def __init__( self, commit_link=None, repo_owner=None, repo_name=None, repo_url=None, commit_hash=None, ): super().__init__() self.repo_owner = repo_owner self.repo_name = repo_name if commit_link: vcs_handler = get_vcs_handler(None, commit_link) if not vcs_handler: raise InvalidIdentifierException( "Please specify a valid commit_link") self.commit_link = commit_link if repo_url is None: repo_url = vcs_handler.repo_url if commit_hash is None: commit_hash = vcs_handler.commit_hash if repo_url or commit_hash: vcs_handler = get_vcs_handler_by_repo_hash(None, repo_url, commit_hash) if not vcs_handler: raise InvalidIdentifierException( "Please specify a valid repo_url and commit_hash") self.commit_hash = commit_hash self.repo_url = repo_url if commit_link is None: self.commit_link = vcs_handler.commit_link
def _init_repo_data(self): if self.commit_link and "github.com" in self.commit_link: resource_url = self.commit_link else: resource_url = self.repo_url if self.repo_url else self.commit_link logging.info("Searching VCS handler for %s", resource_url) if not resource_url: return False vcs_handler = get_vcs_handler(current_app, resource_url) if not vcs_handler: raise InvalidIdentifierException( "Please provide a valid resource link.") self.repo_name = vcs_handler.repo_name self.file_provider_url = vcs_handler.get_file_provider_url() self.file_ref_provider_url = vcs_handler.get_ref_file_provider_url() self.file_url = vcs_handler.get_file_url() self.tree_url = vcs_handler.get_tree_url() self.commit_hash = (self.commit_hash if self.commit_hash else vcs_handler.commit_hash) if not self.commit_hash: raise InvalidIdentifierException( "Couldn't extract commit hash from given resource URL.") return True
def main_api(): commit_hash = request.args.get('commit_hash', 0, type=str) item_hash = request.args.get('item_hash', 0, type=str) item_path = request.args.get('item_path', None, type=str) commit_link = request.args.get('commit_link', '', type=str) repo_url = request.args.get('repo_url', '', type=str) if 'github.com' in commit_link: resource_url = commit_link else: resource_url = repo_url or commit_link vcs_handler = get_vcs_handler(app, resource_url) if not vcs_handler: return create_json_response('Please provide a valid resource URL.', 400) #try: # Return a specific file's content if requested instead. if item_hash: content = vcs_handler.getFileContent(item_hash, item_path) if not content: err = 'Could not retrieve object with hash {}.'.format(item_hash) logging.error(err) return create_json_response(str(err), 400) logging.info('Retrieved %s: %d bytes', item_hash, len(content)) return content return vcs_handler.fetchCommitData(commit_hash)
def main_api(): commit_hash = request.args.get("commit_hash", 0, type=str) item_hash = request.args.get("item_hash", 0, type=str) item_path = request.args.get("item_path", None, type=str) commit_link = request.args.get("commit_link", "", type=str) repo_url = request.args.get("repo_url", "", type=str) if "github.com" in commit_link: resource_url = commit_link else: resource_url = repo_url or commit_link vcs_handler = get_vcs_handler(app, resource_url) if not vcs_handler: return create_json_response("Please provide a valid resource URL.", 400) # try: # Return a specific file's content if requested instead. if item_hash: content = vcs_handler.get_file_content(item_hash, item_path) if not content: err = f"Could not retrieve object with hash {item_hash}." logging.error(err) return create_json_response(str(err), 400) logging.info("Retrieved %s: %d bytes", item_hash, len(content)) return content return vcs_handler.fetch_commit_data(commit_hash)
def _parse_commit_link( commit_link) -> Tuple[str, Optional[str], Optional[str]]: vcs_handler = get_vcs_handler(None, commit_link) if not vcs_handler: raise InvalidIdentifierException( "Please specify a valid commit link") return commit_link, vcs_handler.repo_url, vcs_handler.commit_hash
