def query_plugins(self, weapon_system, rpc):
if 0 < len(weapon_system.plugins):
self.output += "[-] Clearing old plugin(s) ...\n"
for old_plugin in weapon_system.plugins:
dbsession.delete(old_plugin)
dbsession.flush()
self.output += "[*] Attempting to detect remote plugin(s) ...\n"
for algo in Algorithm.all():
self.output += "[+] Looking for %s plugins ..." % algo
plugin_names = rpc.root.exposed_get_category_plugins(algo.name)
self.output += " found %d\n" % len(plugin_names)
for plugin_name in plugin_names:
self.output += "[+] Query info from remote plugin '%s'\n" % plugin_name
details = rpc.root.exposed_get_plugin_details(algo.name, plugin_name)
plugin = PluginDetails(
name=unicode(plugin_name),
author=unicode(details['author']),
website=unicode(details['website']),
version=unicode(details['version']),
description=unicode(details['description']),
copyright=unicode(details['copyright']),
)
plugin.precomputation = details['precomputation']
plugin.algorithm_id = algo.id
weapon_system.plugins.append(plugin)
def query_plugins(self, weapon_system, rpc):
if 0 < len(weapon_system.plugins):
self.output += "[-] Clearing old plugin(s) ...\n"
for old_plugin in weapon_system.plugins:
dbsession.delete(old_plugin)
dbsession.flush()
self.output += "[*] Attempting to detect remote plugin(s) ...\n"
for algo in Algorithm.all():
self.output += "[+] Looking for %s plugins ..." % algo
plugin_names = rpc.root.exposed_get_category_plugins(algo.name)
self.output += " found %d\n" % len(plugin_names)
for plugin_name in plugin_names:
self.output += "[+] Query info from remote plugin '%s'\n" % plugin_name
details = rpc.root.exposed_get_plugin_details(
algo.name, plugin_name)
plugin = PluginDetails(
name=unicode(plugin_name),
author=unicode(details['author']),
website=unicode(details['website']),
version=unicode(details['version']),
description=unicode(details['description']),
copyright=unicode(details['copyright']),
)
plugin.precomputation = details['precomputation']
plugin.algorithm_id = algo.id
weapon_system.plugins.append(plugin)
def post(self, *args, **kwargs):
uuid = self.get_argument('uuid', '')
payload = Payload.by_uuid(uuid)
user = self.get_current_user()
if payload is not None and payload in user.history:
dbsession.delete(payload)
dbsession.flush()
self.redirect('/history')
def post(self, *args, **kwargs):
uuid = self.get_argument('uuid', '')
payload = Payload.by_uuid(uuid)
user = self.get_current_user()
if payload is not None and payload in user.history:
dbsession.delete(payload)
dbsession.flush()
self.redirect('/history')
def post(self, *args, **kwargs):
''' AJAX // Delete a paste object from the database '''
paste_uuid = self.get_argument("uuid", "")
paste = PasteBin.by_uuid(paste_uuid)
user = self.get_current_user()
if paste is not None and paste.team_id == user.team.id:
dbsession.delete(paste)
dbsession.flush()
self.redirect("/user/share/pastebin")
def deleteUser():
data = request.get_json(force=True)
print('data:',data, type(data))
query = None
try:
query = dbsession.query(models.User).filter_by(email=data['email'], password=data['password']).one()
except:
return jsonify({'status':'error', 'error':'The user is not registered!'})
dbsession.delete(query)
dbsession.commit()
return jsonify({'status': 'success'})
def get(self, *args, **kwargs):
''' AJAX // Delete a paste object from the database '''
form = Form(paste_uuid="Paste does not exist.", )
if form.validate(self.request.arguments):
paste_uuid = self.get_argument("paste_uuid")
paste = PasteBin.by_uuid(paste_uuid)
user = self.get_current_user()
if paste is not None and paste.team_id == user.team.id:
dbsession.delete(paste)
dbsession.flush()
self.redirect("/user/share/pastebin")
def post(self, *args, **kwargs):
''' Used to delete regtokens '''
token_value = self.get_argument('token_value', '')
reg_token = RegistrationToken.by_value(token_value)
if reg_token is not None:
dbsession.delete(reg_token)
dbsession.flush()
self.redirect('/admin/regtoken/view')
else:
self.render('admin/view/token.html',
errors=["Token does not exist"])
def post(self, *args, **kwargs):
''' Used to delete regtokens '''
token_value = self.get_argument('token_value', '')
reg_token = RegistrationToken.by_value(token_value)
if reg_token is not None:
dbsession.delete(reg_token)
dbsession.flush()
self.redirect('/admin/regtoken/view')
else:
self.render('admin/view/token.html',
errors=["Token does not exist"]
)
def del_ip(self):
''' Delete an ip address object '''
