Exemplo n.º 1
0
def addSystem():
    g = request.args.get("groupName")
    t = request.args.get("team")
    n = request.args.get("notes")
    s = request.args.get("systems").split(";")
    components = []
    verifyAccess("system_group", "write", t, True)
    if len(request.args.get("components")) != 0:
        for x in request.args.get("components").split(","):
            components.append(Component(x.split("|")[1]))
    try:
        if vmdb.addSystemGroup(
            SystemGroup(groupID=None, groupName=g, team=t, notes=n, systems=s, components=components)
        ):
            status = ["system_added", "success"]
            error = ""
        else:
            status = ["action_failed", "error"]
            error = "Could not save the system to the database"
    except AlreadyExistsException:
        status = ["action_failed", "error"]
        error = "A group with this name already exists"
    except TeamRequiredException:
        status = ["action_failed", "error"]
        error = "There is no team selected to add this system group to."
    except InvalidVariableTypes:
        status = ["action_failed", "error"]
        error = "Some of the input is invalid"
    return jsonify({"status": status, "error": error, "groups": vmdb.getGroupVulns(t)})
Exemplo n.º 2
0
def getTicketInfo():
    i = request.form.get('id', type=str).split("|")
    verifyAccess("ticket", "read", i[0])
    return render_template('ticket.html',
                           ticket=vmdb.getTicket(i[2].strip("vuln:"), i[3],
                                                 i[1], i[0]),
                           statusses=vmdb.getStatusses())
Exemplo n.º 3
0
def editSystem():
    team = request.form.get("team", type=str)
    group = request.form.get("group", type=str)
    verifyAccess("system_group", "write", team)
    return render_template(
        "addSystem.html", team=team, components=vmdb.getComponentNames(), group=vmdb.getGroups(team, group)[0]
    )
Exemplo n.º 4
0
def editSystem():
    team = request.form.get('team', type=str)
    group = request.form.get('group', type=str)
    verifyAccess("system_group", "write", team)
    return render_template("addSystem.html",
                           team=team,
                           components=vmdb.getComponentNames(),
                           group=vmdb.getGroups(team, group)[0])
Exemplo n.º 5
0
def setTicketNotes():
    i = request.args.get('id', type=str).split("|")
    notes = request.args.get('notes', type=str)
    verifyAccess("ticket", "write", i[0], True)
    ticket = vmdb.getTicket(i[2].strip("vuln:"), i[3], i[1], i[0])
    return jsonify({
        "status":
        vmdb.setDBTicketStatus(ticket, current_user.id, notes=notes)
    })
Exemplo n.º 6
0
def setTicketStatus():
    i = request.args.get('id', type=str).split("|")
    status = request.args.get('status', type=str)
    verifyAccess("ticket", "write", i[0], True)
    ticket = vmdb.getTicket(i[2].strip("vuln:"), i[3], i[1], i[0])
    curStatus = vmdb.setDBTicketStatus(ticket, current_user.id, status=status)
    updated = None
    if status == "closed-implemented":
        updated = vmdb.updateCPE(ticket)
    #print(updated)
    return jsonify({"status": curStatus, "statusses": vmdb.getStatusses()})
Exemplo n.º 7
0
def setTicketStatus():
    i = request.args.get("id", type=str).split("|")
    status = request.args.get("status", type=str)
    verifyAccess("ticket", "write", i[0], True)
    ticket = vmdb.getTicket(i[2].strip("vuln:"), i[3], i[1], i[0])
    curStatus = vmdb.setDBTicketStatus(ticket, current_user.id, status=status)
    updated = None
    if status == "closed-implemented":
        updated = vmdb.updateCPE(ticket)
    # print(updated)
    return jsonify({"status": curStatus, "statusses": vmdb.getStatusses()})
Exemplo n.º 8
0
def setUpdate():
    i = request.args.get("id", type=str).split("|")
    newCPE = request.args.get("newCPE", type=str)
    updateType = request.args.get("updateType", type=str)
    verifyAccess("ticket", "write", i[0], True)
    ticket = vmdb.getTicket(i[2].strip("vuln:"), i[3], i[1], i[0])
    return jsonify(
        {
            "status": vmdb.setDBTicketStatus(ticket, current_user.id, updateType=updateType, update=newCPE),
            "statusses": vmdb.getStatusses(),
        }
    )
Exemplo n.º 9
0
def setUpdate():
    i = request.args.get('id', type=str).split("|")
    newCPE = request.args.get('newCPE', type=str)
    updateType = request.args.get('updateType', type=str)
