def _filter(self, filters, workspace_name):
try:
filters = FlaskRestlessSchema().load(json.loads(filters)) or {}
hostname_filters = []
if filters:
filters['filters'], hostname_filters = self._hostname_filters(
filters.get('filters', []))
except (ValidationError, JSONDecodeError) as ex:
logger.exception(ex)
flask.abort(400, "Invalid filters")
workspace = self._get_workspace(workspace_name)
marshmallow_params = {
'many': True,
'context': {},
'exclude': ('_attachments', )
}
if 'group_by' not in filters:
offset = None
limit = None
if 'offset' in filters:
offset = filters.pop('offset')
if 'limit' in filters:
limit = filters.pop(
'limit') # we need to remove pagination, since
try:
vulns = self._generate_filter_query(VulnerabilityGeneric,
filters, hostname_filters,
workspace,
marshmallow_params)
except AttributeError as e:
flask.abort(400, e)
total_vulns = vulns
if limit:
vulns = vulns.limit(limit)
if offset:
vulns = vulns.offset(offset)
vulns = self.schema_class_dict['VulnerabilityWeb'](
**marshmallow_params).dump(vulns.all())
return vulns, total_vulns.count()
else:
vulns = self._generate_filter_query(
VulnerabilityGeneric,
filters,
hostname_filters,
workspace,
marshmallow_params,
)
column_names = ['count'] + [
field['field'] for field in filters.get('group_by', [])
]
rows = [list(zip(column_names, row)) for row in vulns.all()]
vulns_data = []
for row in rows:
vulns_data.append({field[0]: field[1] for field in row})
return vulns_data, len(rows)
def _filter(self, filters, workspace_name, confirmed=False):
try:
filters = FlaskRestlessSchema().load(json.loads(filters))
_, hostname_filters = self._hostname_filters(filters.get('filters', []))
except (ValidationError, JSONDecodeError) as ex:
logger.exception(ex)
flask.abort(400, "Invalid filters")
if confirmed:
if 'filters' not in filters:
filters = {}
filters['filters'] = []
filters['filters'].append({
"name": "confirmed",
"op": "==",
"val": "true"
})
workspace = self._get_workspace(workspace_name)
marshmallow_params = {'many': True, 'context': {}}
normal_vulns_data = self._filter_vulns(Vulnerability, filters, hostname_filters, workspace, marshmallow_params, False)
web_vulns_data = self._filter_vulns(VulnerabilityWeb, filters, hostname_filters, workspace, marshmallow_params, True)
return normal_vulns_data + web_vulns_data