def post(self): """Handle a post request.""" if not auth.get_current_user(): raise helpers.AccessDeniedException() project = request.get('project') fuzz_target = request.get('fuzz_target') stacktrace = request.get('stacktrace') state = stack_analyzer.get_crash_data(stacktrace, symbolize_flag=False, fuzz_target=fuzz_target, already_symbolized=True, detect_ooms_and_hangs=True) security_flag = crash_analyzer.is_security_issue( state.crash_stacktrace, state.crash_type, state.crash_address) if data_handler.find_testcase(project, state.crash_type, state.crash_state, security_flag): new_or_duplicate = 'duplicate' else: new_or_duplicate = 'new' return self.render_json({ 'result': new_or_duplicate, 'state': state.crash_state, 'type': state.crash_type, 'security': security_flag, })
def get_access(need_privileged_access=False, job_type=None, fuzzer_name=None): """Return 'allowed', 'redirected', or 'failed'.""" if auth.is_current_user_admin(): return UserAccess.Allowed user = auth.get_current_user() if not user: return UserAccess.Redirected email = user.email if _is_blacklisted_user(email): return UserAccess.Denied if _is_privileged_user(email): return UserAccess.Allowed if job_type and external_users.is_job_allowed_for_user(email, job_type): return UserAccess.Allowed if (fuzzer_name and external_users.is_fuzzer_allowed_for_user(email, fuzzer_name)): return UserAccess.Allowed if not need_privileged_access and _is_domain_allowed(email): return UserAccess.Allowed return UserAccess.Denied
def wrapper(self, *args, **kwargs): """Check to see if this handler has a valid CSRF token provided to it.""" token_value = self.request.get('csrf_token') user = auth.get_current_user() if not user: raise helpers.AccessDeniedException('Not logged in.') query = data_types.CSRFToken.query( data_types.CSRFToken.value == token_value, data_types.CSRFToken.user_email == user.email) token = query.get() if not token: raise helpers.AccessDeniedException('Invalid CSRF token.') # Make sure that the token is not expired. if token.expiration_time < datetime.datetime.utcnow(): token.key.delete() raise helpers.AccessDeniedException('Expired CSRF token.') return func(self, *args, **kwargs)
def post(self): """Handle a post request.""" if not auth.get_current_user(): raise helpers.AccessDeniedException() project = request.get('project') fuzz_target = request.get('fuzz_target') stacktrace = request.get('stacktrace') state = stack_analyzer.get_crash_data( stacktrace, symbolize_flag=False, fuzz_target=fuzz_target, already_symbolized=True, detect_ooms_and_hangs=True) security_flag = crash_analyzer.is_security_issue( state.crash_stacktrace, state.crash_type, state.crash_address) result = { 'state': state.crash_state, 'type': state.crash_type, 'security': security_flag, } duplicate_testcase = data_handler.find_testcase( project, state.crash_type, state.crash_state, security_flag) if duplicate_testcase: result['result'] = 'duplicate' result['duplicate_id'] = duplicate_testcase.key.id() bug_id = ( duplicate_testcase.bug_information or duplicate_testcase.group_bug_information) if bug_id: result['bug_id'] = str(bug_id) else: result['result'] = 'new' return self.render_json(result)
def get_user_email(): """Returns currently logged-in user's email.""" try: return auth.get_current_user().email except Exception: return ''
def post(self): email = '' if auth.get_current_user(): email = auth.get_current_user().email return self.render_json({'data': email})