Mercurial > farol > farol
annotate farol/main.py @ 167:000114da182d
New lifting for the 'new' page
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Mon, 05 Jan 2015 11:38:46 +0100 |
parents | 4d8218fbe686 |
children | 964d7caf70b0 |
rev | line source |
---|---|
0 | 1 # -*- encoding: utf-8 -*- |
2 # Description: | |
3 # Farol Web Application | |
4 # | |
5 # Authors: | |
6 # BenoƮt Allard <benoit.allard@greenbone.net> | |
7 # | |
8 # Copyright: | |
9 # Copyright (C) 2014 Greenbone Networks GmbH | |
10 # | |
11 # This program is free software; you can redistribute it and/or | |
12 # modify it under the terms of the GNU General Public License | |
13 # as published by the Free Software Foundation; either version 2 | |
14 # of the License, or (at your option) any later version. | |
15 # | |
16 # This program is distributed in the hope that it will be useful, | |
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 # GNU General Public License for more details. | |
20 # | |
21 # You should have received a copy of the GNU General Public License | |
22 # along with this program; if not, write to the Free Software | |
23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. | |
24 | |
25 import os | |
13
d5265a0da13a
Always log exceptions to file.
Benoît Allard <benoit.allard@greenbone.net>
parents:
12
diff
changeset
|
26 import logging |
d5265a0da13a
Always log exceptions to file.
Benoît Allard <benoit.allard@greenbone.net>
parents:
12
diff
changeset
|
27 from logging import FileHandler |
19
56cab60172ad
Fix issue in text import, Improve display of running versions
Benoît Allard <benoit.allard@greenbone.net>
parents:
18
diff
changeset
|
28 import platform |
17
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
29 import urllib2 |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
30 from xml.etree import ElementTree as ET |
0 | 31 |
15
f8d51aaac8bc
Display sessionID in about page as well as various versions
Benoît Allard <benoit.allard@greenbone.net>
parents:
13
diff
changeset
|
32 import farolluz |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
33 from farolluz.cvrf import CVRF, ValidationError |
162
07210df10edd
Add support for CVE import (from GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
161
diff
changeset
|
34 from farolluz.parsers.cve import parse_CVE_from_GSA |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
35 from farolluz.parsers.cvrf import parse |
0 | 36 from farolluz.renderer import render as render_cvrf |
37 from farolluz.utils import utcnow | |
38 | |
15
f8d51aaac8bc
Display sessionID in about page as well as various versions
Benoît Allard <benoit.allard@greenbone.net>
parents:
13
diff
changeset
|
39 import flask |
29
891ee029a899
Offer to download the rendered document.
Benoît Allard <benoit.allard@greenbone.net>
parents:
27
diff
changeset
|
40 from flask import (Flask, request, render_template, redirect, url_for, flash, |
141
ce39a5267998
Add an export to the error page, and an exploding endpoint
Benoît Allard <benoit.allard@greenbone.net>
parents:
140
diff
changeset
|
41 make_response, abort) |
0 | 42 from werkzeug import secure_filename |
146
105bb08570ed
Also display the Jinja version
Benoît Allard <benoit.allard@greenbone.net>
parents:
141
diff
changeset
|
43 import jinja2 |
0 | 44 |
15
f8d51aaac8bc
Display sessionID in about page as well as various versions
Benoît Allard <benoit.allard@greenbone.net>
parents:
13
diff
changeset
|
45 from . import __version__, cache |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
46 from .document import document |
12
4219d6fb4c38
Implement three kind of caches
Benoît Allard <benoit.allard@greenbone.net>
parents:
11
diff
changeset
|
47 from .session import get_current, set_current, has_current, document_required |
0 | 48 from .vulnerability import vulnerability |
49 from .producttree import producttree | |
50 | |
1
63b00c10ada8
Add Configuration support, warning when in DEBUG mode, and Deployment instruction
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
51 app = Flask(__name__, instance_relative_config=True) |
63b00c10ada8
Add Configuration support, warning when in DEBUG mode, and Deployment instruction
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
52 app.config.from_object('farol.config.Config') |
63b00c10ada8
Add Configuration support, warning when in DEBUG mode, and Deployment instruction
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
53 app.config.from_pyfile('farol.cfg', silent=True) |
0 | 54 |
12
4219d6fb4c38
Implement three kind of caches
Benoît Allard <benoit.allard@greenbone.net>
parents:
11
diff
changeset
|
55 app.register_blueprint(cache.mod, url_prefix='/cache') |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
56 app.register_blueprint(document, url_prefix='/document') |
0 | 57 app.register_blueprint(vulnerability, url_prefix='/vulnerability') |
58 app.register_blueprint(producttree, url_prefix='/producttree') | |
59 | |
13
d5265a0da13a
Always log exceptions to file.
