Пример #1
0
 def Update(self,
            plugin_group,
            plugin_type,
            plugin_code,
            patch_data,
            target_id=None):
     plugin_dict = {
         "plugin_group": plugin_group,
         "plugin_type": plugin_type,
         "plugin_code": plugin_code
     }
     query = self.GenerateQueryUsingSession(plugin_dict, target_id)
     obj = query.first()
     if obj:
         try:
             if patch_data.get("user_rank", None):
                 if isinstance(patch_data["user_rank"], list):
                     patch_data["user_rank"] = patch_data["user_rank"][0]
                 obj.user_rank = int(patch_data["user_rank"])
                 obj.owtf_rank = -1
             if patch_data.get("user_notes", None):
                 if isinstance(patch_data["user_notes"], list):
                     patch_data["user_notes"] = patch_data["user_notes"][0]
                 obj.user_notes = patch_data["user_notes"]
             self.db.session.merge(obj)
             self.db.session.commit()
         except ValueError:
             raise InvalidParameterType(
                 "Integer has to be provided for integer fields")
Пример #2
0
 def _generate_query(self, filter_data, session_id, for_stats=False):
     query = self.db.session.query(models.Target).filter(
         models.Target.sessions.any(id=session_id))
     if filter_data.get("search") is not None:
         if filter_data.get('target_url', None):
             if isinstance(filter_data.get('target_url'), list):
                 filter_data['target_url'] = filter_data['target_url'][0]
             query = query.filter(
                 models.Target.target_url.like("%%%s%%" %
                                               filter_data['target_url']))
     else:
         if filter_data.get("target_url", None):
             if isinstance(filter_data["target_url"], (str, unicode)):
                 query = query.filter_by(
                     target_url=filter_data["target_url"])
             if isinstance(filter_data["target_url"], list):
                 query = query.filter(
                     models.Target.target_url.in_(
                         filter_data.get("target_url")))
         if filter_data.get("host_ip", None):
             if isinstance(filter_data["host_ip"], (str, unicode)):
                 query = query.filter_by(host_ip=filter_data["host_ip"])
             if isinstance(filter_data["host_ip"], list):
                 query = query.filter(
                     models.Target.host_ip.in_(filter_data.get("host_ip")))
         if filter_data.get("scope", None):
             filter_data["scope"] = filter_data["scope"][0]
             query = query.filter_by(scope=self.config.ConvertStrToBool(
                 filter_data.get("scope")))
         if filter_data.get("host_name", None):
             if isinstance(filter_data["host_name"], (str, unicode)):
                 query = query.filter_by(host_name=filter_data["host_name"])
             if isinstance(filter_data["host_name"], list):
                 query = query.filter(
                     models.Target.host_name.in_(
                         filter_data.get("host_name")))
         if filter_data.get("id", None):
             if isinstance(filter_data["id"], (str, unicode)):
                 query = query.filter_by(id=filter_data["id"])
             if isinstance(filter_data["id"], list):
                 query = query.filter(
                     models.Target.id.in_(filter_data.get("id")))
     # This will allow new targets to be at the start
     query = query.order_by(models.Target.id.desc())
     if not for_stats:  # query for stats shouldn't have limit and offset
         try:
             if filter_data.get('offset', None):
                 if isinstance(filter_data.get('offset'), list):
                     filter_data['offset'] = filter_data['offset'][0]
                 query = query.offset(int(filter_data['offset']))
             if filter_data.get('limit', None):
                 if isinstance(filter_data.get('limit'), list):
                     filter_data['limit'] = filter_data['limit'][0]
                 query = query.limit(int(filter_data['limit']))
         except ValueError:
             raise InvalidParameterType(
                 "Invalid parameter type for target db for id[lt] or id[gt]"
             )
     return query
Пример #3
0
 def GenerateQueryUsingSession(self, criteria, target_id, for_stats=False):
     query = self.db.session.query(
         models.Url).filter_by(target_id=target_id)
     # Check if criteria is url search
     if criteria.get('search', None):
         if criteria.get('url', None):
             if isinstance(criteria.get('url'), list):
                 criteria['url'] = criteria['url'][0]
             query = query.filter(
                 models.Url.url.like('%%%s%%' % criteria['url']))
     else:  # If not search
         if criteria.get('url', None):
             if isinstance(criteria.get('url'), (str, unicode)):
                 query = query.filter_by(url=criteria['url'])
             if isinstance(criteria.get('url'), list):