ip = IpAddress.by_address(self.get_argument('ip', ''))
if ip is not None:
logging.info("Deleted IP address: '%s'" % str(ip))
dbsession.delete(ip)
dbsession.flush()
self.redirect("/admin/view/game_objects")
else:
logging.info("IP address (%r) does not exist in database" %
self.get_argument('ip', ''))
self.render("admin/view/game_objects.html",
errors=["IP does not exist in database"])
def get(self, *args, **kwargs):
''' AJAX // Delete a paste object from the database '''
form = Form(
paste_uuid="Paste does not exist.",
)
if form.validate(self.request.arguments):
paste_uuid = self.get_argument("paste_uuid")
paste = PasteBin.by_uuid(paste_uuid)
user = self.get_current_user()
if paste is not None and paste.team_id == user.team.id:
dbsession.delete(paste)
dbsession.flush()
self.redirect("/user/share/pastebin")
def del_flag(self):
''' Delete a flag object from the database '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
logging.info("Deleted flag: %s " % flag.name)
dbsession.delete(flag)
dbsession.flush()
self.redirect('/admin/view/game_objects')
else:
logging.info("Flag (%r) does not exist in the database" %
self.get_argument('uuid', ''))
self.render("admin/view/game_objects.html",
errors=["Flag does not exist in database"])
def del_ip(self):
''' Delete an ip address object '''
ip = IpAddress.by_address(self.get_argument('ip', ''))
if ip is not None:
logging.info("Deleted IP address: '%s'" % str(ip))
dbsession.delete(ip)
dbsession.flush()
self.redirect("/admin/view/game_objects")
else:
logging.info("IP address (%r) does not exist in database" %
self.get_argument('ip', '')
)
self.render("admin/view/game_objects.html",
errors=["IP does not exist in database"]
)
def del_flag(self):
''' Delete a flag object from the database '''
flag = Flag.by_uuid(self.get_argument('uuid', ''))
if flag is not None:
logging.info("Deleted flag: %s " % flag.name)
dbsession.delete(flag)
dbsession.flush()
self.redirect('/admin/view/game_objects')
else:
logging.info("Flag (%r) does not exist in the database" %
self.get_argument('uuid', '')
)
self.render("admin/view/game_objects.html",
errors=["Flag does not exist in database"]
)
def do_strip(self, username):
'''
Strip a user of all permissions
Usage: strip <handle>
'''
user = User.by_handle(username)
if user is None:
print(WARN + "'%s' user not found in database." % username)
else:
username = user.handle
permissions = Permission.by_user_id(user.id)
if len(permissions) == 0:
print(WARN + "%s has no permissions." % user.handle)
else:
for perm in permissions:
print(INFO + "Removing permission: " + perm.name)
dbsession.delete(perm)
dbsession.commit()
print(INFO + "Successfully removed %s's permissions." % user.handle)
def delete_source_code(self):
''' Delete source code file '''
uuid = self.get_argument('box_uuid', '')
box = Box.by_uuid(uuid)
if box is not None and box.source_code is not None:
source_code_uuid = box.source_code.uuid
dbsession.delete(box.source_code)
dbsession.flush()
root = self.application.settings['source_code_market_dir']
source_code_path = root + '/' + source_code_uuid
logging.info("Delete souce code market file: %s (box: %s)" %
(source_code_path, box.name,)
)
if os.path.exists(source_code_path):
os.unlink(source_code_path)
errors = None
else:
errors = ["Box does not exist, or contains no source code"]
self.render('admin/upgrades/source_code_market.html', errors=errors)
def delete_source_code(self):
''' Delete source code file '''
uuid = self.get_argument('box_uuid', '')
box = Box.by_uuid(uuid)
if box is not None and box.source_code is not None:
source_code_uuid = box.source_code.uuid
dbsession.delete(box.source_code)
dbsession.flush()
root = self.application.settings['source_code_market_dir']
source_code_path = root + '/' + source_code_uuid
logging.info("Delete souce code market file: %s (box: %s)" % (
source_code_path,
box.name,
))
if os.path.exists(source_code_path):
os.unlink(source_code_path)
errors = None
else:
errors = ["Box does not exist, or contains no source code"]
self.render('admin/upgrades/source_code_market.html', errors=errors)
def do_strip(self, username):
"""
Strip a user of all permissions
Usage: strip <handle>
"""
user = User.by_handle(username)
if user is None:
print(WARN + "'%s' user not found in database." % username)
else:
username = user.handle
permissions = Permission.by_user_id(user.id)
if len(permissions) == 0:
print(WARN + "%s has no permissions." % user.handle)
else:
for perm in permissions:
