Mercurial > farol > farol
view farol/main.py @ 15:f8d51aaac8bc
Display sessionID in about page as well as various versions
author | Benoît Allard <benoit.allard@greenbone.net> |
---|---|
date | Tue, 30 Sep 2014 14:45:03 +0200 |
parents | d5265a0da13a |
children | deced0345829 |
line wrap: on
line source
# -*- encoding: utf-8 -*- # Description: # Farol Web Application # # Authors: # BenoƮt Allard <benoit.allard@greenbone.net> # # Copyright: # Copyright (C) 2014 Greenbone Networks GmbH # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. import os import logging from logging import FileHandler import farolluz from farolluz.cvrf import CVRF, ValidationError from farolluz.parsers.cvrf import parse from farolluz.py2 import urlopen from farolluz.renderer import render as render_cvrf from farolluz.utils import utcnow import flask from flask import Flask, request, render_template, redirect, url_for, flash from werkzeug import secure_filename from . import __version__, cache from .document import document from .session import get_current, set_current, has_current, document_required from .vulnerability import vulnerability from .producttree import producttree app = Flask(__name__, instance_relative_config=True) app.config.from_object('farol.config.Config') app.config.from_pyfile('farol.cfg', silent=True) app.register_blueprint(cache.mod, url_prefix='/cache') app.register_blueprint(document, url_prefix='/document') app.register_blueprint(vulnerability, url_prefix='/vulnerability') app.register_blueprint(producttree, url_prefix='/producttree') file_handler = FileHandler(os.path.join(app.instance_path, 'farol.log')) file_handler.setLevel(logging.WARNING) app.logger.addHandler(file_handler) @app.context_processor def cache_content(): """ List the documents in cache """ return dict(caching=cache.caching_type(), cache=cache.cache_content()) @app.context_processor def doc_properties(): if not has_current(): return {'has_current': False} cvrf = get_current() vulns = [(v.getTitle(), v._ordinal) for v in cvrf._vulnerabilities] prods = [] if cvrf._producttree: prods = [(p._name, p._productid) for p in cvrf._producttree._products] try: cvrf.validate() error = None except ValidationError as ve: error = ve return dict(has_current=True, vulnerabilities=vulns, products=prods, error=error) @app.template_filter('secure_filename') def makeId(string): return secure_filename(string) @app.route('/') def welcome(): return render_template('welcome.j2') def parse_url(url): set_current(parse(urlopen(url).read())) @app.route('/new', methods=['GET', 'POST']) def new(): if request.method != 'POST': return render_template('new.j2', has_document=has_current(), now=utcnow()) if 'rhsa' in request.form: year, index = request.form['id'].split(':') parse_url("https://www.redhat.com/security/data/cvrf/%(year)s/cvrf-rhsa-%(year)s-%(index)s.xml" % {'year': year, 'index': index}) elif 'oracle' in request.form: parse_url("http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/%s.xml" % request.form['id']) elif 'cisco' in request.form: kind, date, name = request.form['id'].split('-', 2) kind = {'sa': 'Advisory', 'sr': 'Response'}[kind] parse_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': request.form['id']}) elif 'nasl' in request.form: flash("I'm not able to parse NASL scripts yet", 'danger') return redirect(url_for('new')) elif 'url' in request.form: parse_url(request.form['url']) elif 'local' in request.files: upload = request.files['local'] if not upload.filename.endswith('.xml'): flash('Uploaded files should end in .xml', 'danger') return redirect(url_for('new')) fpath = os.path.join('/tmp', secure_filename(upload.filename)) upload.save(fpath) with open(fpath, 'rt') as f: set_current(parse(f)) os.remove(fpath) elif 'text' in request.form: set_current(parse(request.form['text'].encode('utf-8'))) else: set_current(CVRF(request.form['title'], request.form['type'])) return redirect(url_for('document.view')) @app.route('/render/<format_>') @document_required def render(format_): cvrf = get_current() doc = render_cvrf(cvrf, format_ + '.j2') return render_template('render.j2', format_=format_, title=cvrf._title, type_=cvrf._type, doc=doc ) @app.route('/about') def about(): versions = (('farol', __version__), ('farolluz', farolluz.__version__), ('flask', flask.__version__)) return render_template('about.j2', instance_dir=app.instance_path, versions=versions)