def vulnerabilities_detail():
v_id = request.form.get("id", None)
# query result/rules/vulnerabilities
v_detail = CobraResults.query.filter_by(id=v_id).first()
rule_info = CobraRules.query.filter_by(id=v_detail.rule_id).first()
language_info = CobraLanguages.query.filter(
CobraLanguages.id == rule_info.language).first()
language = language_info.language
vulnerabilities_description = CobraVuls.query.filter_by(
id=rule_info.vul_id).first()
if rule_info.author.strip() == '':
rule_info.author = 'Undefined'
# get code content
project = CobraProjects.query.filter_by(id=v_detail.project_id).first()
if project.repository[0] == '/':
# upload directory
project_code_path = project.repository
else:
# git
project_path_split = project.repository.replace('.git', '').split('/')
project_path = os.path.join(project_path_split[3],
project_path_split[4])
upload = os.path.join(
config.Config('upload', 'directory').value, 'versions')
project_code_path = os.path.join(upload, project_path)
if v_detail.file[0] == '/':
v_detail.file = v_detail.file[1:]
file_path = os.path.join(project_code_path, v_detail.file)
# https://codemirror.net/mode/clike/index.html
mode_mime = {
'javascript': 'javascript',
'php': 'php',
'python': 'python',
'lua': 'lua',
'ruby': 'ruby',
'perl': 'perl',
'go': 'go',
'cmake': 'cmake',
'html': 'htmlmixed',
'jsp': 'htmlmixed',
'xml': 'xml',
'yaml': 'yaml',
'css': 'css',
'markdown': 'markdown',
'shell': 'shell',
'sql': 'sql',
'c': 'text/x-csrc',
'c++': 'text/x-c++src',
'java': 'text/x-java',
'c#': 'text/x-csharp',
'objective-c': 'text/x-objectivec',
'scale': 'text/x-scale',
'shader': 'text/x-vertex',
'squirrel': 'text/x-squirrel',
'kotlin': 'text/x-kotlin',
'ceylon': 'text/ceylon'
}
if language.lower() in mode_mime:
mode = mode_mime[language.lower()]
else:
mode = 'htmlmixed'
if '.' in file_path:
ext = file_path.split('.')[-1:][0]
if ext.lower() in mode_mime:
mode = mode_mime[ext.lower()]
if os.path.isfile(file_path) is not True:
code_content = '// File does not exist'
line_trigger = 1
line_start = 1
c_author = 'Not support'
c_time = 'Not support'
c_ret = False
else:
# get committer
c_ret, c_author, c_time = Git.committer(v_detail.file,
project_code_path,
v_detail.line)
if c_ret is not True:
c_author = 'Not support'
c_time = 'Not support'
code_content = ''
fp = open(file_path, 'r')
block_lines = 50
block_start = 0
if v_detail.line < block_lines:
block_end = v_detail.line + block_lines
else:
block_end = v_detail.line + block_lines
for i, line in enumerate(fp):
if block_start <= i <= block_end:
code_content = code_content + line
fp.close()
line_trigger = v_detail.line - block_start
line_start = block_start + 1
try:
jsonify(data=code_content)
except Exception as e:
code_content = '// The file encoding type is not supported'
line_trigger = 1
line_start = 1
return_data = {
'detail': {
'id': v_detail.id,
'file': v_detail.file,
'line_trigger': line_trigger,
'line_start': line_start,
'code': code_content,
'c_ret': c_ret,
'c_author': c_author,
'c_time': c_time,
'mode': mode,
'repair':
const.Vulnerabilities(v_detail.repair).repair_description(),
'status':
const.Vulnerabilities(v_detail.status).status_description(),
'created': str(v_detail.created_at),
'updated': str(v_detail.updated_at)
},
'rule': {
'id': rule_info.id,
'language': language,
'description': rule_info.description,
'repair': rule_info.repair,
'author': rule_info.author,
'level':
const.Vulnerabilities(rule_info.level).level_description(),
'status': rule_info.status,
'created': str(rule_info.created_at),
'updated': str(rule_info.updated_at)
},
'description': {
'id': vulnerabilities_description.id,