    verifyAccess("ticket", "write", i[0], True)
    ticket = vmdb.getTicket(i[2].strip("vuln:"), i[3], i[1], i[0])
    return jsonify({
        "status":
        vmdb.setDBTicketStatus(ticket,
                               current_user.id,
                               updateType=updateType,
                               update=newCPE),
        "statusses":
        vmdb.getStatusses()
    })
Exemplo n.º 10
0
def getVulnerabilities():
    i = request.form.get("id", type=str).split("|")
    verifyAccess("system_group", "read", i[0])
    cpe = i[2] if i[2] else None
    t = "Vulnerabilities for %s in %s" % (Component(cpe).product, i[1]) if i[2] else "Vulnerabilities in %s" % i[1]
    vulns = vmdb.getVulnsForSystem(i[1], i[0], cpe)
    return render_template("vulnerabilities.html", cpe=cpe, title=t, vulns=vulns, team=i[0], system=i[1])
Exemplo n.º 11
0
def getTeamContent():
    team = request.form.get('team', type=str)
    verifyAccess("team", "read", team)
    return render_template("teamContent.html",
                           vulns=vmdb.getLastTeamVulns(team, 10),
                           team=team,
                           user=getCurrentUser())
Exemplo n.º 12
0
def getClosed():
    team = request.form.get("team", type=str)
    system = request.form.get("system", type=str)
    verifyAccess("ticket", "read", team)
    tickets = {}
    for t in vmdb.getTickets(team, system, limit="closed"):
        if t.groupName in tickets.keys():
            tickets[t.groupName].append(t)
        else:
            tickets[t.groupName] = [t]
    return render_template("systemTickets.html", tickets=tickets, team=team, system=system)
Exemplo n.º 13
0
def getUserInfo():
    user = current_user
    axx = []
    for x in vmdb.getTeamNames():
        apt = getAccessPerTeam(x)
        if set(apt.values()) - set(["none", False]):
            axx.append({"team": x, "access": getAccessPerTeam(x)})
    for i, x in enumerate(axx):
        if x["team"] == "-":
            axx.pop(i)
    u = {"teams": axx, "first_name": user.first_name, "last_name": user.last_name, "id": user.id}
    return u
Exemplo n.º 14
0
def getClosed():
    team = request.form.get('team', type=str)
    system = request.form.get('system', type=str)
    verifyAccess("ticket", "read", team)
    tickets = {}
    for t in vmdb.getTickets(team, system, limit="closed"):
        if t.groupName in tickets.keys(): tickets[t.groupName].append(t)
        else: tickets[t.groupName] = [t]
    return render_template("systemTickets.html",
                           tickets=tickets,
                           team=team,
                           system=system)
Exemplo n.º 15
0
def getVulnerabilities():
    i = request.form.get("id", type=str).split("|")
    verifyAccess("system_group", "read", i[0])
    cpe = i[2] if i[2] else None
    t = "Vulnerabilities for %s in %s" % (Component(
        cpe).product, i[1]) if i[2] else "Vulnerabilities in %s" % i[1]
    vulns = vmdb.getVulnsForSystem(i[1], i[0], cpe)
    return render_template("vulnerabilities.html",
                           cpe=cpe,
                           title=t,
                           vulns=vulns,
                           team=i[0],
                           system=i[1])
Exemplo n.º 16
0
def addSystem():
    g = request.args.get('groupName')
    t = request.args.get('team')
    n = request.args.get('notes')
    s = request.args.get('systems').split(";")
    components = []
    verifyAccess("system_group", "write", t, True)
    if len(request.args.get('components')) != 0:
        for x in request.args.get('components').split(","):
            components.append(Component(x.split("|")[1]))
    try:
        if vmdb.addSystemGroup(
                SystemGroup(groupID=None,
                            groupName=g,
                            team=t,
                            notes=n,
                            systems=s,
                            components=components)):
            status = ["system_added", "success"]
            error = ""
        else:
            status = ["action_failed", "error"]
            error = "Could not save the system to the database"
    except AlreadyExistsException:
        status = ["action_failed", "error"]
        error = "A group with this name already exists"
    except TeamRequiredException:
        status = ["action_failed", "error"]
        error = "There is no team selected to add this system group to."
