def post(self, audit_uuid):
"""
Create new scan into the specified audit
"""
params = Parser.ScanPostRequest.parse_args()
try:
detector = dtm.load_detector(params["detection_module"], None)
if detector.TARGET_TYPE == DetectionTarget.HOST.value:
validate_host(params["target"])
elif detector.TARGET_TYPE == DetectionTarget.URL.value:
params["target"] = get_safe_url(params["target"])
else:
abort(400, "Specified detector has invalid target type")
except Exception as e:
abort(400, str(e))
# Scan UUID consists of upper 96 bits audit UUID (=A) and lower 32 bits random number (=B),
# i.e., 'AAAAAAAA-AAAA-AAAA-AAAA-AAAABBBBBBBB'.
params["uuid"] = uuid.UUID(audit_uuid[0:24] + secrets.token_hex(4))
params["created_by"] = g.identity["name"]
params["updated_by"] = g.identity["name"]
audit, _ = get_audit_by_uuid(audit_uuid)
params["audit_id"] = audit["id"]
current_scan_count = ScanTable.select().where(
ScanTable.audit_id == params["audit_id"]).count()
if current_scan_count >= app.config["MAX_SCAN_COUNT_IN_EACH_AUDIT"]:
abort(400, "Max scan count exceeded")
ScanTable(**params).save()
return get_scan_by_uuid(params["uuid"])[0]
def send(self, notification_type, task):
integrations = IntegrationTable.select().where(
IntegrationTable.audit_id == task["audit_id"])
if len(integrations.dicts()) > 0:
scan = ScanTable.select().where(
ScanTable.id == task["scan_id"]).dicts()[0]
for integration in integrations.dicts():
self.integrators[integration["service"]]().send(
notification_type, scan, task, integration)
def get_scan_by_uuid(scan_uuid):
try:
query = ScanTable.select().where(ScanTable.uuid == scan_uuid)
return query.dicts()[0], query
except:
abort(404)