def update_notice(notice_id):
"""
PUT method to update a single notice
"""
notice = db_session.query(Notice).get(notice_id)
if not notice:
return (
flask.jsonify({"message": f"Notice {notice_id} doesn't exist"}),
404,
)
notice_schema = NoticeSchema()
notice_schema.context["release_codenames"] = [
rel.codename for rel in db_session.query(Release).all()
]
try:
notice_data = notice_schema.load(flask.request.json, unknown=EXCLUDE)
except ValidationError as error:
return (
flask.jsonify({
"message": "Invalid payload",
"errors": error.messages
}),
400,
)
notice = _update_notice_object(notice, notice_data)
db_session.add(notice)
db_session.commit()
return flask.jsonify({"message": "Notice updated"}), 200
def create_notice():
"""
POST method to create a new notice
"""
notice_schema = NoticeSchema()
notice_schema.context["release_codenames"] = [
rel.codename for rel in db_session.query(Release).all()
]
try:
notice_data = notice_schema.load(flask.request.json)
except ValidationError as error:
return (
flask.jsonify({
"message": "Invalid payload",
"errors": error.messages
}),
400,
)
db_session.add(
_update_notice_object(Notice(id=notice_data["id"]), notice_data))
try:
db_session.commit()
except IntegrityError:
return (
flask.jsonify(
{"message": f"Notice {notice_data['id']} already exists"}),
400,
)
return flask.jsonify({"message": "Notice created"}), 201
def update_notice():
if not flask.request.json:
return (flask.jsonify({"message": "No payload received"}), 400)
notice_schema = NoticeSchema()
try:
data = notice_schema.load(flask.request.json, unknown=EXCLUDE)
except ValidationError as error:
return (
flask.jsonify(
{"message": "Invalid payload", "errors": error.messages}
),
400,
)
notice = db_session.query(Notice).get(data["notice_id"])
if not notice:
return (
flask.jsonify(
{"message": f"Notice {data['notice_id']} doesn't exist"}
),
404,
)
notice.title = data["title"]
notice.summary = data["summary"]
notice.details = data["description"]
notice.packages = data["releases"]
notice.published = datetime.fromtimestamp(data["timestamp"])
if "action" in data:
notice.instructions = data["action"]
if "isummary" in data:
notice.isummary = data["isummary"]
# Clear m2m relations to re-add
notice.cves.clear()
notice.releases.clear()
notice.references.clear()
# Link releases
for release_codename in data["releases"].keys():
try:
notice.releases.append(
db_session.query(Release)
.filter(Release.codename == release_codename)
.one()
)
except NoResultFound:
message = f"No release with codename: {release_codename}."
return (flask.jsonify({"message": message}), 400)
# Link CVEs, creating them if they don't exist
refs = set(data.get("references", []))
for ref in refs:
if ref.startswith("CVE-"):
cve_id = ref[4:]
cve = db_session.query(CVE).get(cve_id)
if not cve:
cve = CVE(id=cve_id)
notice.cves.append(cve)
else:
reference = (
db_session.query(Reference)
.filter(Reference.uri == ref)
.first()
)
if not reference:
reference = Reference(uri=ref)
notice.references.append(reference)
db_session.add(notice)
db_session.commit()
return flask.jsonify({"message": "Notice updated"}), 200
def api_create_notice():
if not flask.request.json:
return (flask.jsonify({"message": f"No payload received"}), 400)
# Because we get a dict with ID as a key and the payload as a value
notice_id, payload = flask.request.json.popitem()
notice = db_session.query(Notice).filter(Notice.id == notice_id).first()
if notice:
return (
flask.jsonify({"message": f"Notice '{notice.id}' already exists"}),
400,
)
notice_schema = NoticeSchema()
try:
data = notice_schema.load(payload, unknown=EXCLUDE)
except ValidationError as error:
return (
flask.jsonify({
"message": "Invalid payload",
"errors": error.messages
}),
400,
)
notice = Notice(
id=data["notice_id"],
title=data["title"],
summary=data["summary"],
details=data["description"],
packages=data["releases"],
published=datetime.fromtimestamp(data["timestamp"]),
)
if "action" in data:
notice.instructions = data["action"]
if "isummary" in data:
notice.isummary = data["isummary"]
# Link releases
for release_codename in data["releases"].keys():
try:
notice.releases.append(
db_session.query(Release).filter(
Release.codename == release_codename).one())
except NoResultFound:
message = f"No release with codename: {release_codename}."
return (flask.jsonify({"message": message}), 400)
# Link CVEs, creating them if they don't exist
refs = set(data.get("references", []))
for ref in refs:
if ref.startswith("CVE-"):
cve_id = ref[4:]
cve = db_session.query(CVE).filter(CVE.id == cve_id).first()
if not cve:
cve = CVE(id=cve_id)
notice.cves.append(cve)
else:
reference = (db_session.query(Reference).filter(
Reference.uri == ref).first())
if not reference:
reference = Reference(uri=ref)
notice.references.append(reference)
db_session.add(notice)
db_session.commit()
return flask.jsonify({"message": "Notice created"}), 201