def issue_revert(request): """Revert FP/NA.""" scan_hash = request.form['scan_hash'] finding_hash = request.form['finding_hash'] if not (utils.issha2(scan_hash) and utils.issha2(finding_hash)): return jsonify(**{ 'status': 'failed', 'message': 'Invalid hash'}) res = get_results(scan_hash) if not res: return jsonify({ 'status': 'failed', 'message': 'Scan hash not found'}) fp_key = 'false_positive' na_key = 'not_applicable' fp = res[fp_key] na = res[na_key] if finding_hash in fp: fp.remove(finding_hash) update_issue(scan_hash, fp_key, fp) elif finding_hash in na: na.remove(finding_hash) update_issue(scan_hash, na_key, na) else: return jsonify({ 'status': 'failed', 'message': 'Finding not found'}) return jsonify({'status': 'ok'})
def view_file(request): """View a File.""" context = {'contents': 'not_found'} path = request.form['path'] scan_hash = request.form['scan_hash'] if not utils.issha2(scan_hash): return jsonify({ 'status': 'failed', 'message': 'Invalid hash'}) res = get_results(scan_hash) if not res: return jsonify({ 'status': 'failed', 'message': 'Scan hash not found'}) safe_dir = settings.UPLOAD_FOLDER req_path = Path(safe_dir) / path if not utils.is_safe_path(safe_dir, req_path.as_posix()): context = { 'status': 'failed', 'contents': 'Path Traversal Detected!'} else: if req_path.is_file(): # lgtm [py/path-injection] contents = utils.read_file(req_path.as_posix()) context = {'contents': contents} return jsonify(**context)
def issue_hide(request, issue_type): """Issue is FP/NA.""" scan_hash = request.form['scan_hash'] finding_hash = request.form['id'] if not (utils.issha2(scan_hash) and utils.issha2(finding_hash)): return jsonify({'status': 'failed', 'message': 'Invalid hash'}) res = get_results(scan_hash) if not res: return jsonify({'status': 'failed', 'message': 'Scan hash not found'}) if issue_type == 'fp': key = 'false_positive' else: key = 'not_applicable' item = res[key] if finding_hash not in item: item.append(finding_hash) update_issue(scan_hash, key, item) return jsonify({'status': 'ok'})
def scan_delete(request): """Delete Scan results from DB.""" scan_hash = request.form['scan_hash'] if not utils.issha2(scan_hash): return jsonify(**{'status': 'failed', 'message': 'Invalid scan hash'}) res = delete_scan(scan_hash) if not res: return jsonify(**{'status': 'failed', 'message': 'Scan not found'}) shutil.rmtree(res.location) if res.scan_file.endswith('.zip'): ziploc = Path(settings.UPLOAD_FOLDER) / res.scan_file ziploc.unlink() return jsonify(**{'status': 'ok'})
def search_file(request): """Search in files.""" context = {} query = request.form['q'] scan_hash = request.form['scan_hash'] if not utils.issha2(scan_hash): return jsonify({'status': 'failed', 'message': 'Scan hash not found'}) res = get_results(scan_hash) if not res: return jsonify({'status': 'failed', 'message': 'Scan hash not found'}) matches = nodejsscan.all_files(res['location'], True, query) context = { 'matches': matches, 'term': query, 'scan_hash': scan_hash, 'version': settings.VERSION, 'year': utils.year(), } return render_template('search.html', **context)