Mercurial > farol > farol

annotate farol/controller.py @ 127:d49c1ee6bc07

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Harden server-side version parsing
author Benoît Allard <benoit.allard@greenbone.net>
date Thu, 23 Oct 2014 16:50:02 +0200
parents 5535ac5fef37
children d2588d88d47a
rev   line source
58
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
1 # -*- encoding: utf-8 -*-
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
2 # Description:
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
3 # Common controller Web stuffs
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
4 #
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
5 # Authors:
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
6 # BenoƮt Allard <benoit.allard@greenbone.net>
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
7 #
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
8 # Copyright:
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
9 # Copyright (C) 2014 Greenbone Networks GmbH
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
10 #
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
11 # This program is free software; you can redistribute it and/or
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
12 # modify it under the terms of the GNU General Public License
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
13 # as published by the Free Software Foundation; either version 2
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
14 # of the License, or (at your option) any later version.
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
15 #
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
16 # This program is distributed in the hope that it will be useful,
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
17 # but WITHOUT ANY WARRANTY; without even the implied warranty of
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
18 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
19 # GNU General Public License for more details.
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
20 #
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
21 # You should have received a copy of the GNU General Public License
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
22 # along with this program; if not, write to the Free Software
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
24
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
25 """\
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
26 Some common routines for handling of Notes, Acknowledgments and Reference that
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
27 is shared for the Document and the Vulnerabilities.
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
28 """
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
29
100
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
30 import re
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
31 from datetime import datetime, timedelta
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
32
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
33 try:
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
34 from datetime import timezone
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
35 except ImportError:
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
36 from farolluz.py2 import FixedTimeZone as timezone
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
37
58
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
38 from flask import request
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
39
62
ce49bd1512dd Make pyflafes a happier
Benoît Allard <benoit.allard@greenbone.net>
parents: 61
diff changeset
40 from farolluz.cvrf import CVRFNote, CVRFReference, CVRFAcknowledgment
127
d49c1ee6bc07 Harden server-side version parsing
Benoît Allard <benoit.allard@greenbone.net>
parents: 100
diff changeset
41 from farolluz.parsers.cvrf import parseDate as parseXMLDate, parseVersion as parseXMLVersion
58
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
42
63
b4fb652484b4 Define a split_fields function to split fields, and use it
Benoît Allard <benoit.allard@greenbone.net>
parents: 62
diff changeset
43 def split_fields(field, separator=','):
b4fb652484b4 Define a split_fields function to split fields, and use it
Benoît Allard <benoit.allard@greenbone.net>
parents: 62
diff changeset
44 if not field:
b4fb652484b4 Define a split_fields function to split fields, and use it
Benoît Allard <benoit.allard@greenbone.net>
parents: 62
diff changeset
45 return []
b4fb652484b4 Define a split_fields function to split fields, and use it
Benoît Allard <benoit.allard@greenbone.net>
parents: 62
diff changeset
46 return [f.strip() for f in field.split(separator)]
b4fb652484b4 Define a split_fields function to split fields, and use it
Benoît Allard <benoit.allard@greenbone.net>
parents: 62
diff changeset
47
58
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
48 def update_note_from_request(note):
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
49 note._type = request.form['type']
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
50 note._ordinal = int(request.form['ordinal'])
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
51 note._note = request.form['note']
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
52 note._title = request.form['title'] or None
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
53 note._audience = request.form['audience'] or None
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
54
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
