def put_scan_control(scan_id): # Find the scan scan = scans.find_one({"id": scan_id}) if not scan: return jsonify(success=False, error='no-such-scan') # Check if the state is valid state = request.data if state not in ('START', 'STOP'): return jsonify(success=False, error='unknown-state') # Handle start if state == 'START': if scan['state'] != 'CREATED': return jsonify(success=False, error='invalid-state-transition') # Queue the scan to start scans.update({"id": scan_id}, { "$set": { "state": "QUEUED", "queued": datetime.datetime.utcnow() } }) tasks.scan.apply_async([scan['id']], countdown=3, queue='scan') # Handle stop if state == 'STOP': scans.update({"id": scan_id}, { "$set": { "state": "STOPPING", "queued": datetime.datetime.utcnow() } }) tasks.scan_stop.apply_async([scan['id']], queue='state') return jsonify(success=True)
def get_issues(): issue_codes = request.args.getlist('issue_code') issues = [] group = groups.find_one({'name': request.args.get('group_name')}) if group is not None: for target in group['sites']: scan = scans.find_one({"plan.name": request.args.get('plan_name'), "configuration.target": target, "state": "FINISHED", "sessions.issues.Code": {"$in": issue_codes}}, {"id": 1, "created": 1, "started": 1, "finished": 1, "configuration.target": 1, "sessions.issues.$": 1}) if scan: hit = {"site": {"url": scan["configuration"]["target"]}, "scan": {"id": scan["id"], "created": sanitize_time(scan["created"]), "started": sanitize_time(scan["started"]), "finished": sanitize_time(scan["finished"]), "sessions": []}} for session in scan["sessions"]: s = {"plugin": {"class": session["plugin"]["class"]}, "issues": []} for issue in session['issues']: if issue['Code'] in issue_codes: s["issues"].append({"summary": issue["Summary"], "id": issue["Id"], "code": issue["Code"]}) hit["scan"]["sessions"].append(s) issues.append(hit) return jsonify(success=True, issues=issues)
def has_permission(*args, **kwargs): email = request.args.get('email') if email: user = users.find_one({'email': email}) if not user: return jsonify(success=False, reason='user-does-not-exist') scan = scans.find_one({"id": kwargs['scan_id']}) if user['role'] == 'user': groupz = groups.find({'users': email, 'sites': scan['configuration']['target']}) if not groupz.count(): return jsonify(success=False, reason='not-found') return view(*args, **kwargs) # if groupz.count is not zero, or user is admin
def has_permission(*args, **kwargs): email = request.args.get("email") # If the task is scheduled by crontab, proceed with the task if email == "cron": return view(*args, **kwargs) if email: user = users.find_one({"email": email}) if not user: return jsonify(success=False, reason="user-does-not-exist") scan = scans.find_one({"id": kwargs["scan_id"]}) if user["role"] == "user": groupz = groups.find({"users": email, "sites": scan["configuration"]["target"]}) if not groupz.count(): return jsonify(success=False, reason="not-found") return view(*args, **kwargs) # if groupz.count is not zero, or user is admin
def has_permission(*args, **kwargs): email = request.args.get('email') # If the task is scheduled by crontab, proceed with the task if email == 'cron': return view(*args, **kwargs) if email: user = users.find_one({'email': email}) if not user: return jsonify(success=False, reason='user-does-not-exist') scan = scans.find_one({"id": kwargs['scan_id']}) if user['role'] == 'user': groupz = groups.find({ 'users': email, 'sites': scan['configuration']['target'] }) if not groupz.count(): return jsonify(success=False, reason='not-found') return view(*args, **kwargs) # if groupz.count is not zero, or user is admin
def put_scan_control(scan_id): # Find the scan scan = scans.find_one({"id": scan_id}) if not scan: return jsonify(success=False, error='no-such-scan') # Check if the state is valid state = request.data if state not in ('START', 'STOP'): return jsonify(success=False, error='unknown-state') # Handle start if state == 'START': if scan['state'] != 'CREATED': return jsonify(success=False, error='invalid-state-transition') # Queue the scan to start scans.update({"id": scan_id}, {"$set": {"state": "QUEUED", "queued": datetime.datetime.utcnow()}}) tasks.scan.apply_async([scan['id']], countdown=3, queue='scan') # Handle stop if state == 'STOP': scans.update({"id": scan_id}, {"$set": {"state": "STOPPING", "queued": datetime.datetime.utcnow()}}) tasks.scan_stop.apply_async([scan['id']], queue='state') return jsonify(success=True)
def put_scan_control(scan_id): # Find the scan scan = scans.find_one({"id": scan_id}) if not scan: return jsonify(success=False, error="no-such-scan") # Check if the state is valid state = request.data if state not in ("START", "STOP"): return jsonify(success=False, error="unknown-state") # Handle start if state == "START": if scan["state"] != "CREATED": return jsonify(success=False, error="invalid-state-transition") # Queue the scan to start scans.update({"id": scan_id}, {"$set": {"state": "QUEUED", "queued": datetime.datetime.utcnow()}}) tasks.scan.apply_async([scan["id"]], countdown=3, queue="scan") # Handle stop if state == "STOP": scans.update({"id": scan_id}, {"$set": {"state": "STOPPING", "queued": datetime.datetime.utcnow()}}) tasks.scan_stop.apply_async([scan["id"]], queue="state") return jsonify(success=True)
def get_scan_summary(scan_id): scan = scans.find_one({"id": scan_id}) if not scan: return jsonify(success=False, reason='not-found') return jsonify(success=True, summary=summarize_scan(sanitize_scan(scan)))
def get_scan(scan_id): scan = scans.find_one({"id": scan_id}) if not scan: return jsonify(success=False, reason="not-found") return jsonify(success=True, scan=sanitize_scan(scan))