def do_logic(self, req, res, session): self.jinja_html_file = 'jvn_account.j2' self.method = req.params['method'] #リクエストのパスワードとセッション情報のそれが同一の場合は変更しない。 jvn = session.get(get_session_key(req)) if req.params['passwd'] == jvn.passwd: hash_code = jvn.passwd else: hash_code = make_passwd(req.params['passwd']) def do_execute(db): rec = Account(req.params, hash_code) ret, self.error_message = rec.validate(db, self.method) if ret == False: self.jinja_html_file = 'jvn_account_edit.j2' self.ui = rec setPrivs(self, rec.privs) return if self.method == 'regist': db.add(rec) elif self.method == 'modify': rec = db.query(Account).filter_by( user_id=req.params['user_id']).first() rec.passwd = hash_code rec.user_name = req.params['user_name'] rec.email = req.params['email'] rec.department = req.params['department'] rec.privs = req.params['privs'] return db.query(Account).order_by(Account.user_id).all() self.result = do_transaction(do_execute, self)
def do_logic(self, req, res, session): self.jinja_html_file = 'jvn_develop_complete.j2' def do_execute(db): records = [] i = 0 while True: vendor = "vendor" + str(i + 1) product = "product" + str(i + 1) cpe = "cpe" + str(i + 1) fs_manage = "fs_manage" + str(i + 1) if not cpe in req.params: break rec = db.query(Product).filter_by(cpe=req.params[cpe]).first() rec.edit = 0 rec.fs_manage = req.params[fs_manage] records.append( (fs_manage_code2ui(req.params[fs_manage]), req.params[vendor], req.params[product], req.params[cpe])) i += 1 return records self.result = do_transaction(do_execute, self)
def check_login(self, req, session): """Check login """ def select_user(db): return db.query(Account).filter_by(user_id = req.params[LOGIN_USER_KEY]).first() login_ok = False if LOGIN_USER_KEY in req.params: rec = do_transaction(select_user,self) if rec: salt = rec.passwd[:29] passwd = bcrypt.hashpw(req.params['jvn_passwd'].encode('utf-8'), salt.encode('utf-8')).decode('utf-8') if rec.passwd != passwd: self.error_message = 'アカウントIDもしくはパスワードが違います。' else: self.login_user = JvnUser((rec.user_id,rec.user_name,rec.email,rec.department,rec.privs)) session[LOGIN_USER_KEY] = self.login_user login_ok = True elif True == auth_pop_user(req.params[LOGIN_USER_KEY],req.params['jvn_passwd']): self.login_user = session[LOGIN_USER_KEY] = JvnUser((req.params[LOGIN_USER_KEY],)) login_ok = True else: self.error_message = 'アカウントIDもしくはパスワードが違います。' else: # セッション情報にユーザーIDがある場合は認証済みとする。 if LOGIN_USER_KEY in session : self.login_user = session.get(LOGIN_USER_KEY) login_ok = True return login_ok
def test_do_transaction(self): testemail = "*****@*****.**" t = JvnTest() result = do_transaction(lambda db : db.query(Account).filter_by(email = testemail).order_by(Account.user_id).all(), t) users = ['admin','guest'] for i, r in enumerate(result): self.assertEqual(r.user_id, users[i])
def test_account_04(self): row = {} row['user_id'] = "testtaro" password = "******" row['user_name'] = "" row['email'] = "*****@*****.**" row['department'] = 'user' row['privs'] = 'admin' account = Account(row,password) def db_execute(db): (b,m) = account.validate(db, 'regist') self.assertEqual(b, False) self.assertEqual(m, "入力されていない項目があります。(全て必須項目です。)") t = JvnTest() do_transaction(db_execute, t)
def test_account_16(self): row = {} row['user_id'] = "test_taro" password = "******" row['user_name'] = ("a" * 255) row['email'] = "testtaro" row['department'] = ("a" * 32) row['privs'] = ("a" * 8) account = Account(row,password) def db_execute(db): (b,m) = account.validate(db, 'regist') self.assertEqual(b, False) self.assertEqual(m, "メールアドレスの形式が正しくありません。") t = JvnTest() do_transaction(db_execute, t)
def test_account_15(self): row = {} row['user_id'] = "admin" password = "******" row['user_name'] = ("a" * 255) row['email'] = "*****@*****.**" row['department'] = ("a" * 32) row['privs'] = ("a" * 8) account = Account(row,password) def db_execute(db): (b,m) = account.validate(db, 'regist') self.assertEqual(b, False) self.assertEqual(m, "既にアカウントが存在してます。") t = JvnTest() do_transaction(db_execute, t)