55 def create_note_from_request():
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
56 title = request.form['title'] or None
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
57 audience = request.form['audience'] or None
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
58
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
59 return CVRFNote(request.form['type'], int(request.form['ordinal']),
fbc413b8a46e Unify note update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents:
diff changeset
60 request.form['note'], title, audience)
60
c6e7175ff28c Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 58
diff changeset
61
61
55b72057b066 Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 60
diff changeset
62 def update_reference_from_request(ref):
55b72057b066 Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 60
diff changeset
63 ref._type = request.form['type'] or None
55b72057b066 Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 60
diff changeset
64 ref._url = request.form['url']
55b72057b066 Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 60
diff changeset
65 ref._description = request.form['description']
55b72057b066 Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 60
diff changeset
66
55b72057b066 Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 60
diff changeset
67 def create_reference_from_request():
55b72057b066 Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 60
diff changeset
68 return CVRFReference(request.form['url'], request.form['description'],
55b72057b066 Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 60
diff changeset
69 request.form['type'] or None)
55b72057b066 Unify reference update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 60
diff changeset
70
60
c6e7175ff28c Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 58
diff changeset
71 def update_acknowledgment_from_request(ack):
63
b4fb652484b4 Define a split_fields function to split fields, and use it
Benoît Allard <benoit.allard@greenbone.net>
parents: 62
diff changeset
72 ack._names = split_fields(request.form['names'])
b4fb652484b4 Define a split_fields function to split fields, and use it
Benoît Allard <benoit.allard@greenbone.net>
parents: 62
diff changeset
73 ack._organizations = split_fields(request.form['organizations'])
60
c6e7175ff28c Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 58
diff changeset
74 ack._description = request.form['description'] or None
c6e7175ff28c Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 58
diff changeset
75 ack._url = request.form['url'] or None
c6e7175ff28c Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 58
diff changeset
76
c6e7175ff28c Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 58
diff changeset
77 def create_acknowledgment_from_request():
c6e7175ff28c Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 58
diff changeset
78 ack = CVRFAcknowledgment()
63
b4fb652484b4 Define a split_fields function to split fields, and use it
Benoît Allard <benoit.allard@greenbone.net>
parents: 62
diff changeset
79 ack._names = split_fields(request.form['names'])
b4fb652484b4 Define a split_fields function to split fields, and use it
Benoît Allard <benoit.allard@greenbone.net>
parents: 62
diff changeset
80 ack._organizations = split_fields(request.form['organizations'])
60
c6e7175ff28c Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 58
diff changeset
81 ack._description = request.form['description'] or None
c6e7175ff28c Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 58
diff changeset
82 ack._url = request.form['url'] or None
c6e7175ff28c Unify acknowledgments update/creation from forms
Benoît Allard <benoit.allard@greenbone.net>
parents: 58
diff changeset
83 return ack
100
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
84
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
85 def parseDate(string):
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
86 """ An extended version of the XML parser's one, that also unsderstand
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
87 date without time. """
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
88 try: return parseXMLDate(string)
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
89 except AttributeError: pass
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
90 # Absorb AttributeError, and try to parse it a second time ...
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
91 m = re.match('(\d{4})-(\d{2})-(\d{2})', string)
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
92 return datetime(int(m.group(1)), int(m.group(2)), int(m.group(3)),
5535ac5fef37 Be more permissive when parsing dates
Benoît Allard <benoit.allard@greenbone.net>
parents: 63
diff changeset
93 tzinfo=timezone(timedelta(hours=0, minutes=0)))
127
d49c1ee6bc07 Harden server-side version parsing
Benoît Allard <benoit.allard@greenbone.net>
parents: 100
diff changeset
94
d49c1ee6bc07 Harden server-side version parsing
Benoît Allard <benoit.allard@greenbone.net>
parents: 100
diff changeset
95 def parseVersion(string):
d49c1ee6bc07 Harden server-side version parsing
Benoît Allard <benoit.allard@greenbone.net>
parents: 100
diff changeset
96 """ An extended version, one that doesn't throw exceptions """
d49c1ee6bc07 Harden server-side version parsing
Benoît Allard <benoit.allard@greenbone.net>
parents: 100
diff changeset
97 try: return parseXMLVersion(string)
d49c1ee6bc07 Harden server-side version parsing
Benoît Allard <benoit.allard@greenbone.net>
parents: 100
diff changeset
98 except ValueError: return None
http://farol.wald.intevation.org