def submit_archive(group): """ Allows for authenticated users to submit archives """ user = '******' % api_request_user() try: if group not in groups(): raise ValueError('Invalid group specified') if 'cves' not in request.args: raise ValueError('CVE(s) required') cves = [cve.strip() for cve in request.args['cves'].split(',')] meta = {} for field in current_app.config['SUBMISSION_GROUPS'].get(group): if field in request.args: value = request.args.get(field) if len(value) > 0: meta[field] = value files = upload(group, request.files.get('archive', None), meta) for (ondisk, filename, suffix) in files: submit(user, ondisk, group, filename, suffix, cves, meta) return success() except ValueError as ve: current_app.logger.info('Invalid submission by %s: %s' % (user, ve.message)) return error(ve.message) except Exception as e: current_app.logger.info(e.message) return error()
def process_submission(form): try: cves = [] for cve in form.cves.data.split(','): cves.append(cve.strip()) group = form.group.data coordinates = CoordinateDict({ coord: form._fields.get('%s_%s' % (group, coord)).data.strip() for coord in SUBMISSION_GROUPS.get(group, []) }) files = upload(group, request.files.get('archive', None), coordinates) for (ondisk, filename, suffix) in files: submit( login.current_user.username, ondisk, group, filename, suffix, cves, coordinates=coordinates ) current_app.config['INDEX_REFRESH_FLAG'] = True flash('Archive Submitted for processing', 'info') except ValueError, ve: flash(escape(ve.message), 'error')
def submit_archive(group): """ Allows for authenticated users to submit archives """ user = '******' % api_request_user() try: if group not in groups(): raise ValueError('Invalid group specified') if 'cves' not in request.args: raise ValueError('CVE(s) required') cves = [cve.strip() for cve in request.args['cves'].split(',')] coordinates = CoordinateDict({ coord: request.args.get(coord).strip() for coord in SUBMISSION_GROUPS.get(group) if coord in request.args }) files = upload(group, request.files.get('archive', None), coordinates) for (ondisk, filename, suffix) in files: submit( user, ondisk, group, filename, suffix, cves, coordinates=coordinates ) return success() except ValueError as ve: current_app.logger.info('Invalid submission by %s: %s' % (user, ve.message)) return error(ve.message) except Exception as e: current_app.logger.info(e.message) return error()
def process_submission(form, group=None): try: cves = [] for cve in form.cves.data.split(','): cves.append(cve.strip()) if group is None: group = form.group.data coordinates = CoordinateDict({ coord: form._fields.get('%s' % coord).data.strip() for coord in SUBMISSION_GROUPS.get(group, []) }) # remove any empty values coordinates = dict( (k, v) for k, v in coordinates.iteritems() if v is not None and len(v) > 0 ) # if no coordinates given, make None if len(coordinates) == 0: coordinates = None files = upload(group, request.files.get('archive', None), coordinates) for (ondisk, filename, suffix) in files: submit( login.current_user.username, ondisk, group, filename, suffix, cves, coordinates=coordinates ) current_app.config['INDEX_REFRESH_FLAG'] = True flash('Archive Submitted for processing', 'info') except ValueError, ve: flash(escape(ve.message), 'error')
def submit_hash(group): """ Allows for authenticated users to submit hashes via json. """ user = '******' % api_request_user() try: if group not in groups(): raise ValueError('Invalid group specified') json_data = request.get_json() if 'cves' not in json_data: raise ValueError('No CVE provided') entry = Hash() entry.mongify(json_data) entry.submitter = user submit( user, 'json-api-hash', group, suffix='Hash', entry=entry, approval='PENDING_APPROVAL') return success() except ValueError as ve: return error(ve.message) except Exception as e: current_app.logger.info('Invalid submission by %s' % (user)) current_app.logger.debug(e) return error()
def handleCloseVersions(self,json): version = json.version depCves = json.cves response = self.getClosestVersions(json) response = response["response"] numFound = response["numFound"] if(int(numFound) == 0 ): return 'Error - could not find dependency in maven central repo' elif(int(numFound) == 1): return 'There is only one version available, nothing to be done' else: deps = response["docs"] noOfDeps = len(deps) posOfDep = -1 for i in xrange(0,noOfDeps): if(deps[i]["v"] == version): posOfDep = i break if posOfDep == -1: return 'Error - cannot find current version number in maven search' else: if posOfDep+1 >= 0: for i in xrange(-1,2): if (i != 0): info = dict(groupId=str(deps[i]["g"]),artifactId=str(deps[i]["a"]),version=str(deps[posOfDep+i]["v"])) javamanager = JavaManager() artifact = javamanager.make_artifact(info) for repo in javamanager.repos: uri = repo.get_artifact_uri(artifact, 'jar') sha1 = repo.download_check_sum('sha1', uri) count = Submission.objects(entry=sha1).count(); if(str(count).isdigit()): if(float(count) != 1): #submit from submissions downloadLocation = download('java',info) return submit('similaritySearch', downloadLocation[0][0], group="java", filename=downloadLocation[0][0][downloadLocation[0][0].rindex("/")+1:], suffix=True, cves=depCves, metadata=info, entry=False, approval='REQUESTED') return "adding the new dependency" else: continue else: return 'No available dependencies in the maven central repository'