def url_gen_query(session, criteria, target_id, for_stats=False):
"""Generate query based on criteria and target ID
:param criteria: Filter criteria
:type criteria: `dict`
:param target_id: Target ID
:type target_id: `int`
:param for_stats: True/False
:type for_stats: `bool`
:return:
:rtype:
"""
query = session.query(models.Url).filter_by(target_id=target_id)
# Check if criteria is url search
if criteria.get('search', None):
if criteria.get('url', None):
if isinstance(criteria.get('url'), list):
criteria['url'] = criteria['url'][0]
query = query.filter(
models.Url.url.like('%%%s%%' % criteria['url']))
else: # If not search
if criteria.get('url', None):
if isinstance(criteria.get('url'), str):
query = query.filter_by(url=criteria['url'])
if isinstance(criteria.get('url'), list):
query = query.filter(models.Url.url.in_(criteria['url']))
# For the following section doesn't matter if filter/search because
# it doesn't make sense to search in a boolean column :P
if criteria.get('visited', None):
if isinstance(criteria.get('visited'), list):
criteria['visited'] = criteria['visited'][0]
query = query.filter_by(visited=str2bool(criteria['visited']))
if criteria.get('scope', None):
if isinstance(criteria.get('scope'), list):
criteria['scope'] = criteria['scope'][0]
query = query.filter_by(scope=str2bool(criteria['scope']))
if not for_stats: # Query for stats can't have limit and offset
try:
if criteria.get('offset', None):
if isinstance(criteria.get('offset'), list):
criteria['offset'] = criteria['offset'][0]
query = query.offset(int(criteria['offset']))
if criteria.get('limit', None):
if isinstance(criteria.get('limit'), list):
criteria['limit'] = criteria['limit'][0]
query = query.limit(int(criteria['limit']))
except ValueError:
raise InvalidParameterType(
"Invalid parameter type for transaction db")
return query
def target_gen_query(session, filter_data, session_id, for_stats=False):
"""Generate query
:param filter_data: Filter data
:type filter_data: `dict`
:param session_id: session ID
:type session_id: `int`
:param for_stats: true/false
:type for_stats: `bool`
:return:
:rtype:
"""
query = session.query(models.Target).filter(models.Target.sessions.any(id=session_id))
if filter_data.get("search") is not None:
if filter_data.get('target_url', None):
if isinstance(filter_data.get('target_url'), list):
filter_data['target_url'] = filter_data['target_url'][0]
query = query.filter(models.Target.target_url.like("%%%s%%" % filter_data['target_url']))
else:
if filter_data.get("target_url", None):
if isinstance(filter_data["target_url"], str):
query = query.filter_by(target_url=filter_data["target_url"])
if isinstance(filter_data["target_url"], list):
query = query.filter(models.Target.target_url.in_(filter_data.get("target_url")))
if filter_data.get("host_ip", None):
if isinstance(filter_data["host_ip"], str):
query = query.filter_by(host_ip=filter_data["host_ip"])
if isinstance(filter_data["host_ip"], list):
query = query.filter(models.Target.host_ip.in_(filter_data.get("host_ip")))
if filter_data.get("scope", None):
filter_data["scope"] = filter_data["scope"][0]
query = query.filter_by(scope=str2bool(filter_data.get("scope")))
if filter_data.get("host_name", None):
if isinstance(filter_data["host_name"], str):
query = query.filter_by(host_name=filter_data["host_name"])
if isinstance(filter_data["host_name"], list):
query = query.filter(models.Target.host_name.in_(filter_data.get("host_name")))
if filter_data.get("id", None):
if isinstance(filter_data["id"], str):
query = query.filter_by(id=filter_data["id"])
if isinstance(filter_data["id"], list):
query = query.filter(models.Target.id.in_(filter_data.get("id")))
# This will allow new targets to be at the start
query = query.order_by(models.Target.id.desc())
if not for_stats: # query for stats shouldn't have limit and offset
try:
if filter_data.get('offset', None):
if isinstance(filter_data.get('offset'), list):
