def submit_archive(group):
"""
Allows for authenticated users to submit archives
"""
user = '******' % api_request_user()
try:
if group not in groups():
raise ValueError('Invalid group specified')
if 'cves' not in request.args:
raise ValueError('CVE(s) required')
cves = [cve.strip() for cve in request.args['cves'].split(',')]
meta = {}
for field in current_app.config['SUBMISSION_GROUPS'].get(group):
if field in request.args:
value = request.args.get(field)
if len(value) > 0:
meta[field] = value
files = upload(group, request.files.get('archive', None), meta)
for (ondisk, filename, suffix) in files:
submit(user, ondisk, group, filename, suffix, cves, meta)
return success()
except ValueError as ve:
current_app.logger.info('Invalid submission by %s: %s' %
(user, ve.message))
return error(ve.message)
except Exception as e:
current_app.logger.info(e.message)
return error()
def hashes_singlegroup(group):
if group not in groups():
flash(
'%s is not a known group. Displaying all hashes.' % (group),
'error')
return render_template('hashes.html', hashes=[])
return hashes([group])
def submit_archive(group):
"""
Allows for authenticated users to submit archives
"""
user = '******' % api_request_user()
try:
if group not in groups():
raise ValueError('Invalid group specified')
if 'cves' not in request.args:
raise ValueError('CVE(s) required')
cves = [cve.strip() for cve in request.args['cves'].split(',')]
coordinates = CoordinateDict({
coord: request.args.get(coord).strip()
for coord in SUBMISSION_GROUPS.get(group)
if coord in request.args
})
files = upload(group, request.files.get('archive', None), coordinates)
for (ondisk, filename, suffix) in files:
submit(
user, ondisk, group, filename, suffix, cves,
coordinates=coordinates
)
return success()
except ValueError as ve:
current_app.logger.info('Invalid submission by %s: %s' %
(user, ve.message))
return error(ve.message)
except Exception as e:
current_app.logger.info(e.message)
return error()
def hashes_multigroup():
# expect a comma seperated arg
_groups = request.args.get('groups')
if _groups is None:
# default to all groups
_groups = groups()
else:
_groups = [str(g.strip()) for g in _groups.split(',')]
return hashes(_groups)
def submit_hash(group):
"""
Allows for authenticated users to submit hashes via json.
"""
user = '******' % api_request_user()
try:
if group not in groups():
raise ValueError('Invalid group specified')
json_data = request.get_json()
if 'cves' not in json_data:
raise ValueError('No CVE provided')
entry = Hash()
entry.mongify(json_data)
entry.submitter = user
submit(
user, 'json-api-hash', group, suffix='Hash', entry=entry,
approval='PENDING_APPROVAL')
return success()
except ValueError as ve:
return error(ve.message)
except Exception as e:
current_app.logger.info('Invalid submission by %s' % (user))
current_app.logger.debug(e)
return error()
def on_model_change(self, form, model, is_created):
if form.group.data in groups():
model.group = form.group.data
super(SubmissionView, self).on_model_change(form, model, is_created)