                 query = query.filter(models.Url.url.in_(criteria['url']))
     # For the following section doesn't matter if filter/search because
     # it doesn't make sense to search in a boolean column :P
     if criteria.get('visited', None):
         if isinstance(criteria.get('visited'), list):
             criteria['visited'] = criteria['visited'][0]
         query = query.filter_by(
             visited=self.config.ConvertStrToBool(criteria['visited']))
     if criteria.get('scope', None):
         if isinstance(criteria.get('scope'), list):
             criteria['scope'] = criteria['scope'][0]
         query = query.filter_by(
             scope=self.config.ConvertStrToBool(criteria['scope']))
     if not for_stats:  # Query for stats can't have limit and offset
         try:
             if criteria.get('offset', None):
                 if isinstance(criteria.get('offset'), list):
                     criteria['offset'] = criteria['offset'][0]
                 query = query.offset(int(criteria['offset']))
             if criteria.get('limit', None):
                 if isinstance(criteria.get('limit'), list):
                     criteria['limit'] = criteria['limit'][0]
                 query = query.limit(int(criteria['limit']))
         except ValueError:
             raise InvalidParameterType(
                 "Invalid parameter type for transaction db")
     return query
Пример #4
0
 def GenerateQueryUsingSession(self,
                               filter_data,
                               target_id,
                               for_delete=False):
     query = self.db.session.query(
         models.PluginOutput).filter_by(target_id=target_id)
     if filter_data.get("target_id", None):
         query.filter_by(target_id=filter_data["target_id"])
     if filter_data.get("plugin_key", None):
         if isinstance(filter_data.get("plugin_key"), (str, unicode)):
             query = query.filter_by(plugin_key=filter_data["plugin_key"])
         if isinstance(filter_data.get("plugin_key"), list):
             query = query.filter(
                 models.PluginOutput.plugin_key.in_(
                     filter_data["plugin_key"]))
     if filter_data.get("plugin_type", None):
         if isinstance(filter_data.get("plugin_type"), (str, unicode)):
             query = query.filter_by(plugin_type=filter_data["plugin_type"])
         if isinstance(filter_data.get("plugin_type"), list):
             query = query.filter(
                 models.PluginOutput.plugin_type.in_(
                     filter_data["plugin_type"]))
     if filter_data.get("plugin_group", None):
         if isinstance(filter_data.get("plugin_group"), (str, unicode)):
             query = query.filter_by(
                 plugin_group=filter_data["plugin_group"])
         if isinstance(filter_data.get("plugin_group"), list):
             query = query.filter(
                 models.PluginOutput.plugin_group.in_(
                     filter_data["plugin_group"]))
     if filter_data.get("plugin_code", None):
         if isinstance(filter_data.get("plugin_code"), (str, unicode)):
             query = query.filter_by(plugin_code=filter_data["plugin_code"])
         if isinstance(filter_data.get("plugin_code"), list):
             query = query.filter(
                 models.PluginOutput.plugin_code.in_(
                     filter_data["plugin_code"]))
     if filter_data.get("status", None):
         if isinstance(filter_data.get("status"), (str, unicode)):
             query = query.filter_by(status=filter_data["status"])
         if isinstance(filter_data.get("status"), list):
             query = query.filter(
                 models.PluginOutput.status.in_(filter_data["status"]))
     try:
         if filter_data.get("user_rank", None):
             if isinstance(filter_data.get("user_rank"), (str, unicode)):
                 query = query.filter_by(
                     user_rank=int(filter_data["user_rank"]))
             if isinstance(filter_data.get("user_rank"), list):
                 numbers_list = [int(x) for x in filter_data["user_rank"]]
                 query = query.filter(
                     models.PluginOutput.user_rank.in_(numbers_list))
         if filter_data.get("owtf_rank", None):
             if isinstance(filter_data.get("owtf_rank"), (str, unicode)):
                 query = query.filter_by(
                     owtf_rank=int(filter_data["owtf_rank"]))
             if isinstance(filter_data.get("owtf_rank"), list):
                 numbers_list = [int(x) for x in filter_data["owtf_rank"]]
                 query = query.filter(
                     models.PluginOutput.owtf_rank.in_(numbers_list))
     except ValueError:
         raise InvalidParameterType(
             "Integer has to be provided for integer fields")
     if not for_delete:
         query = query.order_by(models.PluginOutput.plugin_key.asc())
     return query
Пример #5
0
 def GenerateQueryUsingSession(self, criteria, target_id, for_stats=False):
     query = self.db.session.query(
         models.Transaction).filter_by(target_id=target_id)
     # If transaction search is being done
     if criteria.get('search', None):
