Mercurial > farol > farol
annotate farol/main.py @ 11:a32f9b86edb4
main: Fix parsing of cisco id
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Mon, 29 Sep 2014 14:19:07 +0200 |
parents | 5b84a2c4f30c |
children | 4219d6fb4c38 |
rev | line source |
---|---|
0 | 1 # -*- encoding: utf-8 -*- |
2 # Description: | |
3 # Farol Web Application | |
4 # | |
5 # Authors: | |
6 # BenoƮt Allard <benoit.allard@greenbone.net> | |
7 # | |
8 # Copyright: | |
9 # Copyright (C) 2014 Greenbone Networks GmbH | |
10 # | |
11 # This program is free software; you can redistribute it and/or | |
12 # modify it under the terms of the GNU General Public License | |
13 # as published by the Free Software Foundation; either version 2 | |
14 # of the License, or (at your option) any later version. | |
15 # | |
16 # This program is distributed in the hope that it will be useful, | |
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
19 # GNU General Public License for more details. | |
20 # | |
21 # You should have received a copy of the GNU General Public License | |
22 # along with this program; if not, write to the Free Software | |
23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. | |
24 | |
25 import os | |
26 | |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
27 from farolluz.cvrf import CVRF, ValidationError |
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
28 from farolluz.parsers.cvrf import parse |
0 | 29 from farolluz.py2 import urlopen |
30 from farolluz.renderer import render as render_cvrf | |
31 from farolluz.utils import utcnow | |
32 | |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
33 from flask import Flask, request, render_template, redirect, url_for, flash |
0 | 34 from werkzeug import secure_filename |
35 | |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
36 from .document import document |
0 | 37 from .session import get_current, set_current, has_current, del_current, document_required |
38 from .vulnerability import vulnerability | |
39 from .producttree import producttree | |
40 | |
1
63b00c10ada8
Add Configuration support, warning when in DEBUG mode, and Deployment instruction
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
41 app = Flask(__name__, instance_relative_config=True) |
63b00c10ada8
Add Configuration support, warning when in DEBUG mode, and Deployment instruction
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
42 app.config.from_object('farol.config.Config') |
63b00c10ada8
Add Configuration support, warning when in DEBUG mode, and Deployment instruction
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
43 app.config.from_pyfile('farol.cfg', silent=True) |
0 | 44 |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
45 app.register_blueprint(document, url_prefix='/document') |
0 | 46 app.register_blueprint(vulnerability, url_prefix='/vulnerability') |
47 app.register_blueprint(producttree, url_prefix='/producttree') | |
48 | |
9
5b84a2c4f30c
Get rid of the custom Proxy, gunicorn does it for us, add Logging to file
Benoît Allard <benoit.allard@greenbone.net>
parents:
8
diff
changeset
|
49 if not app.debug: |
5b84a2c4f30c
Get rid of the custom Proxy, gunicorn does it for us, add Logging to file
Benoît Allard <benoit.allard@greenbone.net>
parents:
8
diff
changeset
|
50 import logging |
5b84a2c4f30c
Get rid of the custom Proxy, gunicorn does it for us, add Logging to file
Benoît Allard <benoit.allard@greenbone.net>
parents:
8
diff
changeset
|
51 from logging import FileHandler |
5b84a2c4f30c
Get rid of the custom Proxy, gunicorn does it for us, add Logging to file
Benoît Allard <benoit.allard@greenbone.net>
parents:
8
diff
changeset
|
52 file_handler = FileHandler(os.path.join(app.instance_path, 'farol.log')) |
5b84a2c4f30c
Get rid of the custom Proxy, gunicorn does it for us, add Logging to file
Benoît Allard <benoit.allard@greenbone.net>
parents:
8
diff
changeset
|
53 file_handler.setLevel(logging.WARNING) |
5b84a2c4f30c
Get rid of the custom Proxy, gunicorn does it for us, add Logging to file
Benoît Allard <benoit.allard@greenbone.net>
parents:
8
diff
changeset
|
54 app.logger.addHandler(file_handler) |
3
3478e20885fd
Add a ReverseProxy and fix the cache path everywhere
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
55 |
0 | 56 @app.context_processor |
57 def cache_content(): | |
58 """ List the documents in cache """ | |
1
63b00c10ada8
Add Configuration support, warning when in DEBUG mode, and Deployment instruction
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
59 dirname = app.config.get('CACHE_DIRECTORY', |
63b00c10ada8
Add Configuration support, warning when in DEBUG mode, and Deployment instruction
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
60 os.path.join(app.instance_path, '_cache')) |
0 | 61 if not os.path.exists(dirname): |
1
63b00c10ada8
Add Configuration support, warning when in DEBUG mode, and Deployment instruction
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
62 os.makedirs(dirname) |
0 | 63 l = [] |
64 for path in os.listdir(dirname): | |
65 name, ext = os.path.splitext(path) | |
66 if ext == '.xml': | |
67 l.append(name) | |
68 return dict(cache=l) | |
69 | |
70 @app.context_processor | |
71 def doc_properties(): | |
72 if not has_current(): | |
73 return {'has_current': False} | |
74 cvrf = get_current() | |
75 vulns = [(v.getTitle(), v._ordinal) for v in cvrf._vulnerabilities] | |
76 prods = [] | |
77 if cvrf._producttree: | |
78 prods = [(p._name, p._productid) for p in cvrf._producttree._products] | |
79 try: | |
80 cvrf.validate() | |
81 error = None | |
82 except ValidationError as ve: | |
83 error = ve | |
84 return dict(has_current=True, vulnerabilities=vulns, products=prods, error=error) | |
85 | |
86 @app.template_filter('secure_filename') | |
87 def makeId(string): | |
88 return secure_filename(string) | |
89 | |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
90 @app.route('/') |
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
