def resolve_paste(self, info, id=None, title=None):
query = PasteObject.get_query(info)
Audit.create_audit_entry(info)
if title:
return query.filter_by(title=title, burn=False).first()
return query.filter_by(id=id, burn=False).first()
def resolve_read_and_burn(self, info, p_id):
result = Paste.query.filter_by(id=p_id, burn=True).first()
Paste.query.filter_by(id=p_id, burn=True).delete()
db.session.commit()
Audit.create_audit_entry(
gqloperation=helpers.get_opname(info.operation))
return result
def mutate(root, info, user_data=None):
user_obj = User.create_user(username=user_data.username,
password=user_data.password)
Audit.create_audit_entry(info)
return CreateUser(user=user_obj)
def resolve_system_debug(self, info, arg=None):
Audit.create_audit_entry(info)
if arg:
output = helpers.run_cmd('ps {}'.format(arg))
else:
output = helpers.run_cmd('ps')
return output
def mutate(self,
info,
host='pastebin.com',
port=443,
path='/',
scheme="http"):
url = security.strip_dangerous_characters(
f"{scheme}://{host}:{port}{path}")
cmd = helpers.run_cmd(f'curl --insecure {url}')
owner = Owner.query.filter_by(name='DVGAUser').first()
paste_obj = Paste.create_paste(
title='Imported Paste from URL - {}'.format(
helpers.generate_uuid()),
content=cmd,
public=False,
burn=False,
owner_id=owner.id,
owner=owner,
ip_addr=request.remote_addr,
user_agent=request.headers.get('User-Agent', ''))
Audit.create_audit_entry(
gqloperation=helpers.get_opname(info.operation))
return ImportPaste(result=cmd)
def mutate(self, info, title):
Paste.query.filter_by(title=title).delete()
db.session.commit()
Audit.create_audit_entry(
gqloperation=helpers.get_opname(info.operation))
return DeletePaste(ok=True)
def resolve_users(self, info, id=None):
query = UserObject.get_query(info)
Audit.create_audit_entry(info)
if id:
result = query.filter_by(id=id)
else:
result = query
return result
def echo_socket(ws):
msg = json.loads(ws.read_message())
if msg.get('type', '') == 'start':
Audit.create_audit_entry(msg['payload']['query'],
operation_type='subscription')
subscription_server.handle(ws)
return []
def resolve_pastes(self, info, public=False, limit=1000, filter=None):
query = PasteObject.get_query(info)
Audit.create_audit_entry(info)
result = query.filter_by(public=public, burn=False)
if filter:
result = result.filter(text("title = '%s' or content = '%s'" % (filter, filter)))
return result.order_by(Paste.id.desc())
def mutate(self, info, id):
result = False
if Paste.query.filter_by(id=id).delete():
result = True
db.session.commit()
Audit.create_audit_entry(info)
return DeletePaste(result=result)
def resolve_system_diagnostics(self, info, username, password, cmd='whoami'):
q = User.query.filter_by(username='******').first()
real_passw = q.password
res, msg = security.check_creds(username, password, real_passw)
Audit.create_audit_entry(info)
if res:
output = f'{cmd}: command not found'
if security.allowed_cmds(cmd):
output = helpers.run_cmd(cmd)
return output
return msg
def mutate(self, info, title, content, public, burn):
owner = Owner.query.filter_by(name='DVGAUser').first()
paste_obj = Paste.create_paste(
title=title,
content=content, public=public, burn=burn,
owner_id=owner.id, owner=owner, ip_addr=request.remote_addr,
user_agent=request.headers.get('User-Agent', '')
)
Audit.create_audit_entry(info)
return CreatePaste(paste=paste_obj)
def mutate(self, info, filename, content):
result = helpers.save_file(filename, content)
owner = Owner.query.filter_by(name='DVGAUser').first()
Paste.create_paste(
title='Imported Paste from File - {}'.format(helpers.generate_uuid()),
content=content, public=False, burn=False,
owner_id=owner.id, owner=owner, ip_addr=request.remote_addr,
user_agent=request.headers.get('User-Agent', '')
)
Audit.create_audit_entry(info)
return UploadPaste(result=result)
def resolve_search(self, info, keyword=None):
Audit.create_audit_entry(info)
items = []
if keyword:
search = "%{}%".format(keyword)
queryset1 = Paste.query.filter(Paste.title.like(search))
items.extend(queryset1)
queryset2 = User.query.filter(User.username.like(search))
