def test_edit_tag(self): # Add a tag db.session.add(Tag('mytag', 'info')) db.session.commit() tag_id = Tag.query.filter(Tag.name == 'mytag').first().id # Access the page with no authentication rv = self.app.get('/admin/tags/edit/{id}'.format(id=tag_id)).data.decode('utf-8') self.assertIn('You should be redirected automatically to target URL: <a href="/login">/login</a>', rv) # Log in self.login() rv = self.app.get('/admin/tags/edit/{id}'.format(id=tag_id)).data.decode('utf-8') self.assertIn('<h2>Edit tag : {id}</h2>'.format(id=tag_id), rv) # Acces the page with no id rv = self.app.get('/admin/tags/edit/').status_code self.assertEqual(rv, 404) # Acces the page with invalid id rv = self.app.get('/admin/tags/edit/978789987987978897879').status_code self.assertEqual(rv, 404) # Edit the tag name = 'MyTag' color = 'danger' rv = self.app.post('/admin/tags/edit/{id}'.format(id=tag_id), data=dict( name=name, color=color ), follow_redirects=True).data.decode('utf-8') self.assertIn('<h2>Tags</h2>', rv) self.assertIn(name, rv) self.assertIn('label-danger', rv)
def add_tag(): if request.method == 'POST': tag = Tag(request.form.get('name', ''), request.form.get('color', '')) db.session.add(tag) db.session.commit() return redirect(url_for('admin.tags')) return render_template('admin/add_tag.html', tag=None)
def delete_tag(tag_id): tag = Tag.get(tag_id) if not tag: abort(404) db.session.delete(tag) db.session.commit() return redirect(request.referrer)
def test_submit_tag(self): # Submit shitty tag rv = self.app.get('/tag/submit/{sha256}/SHITTY').data.decode('utf-8') self.assertEqual(rv, 'NOK') # Submit a correct tag with invalid sha256 rv = self.app.get('/tag/submit/{sha256}/Tag').data.decode('utf-8') self.assertEqual(rv, 'NOK') # Add a tag to the db tag = Tag('Tag', 'info') db.session.add(tag) db.session.commit() # Submit a correct tag with valid sha256 rv = self.app.get('/tag/submit/{sha256}/Tag'.format( sha256=global_sha256)).data.decode('utf-8') self.assertEqual(rv, 'OK') tags = [tag.name for tag in Sample.get(global_sha256).tags] self.assertIn('Tag', tags) # Submit the same tag with the same sha256 rv = self.app.get('/tag/submit/{sha256}/Tag'.format( sha256=global_sha256)).data.decode('utf-8') self.assertEqual(rv, 'NOK')
def edit_tag(tag_id): tag = Tag.get(tag_id) if not tag: abort(404) elif request.method == 'POST': tag.name = request.form.get('name', '') tag.color = request.form.get('color', '') db.session.add(tag) db.session.commit() return redirect(url_for('admin.tags')) return render_template('admin/add_tag.html', tag=tag)
def test_search(self): rv = self.app.get('/search') self.assertEqual(200, rv.status_code) self.assertIn('<h1>Search</h1>', rv.data.decode('utf-8')) # Add a sample with his tag tag = Tag('wat', 'danger') db.session.add(tag) sample = Sample( name=['wut.php'], sha256='6ffef45e178b189c9eb486457dc6ae71a2e62be5724adc598d25585a6c0c6c1a', sha1='6a6f0260611dcd60d502d308f74ff3c1ad590cfe', md5='149b8ae3ca1cf126af05bd8c58ebde90', ssdeep='3072:7Q6vU3oUXNiDarHituutTxmakBIRDzGoiTzj7c5hH5D8:7Q6vMXNQarHituutTxmakBcDzGoiTzjF', entropy='5.65471943656401', mime='text/x-php', first_analysis='2000-01-01 10:00:00.00000', last_analysis='2000-01-01 10:00:00.00000' ) sample.tags.append(tag) sample.analyzes.append(Analysis( type='PHP', soft='PMF', sample_sha256='6ffef45e178b189c9eb486457dc6ae71a2e62be5724adc598d25585a6c0c6c1a', analysis_time='0.004575014114379883' )) db.session.add(sample) db.session.commit() result_sha256 = '<a href="/analysis/any/6ffef45e178b189c9eb486457dc6ae71a2e62be5724adc598d25585a6c0c6c1a">6ffef45e178b189c9eb486457dc6ae71a2e62be5724adc598d25585a6c0c6c1a</a>' rv = self.app.get('/search') self.assertIn(result_sha256, rv.data.decode('utf-8')) # Custom search rv = search(self.app, '6ffe') self.assertIn(result_sha256, rv.data.decode('utf-8')) rv = search(self.app, '6ffe123') self.assertNotIn(result_sha256, rv.data.decode('utf-8')) rv = search(self.app, 'md5:126') self.assertIn(result_sha256, rv.data.decode('utf-8')) rv = search(self.app, 'md5:wat') self.assertNotIn(result_sha256, rv.data.decode('utf-8')) rv = search(self.app, 'name:php') self.assertIn(result_sha256, rv.data.decode('utf-8')) rv = search(self.app, 'name:qweqwe') self.assertNotIn(result_sha256, rv.data.decode('utf-8')) rv = search(self.app, 'fist_analysis:2000-01-01') self.assertIn(result_sha256, rv.data.decode('utf-8')) rv = search(self.app, 'last_analysis:2000-01-03') self.assertNotIn(result_sha256, rv.data.decode('utf-8')) rv = search(self.app, 'tags:wat') self.assertIn(result_sha256, rv.data.decode('utf-8')) rv = search(self.app, 'tags:watt') self.assertNotIn(result_sha256, rv.data.decode('utf-8'))
def analysis(analysis_type, sha256): """ Analysis result page """ if analysis_type not in current_app.config.get('FILE_TYPES'): return redirect( url_for('default.analysis', sha256=sha256, analysis_type=current_app.config.get('FILE_TYPES')[0])) sample = Sample.query.filter_by(sha256=sha256).first() if sample is None: abort(404) suggest_reanalyse = datetime.datetime.utcnow() - sample.last_analysis > datetime.timedelta(days=90) neighbours = sample.get_neighbours() return render_template('analysis.html', sample=sample, analysis_type=analysis_type, tag_list=Tag.get_all(), reanalyse=suggest_reanalyse, neighbours=neighbours)
def submit_tag(sha256, tag, format): tags = Tag.get_all() tag_names = [t.name for t in tags] if tag is None or tag not in tag_names: return "NOK" sample = Sample.get(sha256) sample_tag_names = [t.name for t in sample.tags] if sample is None or tag in sample_tag_names: return "NOK" _tag = tags[tag_names.index(tag)] sample.tags.append(_tag) # postgre doesn't like str as objects. db.session.commit() return str(_tag) if format else 'OK'
def test_delete_tag(self): # Add a tag db.session.add(Tag('mytag', 'info')) db.session.commit() tag_id = Tag.query.filter(Tag.name == 'mytag').first().id # Access the page with no authentication rv = self.app.get('/admin/tags/delete/{id}'.format(id=tag_id)).data.decode('utf-8') self.assertIn('You should be redirected automatically to target URL: <a href="/login">/login</a>', rv) # Log in self.login() # Acces the page with no id rv = self.app.get('/admin/tags/delete/').status_code self.assertEqual(rv, 404) # Acces the page with invalid id rv = self.app.get('/admin/tags/delete/978789987987978897879').status_code self.assertEqual(rv, 404) # Delete the tag self.app.get('/admin/tags/delete/{id}'.format(id=tag_id)) self.assertIsNone(Tag.get(tag_id))
def edit(sha256): """ Edit a sample metadata """ sample = Sample.get(sha256) if sample: all_tags = Tag.get_all() if request.method == 'POST': all_tags_id = [tag.id for tag in all_tags] tag_list = [] for value in request.form: if value.startswith('tag_'): id = int(value[4:]) if id in all_tags_id: tag_list.append(Tag.get(id)) sample.name = request.form.get('name', '').replace(' ', '').split(',') sample.mime = request.form.get('mime', '') sample.first_analysis = request.form.get('first_analysis', '') sample.last_analysis = request.form.get('last_analysis', '') sample.tags = tag_list db.session.add(sample) db.session.commit() return redirect(url_for('admin.samples')) return render_template('admin/edit.html', sample=sample, names=[tag.name for tag in sample.tags], tags=all_tags) abort(404)
def analysis(analysis_type, sha256): """ Analysis result page """ if analysis_type not in current_app.config.get('FILE_TYPES'): return redirect( url_for('default.analysis', sha256=sha256, analysis_type=current_app.config.get('FILE_TYPES')[0])) sample = Sample.query.filter_by(sha256=sha256).first() if sample is None: abort(404) suggest_reanalyse = datetime.datetime.utcnow( ) - sample.last_analysis > datetime.timedelta(days=90) neighbours = sample.get_neighbours() return render_template('analysis.html', sample=sample, analysis_type=analysis_type, tag_list=Tag.get_all(), reanalyse=suggest_reanalyse, neighbours=neighbours)
def tags(): tag_list = Tag.get_all() return render_template('admin/tags.html', tags=tag_list)