def add_device():
error = None
if request.method == 'POST':
_devicename = request.form['devicename'].strip()
_description = request.form['description'].strip()
_version = request.form['version'].strip()
# validate the recieved values
if _devicename:
# make sure device doesn't exist already
try:
device = Devices.get(Devices.devicename == _devicename)
if device:
error = 'Device "' + _devicename + '" already exists'
except Devices.DoesNotExist:
device = Devices(devicename=_devicename,
description=_description,
version=_version)
device.save()
global added_device
added_device = {
'object': device,
'deviceid': device.deviceid,
'devicename': _devicename,
'description': _description,
'version': _version
}
# add a successful completion mark
flash('Device "' + _devicename + '" was successfully added.')
return redirect(url_for('index'))
else:
error = 'Enter the required fields'
return render_template('add_device.html', error=error)
def add_device():
error = None
if request.method == 'POST':
_devicename = request.form['devicename'].strip()
_description = request.form['description'].strip()
_version = request.form['version'].strip()
# validate the recieved values
if _devicename:
# make sure device doesn't exist already
try:
device = Devices.get(Devices.devicename==_devicename)
if device:
error = 'Device "' + _devicename + '" already exists'
except Devices.DoesNotExist:
device = Devices(devicename=_devicename, description=_description, version=_version)
device.save()
global added_device
added_device = {'object': device, 'deviceid': device.deviceid, 'devicename': _devicename, 'description': _description, 'version': _version}
# add a successful completion mark
flash('Device "' + _devicename + '" was successfully added.')
return redirect(url_for('index'))
else:
error = 'Enter the required fields'
return render_template('add_device.html', error=error)
def api_online_devices(request, *, page='1'):
check_admin(request)
page_index = get_page_index(page)
num = yield from Devices.findNumber(selectField='count(id)', where='(%ld - updated_at) < 7' % time.time())
p = Page(num, page_index)
if num == 0:
return dict(page=p, data=())
devices = yield from Devices.findAll(where='(%ld - updated_at) > 7' % time.time(), orderBy='created_at desc', limit=(p.offset, p.limit))
return dict(page=p, data=devices)
def api_devices(request, *, name, addr, mac):
check_admin(request)
if not name or not name.strip():
raise APIValueError('name', 'name cannot be empty.')
if not addr or not addr.strip():
raise APIValueError('addr', 'addr cannot be empty.')
if not mac or not mac.strip():
raise APIValueError('mac', 'mac cannot be empty.')
devices = Devices(name=name.strip(), addr=addr.strip(), mac=mac.strip(), updated_at=time.time())
yield from devices.save_or_update()
return devices
def edit_devices():
error = None
if request.method == 'POST':
# check if this is remove vs update POST request
action = request.form.getlist('action')
if action[0] == 'remove':
# read in the content of a present click
list_value = request.form.getlist('id')
# if list is not empty - content has gone through
if len(list_value) > 0:
value = int(list_value[0])
# find device and rules associated with it
device = Devices.get(Devices.deviceid == value)
# recursively - delete all dependencies incl. nullable
device.delete_instance(recursive=True, delete_nullable=True)
elif action[0] == 'update':
# read in the content of a present click
list_id_value = request.form.getlist('id')
print list_id_value
# if list is not empty - content has gone through
if len(list_id_value) > 0:
id_value = int(list_id_value[0])
print "value is", id_value
# find device and rules associated with it
device = Devices.get(Devices.deviceid == id_value)
list_name_value = request.form.getlist('name')
list_descr_value = request.form.getlist('descr')
list_ver_value = request.form.getlist('ver')
if list_name_value[0] != '':
if list_name_value[0] != device.devicename:
