def get(self):
"""Download all vulnerability list"""
schema = VulnListInputSchema(only=["tz_offset", "fix_required", "keyword"])
params, errors = schema.load(request.args)
if errors:
abort(400, errors)
vuln_query = VulnTable.select(
VulnTable.oid,
VulnTable.fix_required,
VulnTable.advice,
VulnTable.created_at,
VulnTable.updated_at,
ResultTable.name,
ResultTable.cvss_base,
ResultTable.cve,
ResultTable.description,
).join(ResultTable, on=(VulnTable.oid == ResultTable.oid))
if "fix_required" in params and len(params["fix_required"]) > 0:
vuln_query = vuln_query.where(VulnTable.fix_required == params["fix_required"])
if "keyword" in params and len(params["keyword"]) > 0:
vuln_query = vuln_query.where(
(VulnTable.oid ** "%{}%".format(params["keyword"]))
| (ResultTable.name ** "%{}%".format(params["keyword"]))
)
vuln_query = vuln_query.group_by(
VulnTable.oid,
VulnTable.fix_required,
VulnTable.advice,
VulnTable.created_at,
VulnTable.updated_at,
ResultTable.name,
ResultTable.cvss_base,
ResultTable.cve,
ResultTable.description,
)
vuln_query = vuln_query.order_by(VulnTable.oid.desc())
output = ""
with tempfile.TemporaryFile("r+") as f:
writer = csv.DictWriter(
f, VulneravilityListDownload.VULNERABILITY_CSV_COLUMNS, extrasaction="ignore"
)
writer.writeheader()
for vuln in vuln_query.dicts():
vuln["description"] = Utils.format_openvas_description(vuln["description"])
vuln["created_at"] = vuln["created_at"] + timedelta(minutes=params["tz_offset"])
vuln["updated_at"] = vuln["updated_at"] + timedelta(minutes=params["tz_offset"])
writer.writerow(vuln)
f.flush()
f.seek(0)
output += f.read()
headers = {"Content-Type": "text/csv", "Content-Disposition": "attachment"}
return Response(response=output, status=200, headers=headers)
def get(self, audit_uuid):
"""Download the specified audit result"""
schema = AuditDownloadInputSchema()
params, errors = schema.load(request.args)
if errors:
abort(400, errors)
audit_query = AuditTable.select().where(AuditTable.uuid == audit_uuid)
audit = audit_query.dicts()[0]
output = audit["name"] + "\n" + audit["description"] + "\n\n"
scan_ids = []
for scan in audit_query[0].scans.dicts():
if scan["processed"] is True:
scan_ids.append(scan["id"])
results = (ResultTable.select(
ResultTable, ScanTable, VulnTable).join(ScanTable).join(
VulnTable, on=(ResultTable.oid == VulnTable.oid)).where(
ResultTable.scan_id.in_(scan_ids)).order_by(
ResultTable.scan_id))
with tempfile.TemporaryFile("r+") as f:
writer = csv.DictWriter(f,
AuditDownload.AUDIT_CSV_COLUMNS,
extrasaction="ignore")
writer.writeheader()
for result in results.dicts():
result["started_at"] = result["started_at"] + timedelta(
minutes=params["tz_offset"])
result["ended_at"] = result["ended_at"] + timedelta(
minutes=params["tz_offset"])
result["description"] = Utils.format_openvas_description(
result["description"])
writer.writerow(result)
f.flush()
f.seek(0)
output += f.read()
headers = {
"Content-Type": "text/csv",
"Content-Disposition": "attachment"
}
return Response(response=output, status=200, headers=headers)