filter_data['offset'] = filter_data['offset'][0]
query = query.offset(int(filter_data['offset']))
if filter_data.get('limit', None):
if isinstance(filter_data.get('limit'), list):
filter_data['limit'] = filter_data['limit'][0]
if int(filter_data['limit']) != -1:
query = query.limit(int(filter_data['limit']))
except ValueError:
raise InvalidParameterType("Invalid parameter type for target db for id[lt] or id[gt]")
return query
def gen_query_error(session, criteria):
"""Generates the ORM query using the criteria
:param criteria: Filter criteria
:type criteria: `dict`
:return:
:rtype:
"""
query = session.query(models.Error)
if criteria.get('reported', None):
if isinstance(criteria.get('reported'), list):
criteria['reported'] = criteria['reported'][0]
query = query.filter_by(reported=str2bool(criteria['reported']))
return query
def session_generate_query(session, filter_data=None):
"""Generate query based on filter data
:param filter_data: Filter data
:type filter_data: `dict`
:return:
:rtype:
"""
if filter_data is None:
filter_data = {}
query = session.query(models.Session)
# it doesn't make sense to search in a boolean column :P
if filter_data.get('active', None):
if isinstance(filter_data.get('active'), list):
filter_data['active'] = filter_data['active'][0]
query = query.filter_by(active=str2bool(filter_data['active']))
return query.order_by(models.Session.id)
def post(self, work_id=None, action=None):
if work_id is not None or action is not None:
tornado.web.HTTPError(400)
try:
filter_data = dict(self.request.arguments)
if not filter_data:
raise tornado.web.HTTPError(400)
plugin_list = get_all_plugin_dicts(self.session, filter_data)
target_list = get_target_config_dicts(self.session, filter_data)
if (not plugin_list) or (not target_list):
raise tornado.web.HTTPError(400)
force_overwrite = str2bool(
self.get_argument("force_overwrite", "False"))
add_work(self.session,
target_list,
plugin_list,
force_overwrite=force_overwrite)
self.set_status(201)
except exceptions.InvalidTargetReference:
raise tornado.web.HTTPError(400)
except exceptions.InvalidParameterType:
raise tornado.web.HTTPError(400)
def update_target(session, data_dict, target_url=None, id=None):
"""Update a target in the DB
:param data_dict: Modified data
:type data_dict: `dict`
:param target_url: Target url
:type target_url: `str`
:param id: Target ID
:type id: `int`
:return: None
:rtype: None
"""
target_obj = None
if id:
target_obj = session.query(models.Target).get(id)
if target_url:
target_obj = session.query(models.Target).filter_by(target_url=target_url).one()
if not target_obj:
raise InvalidTargetReference("2. Target doesn't exist: %s" % str(id) if id else str(target_url))
# TODO: Updating all related attributes when one attribute is changed
if data_dict.get("scope", None) is not None:
target_obj.scope = str2bool(data_dict.get("scope", None))
session.commit()
def config_gen_query(session, criteria):
"""Generate query
:param criteria: Filter criteria
:type criteria: `dict`
:return:
:rtype:
"""
query = session.query(models.ConfigSetting)
if criteria.get("key", None):
if isinstance(criteria["key"], str):
query = query.filter_by(key=criteria["key"])
if isinstance(criteria["key"], list):
query = query.filter(models.ConfigSetting.key.in_(criteria["key"]))
if criteria.get("section", None):
if isinstance(criteria["section"], str):
query = query.filter_by(section=criteria["section"])
if isinstance(criteria["section"], list):
query = query.filter(models.ConfigSetting.section.in_(criteria["section"]))
if criteria.get('dirty', None):
if isinstance(criteria.get('dirty'), list):
criteria['dirty'] = criteria['dirty'][0]
query = query.filter_by(dirty=str2bool(criteria['dirty']))
return query.order_by(models.ConfigSetting.key)
def transaction_gen_query(session, criteria, target_id, for_stats=False):
"""Generate query based on criteria
:param criteria: Filter criteria
:type criteria: `dict`
:param target_id: Target ID
