Mercurial > farol > farol

comparison farol/main.py @ 162:07210df10edd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add support for CVE import (from GSA)
author Benoît Allard <benoit.allard@greenbone.net>
date Tue, 30 Dec 2014 14:33:50 +0100
parents 57b65e7765c1
children 4d8218fbe686
comparison
equal deleted inserted replaced
161:57b65e7765c1 162:07210df10edd
29 import urllib2 29 import urllib2
30 from xml.etree import ElementTree as ET 30 from xml.etree import ElementTree as ET
31 31
32 import farolluz 32 import farolluz
33 from farolluz.cvrf import CVRF, ValidationError 33 from farolluz.cvrf import CVRF, ValidationError
34 from farolluz.parsers.cve import parse_CVE_from_GSA
34 from farolluz.parsers.cvrf import parse 35 from farolluz.parsers.cvrf import parse
35 from farolluz.renderer import render as render_cvrf 36 from farolluz.renderer import render as render_cvrf
36 from farolluz.utils import utcnow 37 from farolluz.utils import utcnow
37 38
38 import flask 39 import flask
100 101
101 @app.route('/') 102 @app.route('/')
102 def welcome(): 103 def welcome():
103 return render_template('welcome.j2', 104 return render_template('welcome.j2',
104 version=__version__, 105 version=__version__,
105 imports=[('New', 100), ('CVRF', 100)], 106 imports=[('New', 100), ('CVRF', 100), ('CVE from Greenbone Security Assistant', 90)],
106 exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ], 107 exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('HTML', 80), ('OVAL', 5) ],
107 use_cases=[('Create a security advisory and publish as CVRF', 100), 108 use_cases=[('Create a security advisory and publish as CVRF', 100),
108 ('Edit a security advisory in CVRF format', 100)] 109 ('Edit a security advisory in CVRF format', 100)]
109 ) 110 )
110 111
150 try: kind = {'sa': 'Advisory', 'sr': 'Response'}[kind] 151 try: kind = {'sa': 'Advisory', 'sr': 'Response'}[kind]
151 except KeyError: 152 except KeyError:
152 flash('Wrong cisco id: %s' % id_) 153 flash('Wrong cisco id: %s' % id_)
153 return 154 return
154 download_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_}) 155 download_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_})
156
157 def parse_cve_from_gsa(id_):
158 url = 'https://secinfo.greenbone.net/omp?cmd=get_info&info_type=cve&info_id=%s&details=1&token=guest&xml=1' % id_
159 try: content = urllib2.urlopen(url).read()
160 except urllib2.HTTPError as e:
161 flash('Unable to download CVE %s: %s' % (url, e))
162 return
163 doc = parse_CVE_from_GSA(content)
164 set_current(doc)
155 165
156 def set_text(text): 166 def set_text(text):
157 try: doc = parse(text) 167 try: doc = parse(text)
158 except ET.ParseError as e: 168 except ET.ParseError as e:
159 flash('Unable to parse Document: %s' % e) 169 flash('Unable to parse Document: %s' % e)
174 elif 'nasl' in request.form: 184 elif 'nasl' in request.form:
175 flash("I'm not able to parse NASL scripts yet", 'danger') 185 flash("I'm not able to parse NASL scripts yet", 'danger')
176 return redirect(url_for('new')) 186 return redirect(url_for('new'))
177 elif 'url' in request.form: 187 elif 'url' in request.form:
178 download_url(request.form['url']) 188 download_url(request.form['url'])
189 elif 'cve' in request.form:
190 parse_cve_from_gsa(request.form['id'])
179 elif 'local' in request.files: 191 elif 'local' in request.files:
180 upload = request.files['local'] 192 upload = request.files['local']
181 fpath = os.path.join(app.instance_path, 'tmp', 193 fpath = os.path.join(app.instance_path, 'tmp',
182 secure_filename(upload.filename)) 194 secure_filename(upload.filename))
183 if not os.path.exists(os.path.dirname(fpath)): 195 if not os.path.exists(os.path.dirname(fpath)):
http://farol.wald.intevation.org