def put_scan_control(scan_id):
    # Find the scan
    scan = scans.find_one({"id": scan_id})
    if not scan:
        return jsonify(success=False, error='no-such-scan')
    # Check if the state is valid
    state = request.data
    if state not in ('START', 'STOP'):
        return jsonify(success=False, error='unknown-state')
    # Handle start
    if state == 'START':
        if scan['state'] != 'CREATED':
            return jsonify(success=False, error='invalid-state-transition')
        # Queue the scan to start
        scans.update({"id": scan_id}, {
            "$set": {
                "state": "QUEUED",
                "queued": datetime.datetime.utcnow()
            }
        })
        tasks.scan.apply_async([scan['id']], countdown=3, queue='scan')
    # Handle stop
    if state == 'STOP':
        scans.update({"id": scan_id}, {
            "$set": {
                "state": "STOPPING",
                "queued": datetime.datetime.utcnow()
            }
        })
        tasks.scan_stop.apply_async([scan['id']], queue='state')
    return jsonify(success=True)
Exemplo n.º 2
0
def get_issues():
    issue_codes = request.args.getlist('issue_code')

    issues = []

    group = groups.find_one({'name': request.args.get('group_name')})
    if group is not None:
        for target in group['sites']:
            scan = scans.find_one({"plan.name": request.args.get('plan_name'),
                                   "configuration.target": target,
                                   "state": "FINISHED",
                                   "sessions.issues.Code": {"$in": issue_codes}},
                                  {"id": 1, "created": 1, "started": 1, "finished": 1,
                                   "configuration.target": 1, "sessions.issues.$": 1})
            if scan:
                hit = {"site": {"url": scan["configuration"]["target"]},
                       "scan": {"id": scan["id"],
                                "created": sanitize_time(scan["created"]),
                                "started": sanitize_time(scan["started"]),
                                "finished": sanitize_time(scan["finished"]),
                                "sessions": []}}
                for session in scan["sessions"]:
                    s = {"plugin": {"class": session["plugin"]["class"]}, "issues": []}
                    for issue in session['issues']:
                        if issue['Code'] in issue_codes:
                            s["issues"].append({"summary": issue["Summary"], "id": issue["Id"], "code": issue["Code"]})
                    hit["scan"]["sessions"].append(s)
                issues.append(hit)

    return jsonify(success=True, issues=issues)
Exemplo n.º 3
0
 def has_permission(*args, **kwargs):
     email = request.args.get('email')
     if email:
         user = users.find_one({'email': email})
         if not user:
             return jsonify(success=False, reason='user-does-not-exist')
         scan = scans.find_one({"id": kwargs['scan_id']})
         if user['role'] == 'user':
             groupz = groups.find({'users': email, 'sites': scan['configuration']['target']})
             if not groupz.count():
                 return jsonify(success=False, reason='not-found')
     return view(*args, **kwargs) # if groupz.count is not zero, or user is admin
Exemplo n.º 4
0
    def has_permission(*args, **kwargs):
        email = request.args.get("email")

        # If the task is scheduled by crontab, proceed with the task
        if email == "cron":
            return view(*args, **kwargs)

        if email:
            user = users.find_one({"email": email})
            if not user:
                return jsonify(success=False, reason="user-does-not-exist")
            scan = scans.find_one({"id": kwargs["scan_id"]})
            if user["role"] == "user":
                groupz = groups.find({"users": email, "sites": scan["configuration"]["target"]})
                if not groupz.count():
                    return jsonify(success=False, reason="not-found")
        return view(*args, **kwargs)  # if groupz.count is not zero, or user is admin
    def has_permission(*args, **kwargs):
        email = request.args.get('email')

        # If the task is scheduled by crontab, proceed with the task
        if email == 'cron':
            return view(*args, **kwargs)

        if email:
            user = users.find_one({'email': email})
            if not user:
                return jsonify(success=False, reason='user-does-not-exist')
            scan = scans.find_one({"id": kwargs['scan_id']})
            if user['role'] == 'user':
                groupz = groups.find({
                    'users': email,
                    'sites': scan['configuration']['target']
                })
                if not groupz.count():
                    return jsonify(success=False, reason='not-found')
        return view(*args,
                    **kwargs)  # if groupz.count is not zero, or user is admin
Exemplo n.º 6
0
def put_scan_control(scan_id):
    # Find the scan
    scan = scans.find_one({"id": scan_id})
    if not scan:
        return jsonify(success=False, error='no-such-scan')
    # Check if the state is valid
    state = request.data
    if state not in ('START', 'STOP'):
        return jsonify(success=False, error='unknown-state')
    # Handle start
    if state == 'START':
        if scan['state'] != 'CREATED':
            return jsonify(success=False, error='invalid-state-transition')
        # Queue the scan to start
        scans.update({"id": scan_id}, {"$set": {"state": "QUEUED", "queued": datetime.datetime.utcnow()}})
        tasks.scan.apply_async([scan['id']], countdown=3, queue='scan')
    # Handle stop
    if state == 'STOP':
        scans.update({"id": scan_id}, {"$set": {"state": "STOPPING", "queued": datetime.datetime.utcnow()}})
        tasks.scan_stop.apply_async([scan['id']], queue='state')
    return jsonify(success=True)
Exemplo n.º 7
0
def put_scan_control(scan_id):
    # Find the scan
    scan = scans.find_one({"id": scan_id})
    if not scan:
        return jsonify(success=False, error="no-such-scan")
    # Check if the state is valid
    state = request.data
    if state not in ("START", "STOP"):
        return jsonify(success=False, error="unknown-state")
    # Handle start
    if state == "START":
        if scan["state"] != "CREATED":
            return jsonify(success=False, error="invalid-state-transition")
        # Queue the scan to start
        scans.update({"id": scan_id}, {"$set": {"state": "QUEUED", "queued": datetime.datetime.utcnow()}})
        tasks.scan.apply_async([scan["id"]], countdown=3, queue="scan")
    # Handle stop
    if state == "STOP":
        scans.update({"id": scan_id}, {"$set": {"state": "STOPPING", "queued": datetime.datetime.utcnow()}})
        tasks.scan_stop.apply_async([scan["id"]], queue="state")
    return jsonify(success=True)
def get_scan_summary(scan_id):
    scan = scans.find_one({"id": scan_id})
    if not scan:
        return jsonify(success=False, reason='not-found')
    return jsonify(success=True, summary=summarize_scan(sanitize_scan(scan)))
Exemplo n.º 9
0
def get_scan_summary(scan_id):
    scan = scans.find_one({"id": scan_id})
    if not scan:
        return jsonify(success=False, reason='not-found')
    return jsonify(success=True, summary=summarize_scan(sanitize_scan(scan)))
Exemplo n.º 10
0
def get_scan(scan_id):
    scan = scans.find_one({"id": scan_id})
    if not scan:
        return jsonify(success=False, reason="not-found")
    return jsonify(success=True, scan=sanitize_scan(scan))