def post(self):
"""Handle a post request."""
if not auth.get_current_user():
raise helpers.AccessDeniedException()
project = request.get('project')
fuzz_target = request.get('fuzz_target')
stacktrace = request.get('stacktrace')
state = stack_analyzer.get_crash_data(stacktrace,
symbolize_flag=False,
fuzz_target=fuzz_target,
already_symbolized=True,
detect_ooms_and_hangs=True)
security_flag = crash_analyzer.is_security_issue(
state.crash_stacktrace, state.crash_type, state.crash_address)
if data_handler.find_testcase(project, state.crash_type,
state.crash_state, security_flag):
new_or_duplicate = 'duplicate'
else:
new_or_duplicate = 'new'
return self.render_json({
'result': new_or_duplicate,
'state': state.crash_state,
'type': state.crash_type,
'security': security_flag,
})
def get_access(need_privileged_access=False, job_type=None, fuzzer_name=None):
"""Return 'allowed', 'redirected', or 'failed'."""
if auth.is_current_user_admin():
return UserAccess.Allowed
user = auth.get_current_user()
if not user:
return UserAccess.Redirected
email = user.email
if _is_blacklisted_user(email):
return UserAccess.Denied
if _is_privileged_user(email):
return UserAccess.Allowed
if job_type and external_users.is_job_allowed_for_user(email, job_type):
return UserAccess.Allowed
if (fuzzer_name
and external_users.is_fuzzer_allowed_for_user(email, fuzzer_name)):
return UserAccess.Allowed
if not need_privileged_access and _is_domain_allowed(email):
return UserAccess.Allowed
return UserAccess.Denied
def wrapper(self, *args, **kwargs):
"""Check to see if this handler has a valid CSRF token provided to it."""
token_value = self.request.get('csrf_token')
user = auth.get_current_user()
if not user:
raise helpers.AccessDeniedException('Not logged in.')
query = data_types.CSRFToken.query(
data_types.CSRFToken.value == token_value,
data_types.CSRFToken.user_email == user.email)
token = query.get()
if not token:
raise helpers.AccessDeniedException('Invalid CSRF token.')
# Make sure that the token is not expired.
if token.expiration_time < datetime.datetime.utcnow():
token.key.delete()
raise helpers.AccessDeniedException('Expired CSRF token.')
return func(self, *args, **kwargs)
def post(self):
"""Handle a post request."""
if not auth.get_current_user():
raise helpers.AccessDeniedException()
project = request.get('project')
fuzz_target = request.get('fuzz_target')
stacktrace = request.get('stacktrace')
state = stack_analyzer.get_crash_data(
stacktrace,
symbolize_flag=False,
fuzz_target=fuzz_target,
already_symbolized=True,
detect_ooms_and_hangs=True)
security_flag = crash_analyzer.is_security_issue(
state.crash_stacktrace, state.crash_type, state.crash_address)
result = {
'state': state.crash_state,
'type': state.crash_type,
'security': security_flag,
}
duplicate_testcase = data_handler.find_testcase(
project, state.crash_type, state.crash_state, security_flag)
if duplicate_testcase:
result['result'] = 'duplicate'
result['duplicate_id'] = duplicate_testcase.key.id()
bug_id = (
duplicate_testcase.bug_information or
duplicate_testcase.group_bug_information)
if bug_id:
result['bug_id'] = str(bug_id)
else:
result['result'] = 'new'
return self.render_json(result)
def get_user_email():
"""Returns currently logged-in user's email."""
try:
return auth.get_current_user().email
except Exception:
return ''
def post(self):
email = ''
if auth.get_current_user():
email = auth.get_current_user().email
return self.render_json({'data': email})
