Mercurial > farol > farol
view farol/main.py @ 160:a7ce1660aaaf
Add a checkbox macro
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Tue, 30 Dec 2014 14:10:50 +0100 |
parents | 0a5b5b5549cb |
children | 5df0bef667ea 57b65e7765c1 |
line wrap: on
line source
# -*- encoding: utf-8 -*- # Description: # Farol Web Application # # Authors: # BenoƮt Allard <benoit.allard@greenbone.net> # # Copyright: # Copyright (C) 2014 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. import os import logging from logging import FileHandler import platform import urllib2 from xml.etree import ElementTree as ET import farolluz from farolluz.cvrf import CVRF, ValidationError from farolluz.parsers.cvrf import parse from farolluz.renderer import render as render_cvrf from farolluz.utils import utcnow import flask from flask import (Flask, request, render_template, redirect, url_for, flash, make_response, abort) from werkzeug import secure_filename import jinja2 from . import __version__, cache from .document import document from .session import get_current, set_current, has_current, document_required from .vulnerability import vulnerability from .producttree import producttree app = Flask(__name__, instance_relative_config=True) app.config.from_object('farol.config.Config') app.config.from_pyfile('farol.cfg', silent=True) app.register_blueprint(cache.mod, url_prefix='/cache') app.register_blueprint(document, url_prefix='/document') app.register_blueprint(vulnerability, url_prefix='/vulnerability') app.register_blueprint(producttree, url_prefix='/producttree') file_handler = FileHandler(os.path.join(app.instance_path, 'farol.log')) file_handler.setLevel(logging.WARNING) app.logger.addHandler(file_handler) @app.context_processor def cache_content(): """ List the documents in cache """ return dict(caching=cache.caching_type(), cache=cache.cache_content()) @app.context_processor def doc_properties(): if not has_current(): return {'has_current': False} cvrf = get_current() vulns = [(v.getTitle(), v._ordinal) for v in cvrf._vulnerabilities] prods = [] if cvrf._producttree: prods = [(p._name, p._productid) for p in cvrf._producttree._products] try: cvrf.validate() error = None except ValidationError as ve: error = ve return dict(has_current=True, vulnerabilities=vulns, products=prods, error=error, current_id=cvrf.getDocId()) @app.template_filter('secure_filename') def makeId(string): return secure_filename(string) @app.errorhandler(400) @app.errorhandler(404) @app.errorhandler(405) @app.errorhandler(500) def error_page(error): return render_template('error.j2', e=error), getattr(error, 'code', 500) @app.route('/500') def boom(): abort(500) @app.route('/') def welcome(): return render_template('welcome.j2', version=__version__, imports=[('New', 100), ('CVRF', 100)], exports=[('CVRF', 100), ('OpenVAS NASL from RHSA', 85), ('OVAL', 5) ], use_cases=[('Create a security advisory and publish as CVRF', 100), ('Edit a security advisory in CVRF format', 100)] ) def download_url(url): proxy_host = app.config.get('PROXY_HOST', '') if proxy_host: proxy = urllib2.ProxyHandler({'http': proxy_host, 'https': proxy_host}) opener = urllib2.build_opener(proxy) urllib2.install_opener(opener) try: content = urllib2.urlopen(url).read() except urllib2.HTTPError as e: flash('Unable to retrieve %s: %s' % (url, e)) return set_text(content) def set_RHSA(id_): # validate input if ':' not in id_: flash('Wrong RHSA id: %s' % id_) return year, index = id_.split(':', 1) try: int(year) int(index) except ValueError: flash('Wrong RHSA id: %s' % id_) return # Process it download_url("https://www.redhat.com/security/data/cvrf/%(year)s/cvrf-rhsa-%(year)s-%(index)s.xml" % {'year': year, 'index': index}) def set_oracle(id_): try: int(id_) except ValueError: flash('Wrong Oracle id: %s' % id_) return download_url("http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/%s.xml" % id_) def set_cisco(id_): if id_.count('-') < 2: flash('Wrong cisco id: %s' % id_) return kind, date, name = id_.split('-', 2) try: kind = {'sa': 'Advisory', 'sr': 'Response'}[kind] except KeyError: flash('Wrong cisco id: %s' % id_) return download_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_}) def set_text(text): try: doc = parse(text) except ET.ParseError as e: flash('Unable to parse Document: %s' % e) return set_current(doc) @app.route('/new', methods=['GET', 'POST']) def new(): if request.method != 'POST': return render_template('new.j2', has_document=has_current(), now=utcnow()) if 'rhsa' in request.form: set_RHSA(request.form['id']) elif 'oracle' in request.form: set_oracle(request.form['id']) elif 'cisco' in request.form: set_cisco(request.form['id']) elif 'nasl' in request.form: flash("I'm not able to parse NASL scripts yet", 'danger') return redirect(url_for('new')) elif 'url' in request.form: download_url(request.form['url']) elif 'local' in request.files: upload = request.files['local'] fpath = os.path.join(app.instance_path, 'tmp', secure_filename(upload.filename)) if not os.path.exists(os.path.dirname(fpath)): os.makedirs(os.path.dirname(fpath)) upload.save(fpath) with open(fpath, 'rt') as f: set_text(f.read()) os.remove(fpath) elif 'text' in request.form: set_text(request.form['text'].encode('utf-8')) else: set_current(CVRF(request.form['title'], request.form['type'])) return redirect(url_for('document.view')) @app.route('/render/<format_>') @document_required def render(format_): cvrf = get_current() doc = render_cvrf(cvrf, format_ + '.j2') if 'raw' not in request.args: return render_template('render.j2', format_=format_, title=cvrf._title, type_=cvrf._type, doc=doc) response = make_response(doc) filename = secure_filename(cvrf.getDocId()) + "." + format_ response.headers["content-disposition"] = 'attachement; filename=' + filename response.headers["content-type"] = 'text/plain' return response @app.route('/about') def about(): versions = ((platform.python_implementation(), platform.python_version()), ('Farol', __version__), ('FarolLuz', farolluz.__version__), ('Flask', flask.__version__), ('Jinja', jinja2.__version__)) return render_template('about.j2', instance_dir=app.instance_path, versions=versions)