'name': vulnerabilities_description.name,
'description': vulnerabilities_description.description,
'repair': vulnerabilities_description.repair,
'third_v_id': vulnerabilities_description.third_v_id
}
}
return jsonify(status_code=1001, message='success', data=return_data)
def vulnerabilities_detail():
v_id = request.form.get("id", None)
# query result/rules/vulnerabilities
v_detail = CobraResults.query.filter_by(id=v_id).first()
rule_info = CobraRules.query.filter_by(id=v_detail.rule_id).first()
vulnerabilities_description = CobraVuls.query.filter_by(
id=rule_info.vul_id).first()
if rule_info.author.strip() == '':
rule_info.author = 'Undefined'
# get code content
project = CobraProjects.query.filter_by(id=v_detail.project_id).first()
if project.repository[0] == '/':
# upload directory
project_code_path = project.repository
else:
# git
project_path_split = project.repository.replace('.git', '').split('/')
project_path = os.path.join(project_path_split[3],
project_path_split[4])
upload = os.path.join(
config.Config('upload', 'directory').value, 'versions')
project_code_path = os.path.join(upload, project_path)
if v_detail.file[0] == '/':
v_detail.file = v_detail.file[1:]
file_path = os.path.join(project_code_path, v_detail.file)
if os.path.isfile(file_path) is not True:
code_content = '// There is no code snippet for this type of file'
line_trigger = 1
line_start = 1
c_author = 'Not support'
c_time = 'Not support'
c_ret = False
else:
# get committer
c_ret, c_author, c_time = Git.committer(v_detail.file,
project_code_path,
v_detail.line)
if c_ret is not True:
c_author = 'Not support'
c_time = 'Not support'
code_content = ''
fp = open(file_path, 'r')
block_lines = 50
if v_detail.line < block_lines:
block_start = 0
block_end = v_detail.line + block_lines
else:
block_start = v_detail.line - block_lines
block_end = v_detail.line + block_lines
for i, line in enumerate(fp):
if block_start <= i <= block_end:
code_content = code_content + line
fp.close()
line_trigger = v_detail.line - block_start
line_start = block_start + 1
try:
jsonify(data=code_content)
except Exception as e:
code_content = '// The encoding type code is not supported'
line_trigger = 1
line_start = 1
return_data = {
'detail': {
'id': v_detail.id,
'file': v_detail.file,
'line_trigger': line_trigger,
'line_start': line_start,
'code': code_content,
'c_ret': c_ret,
'c_author': c_author,
'c_time': c_time,
'repair':
const.Vulnerabilities(v_detail.repair).repair_description(),
'status':
const.Vulnerabilities(v_detail.status).status_description(),
'created': v_detail.created_at,
'updated': v_detail.updated_at
},
'rule': {
'id': rule_info.id,
'language': rule_info.language,
'description': rule_info.description,
'repair': rule_info.repair,
'author': rule_info.author,
'level':
const.Vulnerabilities(rule_info.level).level_description(),
'status': rule_info.status,
'created': rule_info.created_at,
'updated': rule_info.updated_at
},
'description': {
'id': vulnerabilities_description.id,
'name': vulnerabilities_description.name,
'description': vulnerabilities_description.description,
'repair': vulnerabilities_description.repair,
'third_v_id': vulnerabilities_description.third_v_id
}
}
return jsonify(status_code=1001, message='success', data=return_data)
def vulnerabilities_detail():
v_id = request.form.get("id", None)
# query result/rules/vulnerabilities
v_detail = CobraResults.query.filter_by(id=v_id).first()
rule_info = CobraRules.query.filter_by(id=v_detail.rule_id).first()
language_info = CobraLanguages.query.filter(CobraLanguages.id == rule_info.language).first()
language = language_info.language