Benoît Allard <benoit.allard@greenbone.net>
parents:
12
diff
changeset
|
60 file_handler = FileHandler(os.path.join(app.instance_path, 'farol.log')) |
d5265a0da13a
Always log exceptions to file.
Benoît Allard <benoit.allard@greenbone.net>
parents:
12
diff
changeset
|
61 file_handler.setLevel(logging.WARNING) |
d5265a0da13a
Always log exceptions to file.
Benoît Allard <benoit.allard@greenbone.net>
parents:
12
diff
changeset
|
62 app.logger.addHandler(file_handler) |
3
3478e20885fd
Add a ReverseProxy and fix the cache path everywhere
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
63 |
0 | 64 @app.context_processor |
65 def cache_content(): | |
66 """ List the documents in cache """ | |
12
4219d6fb4c38
Implement three kind of caches
Benoît Allard <benoit.allard@greenbone.net>
parents:
11
diff
changeset
|
67 return dict(caching=cache.caching_type(), |
4219d6fb4c38
Implement three kind of caches
Benoît Allard <benoit.allard@greenbone.net>
parents:
11
diff
changeset
|
68 cache=cache.cache_content()) |
0 | 69 |
70 @app.context_processor | |
71 def doc_properties(): | |
72 if not has_current(): | |
73 return {'has_current': False} | |
74 cvrf = get_current() | |
75 vulns = [(v.getTitle(), v._ordinal) for v in cvrf._vulnerabilities] | |
76 prods = [] | |
77 if cvrf._producttree: | |
78 prods = [(p._name, p._productid) for p in cvrf._producttree._products] | |
79 try: | |
80 cvrf.validate() | |
81 error = None | |
82 except ValidationError as ve: | |
83 error = ve | |
102
65341d05a8f8
Spawn a Modal when loading a doc, and another one is already loaded
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
84 return dict(has_current=True, vulnerabilities=vulns, products=prods, |
65341d05a8f8
Spawn a Modal when loading a doc, and another one is already loaded
Benoît Allard <benoit.allard@greenbone.net>
parents:
62
diff
changeset
|
85 error=error, current_id=cvrf.getDocId()) |
0 | 86 |
87 @app.template_filter('secure_filename') | |
88 def makeId(string): | |
89 return secure_filename(string) | |
90 | |
140
3a56d5501ffa
Add HTTP error handling
Benoît Allard <benoit.allard@greenbone.net>
parents:
131
diff
changeset
|
91 @app.errorhandler(400) |
3a56d5501ffa
Add HTTP error handling
Benoît Allard <benoit.allard@greenbone.net>
parents:
131
diff
changeset
|
92 @app.errorhandler(404) |
3a56d5501ffa
Add HTTP error handling
Benoît Allard <benoit.allard@greenbone.net>
parents:
131
diff
changeset
|
93 @app.errorhandler(405) |
3a56d5501ffa
Add HTTP error handling
Benoît Allard <benoit.allard@greenbone.net>
parents:
131
diff
changeset
|
94 @app.errorhandler(500) |
3a56d5501ffa
Add HTTP error handling
Benoît Allard <benoit.allard@greenbone.net>
parents:
131
diff
changeset
|
95 def error_page(error): |
3a56d5501ffa
Add HTTP error handling
Benoît Allard <benoit.allard@greenbone.net>
parents:
131
diff
changeset
|
96 return render_template('error.j2', e=error), getattr(error, 'code', 500) |
3a56d5501ffa
Add HTTP error handling
Benoît Allard <benoit.allard@greenbone.net>
parents:
131
diff
changeset
|
97 |
141
ce39a5267998
Add an export to the error page, and an exploding endpoint
Benoît Allard <benoit.allard@greenbone.net>
parents:
140
diff
changeset
|
98 @app.route('/500') |
ce39a5267998
Add an export to the error page, and an exploding endpoint
Benoît Allard <benoit.allard@greenbone.net>
parents:
140
diff
changeset
|
99 def boom(): |
ce39a5267998
Add an export to the error page, and an exploding endpoint
Benoît Allard <benoit.allard@greenbone.net>
parents:
140
diff
changeset
|
100 abort(500) |
ce39a5267998
Add an export to the error page, and an exploding endpoint
Benoît Allard <benoit.allard@greenbone.net>
parents:
140
diff
changeset
|
101 |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
102 @app.route('/') |
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
103 def welcome(): |
125
67c4b299736e
Update look-and-feel
Benoît Allard <benoit.allard@greenbone.net>
parents:
102
diff
changeset
|
104 return render_template('welcome.j2', |
67c4b299736e
Update look-and-feel
Benoît Allard <benoit.allard@greenbone.net>
parents:
102
diff
changeset
|
105 version=__version__, |
167
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
106 imports=[('New', 100), ('CVRF', 100), ('CVE', 90)], |
161
57b65e7765c1
Add support for the new HTML export format
Benoît Allard <benoit.allard@greenbone.net>
parents:
155
diff
changeset
|
107 exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ], |
125
67c4b299736e
Update look-and-feel
Benoît Allard <benoit.allard@greenbone.net>
parents:
102
diff
changeset
|
108 use_cases=[('Create a security advisory and publish as CVRF', 100), |
67c4b299736e
Update look-and-feel
Benoît Allard <benoit.allard@greenbone.net>
parents:
102
diff
changeset
|
109 ('Edit a security advisory in CVRF format', 100)] |
67c4b299736e
Update look-and-feel
Benoît Allard <benoit.allard@greenbone.net>
parents:
102
diff
changeset
|
110 ) |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
111 |
155
0a5b5b5549cb
Add Proxy Configuration
Benoît Allard <benoit.allard@greenbone.net>
parents:
146
diff
changeset
|