def _create_vuln_internal(vcdb_id=None): try: vulnerability_details = VulnerabilityDetails(vcdb_id) vulnerability = vulnerability_details.get_or_create_vulnerability() except InvalidIdentifierException as err: return flash_error(str(err), "frontend.serve_index") if vulnerability.id: logging.debug("Preexisting vulnerability entry found: %r", vulnerability.id) delete_form = VulnerabilityDeleteForm() if delete_form.validate_on_submit(): db.session.delete(vulnerability) # Remove the entry. db.session.commit() flash("The entry was deleted.", "success") return redirect("/") form = VulnerabilityDetailsForm(obj=vulnerability) commit = form.data["commits"][0] if not commit["repo_name"]: logging.info("Empty repository name. %r", commit) repo_url = commit["repo_url"] vcs_handler = get_vcs_handler(None, repo_url) if vcs_handler: logging.info("Found name. %r", vcs_handler.repo_name) form.commits[0].repo_name.process_data(vcs_handler.repo_name) if form.validate_on_submit(): try: form.populate_obj(vulnerability) db.session.add(vulnerability) db.session.commit() # TODO: Improve this hack to assign a new vcdb_id here. # Currently, we are just piggy backing on the auto increment # of the primary key to ensure uniqueness. # This will likely be prone to race conditions. vulnerability.vcdb_id = vulnerability.id db.session.add(vulnerability) db.session.commit() logging.debug("Successfully created/updated entry: %r", vulnerability.id) flash("Successfully created/updated entry.", "success") return redirect( url_for("vuln.vuln_view", vcdb_id=vulnerability.vcdb_id)) except InvalidIdentifierException as err: flash_error(str(err)) return render_template( "vulnerability/create.html", vulnerability_details=vulnerability_details, form=form, )
def _edit_vuln_internal(vcdb_id: str = None): vulnerability_details = get_vulnerability_details(vcdb_id, simplify_id=False) view = vulnerability_details.vulnerability_view vuln = vulnerability_details.get_or_create_vulnerability() if not _can_add_proposal(vuln): return redirect(url_for("vuln.vuln_view", vcdb_id=vcdb_id)) # Populate the form data from the vulnerability view if necessary. # Updating the vuln instance allows to easier diff the changes. if vuln.comment == "": vuln.comment = view.comment form = VulnerabilityDetailsForm(obj=vuln) form_submitted = form.validate_on_submit() commit = form.data["commits"][0] # TODO: https://github.com/google/vulncode-db/issues/95 - # Add support for non github.com entries long-term again. if commit["commit_link"] and "github.com" not in commit["commit_link"]: flash_error("Entries without a github.com link are currently not supported.") return redirect(url_for("vuln.vuln_view", vcdb_id=vcdb_id)) if form_submitted and commit["commit_link"]: vcs_handler = get_vcs_handler(None, commit["commit_link"]) if not vcs_handler: flash_error("Invalid commit link specified.") return render_template( "vulnerability/edit.html", vulnerability_details=vulnerability_details, form=form, ) logging.info("Found name. %r", vcs_handler.repo_name) form.commits[0].repo_name.process_data(vcs_handler.repo_name) form.commits[0].repo_url.process_data(vcs_handler.repo_url) form.commits[0].commit_hash.process_data(vcs_handler.commit_hash) if form_submitted: proposal_vuln = add_proposal(vuln, form) if proposal_vuln: return redirect( url_for( "vuln.vuln_review", vcdb_id=view.id, vuln_id=proposal_vuln.vcdb_id ) ) with db.session.no_autoflush: return render_template( "vulnerability/edit.html", vulnerability_details=vulnerability_details, form=form, )