device.devicename = list_name_value[0]
elif list_descr_value[0] != device.description:
device.description = list_descr_value[0]
elif list_ver_value[0] != device.version:
device.version = list_ver_value[0]
device.save()
else:
error = 'Name cannot be empty'
else:
# list devices
entries = [
dict(did=device.deviceid,
dname=device.devicename,
ddescr=device.description,
dver=device.version) for device in Devices.select()
]
return render_template('edit_devices.html',
error=error,
entries=entries)
def login():
req = request.get_json()
check_params(req, 'email', 'password', 'device_token')
user = Users.query.filter_by(email=req['email'],
password=sha256(req['password'])).first()
if user is None:
raise APIException('Sorry you entered the wrong email or password',
404)
if user.status._value_ == 'invalid':
raise APIException('Email not validated', 405)
if user.status._value_ == 'suspended':
raise APIException('Your account is suspended', 405)
is_token_registered = \
Devices.query.filter_by( token=req['device_token'] ).first() is not None
profile_exists = Profiles.query.get(user.id) is not None
if profile_exists and not is_token_registered:
db.session.add(Devices(user_id=user.id, token=req['device_token']))
db.session.commit()
return jsonify({
'jwt':
create_jwt({
'id': user.id,
'role': 'user',
'exp': req.get('exp', 15)
})
}), 200
def show_devices():
entries = [
dict(did=device.deviceid,
dname=device.devicename,
ddescr=device.description,
dver=device.version) for device in Devices.select()
]
return render_template('show_devices.html', entries=entries)
def add_device(user_id):
req = request.get_json()
utils.check_params(req, 'device_token')
db.session.add(Devices(
user_id = user_id,
token = req['device_token'] ))
db.session.commit()
return jsonify({'message':'Device added successfully'})
def edit_devices():
error = None
if request.method == 'POST':
# check if this is remove vs update POST request
action = request.form.getlist('action')
if action[0] == 'remove':
# read in the content of a present click
list_value = request.form.getlist('id')
# if list is not empty - content has gone through
if len(list_value) > 0:
value = int(list_value[0])
# find device and rules associated with it
device = Devices.get(Devices.deviceid == value)
# recursively - delete all dependencies incl. nullable
device.delete_instance(recursive=True,delete_nullable=True)
elif action[0] == 'update':
# read in the content of a present click
list_id_value = request.form.getlist('id')
print list_id_value
# if list is not empty - content has gone through
if len(list_id_value) > 0:
id_value = int(list_id_value[0])
print "value is", id_value
# find device and rules associated with it
device = Devices.get(Devices.deviceid == id_value)
list_name_value = request.form.getlist('name')
list_descr_value = request.form.getlist('descr')
list_ver_value = request.form.getlist('ver')
if list_name_value[0] != '':
if list_name_value[0] != device.devicename:
device.devicename = list_name_value[0]
elif list_descr_value[0] != device.description:
device.description = list_descr_value[0]
elif list_ver_value[0] != device.version:
device.version = list_ver_value[0]
device.save()
else:
error = 'Name cannot be empty'
else:
# list devices
entries = [dict(did=device.deviceid, dname=device.devicename, ddescr=device.description, dver=device.version) for device in Devices.select()]
return render_template('edit_devices.html', error=error, entries=entries)
def add_device(user_id):
body = request.get_json()
check_params(body, 'token')
db.session.add(Devices(user_id=user_id, token=body['token']))
db.session.commit()
return jsonify({'message': 'Device added successfully'})
def create_bug(id, deviceid, uid):
# fetch tester ID via query, feel like there has to be a better way of doing this but i'll revisit this later
tester = Tester.objects(uid=int(uid)).first()
bug = Bugs(bugid=int(id),
device=Devices.objects(deviceid=deviceid).first().id,
