示例#1
0
def url_gen_query(session, criteria, target_id, for_stats=False):
    """Generate query based on criteria and target ID

    :param criteria: Filter criteria
    :type criteria: `dict`
    :param target_id: Target ID
    :type target_id: `int`
    :param for_stats: True/False
    :type for_stats: `bool`
    :return:
    :rtype:
    """
    query = session.query(models.Url).filter_by(target_id=target_id)
    # Check if criteria is url search
    if criteria.get('search', None):
        if criteria.get('url', None):
            if isinstance(criteria.get('url'), list):
                criteria['url'] = criteria['url'][0]
            query = query.filter(
                models.Url.url.like('%%%s%%' % criteria['url']))
    else:  # If not search
        if criteria.get('url', None):
            if isinstance(criteria.get('url'), str):
                query = query.filter_by(url=criteria['url'])
            if isinstance(criteria.get('url'), list):
                query = query.filter(models.Url.url.in_(criteria['url']))
    # For the following section doesn't matter if filter/search because
    # it doesn't make sense to search in a boolean column :P
    if criteria.get('visited', None):
        if isinstance(criteria.get('visited'), list):
            criteria['visited'] = criteria['visited'][0]
        query = query.filter_by(visited=str2bool(criteria['visited']))
    if criteria.get('scope', None):
        if isinstance(criteria.get('scope'), list):
            criteria['scope'] = criteria['scope'][0]
        query = query.filter_by(scope=str2bool(criteria['scope']))
    if not for_stats:  # Query for stats can't have limit and offset
        try:
            if criteria.get('offset', None):
                if isinstance(criteria.get('offset'), list):
                    criteria['offset'] = criteria['offset'][0]
                query = query.offset(int(criteria['offset']))
            if criteria.get('limit', None):
                if isinstance(criteria.get('limit'), list):
                    criteria['limit'] = criteria['limit'][0]
                query = query.limit(int(criteria['limit']))
        except ValueError:
            raise InvalidParameterType(
                "Invalid parameter type for transaction db")
    return query
示例#2
0
def target_gen_query(session, filter_data, session_id, for_stats=False):
    """Generate query

    :param filter_data: Filter data
    :type filter_data: `dict`
    :param session_id: session ID
    :type session_id: `int`
    :param for_stats: true/false
    :type for_stats: `bool`
    :return:
    :rtype:
    """
    query = session.query(models.Target).filter(models.Target.sessions.any(id=session_id))
    if filter_data.get("search") is not None:
        if filter_data.get('target_url', None):
            if isinstance(filter_data.get('target_url'), list):
                filter_data['target_url'] = filter_data['target_url'][0]
            query = query.filter(models.Target.target_url.like("%%%s%%" % filter_data['target_url']))
    else:
        if filter_data.get("target_url", None):
            if isinstance(filter_data["target_url"], str):
                query = query.filter_by(target_url=filter_data["target_url"])
            if isinstance(filter_data["target_url"], list):
                query = query.filter(models.Target.target_url.in_(filter_data.get("target_url")))
        if filter_data.get("host_ip", None):
            if isinstance(filter_data["host_ip"], str):
                query = query.filter_by(host_ip=filter_data["host_ip"])
            if isinstance(filter_data["host_ip"], list):
                query = query.filter(models.Target.host_ip.in_(filter_data.get("host_ip")))
        if filter_data.get("scope", None):
            filter_data["scope"] = filter_data["scope"][0]
            query = query.filter_by(scope=str2bool(filter_data.get("scope")))
        if filter_data.get("host_name", None):
            if isinstance(filter_data["host_name"], str):
                query = query.filter_by(host_name=filter_data["host_name"])
            if isinstance(filter_data["host_name"], list):
                query = query.filter(models.Target.host_name.in_(filter_data.get("host_name")))
        if filter_data.get("id", None):
            if isinstance(filter_data["id"], str):
                query = query.filter_by(id=filter_data["id"])
            if isinstance(filter_data["id"], list):
                query = query.filter(models.Target.id.in_(filter_data.get("id")))
    # This will allow new targets to be at the start
    query = query.order_by(models.Target.id.desc())
    if not for_stats:  # query for stats shouldn't have limit and offset
        try:
            if filter_data.get('offset', None):
                if isinstance(filter_data.get('offset'), list):
                    filter_data['offset'] = filter_data['offset'][0]
                query = query.offset(int(filter_data['offset']))
            if filter_data.get('limit', None):
                if isinstance(filter_data.get('limit'), list):
                    filter_data['limit'] = filter_data['limit'][0]
                if int(filter_data['limit']) != -1:
                    query = query.limit(int(filter_data['limit']))
        except ValueError:
            raise InvalidParameterType("Invalid parameter type for target db for id[lt] or id[gt]")
    return query
示例#3
0
def gen_query_error(session, criteria):
    """Generates the ORM query using the criteria

