Mercurial > farol > farol
view farol/main.py @ 125:67c4b299736e
Update look-and-feel
| author | Benoît Allard <benoit.allard@greenbone.net> |
|---|---|
| date | Thu, 23 Oct 2014 16:18:30 +0200 |
| parents | 65341d05a8f8 |
| children | 75c053bf2c3a |
line wrap: on
line source
# -*- encoding: utf-8 -*- # Description: # Farol Web Application # # Authors: # BenoƮt Allard <benoit.allard@greenbone.net> # # Copyright: # Copyright (C) 2014 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. import os import logging from logging import FileHandler import platform import urllib2 from xml.etree import ElementTree as ET import farolluz from farolluz.cvrf import CVRF, ValidationError from farolluz.parsers.cvrf import parse from farolluz.py2 import urlopen from farolluz.renderer import render as render_cvrf from farolluz.utils import utcnow import flask from flask import (Flask, request, render_template, redirect, url_for, flash, make_response) from werkzeug import secure_filename from . import __version__, cache from .document import document from .session import get_current, set_current, has_current, document_required from .vulnerability import vulnerability from .producttree import producttree app = Flask(__name__, instance_relative_config=True) app.config.from_object('farol.config.Config') app.config.from_pyfile('farol.cfg', silent=True) app.register_blueprint(cache.mod, url_prefix='/cache') app.register_blueprint(document, url_prefix='/document') app.register_blueprint(vulnerability, url_prefix='/vulnerability') app.register_blueprint(producttree, url_prefix='/producttree') file_handler = FileHandler(os.path.join(app.instance_path, 'farol.log')) file_handler.setLevel(logging.WARNING) app.logger.addHandler(file_handler) @app.context_processor def cache_content(): """ List the documents in cache """ return dict(caching=cache.caching_type(), cache=cache.cache_content()) @app.context_processor def doc_properties(): if not has_current(): return {'has_current': False} cvrf = get_current() vulns = [(v.getTitle(), v._ordinal) for v in cvrf._vulnerabilities] prods = [] if cvrf._producttree: prods = [(p._name, p._productid) for p in cvrf._producttree._products] try: cvrf.validate() error = None except ValidationError as ve: error = ve return dict(has_current=True, vulnerabilities=vulns, products=prods, error=error, current_id=cvrf.getDocId()) @app.template_filter('secure_filename') def makeId(string): return secure_filename(string) @app.route('/') def welcome(): return render_template('welcome.j2', version=__version__, imports=[('New', 100), ('CVRF', 100)], exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('OVAL', 5) ], use_cases=[('Create a security advisory and publish as CVRF', 100), ('Edit a security advisory in CVRF format', 100)] ) def set_url(url): try: content = urlopen(url).read() except urllib2.HTTPError as e: flash('Unable to retrieve %s: %s' % (url, e)) return set_text(content) def set_RHSA(id_): # validate input if ':' not in id_: flash('Wrong RHSA id: %s' % id_) return year, index = id_.split(':', 1) try: int(year) int(index) except ValueError: flash('Wrong RHSA id: %s' % id_) return # Process it set_url("https://www.redhat.com/security/data/cvrf/%(year)s/cvrf-rhsa-%(year)s-%(index)s.xml" % {'year': year, 'index': index}) def set_oracle(id_): try: int(id_) except ValueError: flash('Wrong Oracle id: %s' % id_) return set_url("http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/%s.xml" % id_) def set_cisco(id_): if id_.count('-') < 2: flash('Wrong cisco id: %s' % id_) return kind, date, name = id_.split('-', 2) try: kind = {'sa': 'Advisory', 'sr': 'Response'}[kind] except KeyError: flash('Wrong cisco id: %s' % id_) return set_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_}) def set_text(text): try: doc = parse(text) except ET.ParseError as e: flash('Unable to parse Document: %s' % e) return set_current(doc) @app.route('/new', methods=['GET', 'POST']) def new(): if request.method != 'POST': return render_template('new.j2', has_document=has_current(), now=utcnow()) if 'rhsa' in request.form: set_RHSA(request.form['id']) elif 'oracle' in request.form: set_oracle(request.form['id']) elif 'cisco' in request.form: set_cisco(request.form['id']) elif 'nasl' in request.form: flash("I'm not able to parse NASL scripts yet", 'danger') return redirect(url_for('new')) elif 'url' in request.form: set_url(request.form['url']) elif 'local' in request.files: upload = request.files['local'] if not upload.filename.endswith('.xml'): flash('Uploaded files should end in .xml', 'danger') return redirect(url_for('new')) fpath = os.path.join(app.instance_path, 'tmp', secure_filename(upload.filename)) if not os.path.exists(os.path.dirname(fpath)): os.makedirs(os.path.dirname(fpath)) upload.save(fpath) with open(fpath, 'rt') as f: set_text(f.read()) os.remove(fpath) elif 'text' in request.form: set_text(request.form['text'].encode('utf-8')) else: set_current(CVRF(request.form['title'], request.form['type'])) return redirect(url_for('document.view')) @app.route('/render/<format_>') @document_required def render(format_): cvrf = get_current() doc = render_cvrf(cvrf, format_ + '.j2') if 'raw' not in request.args: return render_template('render.j2', format_=format_, title=cvrf._title, type_=cvrf._type, doc=doc) response = make_response(doc) filename = secure_filename(cvrf.getDocId()) + "." + format_ response.headers["content-disposition"] = 'attachement; filename=' + filename response.headers["content-type"] = 'text/plain' return response @app.route('/about') def about(): versions = ((platform.python_implementation(), platform.python_version()), ('Farol', __version__), ('FarolLuz', farolluz.__version__), ('Flask', flask.__version__)) return render_template('about.j2', instance_dir=app.instance_path, versions=versions)