def invalid():
"""Mark the issue as invalid"""
scan_hash = request.form["scan_hash"]
invalid_hash = request.form["invalid_hash"]
if utils.sha2_match_regex(scan_hash) and utils.sha2_match_regex(
invalid_hash):
res = Results.query.filter(Results.scan_hash == scan_hash)
if res.count():
invld = utils.python_list(res[0].invalid)
if invalid_hash not in invld:
invld.append(invalid_hash)
res.update({"invalid": invld})
db_session.commit()
return jsonify({"status": "ok"})
return jsonify({"status": "failed"})
def revert():
"""Revert not an issue to issue"""
scan_hash = request.form["scan_hash"]
finding_hash = request.form["finding_hash"]
if utils.sha2_match_regex(scan_hash) and utils.sha2_match_regex(
finding_hash):
res = Results.query.filter(Results.scan_hash == scan_hash)
if res.count():
reslvd = utils.python_list(res[0].resolved)
if finding_hash in reslvd:
reslvd.remove(finding_hash)
res.update({"resolved": reslvd})
db_session.commit()
return jsonify({"status": "ok"})
return jsonify({"status": "failed"})
def view_file():
"""View File"""
context = {"contents": "not_found"}
path = request.form["path"]
scan_hash = request.form["scan_hash"]
if utils.sha2_match_regex(scan_hash):
res = Results.query.filter(Results.scan_hash == scan_hash).first()
if res:
_, extension = os.path.splitext(path.lower())
if ((extension in settings.SCAN_FILES_EXTENSION)
and (not utils.is_attack_pattern(path))):
path = os.path.join(settings.UPLOAD_FOLDER, path)
if os.path.isfile(path):
contents = utils.unicode_safe_file_read(path)
context = {"contents": contents}
return jsonify(**context)
def delete_scan():
"""View File"""
context = {"status": "failed"}
scan_hash = request.form["scan_hash"]
if utils.sha2_match_regex(scan_hash):
res = Results.query.filter(Results.scan_hash == scan_hash).first()
if res:
locs = utils.python_list(res.locations)
for loc in locs:
shutil.rmtree(loc)
ziploc = os.path.join(app.config['UPLOAD_FOLDER'], res.scan_file)
os.remove(ziploc)
db_session.delete(res)
db_session.commit()
context = {"status": "ok"}
return jsonify(**context)
def search():
"""Search in source files."""
matches = []
context = {}
query = request.form['q']
scan_hash = request.form["scan_hash"]
context = {
'contents': 'not_found',
'matches': matches,
'term': query,
'found': '0',
'scan_hash': ''
}
if utils.sha2_match_regex(scan_hash):
res = Results.query.filter(Results.scan_hash == scan_hash).first()
if res:
locations = utils.python_list(res.locations)
for loc in locations:
for dir_name, _, files in os.walk(loc):
for jfile in files:
_, extension = os.path.splitext(jfile.lower())
if (extension in settings.JS_SCAN_FILE_EXTENSIONS) or (
extension
in settings.OTHER_SCAN_FILE_EXTENSIONS):
file_path = os.path.join(loc, dir_name, jfile)
fileparam = file_path.replace(
settings.UPLOAD_FOLDER, '')
with io.open(file_path,
mode='r',
encoding="utf8",
errors="ignore") as file_pointer:
dat = file_pointer.read()
if query in dat:
matches.append({
"name": jfile,
"path": fileparam
})
context = {
'title': 'Search Results',
'matches': matches,
'term': query,
'found': len(matches),
'scan_hash': scan_hash,
'version': settings.VERSION,
}
return render_template("search.html", **context)
def view_file():
"""View File"""
context = {"contents": "not_found"}
path = request.form["path"]
scan_hash = request.form["scan_hash"]
if utils.sha2_match_regex(scan_hash):
res = Results.query.filter(Results.scan_hash == scan_hash).first()
if res:
safe_dir = settings.UPLOAD_FOLDER
req_path = os.path.join(safe_dir, path)
if os.path.commonprefix(
(os.path.realpath(req_path), safe_dir)) != safe_dir:
context = {"contents": "Path Traversal Detected!"}
else:
if os.path.isfile(req_path):
contents = utils.read_file(req_path)
context = {"contents": contents}
return jsonify(**context)