:type target_id: `int`
:param for_stats: True/False
:type for_stats: `bool`
:return:
:rtype:
"""
query = session.query(models.Transaction).filter_by(target_id=target_id)
# If transaction search is being done
if criteria.get('search', None):
if criteria.get('url', None):
if isinstance(criteria.get('url'), list):
criteria['url'] = criteria['url'][0]
query = query.filter(
models.Transaction.url.like('%%%s%%' % criteria['url']))
if criteria.get('method', None):
if isinstance(criteria.get('method'), list):
criteria['method'] = criteria['method'][0]
query = query.filter(
models.Transaction.method.like('%%%s%%' %
criteria.get('method')))
if criteria.get('data', None):
if isinstance(criteria.get('data'), list):
criteria['data'] = criteria['data'][0]
query = query.filter(
models.Transaction.data.like('%%%s%%' % criteria.get('data')))
if criteria.get('raw_request', None):
if isinstance(criteria.get('raw_request'), list):
criteria['raw_request'] = criteria['raw_request'][0]
query = query.filter(
models.Transaction.raw_request.like(
'%%%s%%' % criteria.get('raw_request')))
if criteria.get('response_status', None):
if isinstance(criteria.get('response_status'), list):
criteria['response_status'] = criteria['response_status'][0]
query = query.filter(
models.Transaction.response_status.like(
'%%%s%%' % criteria.get('response_status')))
if criteria.get('response_headers', None):
if isinstance(criteria.get('response_headers'), list):
criteria['response_headers'] = criteria['response_headers'][0]
query = query.filter(
models.Transaction.response_headers.like(
'%%%s%%' % criteria.get('response_headers')))
if criteria.get('response_body', None):
if isinstance(criteria.get('response_body'), list):
criteria['response_body'] = criteria['response_body'][0]
query = query.filter(
models.Transaction.binary_response is False,
models.Transaction.response_body.like(
'%%%s%%' % criteria.get('response_body')))
else: # If transaction filter is being done
if criteria.get('url', None):
if isinstance(criteria.get('url'), str):
query = query.filter_by(url=criteria['url'])
if isinstance(criteria.get('url'), list):
query = query.filter(
models.Transaction.url.in_(criteria.get('url')))
if criteria.get('method', None):
if isinstance(criteria.get('method'), str):
query = query.filter_by(method=criteria['method'])
if isinstance(criteria.get('method'), list):
query = query.filter(
models.Transaction.method.in_(criteria.get('method')))
if criteria.get('data', None):
if isinstance(criteria.get('data'), str):
query = query.filter_by(data=criteria['data'])
if isinstance(criteria.get('data'), list):
query = query.filter(
models.Transaction.data.in_(criteria.get('data')))
# For the following section doesn't matter if filter/search because
# it doesn't make sense to search in a boolean column :P
if criteria.get('scope', None):
if isinstance(criteria.get('scope'), list):
criteria['scope'] = criteria['scope'][0]
query = query.filter_by(scope=str2bool(criteria['scope']))
if criteria.get('binary_response', None):
if isinstance(criteria.get('binary_response'), list):
criteria['binary_response'] = criteria['binary_response'][0]
query = query.filter_by(
binary_response=str2bool(criteria['binary_response']))
if not for_stats: # query for stats shouldn't have limit and offset
try:
query.order_by(models.Transaction.local_timestamp)
if criteria.get('offset', None):
if isinstance(criteria.get('offset'), list):
criteria['offset'] = int(criteria['offset'][0])
if criteria['offset'] >= 0:
query = query.offset(criteria['offset'])
if criteria.get('limit', None):
if isinstance(criteria.get('limit'), list):
criteria['limit'] = int(criteria['limit'][0])
if criteria['limit'] >= 0:
query = query.limit(criteria['limit'])
else: # It is too dangerous without a limit argument
query.limit(10) # Default limit value is 10
except ValueError:
raise InvalidParameterType(
"Invalid parameter type for transaction db")
return query