def mutate(self, info, target):
if _validate_jwt(info.context['request'].headers):
try:
ref_target = Target.objects.get(name=target)
new_scan = Scan().save()
ref_target.update(add_to_set__scans=new_scan.id)
except DoesNotExist:
raise Exception("Target matching query does not exist")
return CreateScan(scan=new_scan)
else:
raise Exception("Unauthorized to perform action")
def fetch_users(usernames, caller_username, api, session, force_update=False):
"""
Fetch the user objects from the api for the given usernames and insert them into the DB.
Records that a scan instance occured by the given user on each of the given usernames
:usernames The list of usernames to look at.
:caller_username The username that initiated the scan
:api The instagram API
:session the db session
:force_update if true the queries will overide previous user entries in the db to update them
:returns list of pk's of the given usernames.
"""
logger.info("Fetching users")
api.getInfoByName(caller_username.strip())
caller_user = api.LastJson["user"]
caller_user_pk = caller_user["pk"]
# need their user object too
# TODO: just recycle this information from above
usernames.insert(0, caller_username)
time.sleep(config.SLEEP_TIME)
pks = []
for username in usernames:
user_pk = fetch_user(username, api, session, force_update)
if user_pk == None:
continue
if username != caller_username:
pks.append(user_pk)
# create scan row
scan = Scan(instagram_user_id=user_pk, initiated_by=caller_user_pk)
session.add(scan)
session.commit()
logger.info("Gatered users committed to database")
logger.info(pks)
return pks
def post(self):
reqs = request.get_json(force=True)
if not reqs:
raise JsonRequiredError()
try:
params = {}
params['user_id'] = current_identity.id
current_identity.num_scans += 1
params['id'] = current_identity.num_scans
params['description'] = reqs['description']
# construct URL from stuffs
domain = Domain.query.filter_by(user_id=current_identity.id, relative_id=reqs['domain_id']).first()
if (domain is None) or (domain.deleted):
raise ResourceNotFoundError()
url = ''
if (not reqs['bootstrap_path'].startswith('/')):
reqs['bootstrap_path'] = '/' + reqs['bootstrap_path']
if (domain.ssl):
url = 'https://%s:%d%s' % (domain.url, domain.port, reqs['bootstrap_path'])
else:
url = 'http://%s:%d%s' % (domain.url, domain.port, reqs['bootstrap_path'])
params['target'] = url
params['profile'] = ''
u = Scan(**params)
db.session.add(u)
db.session.commit()
# post message to RabbitMQ then forget about it
credentials = pika.PlainCredentials(os.environ.get('TASKQUEUE_USER'), os.environ.get('TASKQUEUE_PASS'))
con = pika.BlockingConnection(pika.ConnectionParameters(host=os.environ.get('TASKQUEUE_HOST'),credentials=credentials))
channel = con.channel()
channel.queue_declare(queue='task', durable=True)
channel.basic_publish(exchange='', routing_key='task', body=json.dumps({'target': url, 'scan_id': u.id}), properties=pika.BasicProperties(delivery_mode = 2))
con.close()
return {}, 201, {'Location': '/scans/%d' % u.relative_id}
except KeyError:
raise JsonInvalidError()
def newscan(request, template=None):
"""New scan page, form to enter URL, pick a plan, etc."""
data = {}
try:
r = requests.get(settings.TASK_ENGINE_URL + '/plans')
resp_json = r.json
except:
data = {
"error":
"Error retrieving available plans. Check connection to task engine."
}
#If you can't retrieve the plans, no use in continuing, return error now.
return render(request, template, data)
#Page has been POSTed to, create a scan and redirect to /scan/id
if request.method == 'POST':
url_entered = request.POST["new_scan_url_input"]
plan_selected = request.POST["plan_selection"]
if _validate_target_url(url_entered) and _validate_plan_name(
plan_selected, resp_json['plans']):
#Task Engine work
#Start the scan using provided url to PUT to the API endpoint
payload = json.dumps({"target": url_entered})
try:
put = requests.put(settings.TASK_ENGINE_URL + "/scan/create/" +
plan_selected,
data=payload)
#Decode the response and extract the ID
put_resp = put.json
scan_id = put_resp['scan']['id']
#Post START to the API endpoint to begin the scan
starter = requests.post(settings.TASK_ENGINE_URL + "/scan/" +
scan_id + "/state",
data="START")
except:
data = {
"error":
"Error starting session. Check connection to the task engine."
}
#If you can't start a session, no use in continuing, return now
return render(request, template, data)
#Add the new scan to the database
newscan1 = Scan(scan_id=scan_id,
scan_creator=request.user,
scan_url=url_entered,
scan_plan=plan_selected)
newscan1.save()
#return render(request, template, data)
return redirect('/scan/' + scan_id)
else:
data = {
"error_retry":
"Invalid URL or plan. Please enter a valid URL and select a plan.",
"plans": resp_json['plans'],
"task_engine_url": settings.TASK_ENGINE_URL
}
return render(request, template, data)
#Page has not been POSTed to
else:
data = {
"plans": resp_json['plans'],
"task_engine_url": settings.TASK_ENGINE_URL
}
return render(request, template, data)
def random_scan():
return Scan(store=random.choice(STORES),
product=random.choice(PRODUCTS),
timestamp=datetime.now())