vulnerabilities_description = CobraVuls.query.filter_by(id=rule_info.vul_id).first()
if rule_info.author.strip() == '':
rule_info.author = 'Undefined'
# get code content
project = CobraProjects.query.filter_by(id=v_detail.project_id).first()
if project.repository[0] == '/':
# upload directory
project_code_path = project.repository
else:
# git
project_path_split = project.repository.replace('.git', '').split('/')
project_path = os.path.join(project_path_split[3], project_path_split[4])
upload = os.path.join(config.Config('upload', 'directory').value, 'versions')
project_code_path = os.path.join(upload, project_path)
if v_detail.file[0] == '/':
v_detail.file = v_detail.file[1:]
file_path = os.path.join(project_code_path, v_detail.file)
# https://codemirror.net/mode/clike/index.html
mode_mime = {
'javascript': 'javascript',
'php': 'php',
'python': 'python',
'lua': 'lua',
'ruby': 'ruby',
'perl': 'perl',
'go': 'go',
'cmake': 'cmake',
'html': 'htmlmixed',
'jsp': 'htmlmixed',
'xml': 'xml',
'yaml': 'yaml',
'css': 'css',
'markdown': 'markdown',
'shell': 'shell',
'sql': 'sql',
'c': 'text/x-csrc',
'c++': 'text/x-c++src',
'java': 'text/x-java',
'c#': 'text/x-csharp',
'objective-c': 'text/x-objectivec',
'scale': 'text/x-scale',
'shader': 'text/x-vertex',
'squirrel': 'text/x-squirrel',
'kotlin': 'text/x-kotlin',
'ceylon': 'text/ceylon'
}
if language.lower() in mode_mime:
mode = mode_mime[language.lower()]
else:
mode = 'htmlmixed'
if '.' in file_path:
ext = file_path.split('.')[-1:][0]
if ext.lower() in mode_mime:
mode = mode_mime[ext.lower()]
if os.path.isfile(file_path) is not True:
code_content = '// File does not exist'
line_trigger = 1
line_start = 1
c_author = 'Not support'
c_time = 'Not support'
c_ret = False
else:
# get committer
c_ret, c_author, c_time = Git.committer(v_detail.file, project_code_path, v_detail.line)
if c_ret is not True:
c_author = 'Not support'
c_time = 'Not support'
# get code content
code_content = ''
fp = open(file_path, 'r')
block_lines = 50
block_start = 0
if v_detail.line < block_lines:
block_end = v_detail.line + block_lines
else:
block_end = v_detail.line + block_lines
for i, line in enumerate(fp):
if i == 0 and len(line) > 1024:
code_content = '// Compressed file preview is not supported'
break
else:
if block_start <= i <= block_end:
code_content = code_content + line
fp.close()
line_trigger = v_detail.line - block_start
line_start = block_start + 1
try:
jsonify(data=code_content)
except Exception as e:
code_content = '// The file encoding type is not supported'
line_trigger = 1
line_start = 1
return_data = {
'detail': {
'id': v_detail.id,
'file': v_detail.file,
'line_trigger': line_trigger,
'line_start': line_start,
'code': code_content,
'c_ret': c_ret,
'c_author': c_author,
'c_time': c_time,
'mode': mode,
'repair': const.Vulnerabilities(v_detail.repair).repair_description(),
'status': const.Vulnerabilities(v_detail.status).status_description(),
'created': str(v_detail.created_at),
'updated': str(v_detail.updated_at)
},
'rule': {
'id': rule_info.id,
'language': language,
'description': rule_info.description,
'repair': rule_info.repair,
'author': rule_info.author,
'level': const.Vulnerabilities(rule_info.level).level_description(),
'status': rule_info.status,
'created': str(rule_info.created_at),
'updated': str(rule_info.updated_at)
},
'description': {
'id': vulnerabilities_description.id,
'name': vulnerabilities_description.name,
'description': vulnerabilities_description.description,
'repair': vulnerabilities_description.repair,
'third_v_id': vulnerabilities_description.third_v_id
}
}
return jsonify(status_code=1001, message='success', data=return_data)