    :param criteria: Filter criteria
    :type criteria: `dict`
    :return:
    :rtype:
    """
    query = session.query(models.Error)
    if criteria.get('reported', None):
        if isinstance(criteria.get('reported'), list):
            criteria['reported'] = criteria['reported'][0]
        query = query.filter_by(reported=str2bool(criteria['reported']))
    return query
示例#4
0
文件: session.py 项目: alienus/owtf
def session_generate_query(session, filter_data=None):
    """Generate query based on filter data

    :param filter_data: Filter data
    :type filter_data: `dict`
    :return:
    :rtype:
    """
    if filter_data is None:
        filter_data = {}
    query = session.query(models.Session)
    # it doesn't make sense to search in a boolean column :P
    if filter_data.get('active', None):
        if isinstance(filter_data.get('active'), list):
            filter_data['active'] = filter_data['active'][0]
        query = query.filter_by(active=str2bool(filter_data['active']))
    return query.order_by(models.Session.id)
示例#5
0
 def post(self, work_id=None, action=None):
     if work_id is not None or action is not None:
         tornado.web.HTTPError(400)
     try:
         filter_data = dict(self.request.arguments)
         if not filter_data:
             raise tornado.web.HTTPError(400)
         plugin_list = get_all_plugin_dicts(self.session, filter_data)
         target_list = get_target_config_dicts(self.session, filter_data)
         if (not plugin_list) or (not target_list):
             raise tornado.web.HTTPError(400)
         force_overwrite = str2bool(
             self.get_argument("force_overwrite", "False"))
         add_work(self.session,
                  target_list,
                  plugin_list,
                  force_overwrite=force_overwrite)
         self.set_status(201)
     except exceptions.InvalidTargetReference:
         raise tornado.web.HTTPError(400)
     except exceptions.InvalidParameterType:
         raise tornado.web.HTTPError(400)
示例#6
0
def update_target(session, data_dict, target_url=None, id=None):
    """Update a target in the DB

    :param data_dict: Modified data
    :type data_dict: `dict`
    :param target_url: Target url
    :type target_url: `str`
    :param id: Target ID
    :type id: `int`
    :return: None
    :rtype: None
    """
    target_obj = None
    if id:
        target_obj = session.query(models.Target).get(id)
    if target_url:
        target_obj = session.query(models.Target).filter_by(target_url=target_url).one()
    if not target_obj:
        raise InvalidTargetReference("2. Target doesn't exist: %s" % str(id) if id else str(target_url))
    # TODO: Updating all related attributes when one attribute is changed
    if data_dict.get("scope", None) is not None:
        target_obj.scope = str2bool(data_dict.get("scope", None))
    session.commit()
示例#7
0
文件: config.py 项目: alienus/owtf
def config_gen_query(session, criteria):
    """Generate query

    :param criteria: Filter criteria
    :type criteria: `dict`
    :return:
    :rtype:
    """
    query = session.query(models.ConfigSetting)
    if criteria.get("key", None):
        if isinstance(criteria["key"], str):
            query = query.filter_by(key=criteria["key"])
        if isinstance(criteria["key"], list):
            query = query.filter(models.ConfigSetting.key.in_(criteria["key"]))
    if criteria.get("section", None):
        if isinstance(criteria["section"], str):
            query = query.filter_by(section=criteria["section"])
        if isinstance(criteria["section"], list):
            query = query.filter(models.ConfigSetting.section.in_(criteria["section"]))
    if criteria.get('dirty', None):
        if isinstance(criteria.get('dirty'), list):
            criteria['dirty'] = criteria['dirty'][0]
        query = query.filter_by(dirty=str2bool(criteria['dirty']))
    return query.order_by(models.ConfigSetting.key)
示例#8
0
def transaction_gen_query(session, criteria, target_id, for_stats=False):
    """Generate query based on criteria