def __init__(self, commit_link=None, repo_owner=None, repo_name=None, repo_url=None, commit_hash=None): self.repo_owner = repo_owner self.repo_name = repo_name if repo_url: vcs_handler = get_vcs_handler(None, repo_url) if not vcs_handler: raise InvalidIdentifierException( 'Please provide a valid git repo URL.') self.repo_url = repo_url self.commit_link = commit_link self.commit_hash = commit_hash
def _create_vuln_internal(vuln_id=None): try: vulnerability_details = VulnerabilityDetails(vuln_id) vulnerability = vulnerability_details.get_or_create_vulnerability() except InvalidIdentifierException as err: return flashError(str(err), "serve_index") if vulnerability.id: logging.debug("Preexisting vulnerability entry found: %s", vulnerability.id) delete_form = VulnerabilityDeleteForm() if delete_form.validate_on_submit(): db.session.delete(vulnerability) # Remove the entry. db.session.commit() flash("The entry was deleted.", "success") return redirect("/") form = VulnerabilityDetailsForm(obj=vulnerability) commit = form.data["commits"][0] if not commit["repo_name"]: logging.info("Empty repository name. %r", commit) repo_url = commit["repo_url"] vcs_handler = get_vcs_handler(None, repo_url) if vcs_handler: logging.info("Found name. %r", vcs_handler.repo_name) form.commits[0].repo_name.process_data(vcs_handler.repo_name) if form.validate_on_submit(): try: form.populate_obj(vulnerability) db.session.add(vulnerability) db.session.commit() logging.debug("Successfully created/updated entry: %s", vulnerability.id) flash("Successfully created/updated entry.", "success") return redirect(url_for("vuln.vuln_view", vuln_id=vulnerability.id)) except InvalidIdentifierException as err: flashError(str(err)) return render_template( "create_entry.html", vulnerability_details=vulnerability_details, form=form)
def _create_vuln_internal(vuln_id=None): try: vulnerability_details = VulnerabilityDetails(vuln_id) vulnerability = vulnerability_details.get_or_create_vulnerability() except InvalidIdentifierException as err: return flashError(str(err), 'serve_index') if vulnerability.id: logging.debug('Preexisting vulnerability entry found: %s', vulnerability.id) delete_form = VulnerabilityDeleteForm() if delete_form.validate_on_submit(): db.session.delete(vulnerability) # Remove the entry. db.session.commit() flash('The entry was deleted.', 'success') return redirect('/') form = VulnerabilityDetailsForm(obj=vulnerability) commit = form.data['commits'][0] if not commit['repo_name']: logging.info('Empty repository name. %r', commit) repo_url = commit['repo_url'] vcs_handler = get_vcs_handler(None, repo_url) if vcs_handler: logging.info('Found name. %r', vcs_handler.repo_name) form.commits[0].repo_name.process_data(vcs_handler.repo_name) if form.validate_on_submit(): try: form.populate_obj(vulnerability) db.session.add(vulnerability) db.session.commit() logging.debug('Successfully created/updated entry: %s', vulnerability.id) flash('Successfully created/updated entry.', 'success') return redirect(url_for('vuln.vuln_view', vuln_id=vulnerability.id)) except InvalidIdentifierException as err: flashError(str(err)) return render_template( 'create_entry.html', cfg=cfg, vulnerability_details=vulnerability_details, form=form)
def nvd_to_vcdb(nvd, commit_link): vcs_handler = get_vcs_handler(app, commit_link) if not vcs_handler: print("Can't parse Vcs link: {}".format(commit_link)) #print(vars(nvd)) return None vulnerability = Vulnerability( cve_id=nvd.cve_id, commits=[ VulnerabilityGitCommits(commit_link=commit_link, commit_hash=vcs_handler.commit_hash, repo_name=vcs_handler.repo_name, repo_owner=vcs_handler.repo_owner, repo_url=vcs_handler.repo_url) ], comment='', ) return vulnerability
