def authErrors(): # Check auth if not request.headers.get('Authorization'): return ({'status': 'error', 'reason': 'Authentication needed'}, 401) method, name, token = Advanced_API.getAuth() data = None if method.lower() not in ['basic', 'token', 'session', 'bearer']: data = ({'status': 'error', 'reason': 'Authorization method not allowed'}, 400) else: try: authenticated = False if method.lower() == 'basic': authenticator = AuthenticationHandler() if authenticator.validateUser(name, token): authenticated = True elif method.lower() == 'bearer': authenticated, name = db.isBearerAuthenticated(token) elif method.lower() == 'token': if db.getToken(name) == token: authenticated = True elif method.lower() == 'session': authenticator = AuthenticationHandler() if authenticator.api_sessions.get(name) == token: authenticated = True if not authenticated: data = ({'status': 'error', 'reason': 'Authentication failed'}, 401) except Exception as e: print(e) data = ({'status': 'error', 'reason': 'Malformed Authentication String'}, 400) if data: return data else: return None
def authErrors(): # Check auth if not request.headers.get('Authorization'): return ({'status': 'error', 'reason': 'Authentication needed'}, 401) method, name, token = Advanced_API.getAuth() data = None if method.lower() not in ['basic', 'token', 'session']: data = ({'status': 'error', 'reason': 'Authorization method not allowed'}, 400) else: try: authenticated = False if method.lower() == 'basic': authenticator = AuthenticationHandler() if authenticator.validateUser(name, token): authenticated = True elif method.lower() == 'token': if db.getToken(name) == token: authenticated = True elif method.lower() == 'session': authenticator = AuthenticationHandler() if authenticator.api_sessions.get(name) == token: authenticated = True if not authenticated: data = ({'status': 'error', 'reason': 'Authentication failed'}, 401) except Exception as e: print(e) data = ({'status': 'error', 'reason': 'Malformed Authentication String'}, 400) if data: return data else: return None
def authErrors(self): # Check auth if not request.headers.get("Authorization"): return ({ "status": "error", "reason": "Authentication needed" }, 401) method, name, token = Advanced_API.getAuth() data = None if method.lower() not in ["basic", "token", "session"]: data = ( { "status": "error", "reason": "Authorization method not allowed" }, 400, ) else: try: authenticated = False if method.lower() == "basic": authenticator = AuthenticationHandler() if authenticator.validateUser(name, token): authenticated = True elif method.lower() == "token": if db.getToken(name) == token: authenticated = True elif method.lower() == "session": authenticator = AuthenticationHandler() if authenticator.api_sessions.get(name) == token: authenticated = True if not authenticated: data = ({ "status": "error", "reason": "Authentication failed" }, 401) except Exception as e: print(e) data = ( { "status": "error", "reason": "Malformed Authentication String" }, 400, ) if data: return data else: return None
def authErrors(): db = DatabaseLayer( ) # Required to circumvent the use of self, because of this being a wrapper (This is one reason to use a singleton ;) ) # Check auth if not request.headers.get('Authorization'): return ({ 'status': 'error', 'reason': 'Authentication needed' }, 401) method, name, token = Advanced_API.getAuth() data = None if method.lower() not in ['basic', 'token', 'session']: data = ({ 'status': 'error', 'reason': 'Authorization method not allowed' }, 400) else: try: authenticated = False if method.lower() == 'basic': authenticator = AuthenticationHandler() if authenticator.validateUser(name, token): authenticated = True elif method.lower() == 'token': if db.Users.getToken(name) == token: authenticated = True elif method.lower() == 'session': authenticator = AuthenticationHandler() if authenticator.api_sessions.get(name) == token: authenticated = True if not authenticated: data = ({ 'status': 'error', 'reason': 'Authentication failed' }, 401) except Exception as e: print(e) data = ({ 'status': 'error', 'reason': 'Malformed Authentication String' }, 400) if data: return data else: return None
