Exemplo n.º 1
0
    def get(self):
        """Handle a get request."""
        fuzzer_logs_bucket = fuzzer_logs.get_bucket()
        fuzzers = list(data_types.Fuzzer.query().order(data_types.Fuzzer.name))
        jobs = data_handler.get_all_job_type_names()
        corpora = [
            bundle.name for bundle in data_types.DataBundle.query().order(
                data_types.DataBundle.name)
        ]

        privileged = access.has_access(need_privileged_access=True)
        # Unprivileged users can't download fuzzers, so hide the download keys.
        if not privileged:
            for fuzzer in fuzzers:
                fuzzer.blobstore_key = ''

        template_values = {
            'privileged': privileged,
            'fuzzers': fuzzers,
            'fuzzerLogsBucket': fuzzer_logs_bucket,
            'fieldValues': {
                'corpora': corpora,
                'jobs': jobs,
                'uploadInfo': gcs.prepare_blob_upload()._asdict(),
                'csrfToken': form.generate_csrf_token(),
            }
        }

        self.render('fuzzers.html', template_values)
Exemplo n.º 2
0
    def get(self):
        """Handle a get request."""
        helpers.log('Jobs', helpers.VIEW_OPERATION)

        templates = list(data_types.JobTemplate.query().order(
            data_types.JobTemplate.name))
        queues = get_queues()
        fuzzers = [
            fuzzer.name
            for fuzzer in data_types.Fuzzer.query(projection=['name'])
        ]

        result, params = get_results(self)
        self.render(
            'jobs.html', {
                'result': result,
                'templates': templates,
                'fieldValues': {
                    'csrf_token': form.generate_csrf_token(),
                    'fuzzers': fuzzers,
                    'queues': queues,
                    'update_job_url': '/update-job',
                    'update_job_template_url': '/update-job-template',
                    'upload_info': gcs.prepare_blob_upload()._asdict(),
                },
                'params': params,
            })
Exemplo n.º 3
0
    def get(self):
        """Handles get request."""
        email = helpers.get_user_email()
        if not email:
            raise helpers.AccessDeniedException()

        is_privileged_or_domain_user = access.has_access(
            need_privileged_access=False)
        if is_privileged_or_domain_user or _is_uploader_allowed(email):
            # Privileged, domain and upload users can see all job and fuzzer names.
            allowed_jobs = data_handler.get_all_job_type_names()
            allowed_fuzzers = data_handler.get_all_fuzzer_names_including_children(
                include_parents=True)
        else:
            # Check if this is an external user with access to certain fuzzers/jobs.
            allowed_jobs = external_users.allowed_jobs_for_user(email)
            allowed_fuzzers = external_users.allowed_fuzzers_for_user(
                email, include_from_jobs=True)

            if not allowed_fuzzers and not allowed_jobs:
                raise helpers.AccessDeniedException()

        has_issue_tracker = bool(data_handler.get_issue_tracker_name())

        result, params = get_result()
        return self.render(
            'upload.html', {
                'fieldValues': {
                    'blackboxFuzzers':
                    filter_blackbox_fuzzers(allowed_fuzzers),
                    'jobs':
                    allowed_jobs,
                    'libfuzzerTargets':
                    filter_target_names(allowed_fuzzers, 'libFuzzer'),
                    'aflTargets':
                    filter_target_names(allowed_fuzzers, 'afl'),
                    'honggfuzzTargets':
                    filter_target_names(allowed_fuzzers, 'honggfuzz'),
                    'isChromium':
                    utils.is_chromium(),
                    'sandboxedJobs':
                    data_types.INTERNAL_SANDBOXED_JOB_TYPES,
                    'csrfToken':
                    form.generate_csrf_token(),
                    'isExternalUser':
                    not is_privileged_or_domain_user,
                    'uploadInfo':
                    gcs.prepare_blob_upload()._asdict(),
                    'hasIssueTracker':
                    has_issue_tracker,
                },
                'params': params,
                'result': result
            })
Exemplo n.º 4
0
    def get(self):
        """Handles get request."""
        email = helpers.get_user_email()
        if not email:
            raise helpers.AccessDeniedException()

        is_privileged_or_domain_user = access.has_access(
            need_privileged_access=False)
        if is_privileged_or_domain_user or _is_uploader_allowed(email):
            # Privileged, domain and upload users can see all job and fuzzer names.
            allowed_jobs = data_handler.get_all_job_type_names()
            allowed_fuzzers = data_handler.get_all_fuzzer_names_including_children(
                include_parents=True)
        else:
            # Check if this is an external user with access to certain fuzzers/jobs.
            allowed_jobs = external_users.allowed_jobs_for_user(email)
            allowed_fuzzers = external_users.allowed_fuzzers_for_user(
                email, include_from_jobs=True)

            if not allowed_fuzzers and not allowed_jobs:
                raise helpers.AccessDeniedException()

        has_issue_tracker = bool(data_handler.get_issue_tracker_name())

        result, params = get_result(self)
        self.render(
            "upload.html",
            {
                "fieldValues": {
                    "jobs":
                    allowed_jobs,
                    "libfuzzerTargets":
                    filter_target_names(allowed_fuzzers, "libFuzzer"),
                    "aflTargets":
                    filter_target_names(allowed_fuzzers, "afl"),
                    "isChromium":
                    utils.is_chromium(),
                    "sandboxedJobs":
                    data_types.INTERNAL_SANDBOXED_JOB_TYPES,
                    "csrfToken":
                    form.generate_csrf_token(),
                    "isExternalUser":
                    not is_privileged_or_domain_user,
                    "uploadInfo":
                    gcs.prepare_blob_upload()._asdict(),
                    "hasIssueTracker":
                    has_issue_tracker,
                },
                "params": params,
                "result": result,
            },
        )
Exemplo n.º 5
0
    def get_results():
        """Get results for the jobs page."""
        jobs = list(data_types.Job.query().order(data_types.Job.name))
        templates = list(data_types.JobTemplate.query().order(
            data_types.JobTemplate.name))
        queues = get_queues()

        return {
            'jobs': jobs,
            'templates': templates,
            'fieldValues': {
                'csrf_token': form.generate_csrf_token(),
                'queues': queues,
                'update_job_url': '/update-job',
                'update_job_template_url': '/update-job-template',
                'upload_info': gcs.prepare_blob_upload()._asdict(),
            },
        }
Exemplo n.º 6
0
 def before_render_json(self, values, status):
     """Add upload info when the request fails."""
     values['uploadInfo'] = gcs.prepare_blob_upload()._asdict()
Exemplo n.º 7
0
 def post(self):
     """Serves the url."""
     self.render_json({'uploadInfo': gcs.prepare_blob_upload()._asdict()})