def _edit_vuln_internal(vcdb_id: str = None): vulnerability_details = _get_vulnerability_details(vcdb_id, simplify_id=False) view = vulnerability_details.vulnerability_view vuln = vulnerability_details.get_or_create_vulnerability() if not _can_add_proposal(vuln): return redirect(url_for("vuln.vuln_view", vcdb_id=vcdb_id)) # Populate the form data from the vulnerability view if necessary. # Updating the vuln instance allows to easier diff the changes. if vuln.comment == "": vuln.comment = view.comment form = VulnerabilityDetailsForm(obj=vuln) form_submitted = form.validate_on_submit() commit = form.data["commits"][0] if form_submitted and commit["commit_link"]: vcs_handler = get_vcs_handler(None, commit["commit_link"]) if not vcs_handler: flash_error("Invalid commit link specified.") return render_template("vulnerability/edit.html", vulnerability_details=vulnerability_details, form=form) logging.info("Found name. %r", vcs_handler.repo_name) form.commits[0].repo_name.process_data(vcs_handler.repo_name) form.commits[0].repo_url.process_data(vcs_handler.repo_url) form.commits[0].commit_hash.process_data(vcs_handler.commit_hash) if form_submitted: proposal_vuln = add_proposal(vuln, view, form) if proposal_vuln: return redirect( url_for('vuln.vuln_review', vcdb_id=view.id, vuln_id=proposal_vuln.vcdb_id)) with db.session.no_autoflush: return render_template("vulnerability/edit.html", vulnerability_details=vulnerability_details, form=form)
def create_vcdb_entry(cve_id, commit_link=None): vuln_commits = [] if commit_link: vcs_handler = get_vcs_handler(app, commit_link) if not vcs_handler: print("Can't parse Vcs link: {}".format(commit_link)) return None vuln_commit = VulnerabilityGitCommits( commit_link=commit_link, commit_hash=vcs_handler.commit_hash, repo_name=vcs_handler.repo_name, repo_owner=vcs_handler.repo_owner, repo_url=vcs_handler.repo_url, ) vuln_commits.append(vuln_commit) vulnerability = Vulnerability( cve_id=cve_id, commits=vuln_commits, comment="", ) return vulnerability
def create_vcdb_entry(cve_id, commit_link=None): vuln_commits = [] if commit_link: vcs_handler = get_vcs_handler(app, commit_link) if not vcs_handler: print(f"Can't parse Vcs link: {commit_link}") return None vuln_commit = VulnerabilityGitCommits( commit_link=commit_link, commit_hash=vcs_handler.commit_hash, repo_name=vcs_handler.repo_name, repo_owner=vcs_handler.repo_owner, repo_url=vcs_handler.repo_url, ) vuln_commits.append(vuln_commit) vulnerability = Vulnerability(cve_id=cve_id, commits=vuln_commits, comment="", version=0, state=VulnerabilityState.PUBLISHED) return vulnerability
def _edit_vuln_internal(vcdb_id: str = None): vulnerability_details = _get_vulnerability_details(vcdb_id, simplify_id=False) view = vulnerability_details.vulnerability_view vuln = vulnerability_details.get_or_create_vulnerability() if not _can_add_proposal(vuln): return redirect(url_for("vuln.vuln_view", vcdb_id=vcdb_id)) form = VulnerabilityDetailsForm(obj=vuln) # Populate the form data from the vulnerability view if necessary. if form.comment.data == "": form.comment.data = view.comment if form.comment.data == "": form.comment.data = view.comment form_submitted = form.validate_on_submit() commit = form.data["commits"][0] if form_submitted and commit["commit_link"]: vcs_handler = get_vcs_handler(None, commit["commit_link"]) if not vcs_handler: flash_error("Invalid commit link specified.") return render_template("vulnerability/edit.html", vulnerability_details=vulnerability_details, form=form) logging.info("Found name. %r", vcs_handler.repo_name) form.commits[0].repo_name.process_data(vcs_handler.repo_name) form.commits[0].repo_url.process_data(vcs_handler.repo_url) form.commits[0].commit_hash.process_data(vcs_handler.commit_hash) if form_submitted: add_proposal(vuln, form) return redirect(url_for("vuln.vuln_view", vcdb_id=vcdb_id)) return render_template("vulnerability/edit.html", vulnerability_details=vulnerability_details, form=form)