예제 #1
0
파일: vulns.py 프로젝트: wowtalon/faraday
    def post_attachment(self, workspace_name, vuln_id):
        try:
            validate_csrf(request.form.get('csrf_token'))
        except wtforms.ValidationError:
            flask.abort(403)
        vuln_workspace_check = db.session.query(
            VulnerabilityGeneric, Workspace.id).join(Workspace).filter(
                VulnerabilityGeneric.id == vuln_id,
                Workspace.name == workspace_name).first()

        if vuln_workspace_check:
            if 'file' not in request.files:
                flask.abort(400)

            faraday_file = FaradayUploadedFile(request.files['file'].read())
            filename = request.files['file'].filename

            get_or_create(db.session,
                          File,
                          object_id=vuln_id,
                          object_type='vulnerability',
                          name=filename,
                          filename=filename,
                          content=faraday_file)
            db.session.commit()
            return flask.jsonify({'message': 'Evidence upload was successful'})
        else:
            flask.abort(404, "Vulnerability not found")
예제 #2
0
def test_image_is_detected_correctly():

    with open(TEST_DATA_PATH / 'faraday.png', "rb") as image_data:
        field = FaradayUploadedFile(image_data.read())
        assert field['content_type'] == 'image/png'
        assert 'thumb_id' in field.keys()
        assert 'thumb_path' in field.keys()
        assert len(field['files']) == 2
예제 #3
0
def test_image_is_detected_correctly():

    with open(os.path.join(CURRENT_PATH, 'data', 'faraday.png'),
              "rb") as image_data:
        field = FaradayUploadedFile(image_data.read())
        assert field['content_type'] == 'image/png'
        assert 'thumb_id' in field.keys()
        assert 'thumb_path' in field.keys()
        assert len(field['files']) == 2
예제 #4
0
파일: vulns.py 프로젝트: infobyte/faraday
    def post_attachment(self, workspace_name, vuln_id):
        """
        ---
        post:
          tags: ["Vulnerability", "File"]
          description: Creates a new attachment in the vuln
          responses:
            201:
              description: Created
        tags: ["Vulnerability", "File"]
        responses:
          200:
            description: Ok
        """

        vuln_workspace_check = db.session.query(
            VulnerabilityGeneric, Workspace.id).join(Workspace).filter(
                VulnerabilityGeneric.id == vuln_id,
                Workspace.name == workspace_name).first()

        if vuln_workspace_check:
            if 'file' not in request.files:
                flask.abort(400)
            vuln = VulnerabilitySchema().dump(vuln_workspace_check[0])
            filename = request.files['file'].filename
            _attachments = vuln['_attachments']
            if filename in _attachments:
                message = 'Evidence already exists in vuln'
                return make_response(
                    flask.jsonify(message=message, success=False, code=400),
                    400)
            else:
                faraday_file = FaradayUploadedFile(
                    request.files['file'].read())
                instance, created = get_or_create(db.session,
                                                  File,
                                                  object_id=vuln_id,
                                                  object_type='vulnerability',
                                                  name=filename,
                                                  filename=filename,
                                                  content=faraday_file)
                db.session.commit()
                message = 'Evidence upload was successful'
                return flask.jsonify({'message': message})
        else:
            flask.abort(404, "Vulnerability not found")
예제 #5
0
파일: vulns.py 프로젝트: wowtalon/faraday
 def _process_attachments(self, obj, attachments):
     old_attachments = db.session.query(File).filter_by(
         object_id=obj.id,
         object_type='vulnerability',
     )
     for old_attachment in old_attachments:
         db.session.delete(old_attachment)
     for filename, attachment in attachments.items():
         faraday_file = FaradayUploadedFile(b64decode(attachment['data']))
         get_or_create(
             db.session,
             File,
             object_id=obj.id,
             object_type='vulnerability',
             name=os.path.splitext(os.path.basename(filename))[0],
             filename=os.path.basename(filename),
             content=faraday_file,
         )
예제 #6
0
 def _process_attachments(self, obj, attachments):
     old_attachments = db.session.query(File).options(
         joinedload(File.creator), joinedload(File.update_user)).filter_by(
             object_id=obj.id,
             object_type='vulnerability',
         )
     for old_attachment in old_attachments:
         db.session.delete(old_attachment)
     for filename, attachment in attachments.items():
         faraday_file = FaradayUploadedFile(b64decode(attachment['data']))
         get_or_create(
             db.session,
             File,
             object_id=obj.id,
             object_type='vulnerability',
             name=Path(filename).stem,
             filename=Path(filename).name,
             content=faraday_file,
         )
예제 #7
0
def test_normal_attach_is_not_detected_as_image():
    with open(TEST_DATA_PATH / 'report_w3af.xml', "rb") as image_data:
        field = FaradayUploadedFile(image_data.read())
        assert field['content_type'] == 'application/octet-stream'
        assert len(field['files']) == 1
예제 #8
0
def test_html_content_type_is_not_html():
    with open(TEST_DATA_PATH / 'test.html', "rb") as image_data:
        field = FaradayUploadedFile(image_data.read())
        assert field['content_type'] == 'application/octet-stream'
        assert len(field['files']) == 1
예제 #9
0
def test_normal_attach_is_not_detected_as_image():
    with open(os.path.join(CURRENT_PATH, 'data', 'report_w3af.xml'),
              "rb") as image_data:
        field = FaradayUploadedFile(image_data.read())
        assert field['content_type'] == 'application/octet-stream'
        assert len(field['files']) == 1
예제 #10
0
def test_html_content_type_is_not_html():
    with open(os.path.join(CURRENT_PATH, 'data', 'test.html'),
              "rb") as image_data:
        field = FaradayUploadedFile(image_data.read())
        assert field['content_type'] == 'application/octet-stream'
        assert len(field['files']) == 1