Mercurial > farol > farol
comparison farol/main.py @ 7:8f41bb7f4681
Move the Document management routines to a document Blueprint
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Thu, 25 Sep 2014 17:03:35 +0200 |
parents | 3478e20885fd |
children | 2ce3676c9b2e |
comparison
equal
deleted
inserted
replaced
6:bb7334ff114a | 7:8f41bb7f4681 |
---|---|
22 # along with this program; if not, write to the Free Software | 22 # along with this program; if not, write to the Free Software |
23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. | 23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
24 | 24 |
25 import os | 25 import os |
26 | 26 |
27 from farolluz.cvrf import (CVRF, CVRFPublisher, CVRFTracking, CVRFTrackingID, | 27 from farolluz.cvrf import CVRF, ValidationError |
28 CVRFGenerator, CVRFRevision, CVRFReference, CVRFAcknowledgment, CVRFNote, | 28 from farolluz.parsers.cvrf import parse |
29 ValidationError, CVRFAggregateSeverity) | |
30 from farolluz.parsers.cvrf import parse, parseVersion, parseDate | |
31 from farolluz.py2 import urlopen | 29 from farolluz.py2 import urlopen |
32 from farolluz.renderer import render as render_cvrf | 30 from farolluz.renderer import render as render_cvrf |
33 from farolluz.utils import utcnow | 31 from farolluz.utils import utcnow |
34 | 32 |
35 from flask import Flask, request, render_template, redirect, url_for, flash, abort | 33 from flask import Flask, request, render_template, redirect, url_for, flash |
36 from werkzeug import secure_filename | 34 from werkzeug import secure_filename |
37 | 35 |
36 from .document import document | |
38 from .session import get_current, set_current, has_current, del_current, document_required | 37 from .session import get_current, set_current, has_current, del_current, document_required |
39 from .vulnerability import vulnerability | 38 from .vulnerability import vulnerability |
40 from .producttree import producttree | 39 from .producttree import producttree |
41 from .proxy import ReverseProxied | 40 from .proxy import ReverseProxied |
42 | 41 |
43 app = Flask(__name__, instance_relative_config=True) | 42 app = Flask(__name__, instance_relative_config=True) |
44 app.config.from_object('farol.config.Config') | 43 app.config.from_object('farol.config.Config') |
45 app.config.from_pyfile('farol.cfg', silent=True) | 44 app.config.from_pyfile('farol.cfg', silent=True) |
46 | 45 |
46 app.register_blueprint(document, url_prefix='/document') | |
47 app.register_blueprint(vulnerability, url_prefix='/vulnerability') | 47 app.register_blueprint(vulnerability, url_prefix='/vulnerability') |
48 app.register_blueprint(producttree, url_prefix='/producttree') | 48 app.register_blueprint(producttree, url_prefix='/producttree') |
49 | 49 |
50 app.wsgi_app = ReverseProxied(app.wsgi_app) | 50 app.wsgi_app = ReverseProxied(app.wsgi_app) |
51 | 51 |
81 | 81 |
82 @app.template_filter('secure_filename') | 82 @app.template_filter('secure_filename') |
83 def makeId(string): | 83 def makeId(string): |
84 return secure_filename(string) | 84 return secure_filename(string) |
85 | 85 |
86 @app.route('/') | |
87 def welcome(): | |
88 return render_template('welcome.j2') | |
89 | |
86 @app.route('/new', methods=['GET', 'POST']) | 90 @app.route('/new', methods=['GET', 'POST']) |
87 def new(): | 91 def new(): |
88 if request.method != 'POST': | 92 if request.method != 'POST': |
89 return render_template('new.j2', has_document=has_current(), now=utcnow()) | 93 return render_template('new.j2', has_document=has_current(), now=utcnow()) |
90 | 94 |
102 os.remove(fpath) | 106 os.remove(fpath) |
103 elif 'text' in request.form: | 107 elif 'text' in request.form: |
104 set_current(parse(request.form['text'].encode('utf-8'))) | 108 set_current(parse(request.form['text'].encode('utf-8'))) |
