Mercurial > farol > farol

view farol/main.py @ 12:4219d6fb4c38

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implement three kind of caches
author Benoît Allard <benoit.allard@greenbone.net>
date Tue, 30 Sep 2014 12:18:52 +0200
parents a32f9b86edb4
children d5265a0da13a
line wrap: on
line source
# -*- encoding: utf-8 -*-
# Description:
# Farol Web Application
#
# Authors:
# BenoƮt Allard <benoit.allard@greenbone.net>
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

import os

from farolluz.cvrf import CVRF, ValidationError
from farolluz.parsers.cvrf import parse
from farolluz.py2 import urlopen
from farolluz.renderer import render as render_cvrf
from farolluz.utils import utcnow

from flask import Flask, request, render_template, redirect, url_for, flash
from werkzeug import secure_filename

from . import cache
from .document import document
from .session import get_current, set_current, has_current, document_required
from .vulnerability import vulnerability
from .producttree import producttree

app = Flask(__name__, instance_relative_config=True)
app.config.from_object('farol.config.Config')
app.config.from_pyfile('farol.cfg', silent=True)

app.register_blueprint(cache.mod, url_prefix='/cache')
app.register_blueprint(document, url_prefix='/document')
app.register_blueprint(vulnerability, url_prefix='/vulnerability')
app.register_blueprint(producttree, url_prefix='/producttree')

if not app.debug:
    import logging
    from logging import FileHandler
    file_handler = FileHandler(os.path.join(app.instance_path, 'farol.log'))
    file_handler.setLevel(logging.WARNING)
    app.logger.addHandler(file_handler)

@app.context_processor
def cache_content():
    """ List the documents in cache """
    return dict(caching=cache.caching_type(),
                cache=cache.cache_content())

@app.context_processor
def doc_properties():
    if not has_current():
        return {'has_current': False}
    cvrf = get_current()
    vulns = [(v.getTitle(), v._ordinal) for v in cvrf._vulnerabilities]
    prods = []
    if cvrf._producttree:
        prods = [(p._name, p._productid) for p in cvrf._producttree._products]
    try:
        cvrf.validate()
        error = None
    except ValidationError as ve:
        error = ve
    return dict(has_current=True, vulnerabilities=vulns, products=prods, error=error)

@app.template_filter('secure_filename')
def makeId(string):
    return secure_filename(string)

@app.route('/')
def welcome():
    return render_template('welcome.j2')

def parse_url(url):
    set_current(parse(urlopen(url).read()))

@app.route('/new', methods=['GET', 'POST'])
def new():
    if request.method != 'POST':
        return render_template('new.j2', has_document=has_current(), now=utcnow())

    if 'rhsa' in request.form:
        year, index = request.form['id'].split(':')
        parse_url("https://www.redhat.com/security/data/cvrf/%(year)s/cvrf-rhsa-%(year)s-%(index)s.xml" % {'year': year, 'index': index})
    elif 'oracle' in request.form:
        parse_url("http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/%s.xml" % request.form['id'])
    elif 'cisco' in request.form:
        kind, date, name = request.form['id'].split('-', 2)
        kind = {'sa': 'Advisory', 'sr': 'Response'}[kind]
        parse_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': request.form['id']})
    elif 'nasl' in request.form:
        flash("I'm not able to parse NASL scripts yet", 'danger')
        return redirect(url_for('new'))
    elif 'url' in request.form:
        parse_url(request.form['url'])
    elif 'local' in request.files:
        upload = request.files['local']
        if not upload.filename.endswith('.xml'):
            flash('Uploaded files should end in .xml', 'danger')
            return redirect(url_for('new'))
        fpath = os.path.join('/tmp', secure_filename(upload.filename))
        upload.save(fpath)
        with open(fpath, 'rt') as f:
            set_current(parse(f))
        os.remove(fpath)
    elif 'text' in request.form:
        set_current(parse(request.form['text'].encode('utf-8')))
    else:
        set_current(CVRF(request.form['title'], request.form['type']))
    return redirect(url_for('document.view'))

@app.route('/render/<format_>')
@document_required
def render(format_):
    cvrf = get_current()
    doc = render_cvrf(cvrf, format_ + '.j2')
    return render_template('render.j2', format_=format_, title=cvrf._title, type_=cvrf._type, doc=doc )

@app.route('/about')
def about():
    return render_template('about.j2', instance_dir=app.instance_path)
http://farol.wald.intevation.org