         if criteria.get('url', None):
             if isinstance(criteria.get('url'), list):
                 criteria['url'] = criteria['url'][0]
             query = query.filter(
                 models.Transaction.url.like('%%%s%%' % criteria['url']))
         if criteria.get('method', None):
             if isinstance(criteria.get('method'), list):
                 criteria['method'] = criteria['method'][0]
             query = query.filter(
                 models.Transaction.method.like('%%%s%%' %
                                                criteria.get('method')))
         if criteria.get('data', None):
             if isinstance(criteria.get('data'), list):
                 criteria['data'] = criteria['data'][0]
             query = query.filter(
                 models.Transaction.data.like('%%%s%%' %
                                              criteria.get('data')))
         if criteria.get('raw_request', None):
             if isinstance(criteria.get('raw_request'), list):
                 criteria['raw_request'] = criteria['raw_request'][0]
             query = query.filter(
                 models.Transaction.raw_request.like(
                     '%%%s%%' % criteria.get('raw_request')))
         if criteria.get('response_status', None):
             if isinstance(criteria.get('response_status'), list):
                 criteria['response_status'] = criteria['response_status'][
                     0]
             query = query.filter(
                 models.Transaction.response_status.like(
                     '%%%s%%' % criteria.get('response_status')))
         if criteria.get('response_headers', None):
             if isinstance(criteria.get('response_headers'), list):
                 criteria['response_headers'] = criteria[
                     'response_headers'][0]
             query = query.filter(
                 models.Transaction.response_headers.like(
                     '%%%s%%' % criteria.get('response_headers')))
         if criteria.get('response_body', None):
             if isinstance(criteria.get('response_body'), list):
                 criteria['response_body'] = criteria['response_body'][0]
             query = query.filter(
                 models.Transaction.binary_response is False,
                 models.Transaction.response_body.like(
                     '%%%s%%' % criteria.get('response_body')))
     else:  # If transaction filter is being done
         if criteria.get('url', None):
             if isinstance(criteria.get('url'), (str, unicode)):
                 query = query.filter_by(url=criteria['url'])
             if isinstance(criteria.get('url'), list):
                 query = query.filter(
                     models.Transaction.url.in_(criteria.get('url')))
         if criteria.get('method', None):
             if isinstance(criteria.get('method'), (str, unicode)):
                 query = query.filter_by(method=criteria['method'])
             if isinstance(criteria.get('method'), list):
                 query = query.filter(
                     models.Transaction.method.in_(criteria.get('method')))
         if criteria.get('data', None):
             if isinstance(criteria.get('data'), (str, unicode)):
                 query = query.filter_by(data=criteria['data'])
             if isinstance(criteria.get('data'), list):
                 query = query.filter(
                     models.Transaction.data.in_(criteria.get('data')))
     # For the following section doesn't matter if filter/search because
     # it doesn't make sense to search in a boolean column :P
     if criteria.get('scope', None):
         if isinstance(criteria.get('scope'), list):
             criteria['scope'] = criteria['scope'][0]
         query = query.filter_by(
             scope=self.config.ConvertStrToBool(criteria['scope']))
     if criteria.get('binary_response', None):
         if isinstance(criteria.get('binary_response'), list):
             criteria['binary_response'] = criteria['binary_response'][0]
         query = query.filter_by(
             binary_response=self.config.ConvertStrToBool(
                 criteria['binary_response']))
     if not for_stats:  # query for stats shouldn't have limit and offset
         try:
             query.order_by(models.Transaction.local_timestamp)
             if criteria.get('offset', None):
                 if isinstance(criteria.get('offset'), list):
                     criteria['offset'] = int(criteria['offset'][0])
                 if criteria['offset'] >= 0:
                     query = query.offset(criteria['offset'])
             if criteria.get('limit', None):
                 if isinstance(criteria.get('limit'), list):
                     criteria['limit'] = int(criteria['limit'][0])
                 if criteria['limit'] >= 0:
                     query = query.limit(criteria['limit'])
             else:  # It is too dangerous without a limit argument
                 query.limit(10)  # Default limit value is 10
         except ValueError:
             raise InvalidParameterType(
                 "Invalid parameter type for transaction db")
     return query