91 def welcome(): |
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
92 return render_template('welcome.j2') |
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
93 |
8
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
94 def parse_url(url): |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
95 set_current(parse(urlopen(url).read())) |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
96 |
0 | 97 @app.route('/new', methods=['GET', 'POST']) |
98 def new(): | |
99 if request.method != 'POST': | |
100 return render_template('new.j2', has_document=has_current(), now=utcnow()) | |
8
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
101 url = None |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
102 if 'rhsa' in request.form: |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
103 year, index = request.form['id'].split(':') |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
104 parse_url("https://www.redhat.com/security/data/cvrf/%(year)s/cvrf-rhsa-%(year)s-%(index)s.xml" % {'year': year, 'index': index}) |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
105 elif 'oracle' in request.form: |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
106 parse_url("http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/%s.xml" % request.form['id']) |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
107 elif 'cisco' in request.form: |
11
a32f9b86edb4
main: Fix parsing of cisco id
Benoît Allard <benoit.allard@greenbone.net>
parents:
9
diff
changeset
|
108 kind, date, name = request.form['id'].split('-', 2) |
8
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
109 kind = {'sa': 'Advisory', 'sr': 'Response'}[kind] |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
110 parse_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': request.form['id']}) |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
111 elif 'nasl' in request.form: |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
112 flash("I'm not able to parse NASL scripts yet", 'danger') |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
113 return redirect(url_for('new')) |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
114 elif 'url' in request.form: |
2ce3676c9b2e
Ease the import of new documents
Benoît Allard <benoit.allard@greenbone.net>
parents:
7
diff
changeset
|
115 parse_url(request.form['url']) |
0 | 116 elif 'local' in request.files: |
117 upload = request.files['local'] | |
118 if not upload.filename.endswith('.xml'): | |
119 flash('Uploaded files should end in .xml', 'danger') | |
120 return redirect(url_for('new')) | |
121 fpath = os.path.join('/tmp', secure_filename(upload.filename)) | |
122 upload.save(fpath) | |
123 with open(fpath, 'rt') as f: | |
124 set_current(parse(f)) | |
125 os.remove(fpath) | |
126 elif 'text' in request.form: | |
127 set_current(parse(request.form['text'].encode('utf-8'))) | |
128 else: | |
129 set_current(CVRF(request.form['title'], request.form['type'])) | |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
130 return redirect(url_for('document.view')) |
0 | 131 |
132 @app.route('/render/<format_>') | |
133 @document_required | |
134 def render(format_): | |
135 cvrf = get_current() | |
136 doc = render_cvrf(cvrf, format_ + '.j2') | |
137 return render_template('render.j2', format_=format_, title=cvrf._title, type_=cvrf._type, doc=doc ) | |
138 | |
139 @app.route('/save', methods=['GET', 'POST']) | |
140 @document_required | |
141 def save(): | |
142 if request.method != 'POST': | |
143 return render_template('save.j2', id_=get_current()._tracking._identification._id) | |
144 # Get some kind of filename, and save the cvrf on cache (disk) | |
145 path = secure_filename(request.form['fname']) | |
146 path, _ = os.path.splitext(path) | |
3
3478e20885fd
Add a ReverseProxy and fix the cache path everywhere
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
147 dirname = app.config.get('CACHE_DIRECTORY', |
3478e20885fd
Add a ReverseProxy and fix the cache path everywhere
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
148 os.path.join(app.instance_path, '_cache')) |
3478e20885fd
Add a ReverseProxy and fix the cache path everywhere
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
149 with open(os.path.join(dirname, path + '.xml'), 'wt') as f: |
0 | 150 f.write(render_cvrf(get_current(), 'cvrf.j2').encode('utf-8')) |
151 flash('File saved as %s' % path) | |
152 del_current() | |
153 return redirect(url_for('new')) | |
154 | |
155 @app.route('/load/<element>', methods=['GET', 'POST']) | |
156 def load(element): | |
157 if request.method != 'POST': | |
158 if has_current(): | |
159 # Suggest to save first | |
160 return render_template('load.j2', element=element) | |
161 | |
3
3478e20885fd
Add a ReverseProxy and fix the cache path everywhere
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
162 dirname = app.config.get('CACHE_DIRECTORY', |
3478e20885fd
Add a ReverseProxy and fix the cache path everywhere
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
163 os.path.join(app.instance_path, '_cache')) |
3478e20885fd
Add a ReverseProxy and fix the cache path everywhere
Benoît Allard <benoit.allard@greenbone.net>
parents:
1
diff
changeset
|
164 fpath = os.path.join(dirname, element+'.xml') |
0 | 165 with open(fpath, 'rt') as f: |
166 set_current(parse(f)) | |
167 os.remove(fpath) | |
168 flash('"%s" has been removed from cache' % element) | |
169 # Get some kind of id, and load the file. | |
7
8f41bb7f4681
Move the Document management routines to a document Blueprint
Benoît Allard <benoit.allard@greenbone.net>
parents:
3
diff
changeset
|
170 return redirect(url_for('document.view')) |
0 | 171 |
172 @app.route('/about') | |
173 def about(): | |
1
63b00c10ada8
Add Configuration support, warning when in DEBUG mode, and Deployment instruction
Benoît Allard <benoit.allard@greenbone.net>
parents:
0
diff
changeset
|
174 return render_template('about.j2', instance_dir=app.instance_path) |
0 | 175 |