def postEditVulns(self):
json_data = request.get_json()
# validate mandatory:
if not 'vulnid' in json_data:
return self.badRequest("vulid is mandatory")
if not 'hostid' in json_data:
return self.badRequest("hostid is mandatory")
vulnid = json_data['vulnid']
hostid = json_data['hostid']
host = self.controller.getHost(hostid)
if not host:
return self.badRequest("no plugin available for cmd")
visitor = VulnsLookupVisitor(vulnid)
host.accept(visitor)
if not visitor.vulns:
return self.noContent('No vuls matched criteria')
name = json_data.get('name', None)
desc = json_data.get('desc', None)
severity = json_data.get('severity', None)
refs = json_data.get('refs', None)
# forward to controller
for vuln in visitor.vulns:
self.controller.editVulnSYNC(vuln, name, desc, severity, refs)
return self.ok("output successfully sent to plugin")
def deleteVuln(self):
json_data = request.get_json()
# validate mandatory:
if not 'vulnid' in json_data:
return self.badRequest("vulid is mandatory")
if not 'hostid' in json_data:
return self.badRequest("hostid is mandatory")
vulnid = json_data['vulnid']
hostid = json_data['hostid']
host = self.controller.getHost(hostid)
if not host:
return self.badRequest("no plugin available for cmd")
visitor = VulnsLookupVisitor(vulnid)
host.accept(visitor)
if not visitor.vulns:
return self.noContent('No vuls matched criteria')
# forward to controller
for vuln, parents in zip(visitor.vulns, visitor.parents):
last_parent = parents[0]
self.controller.delVulnSYNC(last_parent, vuln.getID())
return self.ok("output successfully sent to plugin")
def testVulnHostLookup(self):
host = test_utils.create_host(self)
vuln = test_utils.create_host_vuln(self, host, 'vuln', 'desc', 'high')
visitor = VulnsLookupVisitor(vuln.getID())
host.accept(visitor)
self.assertEquals(len(visitor.parents[0]), 1,
"object hierarchy should be only host")
self.assertIn(vuln, visitor.vulns)
def testVulnInterfaceLookup(self):
host = test_utils.create_host(self)
inter = test_utils.create_interface(self, host)
vuln = test_utils.create_int_vuln(self, host, inter, 'vuln', 'desc',
'high')
visitor = VulnsLookupVisitor(vuln.getID())
host.accept(visitor)
self.assertEquals(len(visitor.parents[0]), 2,
"object hierarchy should be host and interface")
self.assertIn(vuln, visitor.vulns)
def testMultipleVulnLookup(self):
host = test_utils.create_host(self)
inter = test_utils.create_interface(self, host)
service = test_utils.create_service(self, host, inter)
vuln = test_utils.create_serv_vuln(self, host, service, 'vuln', 'desc',
'high')
vuln2 = test_utils.create_int_vuln(self, host, inter, 'vuln', 'desc',
'high')
visitor = VulnsLookupVisitor(vuln.getID())
host.accept(visitor)
parents1 = visitor.parents[0]
parents2 = visitor.parents[1]
self.assertIn(host, parents1, "Host should be in parents")
self.assertIn(host, parents2, "Host should be in parents")
self.assertIn(inter, parents2, "Interface should be in parents")
self.assertIn(inter, parents2, "Interface should be in parents")