def test_account_13(self): row = {} row['user_id'] = "testtaro" password = "******" row['user_name'] = ("a" * 255) row['email'] = "*****@*****.**" row['department'] = ("a" * 33) row['privs'] = 'admin' account = Account(row,password) def db_execute(db): (b,m) = account.validate(db, 'regist') self.assertEqual(b, False) self.assertEqual(m, "最大桁数をこえている項目があります。") t = JvnTest() do_transaction(db_execute, t)
def do_logic(self, req, res, session): self.jinja_html_file = 'jvn_account.j2' def do_execute(db): rec = db.query(Account).filter_by( user_id=req.params['delete_user_id']).first() db.delete(rec) return db.query(Account).order_by(Account.user_id).all() self.result = do_transaction(do_execute, self)
def test_product_01(self): t = JvnTest() r = do_transaction(lambda db : db.query(Product).filter_by(pid = 1).first(), t) self.assertEqual(r.pid,1) self.assertEqual(r.pname,'Sun Solaris 2.5 (SPARC)') self.assertEqual(r.cpe,'cpe:/o:sun:solaris:2.5::sparc') self.assertEqual(r.vid,1) self.assertEqual(r.fs_manage,'not_cover_item') self.assertEqual(r.edit,0)
def do_logic(self, req, res, session): self.jinja_html_file = 'jvn_ticket_complete.j2' self.identifier = req.params['identifier'] ui = session.get(get_session_key(req)) def do_execute(db): rec = db.query(Vulnerability).filter_by( identifier=self.identifier).first() rec.ticket_modified_date = datetime.datetime.now() do_transaction(do_execute, self) records = [] for i in range(0, ui.total_count): records.append((req.params["vname" + str(i + 1)], req.params["pname" + str(i + 1)], req.params["cpe" + str(i + 1)])) self.result = records
def do_logic(self, req, res, session): self.jinja_html_file = 'jvn_account_edit.j2' self.ui = do_transaction( lambda db: db.query(Account).filter_by(user_id=req.params[ 'user_id']).first(), self) state = JvnState() state.passwd = self.ui.passwd session[get_session_key(req)] = state self.readonly = 'readonly' self.method = 'modify' setPrivs(self, self.ui.privs)
def do_logic(self, req, res, session): self.jinja_html_file = 'jvn_operation_complete.j2' ui = session.get(get_session_key(req)) def do_execute(db): records = [] for i in range(0, ui.total_count): checkbox = "check" + str(i + 1) if checkbox in req.params: rec = db.query(Product).filter_by( cpe=req.params[checkbox]).first() rec.edit = 1 records.append((req.params["vname" + str(i + 1)], req.params["pname" + str(i + 1)], req.params[checkbox])) return records self.result = do_transaction(do_execute, self)
def test_jvn_vulnerability_01(self): identifier = 'JVNDB-1998-000002' description = 'Sun Solaris の ndd コマンドには、不正な TCP/IP のカーネルパラメータを設定されてしまう脆弱性が存在します。' t = JvnTest() r = do_transaction(lambda db : db.query(Vulnerability).filter_by(identifier = identifier).first(), t) self.assertEqual(r.identifier,'JVNDB-1998-000002') self.assertEqual(r.title,'Sun Solaris の ndd コマンドにおけるサービス運用妨害 (DoS) の脆弱性') self.assertEqual(r.link, 'https://jvndb.jvn.jp/ja/contents/1998/JVNDB-1998-000002.html') self.assertEqual(r.description,description) self.assertEqual(r.issued_date.year,2007) self.assertEqual(r.issued_date.month,4) self.assertEqual(r.issued_date.day,1) self.assertEqual(r.issued_date.hour,0) self.assertEqual(r.issued_date.minute,0) self.assertEqual(r.issued_date.second, 0) self.assertEqual(r.modified_date.year,2007) self.assertEqual(r.modified_date.month,4) self.assertEqual(r.modified_date.day,1) self.assertEqual(r.modified_date.hour,0) self.assertEqual(r.modified_date.minute,0) self.assertEqual(r.modified_date.second, 0) self.assertEqual(r.public_date.year,1998) self.assertEqual(r.public_date.month,3) self.assertEqual(r.public_date.day,11) self.assertEqual(r.public_date.hour,0) self.assertEqual(r.public_date.minute,0) self.assertEqual(r.public_date.second, 0) self.assertEqual(r.cweid,'CWE-78') self.assertEqual(r.cwetitle,'OSコマンドインジェクション')
def do_logic(self, req, res, session): self.jinja_html_file = 'jvn_account.j2' self.result = do_transaction( lambda db: db.query(Account).order_by(Account.user_id).all(), self)