_view = vulnerability_details.vulnerability_view
        vulnerability = vulnerability_details.get_or_create_vulnerability()
    except InvalidIdentifierException as err:
        return flash_error(str(err), "frontend.serve_index")
    form = VulnerabilityDetailsForm(obj=vulnerability)

    # Populate the form data from the vulnerability view if necessary.
    if form.comment.data == "":
        form.comment.data = vulnerability_view.comment

    form_submitted = form.validate_on_submit()
    if form_submitted and _can_add_proposal(vulnerability):
        # TODO: This is incomplete/incorrect as the attached relationships such a GitCommit objects get updated.
        #       We have to ensure everything is properly detached and gets copied before any modifications happen.
        #       Currently, this will incorrectly update relationship objects instead of copying them.
        form.populate_obj(vulnerability)
        add_proposal(vulnerability)

    return render_template("vulnerability/edit.html",
                           vulnerability_details=vulnerability_details,
                           form=form)