112 def download_url(url): |
159
5df0bef667ea
Set the User-Agent for external requests
Benoît Allard <benoit.allard@greenbone.net>
parents:
155
diff
changeset
|
113 request = urllib2.Request(url) |
5df0bef667ea
Set the User-Agent for external requests
Benoît Allard <benoit.allard@greenbone.net>
parents:
155
diff
changeset
|
114 request.add_header('User-Agent', |
5df0bef667ea
Set the User-Agent for external requests
Benoît Allard <benoit.allard@greenbone.net>
parents:
155
diff
changeset
|
115 app.config.get('USER_AGENT', |
5df0bef667ea
Set the User-Agent for external requests
Benoît Allard <benoit.allard@greenbone.net>
parents:
155
diff
changeset
|
116 'Farol %s / FarolLuz %s' % ( |
5df0bef667ea
Set the User-Agent for external requests
Benoît Allard <benoit.allard@greenbone.net>
parents:
155
diff
changeset
|
117 __version__, farolluz.__version__))) |
155
0a5b5b5549cb
Add Proxy Configuration
Benoît Allard <benoit.allard@greenbone.net>
parents:
146
diff
changeset
|
118 proxy_host = app.config.get('PROXY_HOST', '') |
0a5b5b5549cb
Add Proxy Configuration
Benoît Allard <benoit.allard@greenbone.net>
parents:
146
diff
changeset
|
119 if proxy_host: |
0a5b5b5549cb
Add Proxy Configuration
Benoît Allard <benoit.allard@greenbone.net>
parents:
146
diff
changeset
|
120 proxy = urllib2.ProxyHandler({'http': proxy_host, 'https': proxy_host}) |
0a5b5b5549cb
Add Proxy Configuration
Benoît Allard <benoit.allard@greenbone.net>
parents:
146
diff
changeset
|
121 opener = urllib2.build_opener(proxy) |
0a5b5b5549cb
Add Proxy Configuration
Benoît Allard <benoit.allard@greenbone.net>
parents:
146
diff
changeset
|
122 urllib2.install_opener(opener) |
0a5b5b5549cb
Add Proxy Configuration
Benoît Allard <benoit.allard@greenbone.net>
parents:
146
diff
changeset
|
123 try: content = urllib2.urlopen(url).read() |
17
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
124 except urllib2.HTTPError as e: |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
125 flash('Unable to retrieve %s: %s' % (url, e)) |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
126 return |
18
d547b6a0038e
Add more and more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
17
diff
changeset
|
127 set_text(content) |
17
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
128 |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
129 def set_RHSA(id_): |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
130 # validate input |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
131 if ':' not in id_: |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
132 flash('Wrong RHSA id: %s' % id_) |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
133 return |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
134 year, index = id_.split(':', 1) |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
135 try: |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
136 int(year) |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
137 int(index) |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
138 except ValueError: |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
139 flash('Wrong RHSA id: %s' % id_) |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
140 return |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
141 # Process it |
155
0a5b5b5549cb
Add Proxy Configuration
Benoît Allard <benoit.allard@greenbone.net>
parents:
146
diff
changeset
|
142 download_url("https://www.redhat.com/security/data/cvrf/%(year)s/cvrf-rhsa-%(year)s-%(index)s.xml" % {'year': year, 'index': index}) |
17
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
143 |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
144 def set_oracle(id_): |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
145 try: int(id_) |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
146 except ValueError: |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
147 flash('Wrong Oracle id: %s' % id_) |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
148 return |
155
0a5b5b5549cb
Add Proxy Configuration
Benoît Allard <benoit.allard@greenbone.net>
parents:
146
diff
changeset
|
149 download_url("http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/%s.xml" % id_) |
17
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
150 |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
151 def set_cisco(id_): |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
152 if id_.count('-') < 2: |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
153 flash('Wrong cisco id: %s' % id_) |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
154 return |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
155 kind, date, name = id_.split('-', 2) |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
156 try: kind = {'sa': 'Advisory', 'sr': 'Response'}[kind] |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
157 except KeyError: |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
158 flash('Wrong cisco id: %s' % id_) |
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
159 return |
155
0a5b5b5549cb
Add Proxy Configuration
Benoît Allard <benoit.allard@greenbone.net>