items.extend(queryset2)
else:
queryset1 = Paste.query.all()
items.extend(queryset1)
queryset2 = User.query.all()
items.extend(queryset2)
return items
def mutate(self, info, id, title=None, content=None):
paste_obj = Paste.query.filter_by(id=id).first()
if title == None:
title = paste_obj.title
if content == None:
content = paste_obj.content
Paste.query.filter_by(id=id).update(dict(title=title, content=content))
paste_obj = Paste.query.filter_by(id=id).first()
db.session.commit()
Audit.create_audit_entry(info)
return EditPaste(paste=paste_obj)
def check_audit(request: Request):
ymd = request.query_params.get('ymd', '00000000')
assert len(ymd) == 8, 'ymd 확인'
if Audit.checkAudit(ymd):
return Response(status=412)
return Response(status=200)
def mutate(self, info, title, content, public, burn):
owner = Owner.query.filter_by(name='DVGAUser').first()
paste_obj = Paste.create_paste(
title='Imported Paste from File - {}'.format(
helpers.generate_uuid()),
content=content,
public=False,
burn=False,
owner_id=owner.id,
owner=owner,
ip_addr=request.remote_addr,
user_agent=request.headers.get('User-Agent', ''))
Audit.create_audit_entry(
gqloperation=helpers.get_opname(info.operation))
return CreatePaste(paste=paste_obj)
def handle(self, ws, request_context=None):
connection_context = GeventConnectionContext(ws, request_context)
self.on_open(connection_context)
while True:
try:
if connection_context.closed:
raise ConnectionClosedException()
message = connection_context.receive()
except ConnectionClosedException:
self.on_close(connection_context)
return
if message:
msg = json.loads(message)
if msg.get('type', '') == 'start':
Audit.create_audit_entry(msg['payload']['query'],
operation_type='subscription')
self.on_message(connection_context, message)
def pump_db():
print('Populating Database')
db.create_all()
admin = User(username="******", password=random_password())
owner = Owner(name='DVGAUser')
audit = Audit()
paste = Paste()
paste.title = random_title()
paste.content = "My First Paste"
paste.public = False
paste.owner_id = owner.id
paste.owner = owner
paste.ip_addr = '127.0.0.1'
paste.user_agent = 'User-Agent not set'
audit.gqloperation = 'CreatePaste'
db.session.add(admin)
db.session.add(owner)
db.session.add(paste)
db.session.add(audit)
for _ in range(0, 10 ):
owner = Owner(name=random_owner())
paste = Paste()
paste.title = random_title()
paste.content = random_content()
paste.public = True
paste.owner_id = owner.id
paste.owner = owner
paste.ip_addr = random_address()
paste.user_agent = random_useragent()
db.session.add(owner)
db.session.add(paste)
db.session.commit()
print('done')
def resolve_audits(self, info): query = Audit.query.all() Audit.create_audit_entry(info) return query
def resolve_pastes(self, info, public=False):
query = PasteObject.get_query(info)
Audit.create_audit_entry(
gqloperation=helpers.get_opname(info.operation))
return query.filter_by(public=public,
burn=False).order_by(Paste.id.desc())
def resolve_system_health(self, info):
Audit.create_audit_entry(info)
return 'System Load: {}'.format(
helpers.run_cmd("uptime | awk '{print $10, $11, $12}'"))
def resolve_read_and_burn(self, info, id):
result = Paste.query.filter_by(id=id, burn=True).first()
Paste.query.filter_by(id=id, burn=True).delete()
db.session.commit()
Audit.create_audit_entry(info)
return result
def resolve_paste(self, info, p_id):
query = PasteObject.get_query(info)
Audit.create_audit_entry(
gqloperation=helpers.get_opname(info.operation))
return query.filter_by(id=p_id, burn=False).first()
def resolve_system_update(self, info):
security.simulate_load()
Audit.create_audit_entry(info)
return 'no updates available'
def resolve_system_update(self, info):
security.simulate_load()
Audit.create_audit_entry(
gqloperation=helpers.get_opname(info.operation))
return 'no updates available'
def resolve_system_health(self, info):
Audit.create_audit_entry(
gqloperation=helpers.get_opname(info.operation))
return 'System Load: {}'.format(
helpers.run_cmd("uptime | awk '{print $10, $11, $12}'"))
