Mercurial > farol > farol
view farol/controller.py @ 127:d49c1ee6bc07
Harden server-side version parsing
| author | Benoît Allard <benoit.allard@greenbone.net> |
|---|---|
| date | Thu, 23 Oct 2014 16:50:02 +0200 |
| parents | 5535ac5fef37 |
| children | d2588d88d47a |
line wrap: on
line source
# -*- encoding: utf-8 -*- # Description: # Common controller Web stuffs # # Authors: # BenoƮt Allard <benoit.allard@greenbone.net> # # Copyright: # Copyright (C) 2014 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. """\ Some common routines for handling of Notes, Acknowledgments and Reference that is shared for the Document and the Vulnerabilities. """ import re from datetime import datetime, timedelta try: from datetime import timezone except ImportError: from farolluz.py2 import FixedTimeZone as timezone from flask import request from farolluz.cvrf import CVRFNote, CVRFReference, CVRFAcknowledgment from farolluz.parsers.cvrf import parseDate as parseXMLDate, parseVersion as parseXMLVersion def split_fields(field, separator=','): if not field: return [] return [f.strip() for f in field.split(separator)] def update_note_from_request(note): note._type = request.form['type'] note._ordinal = int(request.form['ordinal']) note._note = request.form['note'] note._title = request.form['title'] or None note._audience = request.form['audience'] or None def create_note_from_request(): title = request.form['title'] or None audience = request.form['audience'] or None return CVRFNote(request.form['type'], int(request.form['ordinal']), request.form['note'], title, audience) def update_reference_from_request(ref): ref._type = request.form['type'] or None ref._url = request.form['url'] ref._description = request.form['description'] def create_reference_from_request(): return CVRFReference(request.form['url'], request.form['description'], request.form['type'] or None) def update_acknowledgment_from_request(ack): ack._names = split_fields(request.form['names']) ack._organizations = split_fields(request.form['organizations']) ack._description = request.form['description'] or None ack._url = request.form['url'] or None def create_acknowledgment_from_request(): ack = CVRFAcknowledgment() ack._names = split_fields(request.form['names']) ack._organizations = split_fields(request.form['organizations']) ack._description = request.form['description'] or None ack._url = request.form['url'] or None return ack def parseDate(string): """ An extended version of the XML parser's one, that also unsderstand date without time. """ try: return parseXMLDate(string) except AttributeError: pass # Absorb AttributeError, and try to parse it a second time ... m = re.match('(\d{4})-(\d{2})-(\d{2})', string) return datetime(int(m.group(1)), int(m.group(2)), int(m.group(3)), tzinfo=timezone(timedelta(hours=0, minutes=0))) def parseVersion(string): """ An extended version, one that doesn't throw exceptions """ try: return parseXMLVersion(string) except ValueError: return None