    except InvalidVariableTypes:
        status = ["action_failed", "error"]
        error = "Some of the input is invalid"
    return jsonify({
        "status": status,
        "error": error,
        "groups": vmdb.getGroupVulns(t)
    })
Exemplo n.º 17
0
def get_Statistics():
    team = request.form.get("team", type=str)
    verifyAccess("statistics", "read", team)
    cat = []
    o = []
    c = []
    oac = []
    for x in vmdb.getStatistics(team):
        cat.append(x["systems"])
        o.append(x["new"])
        c.append(x["closed"])
        oac.append(x["openedAndClosed"])
    return render_template(
        "statistics.html", stats={"categories": cat, "opened": o, "closed": c, "openedAndClosed": oac}
    )
Exemplo n.º 18
0
def getUserInfo():
    user = current_user
    axx = []
    for x in vmdb.getTeamNames():
        apt = getAccessPerTeam(x)
        if set(apt.values()) - set(["none", False]):
            axx.append({"team": x, "access": getAccessPerTeam(x)})
    for i, x in enumerate(axx):
        if x["team"] == "-":
            axx.pop(i)
    u = {
        "teams": axx,
        "first_name": user.first_name,
        "last_name": user.last_name,
        "id": user.id
    }
    return u
Exemplo n.º 19
0
def get_Statistics():
    team = request.form.get('team', type=str)
    verifyAccess("statistics", "read", team)
    cat = []
    o = []
    c = []
    oac = []
    for x in vmdb.getStatistics(team):
        cat.append(x["systems"])
        o.append(x["new"])
        c.append(x["closed"])
        oac.append(x["openedAndClosed"])
    return render_template("statistics.html",
                           stats={
                               "categories": cat,
                               "opened": o,
                               "closed": c,
                               "openedAndClosed": oac
                           })
Exemplo n.º 20
0
def getSystems():
    team = request.form.get('team', type=str)
    verifyAccess("team", "read", team)
    return render_template("systems.html",
                           team=team,
                           systemGroups=vmdb.getGroupVulns(team, True))
Exemplo n.º 21
0
def setTicketNotes():
    i = request.args.get("id", type=str).split("|")
    notes = request.args.get("notes", type=str)
    verifyAccess("ticket", "write", i[0], True)
    ticket = vmdb.getTicket(i[2].strip("vuln:"), i[3], i[1], i[0])
    return jsonify({"status": vmdb.setDBTicketStatus(ticket, current_user.id, notes=notes)})
Exemplo n.º 22
0
def addSystemView():
    team = request.form.get('team', type=str)
    verifyAccess("system_group", "write", team)
    return render_template("addSystem.html",
                           team=team,
                           components=vmdb.getComponentNames())
Exemplo n.º 23
0
def addSystemView():
    team = request.form.get("team", type=str)
    verifyAccess("system_group", "write", team)
    return render_template("addSystem.html", team=team, components=vmdb.getComponentNames())
Exemplo n.º 24
0
def getSystems():
    team = request.form.get("team", type=str)
    verifyAccess("team", "read", team)
    return render_template("systems.html", team=team, systemGroups=vmdb.getGroupVulns(team, True))
Exemplo n.º 25
0
def getTeamContent():
    team = request.form.get("team", type=str)
    verifyAccess("team", "read", team)
    return render_template("teamContent.html", vulns=vmdb.getLastTeamVulns(team, 10), team=team, user=getCurrentUser())
Exemplo n.º 26
0
def getTicketInfo():
    i = request.form.get("id", type=str).split("|")
    verifyAccess("ticket", "read", i[0])
    return render_template(
        "ticket.html", ticket=vmdb.getTicket(i[2].strip("vuln:"), i[3], i[1], i[0]), statusses=vmdb.getStatusses()
    )
Exemplo n.º 27
0
def defaultValues(conn):
  import lib.database.VulnManager as vmdb
  for x in def_ticket_statusses:   vmdb.addTicket_Status(x)
  for x in def_ticket_resolutions: vmdb.addTicket_Resolution(x)
  for x in def_access_rights:      vmdb.addAccess_Right(x)
  for x in def_ticket_priorities:  vmdb.addTicket_Priority(x["name"], x["max_implement_time"], x["min_cvss"])
  for x in def_ticket_urgencies:   vmdb.addTicket_Urgency(x["name"], x["score"])
  for x in def_teams:              vmdb.addTeam(x[0], x[1])
  for x in def_roles:              vmdb.addRole(x["name"], x["ticket_access"], x["system_group_access"], 
                                                x["statistics_access"], x["team_access"], x["db_access"])
Exemplo n.º 28
0
def defaultValues(conn):
    import lib.database.VulnManager as vmdb
    for x in def_ticket_statusses:
        vmdb.addTicket_Status(x)
    for x in def_ticket_resolutions:
        vmdb.addTicket_Resolution(x)
    for x in def_access_rights:
        vmdb.addAccess_Right(x)
    for x in def_ticket_priorities:
        vmdb.addTicket_Priority(x["name"], x["max_implement_time"],
                                x["min_cvss"])
    for x in def_ticket_urgencies:
        vmdb.addTicket_Urgency(x["name"], x["score"])
    for x in def_teams:
        vmdb.addTeam(x[0], x[1])
    for x in def_roles:
        vmdb.addRole(x["name"], x["ticket_access"], x["system_group_access"],
                     x["statistics_access"], x["team_access"], x["db_access"])