tester=tester.id)
bug.save()
tester.update(push__bugs=bug)
tester.save()
return bug
def list_devicerules():
# select device
devices = [
dict(did=device.deviceid, dname=device.devicename)
for device in Devices.select()
]
# select token
tokens = [
dict(tid=each.tokenid, tname=each.token) for each in Tokens.select()
]
return render_template('list_devicerules.html', entries=[devices, tokens])
def create_tester_device(uid, deviceid):
tester = Tester.objects(uid=int(uid)).first()
device = Devices.objects(deviceid=int(deviceid)).first()
if device in tester.devices:
pass
else:
try:
tester.update(push__devices=device)
tester.save()
except Exception as ex:
print(ex)
return TesterDevices(device=device.id, tester=tester.id)
def generate():
params_list = params.split(',')
if int(params_list[0]) == 0 and int(params_list[1]) == 0:
db_query = [dict(rid=drule.ruleid, did=Devices.get(Devices.deviceid==drule.deviceid.deviceid).devicename, tid=Tokens.get(Tokens.tokenid==drule.tokenid.tokenid).token, rule=drule.ruleline, condition=drule.cond, config=drule.configcommand) for drule in Devicerules.select()]
elif int(params_list[0]) == 0:
db_query = [dict(rid=drule.ruleid, did=Devices.get(Devices.deviceid==drule.deviceid.deviceid).devicename, tid=Tokens.get(Tokens.tokenid==drule.tokenid.tokenid).token, rule=drule.ruleline, condition=drule.cond, config=drule.configcommand) for drule in Devicerules.select().where(Devicerules.tokenid==params_list[1])]
elif int(params_list[1]) == 0:
db_query = [dict(rid=drule.ruleid, did=Devices.get(Devices.deviceid==drule.deviceid.deviceid).devicename, tid=Tokens.get(Tokens.tokenid==drule.tokenid.tokenid).token, rule=drule.ruleline, condition=drule.cond, config=drule.configcommand) for drule in Devicerules.select().where(Devicerules.deviceid==params_list[0])]
else:
db_query = [dict(rid=drule.ruleid, did=Devices.get(Devices.deviceid==drule.deviceid.deviceid).devicename, tid=Tokens.get(Tokens.tokenid==drule.tokenid.tokenid).token, rule=drule.ruleline, condition=drule.cond, config=drule.configcommand) for drule in Devicerules.select().where(Devicerules.deviceid==params_list[0], Devicerules.tokenid==params_list[1])]
table_start = '<table class="table table-condensed"><tr><th>Device</th><th>Token</th><th>Rule line</th><th>Condition</th><th>Configuration command</th></tr>'
q = ''
for each in db_query:
q += '<tr>'
q += '<td>' + str(each.get('did')) + '</td>'
q += '<td>' + str(each.get('tid')) + '</td>'
q += '<td>' + str(each.get('rule')) + '</td>'
q += '<td>' + str(each.get('condition')) + '</td>'
q += '<td>' + str(each.get('config')) + '</td>'
q += '</tr>'
table_end = '</table>'
res = table_start + q + table_end
yield res
def register_profile(user_id):
prof = Profiles.query.get(user_id)
if prof is not None:
raise APIException(
'A profile already exists with "id": ' + user_id, 400)
req = request.get_json()
utils.check_params(req, 'first_name', 'last_name', 'device_token')
prof_data = {
'first_name': req['first_name'],
'last_name': req['last_name'],
'nickname': req.get('nickname'),
'hendon_url': req.get('hendon_url')
}
# Create user at Poker Society if there is none, get back pokersociety_id
user = Users.query.get(user_id)
resp = requests.post(
os.environ['POKERSOCIETY_HOST'] + '/swapprofit/user',
json={
'api_token':
utils.sha256(os.environ['POKERSOCIETY_API_TOKEN']),
'email': user.email,
'password': user.password,
**prof_data
})
if not resp.ok:
raise APIException('Error creating user in Poker Society', 500)
data = resp.json()
db.session.add(
Profiles(id=user_id,
pokersociety_id=data['pokersociety_id'],
**prof_data))
db.session.add(Devices(user_id=user_id, token=req['device_token']))
db.session.add(Transactions(user_id=user_id, coins=5))
db.session.commit()
return jsonify({'message': 'ok'}), 200
def fill_entry(d, public_ip):
port_status = ""
MAC_address = ""
Manufacturer = ""
Service_info = ""
OS_details = ""
warnings = ""