def __init__(self): # TODO: make auth handler and plugin manager singletons Advanced_API.__init__(self) Minimal.__init__(self) self.minimal = False self.auth_handler = AuthenticationHandler() self.plugManager = PluginManager() self.login_manager = LoginManager() self.plugManager.loadPlugins() self.login_manager.init_app(self.app) self.login_manager.user_loader(self.load_user) self.redisdb = Configuration.getRedisVendorConnection() self.defaultFilters.update({'blacklistSelect': 'on', 'whitelistSelect': 'on', 'unlistedSelect': 'show',}) self.args.update({'minimal': False}) self.pluginArgs = {"current_user": current_user, "plugin_manager": self.plugManager} routes = [{'r': '/cve/<cveid>', 'm': ['GET'], 'f': self.cve}, {'r': '/_get_plugins', 'm': ['GET'], 'f': self._get_plugins}, {'r': '/plugin/_get_cve_actions', 'm': ['GET'], 'f': self._get_cve_actions}, {'r': '/plugin/<plugin>', 'm': ['GET'], 'f': self.openPlugin}, {'r': '/plugin/<plugin>/subpage/<page>', 'm': ['GET'], 'f': self.openPluginSubpage}, {'r': '/plugin/<plugin>/_cve_action/<action>', 'm': ['GET'], 'f': self._jsonCVEAction}, {'r': '/login', 'm': ['POST'], 'f': self.login_check}, {'r': '/logout', 'm': ['POST'], 'f': self.logout}, {'r': '/admin', 'm': ['GET'], 'f': self.admin}, {'r': '/admin/', 'm': ['GET'], 'f': self.admin}, {'r': '/admin/change_pass', 'm': ['GET'], 'f': self.change_pass}, {'r': '/admin/request_token', 'm': ['GET'], 'f': self.request_token}, {'r': '/admin/updatedb', 'm': ['GET'], 'f': self.updatedb}, {'r': '/admin/whitelist/import', 'm': ['POST'], 'f': self.listImport}, {'r': '/admin/blacklist/import', 'm': ['POST'], 'f': self.listImport}, {'r': '/admin/whitelist/export', 'm': ['GET'], 'f': self.listExport}, {'r': '/admin/blacklist/export', 'm': ['GET'], 'f': self.listExport}, {'r': '/admin/whitelist/drop', 'm': ['POST'], 'f': self.listDrop}, {'r': '/admin/blacklist/drop', 'm': ['POST'], 'f': self.listDrop}, {'r': '/admin/whitelist', 'm': ['GET'], 'f': self.listView}, {'r': '/admin/blacklist', 'm': ['GET'], 'f': self.listView}, {'r': '/admin/addToList', 'm': ['GET'], 'f': self.listAdd}, {'r': '/admin/removeFromList', 'm': ['GET'], 'f': self.listRemove}, {'r': '/admin/editInList', 'm': ['GET'], 'f': self.listEdit}, {'r': '/admin/listmanagement', 'm': ['GET'], 'f': self.listManagement}, {'r': '/admin/listmanagement/<vendor>', 'm': ['GET'], 'f': self.listManagement}, {'r': '/admin/listmanagement/<vendor>/<product>', 'm': ['GET'], 'f': self.listManagement}, {'r': '/admin/listmanagement/add', 'm': ['GET'], 'f': self.listManagementAdd}, {'r': '/login', 'm': ['POST'], 'f': self.login_check}, {'r': '/ViewCveSlack', 'm': ['POST'], 'f': self.slack_cve}, {'r': '/ViewCveSlack', 'm': ['GET'], 'f': self.slack_cve}] for route in routes: self.addRoute(route)
def __init__(self): Advanced_API.__init__(self) Minimal.__init__(self) self.minimal = False self.auth_handler = AuthenticationHandler() self.plugManager = PluginManager() self.login_manager = LoginManager() self.plugManager.loadPlugins() self.login_manager.init_app(self.app) self.login_manager.user_loader(self.load_user) self.redisdb = Configuration.getRedisVendorConnection() self.args.update({'minimal': False}) self.pluginArgs = { "current_user": current_user, "plugin_manager": self.plugManager }
def api_admin_start_session(self): method, name, key = Advanced_API.getAuth() return AuthenticationHandler().new_api_session(name)
