def put_scan_control(scan_id):
# Find the scan
scan = scans.find_one({"id": scan_id})
if not scan:
return jsonify(success=False, error='no-such-scan')
# Check if the state is valid
state = request.data
if state not in ('START', 'STOP'):
return jsonify(success=False, error='unknown-state')
# Handle start
if state == 'START':
if scan['state'] != 'CREATED':
return jsonify(success=False, error='invalid-state-transition')
# Queue the scan to start
scans.update({"id": scan_id}, {
"$set": {
"state": "QUEUED",
"queued": datetime.datetime.utcnow()
}
})
tasks.scan.apply_async([scan['id']], countdown=3, queue='scan')
# Handle stop
if state == 'STOP':
scans.update({"id": scan_id}, {
"$set": {
"state": "STOPPING",
"queued": datetime.datetime.utcnow()
}
})
tasks.scan_stop.apply_async([scan['id']], queue='state')
return jsonify(success=True)
def get_issues():
issue_codes = request.args.getlist('issue_code')
issues = []
group = groups.find_one({'name': request.args.get('group_name')})
if group is not None:
for target in group['sites']:
scan = scans.find_one({"plan.name": request.args.get('plan_name'),
"configuration.target": target,
"state": "FINISHED",
"sessions.issues.Code": {"$in": issue_codes}},
{"id": 1, "created": 1, "started": 1, "finished": 1,
"configuration.target": 1, "sessions.issues.$": 1})
if scan:
hit = {"site": {"url": scan["configuration"]["target"]},
"scan": {"id": scan["id"],
"created": sanitize_time(scan["created"]),
"started": sanitize_time(scan["started"]),
"finished": sanitize_time(scan["finished"]),
"sessions": []}}
for session in scan["sessions"]:
s = {"plugin": {"class": session["plugin"]["class"]}, "issues": []}
for issue in session['issues']:
if issue['Code'] in issue_codes:
s["issues"].append({"summary": issue["Summary"], "id": issue["Id"], "code": issue["Code"]})
hit["scan"]["sessions"].append(s)
issues.append(hit)
return jsonify(success=True, issues=issues)
def has_permission(*args, **kwargs):
email = request.args.get('email')
if email:
user = users.find_one({'email': email})
if not user:
return jsonify(success=False, reason='user-does-not-exist')
scan = scans.find_one({"id": kwargs['scan_id']})
if user['role'] == 'user':
groupz = groups.find({'users': email, 'sites': scan['configuration']['target']})
if not groupz.count():
return jsonify(success=False, reason='not-found')
return view(*args, **kwargs) # if groupz.count is not zero, or user is admin
def has_permission(*args, **kwargs):
email = request.args.get("email")
# If the task is scheduled by crontab, proceed with the task
if email == "cron":
return view(*args, **kwargs)
if email:
user = users.find_one({"email": email})
if not user:
return jsonify(success=False, reason="user-does-not-exist")
scan = scans.find_one({"id": kwargs["scan_id"]})
if user["role"] == "user":
groupz = groups.find({"users": email, "sites": scan["configuration"]["target"]})
if not groupz.count():
return jsonify(success=False, reason="not-found")
return view(*args, **kwargs) # if groupz.count is not zero, or user is admin
def has_permission(*args, **kwargs):
email = request.args.get('email')
# If the task is scheduled by crontab, proceed with the task
if email == 'cron':
return view(*args, **kwargs)
if email:
user = users.find_one({'email': email})
if not user:
return jsonify(success=False, reason='user-does-not-exist')
scan = scans.find_one({"id": kwargs['scan_id']})
if user['role'] == 'user':
groupz = groups.find({
'users': email,
'sites': scan['configuration']['target']
})
if not groupz.count():
return jsonify(success=False, reason='not-found')
return view(*args,
**kwargs) # if groupz.count is not zero, or user is admin
def put_scan_control(scan_id):
# Find the scan
scan = scans.find_one({"id": scan_id})
if not scan:
return jsonify(success=False, error='no-such-scan')
# Check if the state is valid
state = request.data
if state not in ('START', 'STOP'):
return jsonify(success=False, error='unknown-state')
# Handle start
if state == 'START':
if scan['state'] != 'CREATED':
return jsonify(success=False, error='invalid-state-transition')
# Queue the scan to start
scans.update({"id": scan_id}, {"$set": {"state": "QUEUED", "queued": datetime.datetime.utcnow()}})
tasks.scan.apply_async([scan['id']], countdown=3, queue='scan')
# Handle stop
if state == 'STOP':
scans.update({"id": scan_id}, {"$set": {"state": "STOPPING", "queued": datetime.datetime.utcnow()}})
tasks.scan_stop.apply_async([scan['id']], queue='state')
return jsonify(success=True)
def put_scan_control(scan_id):
# Find the scan
scan = scans.find_one({"id": scan_id})
if not scan:
return jsonify(success=False, error="no-such-scan")
# Check if the state is valid
state = request.data
if state not in ("START", "STOP"):
return jsonify(success=False, error="unknown-state")
# Handle start
if state == "START":
if scan["state"] != "CREATED":
return jsonify(success=False, error="invalid-state-transition")
# Queue the scan to start
scans.update({"id": scan_id}, {"$set": {"state": "QUEUED", "queued": datetime.datetime.utcnow()}})
tasks.scan.apply_async([scan["id"]], countdown=3, queue="scan")
# Handle stop
if state == "STOP":
scans.update({"id": scan_id}, {"$set": {"state": "STOPPING", "queued": datetime.datetime.utcnow()}})
tasks.scan_stop.apply_async([scan["id"]], queue="state")
return jsonify(success=True)
def get_scan_summary(scan_id):
scan = scans.find_one({"id": scan_id})
if not scan:
return jsonify(success=False, reason='not-found')
return jsonify(success=True, summary=summarize_scan(sanitize_scan(scan)))
def get_scan_summary(scan_id):
scan = scans.find_one({"id": scan_id})
if not scan:
return jsonify(success=False, reason='not-found')
return jsonify(success=True, summary=summarize_scan(sanitize_scan(scan)))
def get_scan(scan_id):
scan = scans.find_one({"id": scan_id})
if not scan:
return jsonify(success=False, reason="not-found")
return jsonify(success=True, scan=sanitize_scan(scan))