parents:
146
diff
changeset
|
160 download_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_}) |
8
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
161 |
162
07210df10edd
Add support for CVE import (from GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
161
diff
changeset
|
162 def parse_cve_from_gsa(id_): |
07210df10edd
Add support for CVE import (from GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
161
diff
changeset
|
163 url = 'https://secinfo.greenbone.net/omp?cmd=get_info&info_type=cve&info_id=%s&details=1&token=guest&xml=1' % id_ |
07210df10edd
Add support for CVE import (from GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
161
diff
changeset
|
164 try: content = urllib2.urlopen(url).read() |
07210df10edd
Add support for CVE import (from GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
161
diff
changeset
|
165 except urllib2.HTTPError as e: |
07210df10edd
Add support for CVE import (from GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
161
diff
changeset
|
166 flash('Unable to download CVE %s: %s' % (url, e)) |
07210df10edd
Add support for CVE import (from GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
161
diff
changeset
|
167 return |
07210df10edd
Add support for CVE import (from GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
161
diff
changeset
|
168 doc = parse_CVE_from_GSA(content) |
07210df10edd
Add support for CVE import (from GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
161
diff
changeset
|
169 set_current(doc) |
07210df10edd
Add support for CVE import (from GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
161
diff
changeset
|
170 |
18
d547b6a0038e
Add more and more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
17
diff
changeset
|
171 def set_text(text): |
19
56cab60172ad
Fix issue in text import, Improve display of running versions
Benoît Allard <benoit.allard@greenbone.net>
parents:
18
diff
changeset
|
172 try: doc = parse(text) |
18
d547b6a0038e
Add more and more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
17
diff
changeset
|
173 except ET.ParseError as e: |
19
56cab60172ad
Fix issue in text import, Improve display of running versions
Benoît Allard <benoit.allard@greenbone.net>
parents:
18
diff
changeset
|
174 flash('Unable to parse Document: %s' % e) |
18
d547b6a0038e
Add more and more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
17
diff
changeset
|
175 return |
d547b6a0038e
Add more and more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
17
diff
changeset
|
176 set_current(doc) |
d547b6a0038e
Add more and more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
17
diff
changeset
|
177 |
0 | 178 @app.route('/new', methods=['GET', 'POST']) |
179 def new(): | |
180 if request.method != 'POST': | |
167
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
181 input_choices = [ |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
182 ('RHSA', 'YYYY:nnnn', '2014:0981', """ |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
183 RedHat publishes their advisories in CVRF format since May 2012 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
184 covering all of their products. |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
185 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
186 Redhat provides a FAQ about the CVRF support here: |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
187 https://access.redhat.com/articles/124913 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
188 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
189 Farol downloads the CVRF documents from this location: |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
190 https://www.redhat.com/security/data/cvrf/ |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
191 """), |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
192 ('Oracle', 'nnnnnnn', '2188432', """ |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
193 Oracle uses the CVRF format to publish their Critical Patch Updates (CPUs). |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
194 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
195 Oracle published an article about adopting CVRF: |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
196 https://blogs.oracle.com/security/entry/use_of_the_common_vulnerability |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
197 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
198 The FAQ for the CPUs is available here: |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
199 http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
200 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
201 Farol downloads the CVRF documents from this location: |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
202 http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
203 """), |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
204 ('Cisco', 'sa-YYYYMMDD-xxx', 'sa-20140605-openssl', """ |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
205 Cisco was one of the main actors driving the CVRF format. |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
