def create_group():
group = request.json
# perform validations on incoming data; issue#132
if not group.get('name'):
return jsonify(success=False, reason='name-field-is-required')
userz = group.get('users')
sitez = group.get('sites')
if userz:
for user in userz:
if not users.find_one({'email': user}):
return jsonify(success=False, reason='user %s does not exist'%user)
if sitez:
for site in sitez:
if not sites.find_one({'name': site}):
return jsonify(success=False, reason='site %s does not exist'%site)
if groups.find_one({'name': group['name']}) is not None:
return jsonify(success=False, reason='group-already-exists')
# post-validation
new_group = { 'id': str(uuid.uuid4()),
'name': group['name'],
'description': group.get('description', ""),
'sites': group.get('sites', []),
'users': group.get('users', []),
'created': datetime.datetime.utcnow() }
groups.insert(new_group)
return jsonify(success=True, group=sanitize_group(new_group))
def get_issues():
issue_codes = request.args.getlist('issue_code')
issues = []
group = groups.find_one({'name': request.args.get('group_name')})
if group is not None:
for target in group['sites']:
scan = scans.find_one({"plan.name": request.args.get('plan_name'),
"configuration.target": target,
"state": "FINISHED",
"sessions.issues.Code": {"$in": issue_codes}},
{"id": 1, "created": 1, "started": 1, "finished": 1,
"configuration.target": 1, "sessions.issues.$": 1})
if scan:
hit = {"site": {"url": scan["configuration"]["target"]},
"scan": {"id": scan["id"],
"created": sanitize_time(scan["created"]),
"started": sanitize_time(scan["started"]),
"finished": sanitize_time(scan["finished"]),
"sessions": []}}
for session in scan["sessions"]:
s = {"plugin": {"class": session["plugin"]["class"]}, "issues": []}
for issue in session['issues']:
if issue['Code'] in issue_codes:
s["issues"].append({"summary": issue["Summary"], "id": issue["Id"], "code": issue["Code"]})
hit["scan"]["sessions"].append(s)
issues.append(hit)
return jsonify(success=True, issues=issues)
def create_group():
group = request.json
# perform validations on incoming data; issue#132
if not group.get("name"):
return jsonify(success=False, reason="name-field-is-required")
userz = group.get("users")
sitez = group.get("sites")
if userz:
for user in userz:
if not users.find_one({"email": user}):
return jsonify(success=False, reason="user %s does not exist" % user)
if sitez:
for site in sitez:
if not sites.find_one({"name": site}):
return jsonify(success=False, reason="site %s does not exist" % site)
if groups.find_one({"name": group["name"]}) is not None:
return jsonify(success=False, reason="group-already-exists")
# post-validation
new_group = {
"id": str(uuid.uuid4()),
"name": group["name"],
"description": group.get("description", ""),
"sites": group.get("sites", []),
"users": group.get("users", []),
"created": datetime.datetime.utcnow(),
}
groups.insert(new_group)
return jsonify(success=True, group=sanitize_group(new_group))
def _find_sites_for_user_by_group_name(email, group_name):
""" Find all sites that user has access to in a
given group. """
group = groups.find_one({'name': group_name, 'users': email})
if not group:
return jsonify(success=False, reason="Group not found.")
return group['sites']
def _find_sites_for_user_by_group_name(email, group_name):
""" Find all sites that user has access to in a
given group. """
group = groups.find_one({'name': group_name, 'users': email})
if not group:
return jsonify(success=False, reason="Group not found.")