print(INFO + "Removing permission: " + perm.name)
dbsession.delete(perm)
dbsession.commit()
print(INFO +
"Successfully removed %s's permissions." % user.handle)
def do_rmuser(self, username):
'''
Delete a user from the database
Usage: delete <handle>
'''
user = User.by_handle(username)
if user is None:
print(WARN + "'%s' user not found in database." % username)
else:
username = user.handle
print(WARN + str("Are you sure you want to delete %s?" % username))
if raw_input(PROMPT + "Delete [y/n]: ").lower() == 'y':
permissions = Permission.by_user_id(user.id)
for perm in permissions:
print(INFO + "Removing permission: " + perm.name)
dbsession.delete(perm)
dbsession.flush()
dbsession.delete(user)
dbsession.commit()
print(INFO + "Successfully deleted %s from database." % username)
def do_strip(self, username):
'''
Strip a user of all permissions
Usage: strip <user name>
'''
user = User.by_user_name(username)
if user == None:
print(WARN + str("%s user not found in database." % username))
else:
username = user.user_name
permissions = Permission.by_user_id(user.id)
if len(permissions) == 0:
print(WARN + str("%s has no permissions." % user.user_name))
else:
for perm in permissions:
print(INFO + "Removing permission: " +
perm.permission_name)
dbsession.delete(perm)
dbsession.flush()
print(INFO +
"Successfully removed %s's permissions." % user.user_name)
def do_strip(self, username):
'''
Strip a user of all permissions
Usage: strip <user name>
'''
user = User.by_user_name(username)
if user == None:
print(WARN + str("%s user not found in database." % username))
else:
username = user.user_name
permissions = Permission.by_user_id(user.id)
if len(permissions) == 0:
print(WARN + str("%s has no permissions." % user.user_name))
else:
for perm in permissions:
print(
INFO + "Removing permission: " + perm.permission_name)
dbsession.delete(perm)
dbsession.flush()
print(INFO +
"Successfully removed %s's permissions." % user.user_name)
def do_rmuser(self, username):
"""
Delete a user from the database
Usage: delete <handle>
"""
user = User.by_handle(username)
if user is None:
print(WARN + "'%s' user not found in database." % username)
else:
username = user.handle
print(WARN + str("Are you sure you want to delete %s?" % username))
if raw_input(PROMPT + "Delete [y/n]: ").lower() == "y":
permissions = Permission.by_user_id(user.id)
for perm in permissions:
print(INFO + "Removing permission: " + perm.name)
dbsession.delete(perm)
dbsession.flush()
dbsession.delete(user)
dbsession.commit()
print(INFO +
"Successfully deleted %s from database." % username)
def do_delete(self, username):
'''
Delete a user from the database
Usage: delete <user name>
'''
user = User.by_user_name(username)
if user == None:
print(WARN + str("%s user not found in database." % username))
else:
username = user.user_name
print(WARN + str("Are you sure you want to delete %s?" % username))
if raw_input(PROMPT + "Delete [y/n]: ").lower() == 'y':
permissions = Permission.by_user_id(user.id)
for perm in permissions:
print(INFO + "Removing permission: " +
perm.permission_name)
dbsession.delete(perm)
dbsession.flush()
dbsession.delete(user)
dbsession.flush()
print(INFO +
str("Successfully deleted %s from database." % username))
def fetch(table_name, id):
print("verb: %s, table: %s, id: %s" % (request.method, table_name, id))
if request.method == "GET":
try:
TableClass = models.get_class_by_tablename(table_name)
if TableClass == None:
raise Exception("Table not found: %s" % table_name)
if id == None: #all data
object = dbsession.query(TableClass).all()
data = [object_as_dict(t) for t in object]
else:
object = dbsession.query(TableClass).filter_by(**{
"id": id
}).first()
if object == None: raise Exception("No data found.")
data = object_as_dict(object)
return jsonify({
"status": "success",
"verb": request.method,
"data": data
})
except Exception as e:
return jsonify({
"status": "error",
"verb": request.method,
"error": str(e),
})
elif request.method == "POST" or request.method == "PUT":
data = request.get_json(force=True)
print("data:", data)
try:
TableClass = models.get_class_by_tablename(table_name)
if TableClass == None:
raise Exception("Table not found: %s" % table_name)
if request.method == "POST": #insert data
object = TableClass(**data)
dbsession.add(object)
dbsession.commit()
else: #update data
object = dbsession.query(TableClass).filter_by(**{
"id": id
}).first()
if object == None: raise Exception("No data found.")