206 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
207 See also the Blog post at CISCO: |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
208 http://blogs.cisco.com/tag/cvrf |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
209 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
210 Farol downloads the CVRF documents from this location: |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
211 http://tools.cisco.com/security/center/contentxml |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
212 """), |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
213 ('CVE', 'CVE-YYYY-NNNN', 'CVE-2014-7088', """ |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
214 It is possible to convert CVE information into CVRF format. |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
215 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
216 Read here about Common Vulnerabilities and Exposures (CVEs): |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
217 http://cve.mitre.org/ |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
218 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
219 MITRE publishes CVE in CVRF Format: |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
220 https://cve.mitre.org/cve/cvrf.html |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
221 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
222 However, those CVRF documents do not cover all of the CVE content. |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
223 Therefore, Farol downloads the XML object of CVEs from Greenbone's |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
224 SecInfo Portal via the web interface "Greenbone Security Assistant". |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
225 The CVE XML data retrieved from there are identical to the CVE |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
226 publication by NIST. |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
227 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
228 Greenbone's SecInfo Portal: |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
229 https://secinfo.greenbone.net |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
230 """), |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
231 ('URL', 'https://...', 'http://www.greenbone.net/download/gbsa/gbsa2013-01.cvrf', """ |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
232 Farol can download a given URL for a CVRF document. |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
233 |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
234 The provided example is a Greenbone Security Advisory from |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
235 http://www.greenbone.net/technology/security.html |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
236 """) |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
237 ] |
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
238 return render_template('new.j2', input_choices=input_choices, has_document=has_current(), now=utcnow()) |
12
4219d6fb4c38
Implement three kind of caches
Benoît Allard <benoit.allard@greenbone.net>
parents:
11
diff
changeset
|
239 |
8
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
240 if 'rhsa' in request.form: |
17
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
241 set_RHSA(request.form['id']) |
8
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
242 elif 'oracle' in request.form: |
17
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
243 set_oracle(request.form['id']) |
8
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
244 elif 'cisco' in request.form: |
17
deced0345829
Add more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
15
diff
changeset
|
245 set_cisco(request.form['id']) |
8
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
246 elif 'nasl' in request.form: |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
247 flash("I'm not able to parse NASL scripts yet", 'danger') |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
248 return redirect(url_for('new')) |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
249 elif 'url' in request.form: |
167
000114da182d
New lifting for the 'new' page
Benoît Allard <benoit.allard@greenbone.net>
parents:
164
diff
changeset
|
250 download_url(request.form['id']) |
162
07210df10edd
Add support for CVE import (from GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
161
diff
changeset
|
251 elif 'cve' in request.form: |
07210df10edd
Add support for CVE import (from GSA)
Benoît Allard <benoit.allard@greenbone.net>
parents:
161
diff
changeset
|
252 parse_cve_from_gsa(request.form['id']) |
0 | 253 elif 'local' in request.files: |
254 upload = request.files['local'] | |
18
d547b6a0038e
Add more and more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
17
diff
changeset
|
255 fpath = os.path.join(app.instance_path, 'tmp', |
d547b6a0038e
Add more and more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
17
diff
changeset
|
256 secure_filename(upload.filename)) |
21
e66fd84439bd
Create the tmp dir if not present.
