def listAdd(self): cpe = request.args.get('cpe') cpeType = request.args.get('type') lst = request.args.get('list') isglobal = False if db.isMasterAccount(current_user.get_id()): isglobal = True logging.info( "CPE:{0} cpeType:{1} lst:{2} isglobal:{3} user:{4}".format( cpe, cpeType, lst, isglobal, current_user.get_id())) if cpe and cpeType and lst: status = "added_to_list" if self.addCPEToList( cpe, lst, cpeType, isglobal, current_user.get_id()) else "already_exists_in_list" print(status) returnList = db.getWhitelist(user=current_user.get_id( )) if lst == "Whitelist" else db.getBlacklist( user=current_user.get_id()) pprint(returnList) return jsonify({ "status": status, "rules": returnList, "listType": lst.title() }) else: return jsonify({"status": "could_not_add_to_list"})
def check_is_master(self): if db.isMasterAccount(self.user): return True else: self.error = make_response( jsonify(message="User {} need to be master".format(user)), 400) return False
def masterLogin(): master = input("Master account username: "******"Master password:"), master): if not dbLayer.isMasterAccount(master): sys.exit(exits['noMaster']) else: sys.exit('Master user/password combination does not exist') return True
def admin(self): if Configuration.loginRequired(): if not current_user.is_authenticated(): return render_template('login.html') else: person = User.get("_dummy_", self.auth_handler) login_user(person) output = None master = db.isMasterAccount(current_user.get_id()) checked = ct.checkCronJobExists('cve_search') if os.path.isfile(Configuration.getUpdateLogFile()): with open(Configuration.getUpdateLogFile()) as updateFile: separator = "==========================\n" output = updateFile.read().split(separator)[-2:] output = separator + separator.join(output) return render_template('admin.html', status="default", master=master, checked=checked, **self.adminInfo(output))
def listManagementAdd(self): # retrieve the separate item parts item = request.args.get('item', type=str) pprint("item0 {0}".format(item)) listType = request.args.get('list', type=str) isadmin = db.isMasterAccount(current_user.get_id()) pattern = re.compile('^[a-z:0-9.~_%-]+$') if pattern.match(item): item = item.split(":") added = False if len(item) == 1: # only vendor, so a check on cpe type is needed logging.info( "listManagementAdd: Adding from level 1:{0}".format( item[0])) if self.redisdb.sismember("t:/o", item[0]): if self.addCPEToList("cpe:/o:" + item[0], listType, isglobal=isadmin, user=current_user.get_id()): added = True if self.redisdb.sismember("t:/a", item[0]): if self.addCPEToList("cpe:/a:" + item[0], listType, isglobal=isadmin, user=current_user.get_id()): added = True if self.redisdb.sismember("t:/h", item[0]): if self.addCPEToList("cpe:/h:" + item[0], listType, isglobal=isadmin, user=current_user.get_id()): added = True elif 4 > len(item) > 1: logging.info( "size is bigger than, look for item[1]: {0}".format( item[1])) # cpe type can be found with a mongo regex query result = db.getCVEs(query={'cpe_2_2': { '$regex': item[1] }}, collection="cpe") if len(result) != 0: prefix = ((result[0])['cpe_2_2'])[:7] logging.info( "listManagementAdd: Adding from level 2:{0}{1}{2}". format(prefix, item[0], item[1])) if len(item) == 2: if self.addCPEToList(prefix + item[0] + ":" + item[1], listType, isglobal=isadmin, user=current_user.get_id()): added = True if len(item) == 3: if self.addCPEToList(prefix + item[0] + ":" + item[1] + ":" + item[2], listType, isglobal=isadmin, user=current_user.get_id()): added = True status = "added_to_list" if added else "could_not_add_to_list" else: status = "invalid_cpe" j = {"status": status, "listType": listType} return jsonify(j)