def get(self): """Download all vulnerability list""" schema = VulnListInputSchema(only=["tz_offset", "fix_required", "keyword"]) params, errors = schema.load(request.args) if errors: abort(400, errors) vuln_query = VulnTable.select( VulnTable.oid, VulnTable.fix_required, VulnTable.advice, VulnTable.created_at, VulnTable.updated_at, ResultTable.name, ResultTable.cvss_base, ResultTable.cve, ResultTable.description, ).join(ResultTable, on=(VulnTable.oid == ResultTable.oid)) if "fix_required" in params and len(params["fix_required"]) > 0: vuln_query = vuln_query.where(VulnTable.fix_required == params["fix_required"]) if "keyword" in params and len(params["keyword"]) > 0: vuln_query = vuln_query.where( (VulnTable.oid ** "%{}%".format(params["keyword"])) | (ResultTable.name ** "%{}%".format(params["keyword"])) ) vuln_query = vuln_query.group_by( VulnTable.oid, VulnTable.fix_required, VulnTable.advice, VulnTable.created_at, VulnTable.updated_at, ResultTable.name, ResultTable.cvss_base, ResultTable.cve, ResultTable.description, ) vuln_query = vuln_query.order_by(VulnTable.oid.desc()) output = "" with tempfile.TemporaryFile("r+") as f: writer = csv.DictWriter( f, VulneravilityListDownload.VULNERABILITY_CSV_COLUMNS, extrasaction="ignore" ) writer.writeheader() for vuln in vuln_query.dicts(): vuln["description"] = Utils.format_openvas_description(vuln["description"]) vuln["created_at"] = vuln["created_at"] + timedelta(minutes=params["tz_offset"]) vuln["updated_at"] = vuln["updated_at"] + timedelta(minutes=params["tz_offset"]) writer.writerow(vuln) f.flush() f.seek(0) output += f.read() headers = {"Content-Type": "text/csv", "Content-Disposition": "attachment"} return Response(response=output, status=200, headers=headers)
def get(self, audit_uuid): """Download the specified audit result""" schema = AuditDownloadInputSchema() params, errors = schema.load(request.args) if errors: abort(400, errors) audit_query = AuditTable.select().where(AuditTable.uuid == audit_uuid) audit = audit_query.dicts()[0] output = audit["name"] + "\n" + audit["description"] + "\n\n" scan_ids = [] for scan in audit_query[0].scans.dicts(): if scan["processed"] is True: scan_ids.append(scan["id"]) results = (ResultTable.select( ResultTable, ScanTable, VulnTable).join(ScanTable).join( VulnTable, on=(ResultTable.oid == VulnTable.oid)).where( ResultTable.scan_id.in_(scan_ids)).order_by( ResultTable.scan_id)) with tempfile.TemporaryFile("r+") as f: writer = csv.DictWriter(f, AuditDownload.AUDIT_CSV_COLUMNS, extrasaction="ignore") writer.writeheader() for result in results.dicts(): result["started_at"] = result["started_at"] + timedelta( minutes=params["tz_offset"]) result["ended_at"] = result["ended_at"] + timedelta( minutes=params["tz_offset"]) result["description"] = Utils.format_openvas_description( result["description"]) writer.writerow(result) f.flush() f.seek(0) output += f.read() headers = { "Content-Type": "text/csv", "Content-Disposition": "attachment" } return Response(response=output, status=200, headers=headers)