def api_admin_get_session(self): method, name, key = Advanced_API.getAuth() _session = AuthenticationHandler().get_api_session(name) if not _session: raise (APIError("Session not started", 412)) return _session
from sbin.db_blacklist import * # parse command line arguments argparser = argparse.ArgumentParser( description='Start CVE-Search web component') argparser.add_argument('-v', action='store_true', help='verbose output') args = argparser.parse_args() # variables app = Flask(__name__, static_folder='static', static_url_path='/static') app.config['MONGO_DBNAME'] = Configuration.getMongoDB() app.config['SECRET_KEY'] = str(random.getrandbits(256)) pageLength = Configuration.getPageLength() listLogin = Configuration.listLoginRequired() plugManager = PluginManager() auth_handler = AuthenticationHandler() defaultFilters = { 'blacklistSelect': 'on', 'whitelistSelect': 'on', 'unlistedSelect': 'show', 'timeSelect': 'all', 'startDate': '', 'endDate': '', 'timeTypeSelect': 'Modified', 'cvssSelect': 'all', 'cvss': '', 'rejectedSelect': 'hide' } # login manager login_manager = LoginManager()
def __init__(self): # TODO: make auth handler and plugin manager singletons Advanced_API.__init__(self) Minimal.__init__(self) self.minimal = False self.auth_handler = AuthenticationHandler() self.plugManager = PluginManager() self.login_manager = LoginManager() self.plugManager.loadPlugins() self.login_manager.init_app(self.app) self.login_manager.user_loader(self.load_user) self.redisdb = Configuration.getRedisVendorConnection() self.defaultFilters.update({ "blacklistSelect": "on", "whitelistSelect": "on", "unlistedSelect": "show", }) self.args.update({"minimal": False}) self.pluginArgs = { "current_user": current_user, "plugin_manager": self.plugManager, } routes = [ { "r": "/cve/<cveid>", "m": ["GET"], "f": self.cve }, { "r": "/_get_plugins", "m": ["GET"], "f": self._get_plugins }, { "r": "/plugin/_get_cve_actions", "m": ["GET"], "f": self._get_cve_actions }, { "r": "/plugin/<plugin>", "m": ["GET"], "f": self.openPlugin }, { "r": "/plugin/<plugin>/subpage/<page>", "m": ["GET"], "f": self.openPluginSubpage, }, { "r": "/plugin/<plugin>/_cve_action/<action>", "m": ["GET"], "f": self._jsonCVEAction, }, { "r": "/login", "m": ["POST"], "f": self.login_check }, { "r": "/logout", "m": ["GET"], "f": self.logout }, { "r": "/admin", "m": ["GET"], "f": self.admin }, { "r": "/admin/", "m": ["GET"], "f": self.admin }, { "r": "/admin/change_pass", "m": ["GET"], "f": self.change_pass }, { "r": "/admin/request_token", "m": ["GET"], "f": self.request_token }, { "r": "/admin/updatedb", "m": ["GET"], "f": self.updatedb }, { "r": "/admin/whitelist/import", "m": ["POST"], "f": self.listImport }, { "r": "/admin/blacklist/import", "m": ["POST"], "f": self.listImport }, { "r": "/admin/whitelist/export", "m": ["GET"], "f": self.listExport }, { "r": "/admin/blacklist/export", "m": ["GET"], "f": self.listExport }, { "r": "/admin/whitelist/drop", "m": ["POST"], "f": self.listDrop }, { "r": "/admin/blacklist/drop", "m": ["POST"], "f": self.listDrop }, { "r": "/admin/whitelist", "m": ["GET"], "f": self.listView }, { "r": "/admin/blacklist", "m": ["GET"], "f": self.listView }, { "r": "/admin/addToList", "m": ["GET"], "f": self.listAdd }, { "r": "/admin/removeFromList", "m": ["GET"], "f": self.listRemove }, { "r": "/admin/editInList", "m": ["GET"], "f": self.listEdit }, { "r": "/admin/listmanagement", "m": ["GET"], "f": self.listManagement }, { "r": "/admin/listmanagement/<vendor>", "m": ["GET"], "f": self.listManagement, }, { "r": "/admin/listmanagement/<vendor>/<product>", "m": ["GET"], "f": self.listManagement, }, { "r": "/admin/listmanagement/add", "m": ["GET"], "f": self.listManagementAdd, }, { "r": "/login", "m": ["POST"], "f": self.login_check }, ] for route in routes: self.addRoute(route)