def inject_respond(id): session = getSession() inject = session.query(tables.AssignedInject).filter(tables.AssignedInject.id == id).first() if inject and not inject.should_show: if request.method == "POST": sub = tables.TeamInjectSubmission() sub.assignedinjectid = id sub.when = datetime.now() sub.body = request.form['body'] sub.points = 0 sub.teamid = current_user.team session.add(sub) session.commit() if 'file' in request.files and request.files['file'].filename != '': fi = request.files['file'] a = tables.TeamInjectSubmissionAttachment() f = tables.Attachment() a.teaminjectid = sub.id a.attachment_id = f.id f.filename = fi.filename f.data = fi.read() f.size = len(f.data) session.add(f) session.add(a) session.commit() return render_template( 'inject/respond.html', title=inject.subject, year=datetime.now().year, inject=inject ) return page_not_found(None)
def edituser(user): dbsession = getSession() users = dbsession.query(tables.User).filter(tables.User.name.ilike(user)) if users.count() > 0: dbuser = users[0] if request.method == 'POST': dbuser.name = request.form["name"] dbuser.username = request.form["username"] dbuser.team = request.form["team"] dbuser.group = request.form["group"] if str(request.form["password"]).strip() != "": dbuser.set_password(request.form['password']) dbsession.commit() return redirect(url_for('adminuser', user=dbuser.name)) else: teams = dbsession.query(tables.Team).all() return render_template( 'admin/user/edit.html', title='Edit Team', year=datetime.now().year, dbuser=dbuser, teams=teams ) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def servereditservice(server, service): dbsession = getSession() server = dbsession.query( tables.Server).filter(tables.Server.id == server).first() services = dbsession.query( tables.Service).filter(tables.Service.id == service) if server and services.count() > 0: service = services[0] if request.method == 'POST': service.name = request.form['name'] service.typeid = request.form['type'] if request.form['port'] != "": service.port = request.form['port'] service.enabled = 'enabled' in request.form dbsession.commit() return redirect(url_for('server', server=server.id)) else: types = dbsession.query(tables.ServiceType).order_by( tables.ServiceType.name.asc()).all() return render_template('admin/server/editservice.html', title='Edit Server', year=datetime.now().year, types=types, service=service, server=server) from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def injectmanager_inject_assign(id): db = getSession() if request.method == "POST": ai = tables.AssignedInject() ai.injectid = id tz = pytz.timezone(config.get_item("default_timezone")) if "timezone" in current_user.settings: tz = pytz.timezone(current_user.settings['timezone']) localwhen = tz.localize( datetime.strptime(request.form['when'], '%Y-%m-%d %H:%M')) ai.when = localwhen.astimezone(pytz.UTC) ai.subject = request.form['subject'] ai.duration = request.form['duration'] ai.points = request.form['points'] ai.body = request.form['body'] ai.eventid = request.form['event'] ai.allowlate = 'late' in request.form db.add(ai) db.commit() return redirect(url_for('injectmanager_inject', id=id)) inject = db.query(tables.Inject).filter(tables.Inject.id == id).first() if inject: categories = db.query(tables.InjectCategory).filter( tables.InjectCategory.parentid == None) events = db.query(tables.Event).filter(tables.Event.end == None) return render_template('injectmanager/assigninject.html', title="Assign Inject - " + inject.subject, inject=inject, categories=categories, events=events) from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def user(user): user = getSession().query(tables.User).filter( tables.User.username.ilike(user)).first() if user: if user.id == current_user.id or current_user.group >= 4: if request.method == "POST": if request.form['password'] != "": user.set_password(request.form['password']) user.name = request.form['name'] user.set_user_setting("timezone", request.form['timezone']) getSession().commit() return render_template('user/view.html', title='Home Page', year=datetime.now().year, dbuser=user, timezones=pytz.common_timezones, config=config) else: return render_template( 'errors/403.html', title='403 Access Denied', year=datetime.now().year, message="You do not have permission to use this resource") else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def injectmanager_inject(id): db = getSession() inject = db.query(tables.Inject).filter(tables.Inject.id == id).first() if inject: return render_template('injectmanager/inject.html', title="Inject - " + inject.subject, inject=inject) from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def inject_score_event_inject(event, inject): session = getSession() inject = session.query(tables.AssignedInject).filter( tables.AssignedInject.id == inject).first() if inject: return render_template('injectscore/inject.html', title="Score " + inject.subject, inject=inject) from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def inject(id): session = getSession() inject = session.query(tables.AssignedInject).filter(tables.AssignedInject.id == id).first() if inject and not inject.should_show: return render_template( 'inject/view.html', title=inject.subject, year=datetime.now().year, inject=inject ) return page_not_found(None)