Benoît Allard <benoit.allard@greenbone.net>
parents:
19
diff
changeset
|
257 if not os.path.exists(os.path.dirname(fpath)): |
e66fd84439bd
Create the tmp dir if not present.
Benoît Allard <benoit.allard@greenbone.net>
parents:
19
diff
changeset
|
258 os.makedirs(os.path.dirname(fpath)) |
0 | 259 upload.save(fpath) |
260 with open(fpath, 'rt') as f: | |
18
d547b6a0038e
Add more and more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
17
diff
changeset
|
261 set_text(f.read()) |
0 | 262 os.remove(fpath) |
263 elif 'text' in request.form: | |
18
d547b6a0038e
Add more and more error handling in the /new page.
Benoît Allard <benoit.allard@greenbone.net>
parents:
17
diff
changeset
|
264 set_text(request.form['text'].encode('utf-8')) |
0 | 265 else: |
266 set_current(CVRF(request.form['title'], request.form['type'])) | |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
267 return redirect(url_for('document.view')) |
0 | 268 |
269 @app.route('/render/<format_>') | |
270 @document_required | |
271 def render(format_): | |
272 cvrf = get_current() | |
273 doc = render_cvrf(cvrf, format_ + '.j2') | |
29
891ee029a899
Offer to download the rendered document.
Benoît Allard <benoit.allard@greenbone.net>
parents:
27
diff
changeset
|
274 if 'raw' not in request.args: |
891ee029a899
Offer to download the rendered document.
Benoît Allard <benoit.allard@greenbone.net>
parents:
27
diff
changeset
|
275 return render_template('render.j2', format_=format_, title=cvrf._title, type_=cvrf._type, doc=doc) |
891ee029a899
Offer to download the rendered document.
Benoît Allard <benoit.allard@greenbone.net>
parents:
27
diff
changeset
|
276 response = make_response(doc) |
33
752b8bfe0baf
Use FarolLuz method to get a document ID (increase dependency version)
Benoît Allard <benoit.allard@greenbone.net>
parents:
29
diff
changeset
|
277 filename = secure_filename(cvrf.getDocId()) + "." + format_ |
29
891ee029a899
Offer to download the rendered document.
Benoît Allard <benoit.allard@greenbone.net>
parents:
27
diff
changeset
|
278 response.headers["content-disposition"] = 'attachement; filename=' + filename |
891ee029a899
Offer to download the rendered document.
Benoît Allard <benoit.allard@greenbone.net>
parents:
27
diff
changeset
|
279 response.headers["content-type"] = 'text/plain' |
891ee029a899
Offer to download the rendered document.
Benoît Allard <benoit.allard@greenbone.net>
parents:
27
diff
changeset
|
280 return response |
0 | 281 |
282 @app.route('/about') | |
283 def about(): | |
19
56cab60172ad
Fix issue in text import, Improve display of running versions
Benoît Allard <benoit.allard@greenbone.net>
parents:
18
diff
changeset
|
284 versions = ((platform.python_implementation(), platform.python_version()), |
56cab60172ad
Fix issue in text import, Improve display of running versions
Benoît Allard <benoit.allard@greenbone.net>
parents:
18
diff
changeset
|
285 ('Farol', __version__), ('FarolLuz', farolluz.__version__), |
146
105bb08570ed
Also display the Jinja version
Benoît Allard <benoit.allard@greenbone.net>
parents:
141
diff
changeset
|
286 ('Flask', flask.__version__), ('Jinja', jinja2.__version__)) |
15
f8d51aaac8bc
Display sessionID in about page as well as various versions
Benoît Allard <benoit.allard@greenbone.net>
parents:
13
diff
changeset
|
287 return render_template('about.j2', instance_dir=app.instance_path, versions=versions) |
0 | 288 |