if (d.get("Port_status") == None):
port_status = "none"
else:
port_status = d['Port_status']
if (d.get("MAC_address") == None):
MAC_address = "none"
else:
MAC_address = d['MAC_address']
if (d.get("Manufacturer") == None):
Manufacturer = "none"
else:
Manufacturer = d['Manufacturer']
if (d.get("Service_info") == None):
Service_info = "none"
else:
Service_info = d['Service_info']
if (d.get("OS_details") == None):
OS_details = "none"
else:
OS_details = d['OS_details']
if (d.get("warning") == None):
warnings = "none"
else:
warnings = d['warning']
new_device = Devices(public_ip, d['IP_address'], port_status, MAC_address,
Manufacturer, Service_info, OS_details,
d['open_ports'], warnings)
return (new_device)
def login():
req = request.get_json()
check_params(req, 'email', 'password', 'device_token')
print(os.environ['API_HOST'])
user = Users.query.filter_by(
email=req['email'], password=sha256(req['password']) ).first()
if user is None:
raise APIException('Sorry you entered the wrong email or password', 404)
if user.status._value_ == 'invalid':
raise APIException('Email not validated', 405)
if user.status._value_ == 'suspended':
raise APIException('Your account is suspended', 405)
is_token_registered = \
Devices.query.filter_by( token=req['device_token'] ).first() is not None
profile_exists = Profiles.query.get( user.id ) is not None
if profile_exists and not is_token_registered:
db.session.add( Devices(
user_id = user.id,
token = req['device_token']
))
db.session.commit()
now = datetime.utcnow()
identity = {
'id': user.id,
'role': 'user',
'exp': now + timedelta(days=60),
'sub': user.id,
'nbf': now,
}
print(identity)
return jsonify({
'jwt': jwt.encode(identity, os.environ['JWT_SECRET_KEY'], algorithm='HS256')
}), 200
def register_profile(user_id):
prof = Profiles.query.get(user_id)
if prof is not None:
raise APIException(
'A profile already exists with "id": ' + user_id, 400)
req = request.get_json()
utils.check_params(req, 'first_name', 'last_name', 'device_token')
db.session.add(
Profiles(id=user_id,
first_name=req['first_name'],
last_name=req['last_name'],
nickname=req.get('nickname'),
hendon_url=req.get('hendon_url')))
db.session.add(Devices(user_id=user_id, token=req['device_token']))
db.session.add(Transactions(user_id=user_id, coins=5))
db.session.commit()
return jsonify({'message': 'ok'}), 200
def test_add_device_to_devices_table_insert_success(self):
devices = Devices(deviceUdid=self.deviceUdid)
devices.add_device_to_devices_table()
self.assertIs(devices.pk, 1)
def show_devices():
entries = [dict(did=device.deviceid, dname=device.devicename, ddescr=device.description, dver=device.version) for device in Devices.select()]
return render_template('show_devices.html', entries=entries)
def list_devicerules():
# select device
devices = [dict(did=device.deviceid, dname=device.devicename) for device in Devices.select()]
# select token
tokens = [dict(tid=each.tokenid, tname=each.token) for each in Tokens.select()]
return render_template('list_devicerules.html', entries=[devices, tokens])
def generate():
params_list = params.split(',')
if int(params_list[0]) == 0 and int(params_list[1]) == 0:
db_query = [
dict(rid=drule.ruleid,
did=Devices.get(Devices.deviceid ==
drule.deviceid.deviceid).devicename,
tid=Tokens.get(
Tokens.tokenid == drule.tokenid.tokenid).token,
rule=drule.ruleline,
condition=drule.cond,
config=drule.configcommand)
for drule in Devicerules.select()
]
elif int(params_list[0]) == 0:
db_query = [
dict(rid=drule.ruleid,
did=Devices.get(Devices.deviceid ==
drule.deviceid.deviceid).devicename,
tid=Tokens.get(
Tokens.tokenid == drule.tokenid.tokenid).token,
rule=drule.ruleline,
condition=drule.cond,
config=drule.configcommand)
for drule in Devicerules.select().where(
Devicerules.tokenid == params_list[1])
]
elif int(params_list[1]) == 0:
db_query = [
dict(rid=drule.ruleid,
did=Devices.get(Devices.deviceid ==
drule.deviceid.deviceid).devicename,