return group['sites']
def create_group():
group = request.json
# perform validations on incoming data; issue#132
if not group.get('name'):
return jsonify(success=False, reason='name-field-is-required')
userz = group.get('users')
sitez = group.get('sites')
if userz:
for user in userz:
if not users.find_one({'email': user}):
return jsonify(success=False,
reason='user %s does not exist' % user)
if sitez:
for site in sitez:
if not sites.find_one({'url': site}):
return jsonify(success=False,
reason='site %s does not exist' % site)
if groups.find_one({'name': group['name']}) is not None:
return jsonify(success=False, reason='group-already-exists')
# post-validation
new_group = {
'id': str(uuid.uuid4()),
'name': group['name'],
'description': group.get('description', ""),
'sites': group.get('sites', []),
'users': group.get('users', []),
'created': datetime.datetime.utcnow()
}
groups.insert(new_group)
return jsonify(success=True, group=sanitize_group(new_group))
def patch_group(group_name):
group = groups.find_one({'name': group_name})
if not group:
return jsonify(success=False, reason='no-such-group')
# Process the edits. These can probably be done in one operation.
patch = request.json
for site in patch.get('addSites', []):
if isinstance(site, unicode):
groups.update({'name':group_name},{'$push': {'sites': site}})
for site in patch.get('removeSites', []):
if isinstance(site, unicode):
groups.update({'name':group_name},{'$pull': {'sites': site}})
for user in patch.get('addUsers', []):
if isinstance(user, unicode):
groups.update({'name':group_name},{'$push': {'users': user}})
for user in patch.get('removeUsers', []):
if isinstance(user, unicode):
groups.update({'name':group_name},{'$pull': {'users': user}})
# Return the modified group
group = groups.find_one({'name': group_name})
return jsonify(success=True, group=sanitize_group(group))
def patch_group(group_name):
group = groups.find_one({"name": group_name})
if not group:
return jsonify(success=False, reason="no-such-group")
# Process the edits. These can probably be done in one operation.
patch = request.json
for site in patch.get("addSites", []):
if isinstance(site, unicode) or isinstance(site, str):
groups.update({"name": group_name}, {"$push": {"sites": site}})
for site in patch.get("removeSites", []):
if isinstance(site, unicode) or isinstance(site, str):
groups.update({"name": group_name}, {"$pull": {"sites": site}})
for user in patch.get("addUsers", []):
if isinstance(user, unicode) or isinstance(user, str):
groups.update({"name": group_name}, {"$push": {"users": user}})
for user in patch.get("removeUsers", []):
if isinstance(user, unicode) or isinstance(user, str):
groups.update({"name": group_name}, {"$pull": {"users": user}})
# Return the modified group
group = groups.find_one({"name": group_name})
return jsonify(success=True, group=sanitize_group(group))
def patch_group(group_name):
group = groups.find_one({'name': group_name})
if not group:
return jsonify(success=False, reason='no-such-group')
# Process the edits. These can probably be done in one operation.
patch = request.json
for site in patch.get('addSites', []):
if isinstance(site, unicode) or isinstance(site, str):
groups.update({'name': group_name}, {'$push': {'sites': site}})
for site in patch.get('removeSites', []):
if isinstance(site, unicode) or isinstance(site, str):
groups.update({'name': group_name}, {'$pull': {'sites': site}})
for user in patch.get('addUsers', []):
if isinstance(user, unicode) or isinstance(user, str):
groups.update({'name': group_name}, {'$push': {'users': user}})
for user in patch.get('removeUsers', []):
if isinstance(user, unicode) or isinstance(user, str):
groups.update({'name': group_name}, {'$pull': {'users': user}})
# Return the modified group
group = groups.find_one({'name': group_name})
return jsonify(success=True, group=sanitize_group(group))
def get_group(group_name):
group = groups.find_one({'name': group_name})
if not group:
return jsonify(success=False, reason='no-such-group')
return jsonify(success=True, group=sanitize_group(group))
def _check_group_exists(group_name):
return groups.find_one({'name': group_name}) is not None
def delete_group(group_name):
group = groups.find_one({'name': group_name})
if not group:
return jsonify(success=False, reason='no-such-group')
groups.remove({'name': group_name})
return jsonify(success=True)
def _check_group_exists(group_name):
return groups.find_one({'name': group_name}) is not None
def delete_group(group_name):
group = groups.find_one({'name': group_name})
if not group:
return jsonify(success=False, reason='no-such-group')
groups.remove({'name': group_name})
return jsonify(success=True)
def get_group(group_name):
group = groups.find_one({'name': group_name})
if not group:
return jsonify(success=False, reason='no-such-group')
return jsonify(success=True, group=sanitize_group(group))