105 else: | 109 else: |
106 set_current(CVRF(request.form['title'], request.form['type'])) | 110 set_current(CVRF(request.form['title'], request.form['type'])) |
107 return redirect(url_for('document')) | 111 return redirect(url_for('document.view')) |
108 | |
109 @app.route('/') | |
110 @document_required | |
111 def document(): | |
112 cvrf = get_current() | |
113 return render_template('doc.j2', cvrf=cvrf) | |
114 | |
115 @app.route('/title/edit', methods=['GET', 'POST']) | |
116 @document_required | |
117 def edit_title(): | |
118 if request.method != 'POST': | |
119 return render_template('edit_title.j2', title = get_current()._title, _type = get_current()._type) | |
120 | |
121 | |
122 get_current()._title = request.form['title'] | |
123 get_current()._type = request.form['type'] | |
124 return redirect(url_for('document')) | |
125 | |
126 @app.route('/publisher/edit', methods=['GET', 'POST']) | |
127 @document_required | |
128 def edit_publisher(): | |
129 if request.method != 'POST': | |
130 return render_template('edit_publisher.j2', publisher = get_current()._publisher or CVRFPublisher(''), types=CVRFPublisher.TYPES) | |
131 | |
132 publisher = CVRFPublisher(request.form['type'], request.form['vendorid'] or None) | |
133 publisher.setContact(request.form['contact'] or None) | |
134 publisher.setAuthority(request.form['authority'] or None) | |
135 get_current().setPublisher(publisher) | |
136 return redirect(url_for('document')) | |
137 | |
138 @app.route('/tracking/edit', methods=['GET', 'POST']) | |
139 @document_required | |
140 def edit_tracking(): | |
141 wasNone = False | |
142 tracking = get_current()._tracking | |
143 if tracking is None: | |
144 wasNone = True | |
145 tracking = CVRFTracking(CVRFTrackingID(''), 'Draft', (0,), utcnow(), utcnow()) | |
146 generator = tracking._generator | |
147 if not tracking._generator: | |
148 generator = CVRFGenerator() | |
149 if request.method != 'POST': | |
150 return render_template('edit_tracking.j2', tracking=tracking, version='.'.join('%s'%v for v in tracking._version), generator=generator, now=utcnow(), statuses=tracking.STATUSES) | |
151 | |
152 tracking._identification._id = request.form['id'] | |
153 aliases = [] | |
154 if request.form['id_aliases']: | |
155 aliases = [a.strip() for a in request.form['id_aliases'].split(',')] | |
156 tracking._identification._aliases = aliases | |
157 tracking._status = request.form['status'] | |
158 tracking._version = parseVersion(request.form['version']) | |
159 tracking._initialDate = parseDate(request.form['initial']) | |
160 tracking._currentDate = parseDate(request.form['current']) | |
161 if wasNone: | |
162 get_current().setTracking(tracking) | |
163 if (not request.form['gen_engine']) and (not request.form['gen_date']): | |
164 generator = None | |
165 else: | |
166 generator._engine = request.form['gen_engine'] or None | |
167 if request.form['gen_date']: | |
168 generator._date = parseDate(request.form['gen_date']) | |
169 else: | |
170 generator._date = None | |
171 tracking.setGenerator(generator) | |
172 return redirect(url_for('document')) | |
173 | |
174 @app.route('/revision/<int:index>/edit', methods=['GET', 'POST']) | |
175 @document_required | |
176 def edit_revision(index): | |
177 cvrf = get_current() | |
178 if cvrf._tracking is None: | |
179 abort(404) | |
180 try: | |
181 revision = cvrf._tracking._history[index] | |
182 except IndexError: | |
183 abort(404) | |
184 if request.method != 'POST': | |
185 return render_template('edit_revision.j2', number='.'.join('%s'%v for v in revision._number), date=revision._date, description=revision._description, action='Update') | |
186 | |