    :param criteria: Filter criteria
    :type criteria: `dict`
    :param target_id: Target ID
    :type target_id: `int`
    :param for_stats: True/False
    :type for_stats: `bool`
    :return:
    :rtype:
    """
    query = session.query(models.Transaction).filter_by(target_id=target_id)
    # If transaction search is being done
    if criteria.get('search', None):
        if criteria.get('url', None):
            if isinstance(criteria.get('url'), list):
                criteria['url'] = criteria['url'][0]
            query = query.filter(
                models.Transaction.url.like('%%%s%%' % criteria['url']))
        if criteria.get('method', None):
            if isinstance(criteria.get('method'), list):
                criteria['method'] = criteria['method'][0]
            query = query.filter(
                models.Transaction.method.like('%%%s%%' %
                                               criteria.get('method')))
        if criteria.get('data', None):
            if isinstance(criteria.get('data'), list):
                criteria['data'] = criteria['data'][0]
            query = query.filter(
                models.Transaction.data.like('%%%s%%' % criteria.get('data')))
        if criteria.get('raw_request', None):
            if isinstance(criteria.get('raw_request'), list):
                criteria['raw_request'] = criteria['raw_request'][0]
            query = query.filter(
                models.Transaction.raw_request.like(
                    '%%%s%%' % criteria.get('raw_request')))
        if criteria.get('response_status', None):
            if isinstance(criteria.get('response_status'), list):
                criteria['response_status'] = criteria['response_status'][0]
            query = query.filter(
                models.Transaction.response_status.like(
                    '%%%s%%' % criteria.get('response_status')))
        if criteria.get('response_headers', None):
            if isinstance(criteria.get('response_headers'), list):
                criteria['response_headers'] = criteria['response_headers'][0]
            query = query.filter(
                models.Transaction.response_headers.like(
                    '%%%s%%' % criteria.get('response_headers')))
        if criteria.get('response_body', None):
            if isinstance(criteria.get('response_body'), list):
                criteria['response_body'] = criteria['response_body'][0]
            query = query.filter(
                models.Transaction.binary_response is False,
                models.Transaction.response_body.like(
                    '%%%s%%' % criteria.get('response_body')))
    else:  # If transaction filter is being done
        if criteria.get('url', None):
            if isinstance(criteria.get('url'), str):
                query = query.filter_by(url=criteria['url'])
            if isinstance(criteria.get('url'), list):
                query = query.filter(
                    models.Transaction.url.in_(criteria.get('url')))
        if criteria.get('method', None):
            if isinstance(criteria.get('method'), str):
                query = query.filter_by(method=criteria['method'])
            if isinstance(criteria.get('method'), list):
                query = query.filter(
                    models.Transaction.method.in_(criteria.get('method')))
        if criteria.get('data', None):
            if isinstance(criteria.get('data'), str):
                query = query.filter_by(data=criteria['data'])
            if isinstance(criteria.get('data'), list):
                query = query.filter(
                    models.Transaction.data.in_(criteria.get('data')))
    # For the following section doesn't matter if filter/search because
    # it doesn't make sense to search in a boolean column :P
    if criteria.get('scope', None):
        if isinstance(criteria.get('scope'), list):
            criteria['scope'] = criteria['scope'][0]
        query = query.filter_by(scope=str2bool(criteria['scope']))
    if criteria.get('binary_response', None):
        if isinstance(criteria.get('binary_response'), list):
            criteria['binary_response'] = criteria['binary_response'][0]
        query = query.filter_by(
            binary_response=str2bool(criteria['binary_response']))
    if not for_stats:  # query for stats shouldn't have limit and offset
        try:
            query.order_by(models.Transaction.local_timestamp)
            if criteria.get('offset', None):
                if isinstance(criteria.get('offset'), list):
                    criteria['offset'] = int(criteria['offset'][0])
                if criteria['offset'] >= 0:
                    query = query.offset(criteria['offset'])
            if criteria.get('limit', None):
                if isinstance(criteria.get('limit'), list):
                    criteria['limit'] = int(criteria['limit'][0])
                if criteria['limit'] >= 0:
                    query = query.limit(criteria['limit'])
            else:  # It is too dangerous without a limit argument
                query.limit(10)  # Default limit value is 10
        except ValueError:
            raise InvalidParameterType(
                "Invalid parameter type for transaction db")
    return query