def stopevent(event): dbsession = getSession() events = dbsession.query(tables.Event).filter(tables.Event.id == event) if events.count() > 0: event = events[0] event.current = False event.end = datetime.utcnow() dbsession.commit() return redirect(url_for("events")) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def injectmanager_category_delete(id): db = getSession() cat = db.query( tables.InjectCategory).filter(tables.InjectCategory.id == id).first() if cat: if request.method == "POST": db.delete(cat) db.commit() return redirect(url_for('injectmanager')) return render_template('injectmanager/delete_category.html', title='Delete Category', category=cat) return page_not_found(None)
def inject_score_event(event): session = getSession() event = session.query( tables.Event).filter(tables.Event.id == event).first() if event: injects = session.query(tables.AssignedInject).filter( tables.AssignedInject.eventid == event.id) return render_template('injectscore/event.html', title="Inject Scoring", injects=injects, datetime=datetime, event=event) return page_not_found(None)
def inject_score_event_inject_remove(event, inject): session = getSession() inject = session.query(tables.AssignedInject).filter( tables.AssignedInject.id == inject).first() if inject: if request.method == "POST": session.delete(inject) session.commit() return redirect(url_for('inject_score_event', event=event)) return render_template("injectscore/delete_inject.html", inject=inject, event=event) return page_not_found(None)
def team(team): dbsession = getSession() teams = dbsession.query(tables.Team).filter(tables.Team.name.ilike(team)) if teams.count() > 0: team = teams[0] return render_template( 'admin/team/view.html', title=team.name, year=datetime.now().year, team=team, ) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def adminuser(user): dbsession = getSession() users = dbsession.query(tables.User).filter(tables.User.name.ilike(user)) if users.count() > 0: user = users[0] return render_template( 'admin/user/view.html', title=user.name, year=datetime.now().year, dbuser=user, ) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def server(server): dbsession = getSession() servers = dbsession.query(tables.Server).filter(tables.Server.id == server) if servers.count() > 0: server = servers[0] return render_template( 'admin/server/view.html', title=server.name, year=datetime.now().year, server=server, ) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def passdb(passdb): dbsession = getSession() passdbs = dbsession.query(tables.PasswordDatabase).filter( tables.PasswordDatabase.name.ilike(passdb)) if passdbs.count() > 0: passdb = passdbs[0] return render_template( 'admin/passdb/view.html', title=passdb.name, year=datetime.now().year, passdb=passdb, ) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def editevent(event): dbsession = getSession() event = dbsession.query( tables.Event).filter(tables.Event.id == event).first() if event: if request.method == "POST": event.name = request.form['name'] dbsession.commit() return redirect(url_for('events')) return render_template("admin/event/edit.html", title="Edit Event " + str(event.id), event=event) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def inject_score_event_inject_response(event, inject, response): session = getSession() inject = session.query(tables.AssignedInject).filter( tables.AssignedInject.id == inject).first() if inject: resp = session.query(tables.TeamInjectSubmission).filter( tables.TeamInjectSubmission.id == response).first() if resp: if request.method == 'POST': resp.points = request.form['score'] session.commit() return render_template('injectscore/inject.html', title="Score " + inject.subject, inject=inject, event=event) return page_not_found(None)
def teamserver(teamid, serverid): dbsession = getSession() logger.debug("teamid: %s" % teamid) team = dbsession.query( tables.Team).filter(tables.Team.name == teamid).first() if team: server = dbsession.query(tables.TeamServer).filter( tables.and_(tables.TeamServer.teamid == team.id, tables.TeamServer.serverid == serverid)).first() if server: return render_template('admin/team/server.html', title='Server', year=datetime.now().year, team=team, server=server) return page_not_found(None)