187 revision._number = parseVersion(request.form['number']) | |
188 revision._date = parseDate(request.form['date']) | |
189 revision._description = request.form['description'] | |
190 return redirect(url_for('document')) | |
191 | |
192 @app.route('/revision/add', methods=['GET', 'POST']) | |
193 @document_required | |
194 def add_revision(): | |
195 tracking = get_current()._tracking | |
196 if request.method != 'POST': | |
197 version = tracking._version | |
198 version = version[:-1] + (version[-1] + 1,) | |
199 return render_template('edit_revision.j2', number='.'.join("%d"%v for v in version), date=utcnow(), action='Add') | |
200 | |
201 version = parseVersion(request.form['number']) | |
202 date = parseDate(request.form['date']) | |
203 revision = CVRFRevision(version, date, request.form['description']) | |
204 tracking.addRevision(revision) | |
205 if 'update_tracking' in request.form: | |
206 tracking._version = version | |
207 tracking._currentDate = date | |
208 return redirect(url_for('document')) | |
209 | |
210 @app.route('/distribution/edit', methods=['GET', 'POST']) | |
211 @document_required | |
212 def edit_distribution(): | |
213 if request.method != 'POST': | |
214 return render_template('edit_distribution.j2', distribution=get_current()._distribution) | |
215 | |
216 get_current().setDistribution(request.form['distribution']) | |
217 return redirect(url_for('document')) | |
218 | |
219 @app.route('/severity/edit', methods=['GET', 'POST']) | |
220 @document_required | |
221 def edit_severity(): | |
222 severity = get_current()._aggregateseverity | |
223 if severity is None: | |
224 severity = CVRFAggregateSeverity('') | |
225 if request.method != 'POST': | |
226 return render_template('edit_severity.j2', severity=severity) | |
227 if not request.form['severity']: | |
228 severity = None | |
229 else: | |
230 severity._severity = request.form['severity'] | |
231 severity.setNamespace(request.form['namespace'] or None) | |
232 get_current().setAggregateSeverity(severity) | |
233 return redirect(url_for('document')) | |
234 | |
235 @app.route('/note/<int:ordinal>') | |
236 @document_required | |
237 def view_note(ordinal): | |
238 note = get_current().getNote(ordinal) | |
239 if note is None: | |
240 abort(404) | |
241 return render_template('view_note.j2', note=note) | |
242 | |
243 @app.route('/note/<int:ordinal>/edit', methods=['GET', 'POST']) | |
244 @document_required | |
245 def edit_note(ordinal): | |
246 note = get_current().getNote(ordinal) | |
247 if note is None: | |
248 abort(404) | |
249 if request.method != 'POST': | |
250 return render_template('edit_note.j2', note=note, types = note.TYPES) | |
251 | |
252 note._type = request.form['type'] | |
253 note._ordinal = int(request.form['ordinal']) | |
254 note._note = request.form['note'] | |
255 note._title = request.form['title'] or None | |
256 note._audience = request.form['audience'] or None | |
257 return redirect(url_for('view_note', ordinal=note._ordinal )) | |
258 | |
259 | |
260 @app.route('/note/add', methods=['GET', 'POST']) | |
261 @document_required | |
262 def add_note(): | |
263 if request.method != 'POST': | |
264 next_ordinal = 1 | |
265 notes = get_current()._notes | |
266 if notes: | |
267 next_ordinal = notes[-1]._ordinal + 1 | |
268 return render_template('edit_note.j2', ordinal=next_ordinal, types=CVRFNote.TYPES, action='Add') | |
269 | |
270 title = None | |
271 audience = None | |
272 title = request.form['title'] or None | |
273 audience = request.form['audience'] or None | |
274 | |
275 note = CVRFNote(request.form['type'], int(request.form['ordinal']), request.form['note'], title, audience) | |
276 get_current().addNote(note) | |
277 return redirect(url_for('document')) | |
278 | |
