def embed(vcdb_id):
try:
section_id = int(request.args.get("sid", -1))
start_line = int(request.args.get("start_line", 1))
end_line = int(request.args.get("end_line", -1))
vulnerability_details = VulnerabilityDetails(vcdb_id)
vulnerability_details.validate_and_simplify_id()
view = vulnerability_details.vulnerability_view
if not view:
return make_response(("No vulnerability found", 404))
if not view.master_commit:
return make_response(
(f"Vuln (id: {view.id}) has no linked Git commits!", 404)
)
master_commit = vulnerability_details.get_master_commit()
files_schema = RepositoryFilesSchema(many=True)
# Hack to quickly retrieve the full data.
custom_data = json.loads(
files_schema.jsonify(master_commit.repository_files).data
)
settings = {
"section_id": section_id,
"startLine": start_line,
"endLine": end_line,
"entry_data": custom_data,
}
return render_template(
"vulnerability/embedded.html",
vulnerability_details=vulnerability_details,
embed_settings=settings,
)
except (ValueError, InvalidIdentifierException):
return make_response(("No vulnerability found", 404))
def view_vuln(vcdb_id, use_template):
try:
vulnerability_details = VulnerabilityDetails(vcdb_id)
vulnerability_details.validate_and_simplify_id()
if not vulnerability_details.vulnerability_view:
abort(404)
except InvalidIdentifierException as err:
return flash_error(str(err), "frontend.serve_index")
return render_template(use_template, vulnerability_details=vulnerability_details)
def _get_vulnerability_details(vcdb_id, vuln_id=None,
simplify_id: bool = True):
try:
vulnerability_details = VulnerabilityDetails(vcdb_id, vuln_id)
if simplify_id:
vulnerability_details.validate_and_simplify_id()
# Drop everything else.
if not vulnerability_details.vulnerability_view:
abort(404)
return vulnerability_details
except InvalidIdentifierException:
abort(404)
def get_vulnerability_details(vcdb_id, vuln_id=None, simplify_id: bool = True):
# pylint: disable=import-outside-toplevel,cyclic-import
from app.vulnerability.views.details import VulnerabilityDetails
# pylint: enable=import-outside-toplevel,cyclic-import
try:
vulnerability_details = VulnerabilityDetails(vcdb_id, vuln_id)
if simplify_id:
vulnerability_details.validate_and_simplify_id()
# Drop everything else.
if not vulnerability_details.vulnerability_view:
abort(404)
return vulnerability_details
except InvalidIdentifierException:
abort(404)
def bug_save_editor_data():
if request.method != "POST":
return create_json_response("Accepting only POST requests.", 400)
try:
vulnerability_details = VulnerabilityDetails()
vulnerability_details.validate_and_simplify_id()
except InvalidIdentifierException as ex:
return create_json_response(str(ex), 400)
vuln_view = vulnerability_details.vulnerability_view
if not vuln_view:
return create_json_response("Please create an entry first", 404)
if not vuln_view.master_commit:
current_app.logger.error(
f"Vuln (id: {vuln_view.id}) has no linked Git commits!")
return create_json_response("Entry has no linked Git link!", 404)
master_commit = vulnerability_details.get_master_commit()
old_files = master_commit.repository_files
current_app.logger.debug("%d old files", len(old_files))
# Flush any old custom content of this vulnerability first.
new_files = []
for file in request.get_json():
for old_file in old_files:
if old_file.file_path == file["path"] or \
old_file.file_hash == file["hash"]:
current_app.logger.debug(
"Found old file: %s",
(file["path"], file["hash"], file["name"]))
file_obj = old_file
break
else:
current_app.logger.debug(
"Creating new file: %s",
(file["path"], file["hash"], file["name"]))
file_obj = RepositoryFiles(
file_name=file["name"],
file_path=file["path"],
file_patch="DEPRECATED",
file_hash=file["hash"],
)
# Create comment objects.
new_comments = []
for comment in file["comments"]:
comment_obj = RepositoryFileComments(
row_from=comment["row_from"],
row_to=comment["row_to"],
text=comment["text"],
sort_pos=comment["sort_pos"],
creator=g.user,
)
new_comments.append(comment_obj)
update_file_comments(file_obj, new_comments)
# Create marker objects.
new_markers = []
for marker in file["markers"]:
marker_obj = RepositoryFileMarkers(
row_from=marker["row_from"],
row_to=marker["row_to"],
column_from=marker["column_from"],
column_to=marker["column_to"],
marker_class=marker["class"],
creator=g.user,
)
new_markers.append(marker_obj)
update_file_markers(file_obj, new_markers)
new_files.append(file_obj)
current_app.logger.debug("Setting %d files", len(new_files))
master_commit.repository_files = new_files
# Update / Insert entries into the database.
db.session.commit()
return create_json_response("Update successful.")