#object.update(**data)
for key in data.keys():
setattr(object, key, data[key])
#dbsession.add(object)
dbsession.commit()
return jsonify({
"status": "success",
"verb": request.method,
"id": object.id,
})
except Exception as e:
return jsonify({
"status": "error",
"verb": request.method,
"error": str(e),
})
elif request.method == "DELETE":
try:
TableClass = models.get_class_by_tablename(table_name)
if TableClass == None:
raise Exception("Table not found: %s" % table_name)
object = dbsession.query(TableClass).filter_by(**{
"id": id
}).first()
if object == None: raise Exception("No data found.")
dbsession.delete(object)
dbsession.commit()
return jsonify({
"status": "success",
"verb": request.method,
"id": object.id,
})
except Exception as e:
return jsonify({
"status": "error",
"verb": request.method,
"error": str(e),
})
else:
return jsonify({
"status": "error",
"error": "Unrecognized verb.",
})
def fetch(table_name):
print("verb: %s, tablename: %s" % (request.method, table_name))
if config['auth'] and not is_login_valid():
print("Unauthorized Access.")
return jsonify({
"status": "error",
"error": "Unauthorized Access."
})
if request.method == "GET":
try:
TableClass = models.get_class_by_tablename(table_name)
if TableClass == None: raise Exception("Table not found: %s" % table_name)
if id == None: #all data
object = dbsession.query(TableClass).all()
data = [object_as_dict(t) for t in object]
else:
object = dbsession.query(TableClass).filter_by(**{"id":id}).first()
if object == None: raise Exception("No data found.")
data = object_as_dict(object)
return jsonify({
"status": "success",
"data": data
})
except Exception as e:
return jsonify({
"status": "error",
"error": str(e),
})
elif request.method == "POST" or request.method == "PUT":
data = request.get_json(force=True)
print("data:", data)
try:
TableClass = models.get_class_by_tablename(table_name)
if TableClass == None: raise Exception("Table not found: %s" % table_name)
if request.method == "POST": #insert data
object = TableClass(**data)
dbsession.add(object)
dbsession.commit()
else: #update data
object = dbsession.query(TableClass).filter_by(**{"id":id}).first()
if object == None: raise Exception("No data found.")
#object.update(**data)
for key in data.keys():
setattr(object, key, data[key])
#dbsession.add(object)
dbsession.commit()
return jsonify({
"status": "success",
"id": object.id,
})
except Exception as e:
return jsonify({
"status": "error",
"error": str(e),
})
elif request.method == "DELETE":
try:
TableClass = models.get_class_by_tablename(table_name)
if TableClass == None: raise Exception("Table not found: %s" % table_name)
object = dbsession.query(TableClass).filter_by(**{"id":id}).first()
if object == None: raise Exception("No data found.")
dbsession.delete(object)
dbsession.commit()
return jsonify({
"status": "success",
"id": object.id,
})
except Exception as e:
return jsonify({
"status": "error",
"error": str(e),
})
elif request.method == "FETCH":
try:
data = request.get_json(force=True)
data = json.loads(data)
print("data: ", data)
print("data-type: ", type(data))
TableClass = models.get_class_by_tablename(table_name)
if TableClass == None: raise Exception("Table not found: %s" % table_name)
query = dbsession.query(TableClass).filter_by(**data['where'])
if 'orderby' in data:
for cname in data['orderby'].split(','):
reverse = False
if cname.endswith(' desc'):
reverse = True
cname = cname[:-5]
elif cname.endswith(' asc'):
cname = cname[:-4]
print("cname: ", cname)
column = getattr(TableClass, cname)
if reverse: column = desc(column)
query = query.order_by(column)
if 'limit' in data:
query = query.limit(data['limit'])
query = query.offset(data['offset'])
object = query.all()
data = [object_as_dict(t) for t in object]
return jsonify({
"status": "success",
"data": data
})
except Exception as e:
return jsonify({
"status": "error",
"error": str(e),
})
else:
return jsonify({
"status": "error", "error": "Unrecognized verb.",
})
def tearDown(self):
dbsession.delete(self.user)
dbsession.commit()
def tearDown(self):
dbsession.delete(self.game_level)
dbsession.commit()
def tearDown(self):
dbsession.delete(self.user)
dbsession.commit()
def test_login_post(self):
user = create_user()
self._login_failure()
self._login_success()
dbsession.delete(user)
dbsession.commit()
def test_login_post(self):
user = create_user()
self._login_failure()
self._login_success()
dbsession.delete(user)
dbsession.commit()
def tearDown(self):
dbsession.delete(self.game_level)
dbsession.commit()