279 @app.route('/reference/<int:index>/edit', methods=['GET', 'POST']) | |
280 @document_required | |
281 def edit_reference(index): | |
282 try: | |
283 ref = get_current()._references[index] | |
284 except IndexError: | |
285 abort(404) | |
286 if request.method != 'POST': | |
287 return render_template('edit_reference.j2', _type=ref._type, url=ref._url, description=ref._description, types=('',) + ref.TYPES) | |
288 | |
289 ref._type = request.form['type'] or None | |
290 ref._url = request.form['url'] | |
291 ref._description = request.form['description'] | |
292 return redirect(url_for('document')) | |
293 | |
294 | |
295 @app.route('/reference/add', methods=['GET', 'POST']) | |
296 @document_required | |
297 def add_reference(): | |
298 if request.method != 'POST': | |
299 return render_template('edit_reference.j2', action='Add', types=('',) + CVRFReference.TYPES) | |
300 | |
301 ref = CVRFReference(request.form['url'], request.form['description'], request.form['type'] or None) | |
302 get_current().addReference(ref) | |
303 return redirect(url_for('document')) | |
304 | |
305 @app.route('/acknowledgment/<int:index>') | |
306 @document_required | |
307 def view_acknowledgment(index): | |
308 try: | |
309 ack = get_current()._acknowledgments[index] | |
310 except IndexError: | |
311 abort(404) | |
312 return render_template('view_acknowledgment.j2', acknowledgment=ack, index=index, action='Update') | |
313 | |
314 @app.route('/acknowledgment/<int:index>/edit', methods=['GET', 'POST']) | |
315 @document_required | |
316 def edit_acknowledgment(index): | |
317 try: | |
318 ack = get_current()._acknowledgments[index] | |
319 except IndexError: | |
320 abort(404) | |
321 if request.method != 'POST': | |
322 return render_template('edit_acknowledgment.j2', name=ack._name, organization=ack._organization, description=ack._description, url=ack._url, action='Update') | |
323 | |
324 ack._name = request.form['name'] or None | |
325 ack._organization = request.form['organization'] or None | |
326 ack._description = request.form['description'] or None | |
327 ack._url = request.form['url'] or None | |
328 return redirect(url_for('document')) | |
329 | |
330 @app.route('/acknowledgment/add', methods=['GET', 'POST']) | |
331 @document_required | |
332 def add_acknowledgment(): | |
333 if request.method != 'POST': | |
334 return render_template('edit_acknowledgment.j2', action='Add') | |
335 | |
336 ack = CVRFAcknowledgment() | |
337 ack._name = request.form['name'] or None | |
338 ack._organization = request.form['organization'] or None | |
339 ack._description = request.form['description'] or None | |
340 ack._url = request.form['url'] or None | |
341 get_current().addAcknowledgment(ack) | |
342 return redirect(url_for('document')) | |
343 | |
344 | 112 |
345 @app.route('/render/<format_>') | 113 @app.route('/render/<format_>') |
346 @document_required | 114 @document_required |
347 def render(format_): | 115 def render(format_): |
348 cvrf = get_current() | 116 cvrf = get_current() |
378 with open(fpath, 'rt') as f: | 146 with open(fpath, 'rt') as f: |
379 set_current(parse(f)) | 147 set_current(parse(f)) |
380 os.remove(fpath) | 148 os.remove(fpath) |
381 flash('"%s" has been removed from cache' % element) | 149 flash('"%s" has been removed from cache' % element) |
382 # Get some kind of id, and load the file. | 150 # Get some kind of id, and load the file. |
383 return redirect(url_for('document')) | 151 return redirect(url_for('document.view')) |
384 | 152 |
385 @app.route('/about') | 153 @app.route('/about') |
386 def about(): | 154 def about(): |
387 return render_template('about.j2', instance_dir=app.instance_path) | 155 return render_template('about.j2', instance_dir=app.instance_path) |
388 | 156 |