def embed(vcdb_id): try: section_id = int(request.args.get("sid", -1)) start_line = int(request.args.get("start_line", 1)) end_line = int(request.args.get("end_line", -1)) vulnerability_details = VulnerabilityDetails(vcdb_id) vulnerability_details.validate_and_simplify_id() view = vulnerability_details.vulnerability_view if not view: return make_response(("No vulnerability found", 404)) if not view.master_commit: return make_response( (f"Vuln (id: {view.id}) has no linked Git commits!", 404) ) master_commit = vulnerability_details.get_master_commit() files_schema = RepositoryFilesSchema(many=True) # Hack to quickly retrieve the full data. custom_data = json.loads( files_schema.jsonify(master_commit.repository_files).data ) settings = { "section_id": section_id, "startLine": start_line, "endLine": end_line, "entry_data": custom_data, } return render_template( "vulnerability/embedded.html", vulnerability_details=vulnerability_details, embed_settings=settings, ) except (ValueError, InvalidIdentifierException): return make_response(("No vulnerability found", 404))
def view_vuln(vcdb_id, use_template): try: vulnerability_details = VulnerabilityDetails(vcdb_id) vulnerability_details.validate_and_simplify_id() if not vulnerability_details.vulnerability_view: abort(404) except InvalidIdentifierException as err: return flash_error(str(err), "frontend.serve_index") return render_template(use_template, vulnerability_details=vulnerability_details)
def _get_vulnerability_details(vcdb_id, vuln_id=None, simplify_id: bool = True): try: vulnerability_details = VulnerabilityDetails(vcdb_id, vuln_id) if simplify_id: vulnerability_details.validate_and_simplify_id() # Drop everything else. if not vulnerability_details.vulnerability_view: abort(404) return vulnerability_details except InvalidIdentifierException: abort(404)
def get_vulnerability_details(vcdb_id, vuln_id=None, simplify_id: bool = True): # pylint: disable=import-outside-toplevel,cyclic-import from app.vulnerability.views.details import VulnerabilityDetails # pylint: enable=import-outside-toplevel,cyclic-import try: vulnerability_details = VulnerabilityDetails(vcdb_id, vuln_id) if simplify_id: vulnerability_details.validate_and_simplify_id() # Drop everything else. if not vulnerability_details.vulnerability_view: abort(404) return vulnerability_details except InvalidIdentifierException: abort(404)
def bug_save_editor_data(): if request.method != "POST": return create_json_response("Accepting only POST requests.", 400) try: vulnerability_details = VulnerabilityDetails() vulnerability_details.validate_and_simplify_id() except InvalidIdentifierException as ex: return create_json_response(str(ex), 400) vuln_view = vulnerability_details.vulnerability_view if not vuln_view: return create_json_response("Please create an entry first", 404) if not vuln_view.master_commit: current_app.logger.error( f"Vuln (id: {vuln_view.id}) has no linked Git commits!") return create_json_response("Entry has no linked Git link!", 404) master_commit = vulnerability_details.get_master_commit() old_files = master_commit.repository_files current_app.logger.debug("%d old files", len(old_files)) # Flush any old custom content of this vulnerability first. new_files = [] for file in request.get_json(): for old_file in old_files: if old_file.file_path == file["path"] or \ old_file.file_hash == file["hash"]: current_app.logger.debug( "Found old file: %s", (file["path"], file["hash"], file["name"])) file_obj = old_file break else: current_app.logger.debug( "Creating new file: %s", (file["path"], file["hash"], file["name"])) file_obj = RepositoryFiles( file_name=file["name"], file_path=file["path"], file_patch="DEPRECATED", file_hash=file["hash"], ) # Create comment objects. new_comments = [] for comment in file["comments"]: comment_obj = RepositoryFileComments( row_from=comment["row_from"], row_to=comment["row_to"], text=comment["text"], sort_pos=comment["sort_pos"], creator=g.user, ) new_comments.append(comment_obj) update_file_comments(file_obj, new_comments) # Create marker objects. new_markers = [] for marker in file["markers"]: marker_obj = RepositoryFileMarkers( row_from=marker["row_from"], row_to=marker["row_to"], column_from=marker["column_from"], column_to=marker["column_to"], marker_class=marker["class"], creator=g.user, ) new_markers.append(marker_obj) update_file_markers(file_obj, new_markers) new_files.append(file_obj) current_app.logger.debug("Setting %d files", len(new_files)) master_commit.repository_files = new_files # Update / Insert entries into the database. db.session.commit() return create_json_response("Update successful.")