tid=Tokens.get(
Tokens.tokenid == drule.tokenid.tokenid).token,
rule=drule.ruleline,
condition=drule.cond,
config=drule.configcommand)
for drule in Devicerules.select().where(
Devicerules.deviceid == params_list[0])
]
else:
db_query = [
dict(rid=drule.ruleid,
did=Devices.get(Devices.deviceid ==
drule.deviceid.deviceid).devicename,
tid=Tokens.get(
Tokens.tokenid == drule.tokenid.tokenid).token,
rule=drule.ruleline,
condition=drule.cond,
config=drule.configcommand)
for drule in Devicerules.select().where(
Devicerules.deviceid == params_list[0], Devicerules.tokenid
== params_list[1])
]
table_start = '<table class="table table-condensed"><tr><th>Device</th><th>Token</th><th>Rule line</th><th>Condition</th><th>Configuration command</th></tr>'
q = ''
for each in db_query:
q += '<tr>'
q += '<td>' + str(each.get('did')) + '</td>'
q += '<td>' + str(each.get('tid')) + '</td>'
q += '<td>' + str(each.get('rule')) + '</td>'
q += '<td>' + str(each.get('condition')) + '</td>'
q += '<td>' + str(each.get('config')) + '</td>'
q += '</tr>'
table_end = '</table>'
res = table_start + q + table_end
yield res
def test_add_device_to_devices_table_duplicate_skip_insert(self):
devices = Devices(deviceUdid=self.deviceUdid)
devices.add_device_to_devices_table()
self.assertIs(devices.pk, 1)
devices.add_device_to_devices_table()
self.assertIs(devices.pk, 1)
# buildDB.sql scripts automated in sql alchemy
timestamp = time.time()
current_date_timestamp = datetime.datetime.fromtimestamp(timestamp).strftime(
'%Y-%m-%d %H:%M:%S')
session = Session()
nextTime = datetime.datetime.now() + datetime.timedelta(minutes=90)
startTimeafter30Min = datetime.datetime.strftime(nextTime, "%Y-%m-%d %H:%M:%S")
# inserting in Devices tables
objects = [
Devices(deviceID="3",
name='user',
types='user',
ipv4='100.0.0.105',
ipv6='100.0.0.105',
mac='0283ea6e1fe0'),
Devices(deviceID="1",
name='attacker',
types='user',
ipv4='100.0.0.103',
ipv6='100.0.0.103',
mac='024089e25896'),
Devices(deviceID="2",
name='qvm',
types='qvm',
ipv4='100.0.0.104',
ipv6='100.0.0.104',
mac='02744a0ec85d')
]
def create_device(id, description):
return Devices(deviceid=int(id), description=description)
import time
from models import Devices, Users,Qvm, Servers, SwitchDevices, Switches
# buildDB.sql scripts automated in sql alchemy
timestamp = time.time()
current_date_timestamp = datetime.datetime.fromtimestamp(timestamp).strftime('%Y-%m-%d %H:%M:%S')
session = Session()
nextTime = datetime.datetime.now() + datetime.timedelta(minutes = 90)
startTimeafter30Min = datetime.datetime.strftime(nextTime, "%Y-%m-%d %H:%M:%S")
# inserting in Devices tables
objects = [
Devices(deviceID="1", name='user1', types='user', ipv4='10.0.0.107', ipv6='10.0.0.107', mac='0283ea6e1fe0'),
Devices(deviceID="2", name='user2', types='user', ipv4='10.0.0.109', ipv6='10.0.0.109', mac='0245dbc7d81f'),
Devices(deviceID="3", name='attacker1', types='user', ipv4='10.0.0.108', ipv6='10.0.0.108', mac='024089e25896'),
Devices(deviceID="4", name='attacker2', types='user', ipv4='10.0.0.110', ipv6='10.0.0.110', mac='0243b69c46be'),
Devices(deviceID="5", name='attacker3', types='user', ipv4='10.0.0.106', ipv6='10.0.0.106', mac='026c160681b5'),
Devices(deviceID="6", name='qvm', types='qvm', ipv4='10.0.0.105', ipv6='10.0.0.105', mac='02744a0ec85d')
]
session.bulk_save_objects(objects)
session.commit()
# inserting in Users tables
objects = [
Users(userUID="1", username='******', ipAddressuserIP='10.0.0.107',connectionStartTime=current_date_timestamp,connectionStopTime=None),
Users(userUID="2", username='******', ipAddressuserIP='10.0.0.109',connectionStartTime=startTimeafter30Min,connectionStopTime=None),
Users(userUID="3", username='******', ipAddressuserIP='10.0.0.108',connectionStartTime=current_date_timestamp,connectionStopTime=None),
Users(userUID="4", username='******', ipAddressuserIP='10.0.0.110',connectionStartTime=startTimeafter30Min,connectionStopTime=None),
