def select_reports(page):
"""
this function created to crawl into submitted results, it shows last 10 results submitted in the database.
you may change the page (default 1) to go to next/previous page.
Args:
page: page number
Returns:
list of events in array and JSON type, otherwise an error in JSON type.
"""
selected = []
session = create_connection()
try:
search_data = session.query(Report).order_by(
Report.id.desc()).offset((page * 10) - 10).limit(10)
for data in search_data:
tmp = {
"id": data.id,
"date": data.date,
"scan_unique_id": data.scan_unique_id,
"report_path_filename": data.report_path_filename,
"options": json.loads(data.options)
}
selected.append(tmp)
except Exception:
return structure(status="error", msg="database error!")
return selected
def get_results_csv(): # todo: need to fix time format
"""
get host's logs through the API in JSON type
Returns:
an array with JSON events
"""
api_key_is_valid(app, flask_request)
session = create_connection()
result_id = get_value(flask_request, "id")
if not result_id:
return jsonify(
structure(status="error", msg=messages("invalid_scan_id"))), 400
scan_details = session.query(Report).filter(Report.id == result_id).first()
data = get_logs_by_scan_unique_id(scan_details.scan_unique_id)
keys = data[0].keys()
filename = ".".join(
scan_details.report_path_filename.split('.')[:-1])[1:] + '.csv'
with open(filename, "w") as report_path_filename:
dict_writer = csv.DictWriter(report_path_filename,
fieldnames=keys,
quoting=csv.QUOTE_ALL)
dict_writer.writeheader()
for event in data:
dict_writer.writerow(
{key: value
for key, value in event.items() if key in keys})
with open(filename, 'r') as report_path_filename:
reader = report_path_filename.read()
return Response(
reader,
mimetype='text/csv',
headers={'Content-Disposition': 'attachment;filename=' + filename})
def get_results_json():
"""
get host's logs through the API in JSON type
Returns:
an array with JSON events
"""
api_key_is_valid(app, flask_request)
session = create_connection()
result_id = get_value(flask_request, "id")
if not result_id:
return jsonify(
structure(
status="error",
msg=messages("invalid_scan_id")
)
), 400
scan_details = session.query(Report).filter(Report.id == result_id).first()
json_object = json.dumps(
get_logs_by_scan_unique_id(
scan_details.scan_unique_id
)
)
filename = ".".join(scan_details.report_path_filename.split('.')[:-1])[1:] + '.json'
return Response(
json_object,
mimetype='application/json',
headers={
'Content-Disposition': 'attachment;filename=' + filename
}
)
def session_check():
"""
check the session if it's valid
Returns:
a JSON message if it's valid otherwise abort(401)
"""
api_key_is_valid(app, flask_request)
return jsonify(
structure(status="ok", msg=messages("browser_session_valid"))), 200
def error_404(error):
"""
handle the 404 HTTP error
Args:
error: the flask error
Returns:
404 JSON error
"""
return jsonify(structure(status="error", msg=messages("not_found"))), 404
def error_403(error):
"""
handle the 403 HTTP error
Args:
error: the flask error
Returns:
403 JSON error
"""
return jsonify(structure(status="error", msg=error.description)), 403
def session_kill():
"""
unset session on the browser
Returns:
a 200 HTTP response with set-cookie to "expired"
to unset the cookie on the browser
"""
res = make_response(
jsonify(structure(status="ok",
msg=messages("browser_session_killed"))))
res.set_cookie("key", "", expires=0)
return res
def get_scan_result(id):
"""
this function created to download results by the result ID.
Args:
id: scan id
Returns:
result file content (TEXT, HTML, JSON) if success otherwise and error in JSON type.
