def post(self): def count_total_records(key): return db.get_session().query(DetectorRequestData).filter_by(detected=key).count() def count_server_records(server_id, key): return db.get_session().query(DetectorRequestData).filter_by(detected=key, to_server_id=server_id).count() incoming_json = request.get_json() errors = check_json_object(incoming_json, ["email"], "Could not find {} at the incoming json object.") if len(errors) > 0: log("[API][GetActiveServicesHandler] Could not process the request: {}".format(errors), LogLevel.INFO, self.post) return False user = db.get_session().query(Users).filter(Users.email == incoming_json["email"]).first() if user is None: log("[API][GetActiveServicesHandler] Could not find the user in the DB: {}".format(incoming_json["email"]), LogLevel.INFO, self.post) return False try: joined_statuses = [] all_servers = db.get_session().query(Server).filter(Server.user_id == user.item_id).all() log("[API][GetActiveServicesHandler] all_servers: {}".format(all_servers), LogLevel.INFO, self.post) for server in all_servers: log("[API][GetActiveServicesHandler] server: {}".format(server), LogLevel.INFO, self.post) services = db.get_session().query(Services).filter(Services.server_id == server.item_id).first() if services is None: log("[API][GetActiveServicesHandler] Could not find the services in the DB: {}".format( server.server_dns), LogLevel.INFO, self.post) return False jsoned_services = to_json(services, ignore_list=["server_id", "user_id", "id", "created_on"], to_str=True) final_services_json = { key: { "state": value, "count": count_total_records(key) if user.is_admin else count_server_records(server.item_id, key) } for key, value in jsoned_services.items() } log("[API][GetActiveServicesHandler] final_services_json: {}".format(final_services_json), LogLevel.INFO, self.post) joined_object = {**final_services_json, **to_json(server, to_str=True)} joined_object['website'] = joined_object['server_dns'] del joined_object['server_dns'] joined_statuses.append(joined_object) log("[API][GetActiveServicesHandler] return {}".format(joined_statuses), LogLevel.DEBUG, self.post) return joined_statuses except Exception as e: log("[API][GetActiveServicesHandler] Exception: {}".format(e), LogLevel.ERROR, self.post) return False
def _list_of_detectors(self, server_id): session = db.get_session() services = session.query(Services).filter_by( server_id=server_id).first() services = to_json(services, ignore_list=self.kb["ignore_list"]) return [ self._detectors[key] for key in services if key in self._detectors and services[key] ]
def post(self): all_users = db.get_session().query(Users).all() all_servers = db.get_session().query(Server).all() all_services = db.get_session().query(Services).all() joined_objects = [] for user in all_users: current_object = to_json(user, to_str=True) del current_object["password"] for server in all_servers: if server.user_id == user.item_id: current_object = {**current_object, **to_json(server, to_str=True)} for service in all_services: if service.server_id == server.item_id: current_object = {**current_object, **to_json(service, ignore_list=["server_id", "user_id", "id", "created_on"], to_str=True)} joined_objects.append(current_object) log("[API][GetUsersDataHandler] joined_objects: {}".format(joined_objects), LogLevel.DEBUG, self.post) return joined_objects
def parse(self, data_to_parse, is_user_protection=False): parsed_data = HttpResponse() parsed_data.original = data_to_parse parsed_data.text = data_to_parse.text parsed_data.content = data_to_parse.text parsed_data.headers = data_to_parse.headers parsed_data.status_code = data_to_parse.status_code parsed_data.cookies = data_to_parse.cookies parsed_data.is_redirect = data_to_parse.is_redirect parsed_data.response_url = data_to_parse.url parsed_data.time_stamp = datetime.now() if not is_user_protection: parsed_data.from_server_id = self.__request.to_server_id parsed_data.to_ip = self.__request.from_ip parsed_data.from_dns_name = self.__request.host_name log("The Parsed data is: {}".format(to_json(parsed_data)), LogLevel.DEBUG, self.parse) log("Finish parsing the request.", LogLevel.INFO, self.parse) return parsed_data
def parse(self, data_to_parse): parsed_data = HttpRequest() log("Parse the url {}".format(data_to_parse.url), LogLevel.DEBUG, self.parse) url = urlparse(data_to_parse.url) log("The Parsed url is: {}".format(url), LogLevel.DEBUG, self.parse) parsed_data.method = "{}".format(data_to_parse.method).upper() parsed_data.content = data_to_parse.get_data() parsed_data.headers = data_to_parse.headers parsed_data.query = '{uri.query}'.format(uri=url) parsed_data.path = '{uri.path}'.format(uri=url) parsed_data.host_name = '{uri.netloc}'.format(uri=url) parsed_data.from_ip = data_to_parse.remote_addr parsed_data.time_stamp = datetime.now() parsed_data.args = data_to_parse.args parsed_data.form = data_to_parse.form log("The Parsed data is: {}".format(to_json(parsed_data)), LogLevel.DEBUG, self.parse) log("Finish parsing the request.", LogLevel.INFO, self.parse) return parsed_data
def request_handler(): # try: log("Is the request is HTTPS? ", LogLevel.INFO, request_handler) if not request.is_secure: return Response(status=301, headers=hsts.enforce(request.url)) log("Start parsing the request", LogLevel.INFO, request_handler) parser = FlaskHTTPRequestParser() parsed_request = parser.parse(request) log("Creating Controller", LogLevel.INFO, request_handler) log("The Controller Detectors are {}".format(detectors), LogLevel.DEBUG, request_handler) controller = ElroController(detectors=detectors) log("Activating controller request handler", LogLevel.INFO, request_handler) response_code, send_to, new_request, parsed_request = controller.request_handler( parsed_request, request) log("Controller response is: {} {}".format(response_code, send_to), LogLevel.DEBUG, request_handler) url = 'https://{}{}?{}'.format(parsed_request.host_name, parsed_request.path, parsed_request.query) if response_code == ControllerResponseCode.NotValid: log("The Request for {} is not valid.".format(request.url), LogLevel.INFO, request_handler) log("Redirecting to {}".format(url), LogLevel.INFO, request_handler) response = Response(status=302, headers={"Location": url}) elif response_code == ControllerResponseCode.Valid: send_headers = {key: value for key, value in new_request.headers} log("The Request for {} valid and OK".format(request.url), LogLevel.INFO, request_handler) resp = requests.request(method=parsed_request.method, url=url, verify=True, json=new_request.get_json(), headers=send_headers, params=new_request.args, data=new_request.form) log("The Response is {}".format(to_json(resp)), LogLevel.DEBUG, request_handler) parser = HTTPResponseParser(parsed_request) log("Parse the response", LogLevel.INFO, request_handler) parsed_response = parser.parse(resp) log("Activating controller response handler", LogLevel.INFO, request_handler) response_code, send_to, new_content = controller.response_handler( parsed_response, resp) log("Controller response is: {} {}".format(response_code, send_to), LogLevel.DEBUG, request_handler) if response_code == ControllerResponseCode.NotValid: send_content = new_content elif response_code == ControllerResponseCode.Valid: send_content = resp.content else: send_content = None excluded_headers = [ 'content-encoding', 'content-length', 'transfer-encoding', 'connection' ] headers = [(name, value) for (name, value) in resp.raw.headers.items() if name.lower() not in excluded_headers] log("Generating response...", LogLevel.INFO, request_handler) response = Response(status=403) if send_content is None else Response( send_content, resp.status_code, headers) else: log( "The Request for {} is not found in the database".format( request.url), LogLevel.INFO, request_handler) response = Response(status=404) abort(404) # Abort the request. log("Sending response", LogLevel.INFO, request_handler) return response