def mutate(self, info, target): if _validate_jwt(info.context['request'].headers): try: ref_target = Target.objects.get(name=target) new_scan = Scan().save() ref_target.update(add_to_set__scans=new_scan.id) except DoesNotExist: raise Exception("Target matching query does not exist") return CreateScan(scan=new_scan) else: raise Exception("Unauthorized to perform action")
def fetch_users(usernames, caller_username, api, session, force_update=False): """ Fetch the user objects from the api for the given usernames and insert them into the DB. Records that a scan instance occured by the given user on each of the given usernames :usernames The list of usernames to look at. :caller_username The username that initiated the scan :api The instagram API :session the db session :force_update if true the queries will overide previous user entries in the db to update them :returns list of pk's of the given usernames. """ logger.info("Fetching users") api.getInfoByName(caller_username.strip()) caller_user = api.LastJson["user"] caller_user_pk = caller_user["pk"] # need their user object too # TODO: just recycle this information from above usernames.insert(0, caller_username) time.sleep(config.SLEEP_TIME) pks = [] for username in usernames: user_pk = fetch_user(username, api, session, force_update) if user_pk == None: continue if username != caller_username: pks.append(user_pk) # create scan row scan = Scan(instagram_user_id=user_pk, initiated_by=caller_user_pk) session.add(scan) session.commit() logger.info("Gatered users committed to database") logger.info(pks) return pks
def post(self): reqs = request.get_json(force=True) if not reqs: raise JsonRequiredError() try: params = {} params['user_id'] = current_identity.id current_identity.num_scans += 1 params['id'] = current_identity.num_scans params['description'] = reqs['description'] # construct URL from stuffs domain = Domain.query.filter_by(user_id=current_identity.id, relative_id=reqs['domain_id']).first() if (domain is None) or (domain.deleted): raise ResourceNotFoundError() url = '' if (not reqs['bootstrap_path'].startswith('/')): reqs['bootstrap_path'] = '/' + reqs['bootstrap_path'] if (domain.ssl): url = 'https://%s:%d%s' % (domain.url, domain.port, reqs['bootstrap_path']) else: url = 'http://%s:%d%s' % (domain.url, domain.port, reqs['bootstrap_path']) params['target'] = url params['profile'] = '' u = Scan(**params) db.session.add(u) db.session.commit() # post message to RabbitMQ then forget about it credentials = pika.PlainCredentials(os.environ.get('TASKQUEUE_USER'), os.environ.get('TASKQUEUE_PASS')) con = pika.BlockingConnection(pika.ConnectionParameters(host=os.environ.get('TASKQUEUE_HOST'),credentials=credentials)) channel = con.channel() channel.queue_declare(queue='task', durable=True) channel.basic_publish(exchange='', routing_key='task', body=json.dumps({'target': url, 'scan_id': u.id}), properties=pika.BasicProperties(delivery_mode = 2)) con.close() return {}, 201, {'Location': '/scans/%d' % u.relative_id} except KeyError: raise JsonInvalidError()
def newscan(request, template=None): """New scan page, form to enter URL, pick a plan, etc.""" data = {} try: r = requests.get(settings.TASK_ENGINE_URL + '/plans') resp_json = r.json except: data = { "error": "Error retrieving available plans. Check connection to task engine." } #If you can't retrieve the plans, no use in continuing, return error now. return render(request, template, data) #Page has been POSTed to, create a scan and redirect to /scan/id if request.method == 'POST': url_entered = request.POST["new_scan_url_input"] plan_selected = request.POST["plan_selection"] if _validate_target_url(url_entered) and _validate_plan_name( plan_selected, resp_json['plans']): #Task Engine work #Start the scan using provided url to PUT to the API endpoint payload = json.dumps({"target": url_entered}) try: put = requests.put(settings.TASK_ENGINE_URL + "/scan/create/" + plan_selected, data=payload) #Decode the response and extract the ID put_resp = put.json scan_id = put_resp['scan']['id'] #Post START to the API endpoint to begin the scan starter = requests.post(settings.TASK_ENGINE_URL + "/scan/" + scan_id + "/state", data="START") except: data = { "error": "Error starting session. Check connection to the task engine." } #If you can't start a session, no use in continuing, return now return render(request, template, data) #Add the new scan to the database newscan1 = Scan(scan_id=scan_id, scan_creator=request.user, scan_url=url_entered, scan_plan=plan_selected) newscan1.save() #return render(request, template, data) return redirect('/scan/' + scan_id) else: data = { "error_retry": "Invalid URL or plan. Please enter a valid URL and select a plan.", "plans": resp_json['plans'], "task_engine_url": settings.TASK_ENGINE_URL } return render(request, template, data) #Page has not been POSTed to else: data = { "plans": resp_json['plans'], "task_engine_url": settings.TASK_ENGINE_URL } return render(request, template, data)
def random_scan(): return Scan(store=random.choice(STORES), product=random.choice(PRODUCTS), timestamp=datetime.now())