示例#1
0
文件: vulns.py 项目: infobyte/faraday
    def filter(self, workspace_name):
        try:
            filters = json.loads(request.args.get('q'))
        except ValueError as ex:
            flask.abort(400, "Invalid filters")

        workspace = self._get_workspace(workspace_name)
        marshmallow_params = {'many': True, 'context': {}, 'strict': True}
        try:
            normal_vulns = search(db.session,
                                  Vulnerability,
                                  filters)
            normal_vulns = normal_vulns.filter_by(workspace_id=workspace.id)
            normal_vulns = self.schema_class_dict['VulnerabilityWeb'](**marshmallow_params).dumps(normal_vulns.all())
            normal_vulns_data = json.loads(normal_vulns.data)
        except Exception:
            normal_vulns_data = []
        try:
            web_vulns = search(db.session,
                           VulnerabilityWeb,
                           filters)
            web_vulns = web_vulns.filter_by(workspace_id=workspace.id)
            web_vulns = self.schema_class_dict['VulnerabilityWeb'](**marshmallow_params).dumps(web_vulns.all())
            web_vulns_data = json.loads(web_vulns.data)
        except Exception:
            web_vulns_data = []
        return self._envelope_list(normal_vulns_data + web_vulns_data)
示例#2
0
    def filter(self, workspace_name):
        try:
            filters = json.loads(request.args.get('q'))
        except ValueError as ex:
            flask.abort(400, "Invalid filters")

        workspace = self._get_workspace(workspace_name)
        marshmallow_params = {'many': True, 'context': {}, 'strict': True}
        try:
            normal_vulns = search(db.session, Vulnerability, filters)
            normal_vulns = normal_vulns.filter_by(workspace_id=workspace.id)
            normal_vulns = self.schema_class_dict['VulnerabilityWeb'](
                **marshmallow_params).dumps(normal_vulns.all())
            normal_vulns_data = json.loads(normal_vulns.data)
        except Exception:
            normal_vulns_data = []
        try:
            web_vulns = search(db.session, VulnerabilityWeb, filters)
            web_vulns = web_vulns.filter_by(workspace_id=workspace.id)
            web_vulns = self.schema_class_dict['VulnerabilityWeb'](
                **marshmallow_params).dumps(web_vulns.all())
            web_vulns_data = json.loads(web_vulns.data)
        except Exception:
            web_vulns_data = []
        return self._envelope_list(normal_vulns_data + web_vulns_data)
示例#3
0
    def _filter(self, filters, workspace_name, confirmed=False):
        try:
            filters = json.loads(filters)
            filters, hostname_filters = self._hostname_filters(
                filters.get('filters', []))
        except ValueError as ex:
            flask.abort(400, "Invalid filters")
        if confirmed:
            if 'filters' not in filters:
                filters = {}
                filters['filters'] = []
            filters['filters'].append({
                "name": "confirmed",
                "op": "==",
                "val": "true"
            })

        workspace = self._get_workspace(workspace_name)
        marshmallow_params = {'many': True, 'context': {}, 'strict': True}
        try:
            normal_vulns = search(db.session, Vulnerability,
                                  {'filters': filters})
            normal_vulns = normal_vulns.filter_by(workspace_id=workspace.id)
            if hostname_filters:
                or_filters = []
                for hostname_filter in hostname_filters:
                    or_filters.append(Hostname.name == hostname_filter['val'])

                normal_vulns_host = normal_vulns.join(Host).join(
                    Hostname).filter(or_(*or_filters))
                normal_vulns = normal_vulns_host.union(
                    normal_vulns.join(Service).join(Host).join(
                        Hostname).filter(or_(*or_filters)))

            normal_vulns = self.schema_class_dict['VulnerabilityWeb'](
                **marshmallow_params).dumps(normal_vulns.all(),
                                            cls=BytesJSONEncoder)
            normal_vulns_data = json.loads(normal_vulns.data)
        except Exception as ex:
            logger.exception(ex)
            normal_vulns_data = []
        try:
            web_vulns = search(db.session, VulnerabilityWeb,
                               {'filters': filters})
            web_vulns = web_vulns.filter_by(workspace_id=workspace.id)
            if hostname_filters:
                or_filters = []
                for hostname_filter in hostname_filters:
                    or_filters.append(Hostname.name == hostname_filter['val'])

                web_vulns = web_vulns.join(Service).join(Host).join(
                    Hostname).filter(or_(*or_filters))
            web_vulns = self.schema_class_dict['VulnerabilityWeb'](
                **marshmallow_params).dumps(web_vulns.all(),
                                            cls=BytesJSONEncoder)
            web_vulns_data = json.loads(web_vulns.data)
        except Exception as ex:
            logger.exception(ex)
            web_vulns_data = []
        return normal_vulns_data + web_vulns_data