def service(id): dbsession = getSession() service = dbsession.query( tables.ServiceType).filter(tables.ServiceType.id == id).first() if service: m = __import__(service.tester) func = getattr(m, "options") pp(func()) """Renders the home page.""" return render_template('admin/service/view.html', title='Service Types', year=datetime.now().year, service=service, options=func()) from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def file_download(id): session = getSession() f = session.query( tables.Attachment).filter(tables.Attachment.id == id).first() if f: if config.get_item( "clam/enabled" ) and 'ignore_virus' not in request.args and not f.ignore_virus: if config.get_item("clam/stream_limit") < f.size: return render_template("injectscore/virus_error.html", ) try: if config.has_item("clam/path"): cd = ClamdUnixSocket(config.get_item("clam/path")) elif config.has_item("clam/address"): cd = ClamdNetworkSocket( config.get_item("clam/address").encode('ascii'), config.get_item("clam/port")) cd.ping() logger.debug(cd.version()) virus_info = cd.scan_stream(f.data) logger.debug(virus_info) if virus_info is not None: return render_template("injectscore/virus.html", virus_info=virus_info, title="Virus Found") except ConnectionError as ce: logger.error(ce.message) return render_template("injectscore/virus_error.html", ) except BufferTooLongError as btle: logger.error(btle.message) return render_template("injectscore/virus_error.html", ) except error as se: logger.error(se.message) return render_template("injectscore/virus_error.html") r = make_response(f.data) r.headers[ 'Content-Disposition'] = 'inline; filename="' + f.filename + '"' ty, _ = guess_type(f.filename) if ty: r.mimetype = ty else: r.mimetype = 'application/octet-stream' return r from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def injectmanager_category_edit(id): db = getSession() cat = db.query( tables.InjectCategory).filter(tables.InjectCategory.id == id).first() if cat: if request.method == "POST": if request.form['category'] != '-1': cat.parentid = request.form['category'] cat.name = request.form['name'] db.commit() return redirect(url_for('injectmanager') + "#" + str(cat.id)) categories = db.query(tables.InjectCategory).filter( tables.InjectCategory.parentid == None) return render_template('injectmanager/editcategory.html', title='Edit Category', categories=categories, category=cat) return page_not_found(None)
def editservice(service): dbsession = getSession() services = dbsession.query( tables.ServiceType).filter(tables.ServiceType.id == service) if services.count() > 0: service = services[0] if request.method == 'POST': service.name = request.form['name'] service.tester = request.form['tester'] dbsession.commit() return redirect(url_for('services')) else: return render_template('admin/service/edit.html', title='Edit Team', year=datetime.now().year, service=service) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def editteam(team): dbsession = getSession() teams = dbsession.query(tables.Team).filter(tables.Team.name.ilike(team)) if teams.count() > 0: team = teams[0] if request.method == 'POST': team.name = request.form['name'] team.network = request.form['network'] team.enabled = 'enabled' in request.form dbsession.commit() return redirect(url_for('team', team=team.name)) else: return render_template('admin/team/edit.html', title='Edit Team', year=datetime.now().year, team=team) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def injectmanager_inject_edit(id): db = getSession() inject = db.query(tables.Inject).filter(tables.Inject.id == id).first() if inject: if request.method == "POST": inject.categoryid = request.form['category'] inject.subject = request.form['subject'] inject.duration = request.form['duration'] inject.points = request.form['points'] inject.body = request.form['body'] db.commit() return redirect(url_for('injectmanager_inject', id=inject.id)) categories = db.query(tables.InjectCategory).filter( tables.InjectCategory.parentid == None) return render_template('injectmanager/editinject.html', title="Edit Inject - " + inject.subject, inject=inject, categories=categories) from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def editserver(server): dbsession = getSession() servers = dbsession.query(tables.Server).filter(tables.Server.id == server) if servers.count() > 0: server = servers[0] if request.method == 'POST': server.name = request.form['name'] if request.form['ip3'].strip() == "": server.ip_3 = None else: server.ip_3 = request.form['ip3'] server.ip_4 = request.form['ip4'] server.enabled = 'enabled' in request.form dbsession.commit() return redirect(url_for('server', server=server.id)) else: return render_template('admin/server/edit.html', title='Edit Team', year=datetime.now().year, server=server) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)
def teamaddserver(team): dbsession = getSession() teams = dbsession.query(tables.Team).filter(tables.Team.name.ilike(team)) if teams.count() > 0: team = teams[0] if request.method == 'POST': s = tables.TeamServer() s.serverid = request.form['server'] s.teamid = team.id dbsession.add(s) dbsession.commit() return redirect(url_for('team', team=team.name)) else: servers = dbsession.query( tables.Server).filter(~tables.Server.teams.any( tables.TeamServer.teamid == team.id)) return render_template('admin/team/addserver.html', title='Add Server', year=datetime.now().year, team=team, servers=servers) else: from ScoringEngine.web.views.errors import page_not_found return page_not_found(None)