"""
session = create_connection()
try:
try:
filename = session.query(Report).filter_by(
id=id).first().report_path_filename[1:-1]
# for some reason filename saved like "filename" with double quotes in the beginning and end
return open(str(filename), 'rb').read(), 200
except Exception:
return jsonify(
structure(status="error", msg="cannot find the file!")), 400
except Exception:
return jsonify(structure(status="error", msg="database error!")), 200
def session_set():
"""
set session on the browser
Returns:
200 HTTP response if session is valid and a set-cookie in the
response if success otherwise abort(403)
"""
api_key_is_valid(app, flask_request)
res = make_response(
jsonify(structure(status="ok", msg=messages("browser_session_valid"))))
res.set_cookie(
"key", value=app.config["OWASP_NETTACKER_CONFIG"]["api_access_key"])
return res
def get_result_content():
"""
get a result HTML/TEXT/JSON content
Returns:
content of the scan result
"""
api_key_is_valid(app, flask_request)
scan_id = get_value(flask_request, "id")
if not scan_id:
return jsonify(
structure(
status="error",
msg=messages("invalid_scan_id")
)
), 400
return get_scan_result(scan_id)
def get_result_content():
"""
get a result HTML/TEXT/JSON content
Returns:
content of the scan result
"""
api_key_is_valid(app, flask_request)
scan_id = get_value(flask_request, "id")
if not scan_id:
return jsonify(
structure(status="error", msg=messages("invalid_scan_id"))), 400
filename, file_content = get_scan_result(scan_id)
return Response(file_content,
mimetype=mime_types().get(
os.path.splitext(filename)[1], "text/plain"),
headers={
'Content-Disposition':
'attachment;filename=' + filename.split('/')[-1]
})
def last_host_logs(page):
"""
this function created to select the last 10 events from the database. you can goto next page by changing page value.
Args:
page: page number
Returns:
an array of events in JSON type if success otherwise an error in JSON type
"""
session = create_connection()
hosts = [
{
"target": host.target,
"info": {
"module_name": [
_.module_name for _ in session.query(HostsLog).filter(
HostsLog.target == host.target).group_by(
HostsLog.module_name).all()
],
"date":
session.query(HostsLog).filter(
HostsLog.target == host.target).order_by(
HostsLog.id.desc()).first().date,
# "options": [ # unnecessary data?
# _.options for _ in session.query(HostsLog).filter(
# HostsLog.target == host.target
# ).all()
# ],
"events": [
_.event for _ in session.query(HostsLog).filter(
HostsLog.target == host.target).all()
],
}
}
for host in session.query(HostsLog).group_by(HostsLog.target).order_by(
HostsLog.id.desc()).offset((page * 10) - 10).limit(10)
]
if len(hosts) == 0:
return structure(status="finished", msg="No more search results")
return hosts
def search_logs(page, query):
"""
search in events (host, date, port, module, category, description, username, password, scan_unique_id, scan_cmd)
Args:
page: page number
query: query to search
Returns:
an array with JSON structure of founded events or an empty array
"""
session = create_connection()
selected = []
try:
for host in session.query(HostsLog).filter(
(HostsLog.target.like("%" + str(query) + "%"))
| (HostsLog.date.like("%" + str(query) + "%"))
| (HostsLog.module_name.like("%" + str(query) + "%"))
| (HostsLog.options.like("%" + str(query) + "%"))
| (HostsLog.event.like("%" + str(query) + "%"))
|
(HostsLog.scan_unique_id.like("%" + str(query) + "%"))).group_by(
HostsLog.target).order_by(
HostsLog.id.desc()).offset((page * 10) - 10).limit(10):
for data in session.query(HostsLog).filter(
HostsLog.target == str(host.target)).group_by(
HostsLog.module_name, HostsLog.options,
HostsLog.scan_unique_id,
HostsLog.event).order_by(HostsLog.id.desc()).all():
n = 0
capture = None
for selected_data in selected:
if selected_data["target"] == host.target:
capture = n
n += 1
if capture is None:
tmp = {
"target": data.target,
"info": {
"module_name": [],
"options": [],
"date": [],
"event": [],
}
}
selected.append(tmp)
n = 0
for selected_data in selected:
if selected_data["target"] == host.target:
capture = n
n += 1
if data.target == selected[capture]["target"]:
if data.module_name not in selected[capture]["info"][
"module_name"]:
selected[capture]["info"]["module_name"].append(
data.module_name)
if data.date not in selected[capture]["info"]["date"]:
selected[capture]["info"]["date"].append(data.date)
if data.options not in selected[capture]["info"][
"options"]:
selected[capture]["info"]["options"].append(
json.loads(data.options))
if data.event not in selected[capture]["info"]["event"]:
selected[capture]["info"]["event"].append(
json.loads(data.event))
except Exception:
return structure(status="error", msg="database error!")
if len(selected) == 0:
return structure(status="finished", msg="No more search results")
return selected
