Mercurial > farol > farol

view farol/main.py @ 15:f8d51aaac8bc

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Display sessionID in about page as well as various versions
author Benoît Allard <benoit.allard@greenbone.net>
date Tue, 30 Sep 2014 14:45:03 +0200
parents d5265a0da13a
children deced0345829
line wrap: on
line source
# -*- encoding: utf-8 -*-
# Description:
# Farol Web Application
#
# Authors:
# BenoƮt Allard <benoit.allard@greenbone.net>
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

import os
import logging
from logging import FileHandler

import farolluz
from farolluz.cvrf import CVRF, ValidationError
from farolluz.parsers.cvrf import parse
from farolluz.py2 import urlopen
from farolluz.renderer import render as render_cvrf
from farolluz.utils import utcnow

import flask
from flask import Flask, request, render_template, redirect, url_for, flash
from werkzeug import secure_filename

from . import __version__, cache
from .document import document
from .session import get_current, set_current, has_current, document_required
from .vulnerability import vulnerability
from .producttree import producttree

app = Flask(__name__, instance_relative_config=True)
app.config.from_object('farol.config.Config')
app.config.from_pyfile('farol.cfg', silent=True)

app.register_blueprint(cache.mod, url_prefix='/cache')
app.register_blueprint(document, url_prefix='/document')
app.register_blueprint(vulnerability, url_prefix='/vulnerability')
app.register_blueprint(producttree, url_prefix='/producttree')

file_handler = FileHandler(os.path.join(app.instance_path, 'farol.log'))
file_handler.setLevel(logging.WARNING)
app.logger.addHandler(file_handler)

@app.context_processor
def cache_content():
    """ List the documents in cache """
    return dict(caching=cache.caching_type(),
                cache=cache.cache_content())

@app.context_processor
def doc_properties():
    if not has_current():
        return {'has_current': False}
    cvrf = get_current()
    vulns = [(v.getTitle(), v._ordinal) for v in cvrf._vulnerabilities]
    prods = []
    if cvrf._producttree:
        prods = [(p._name, p._productid) for p in cvrf._producttree._products]
    try:
        cvrf.validate()
        error = None
    except ValidationError as ve:
        error = ve
    return dict(has_current=True, vulnerabilities=vulns, products=prods, error=error)

@app.template_filter('secure_filename')
def makeId(string):
    return secure_filename(string)

@app.route('/')
def welcome():
    return render_template('welcome.j2')

def parse_url(url):
    set_current(parse(urlopen(url).read()))

@app.route('/new', methods=['GET', 'POST'])
def new():
    if request.method != 'POST':
        return render_template('new.j2', has_document=has_current(), now=utcnow())

    if 'rhsa' in request.form:
        year, index = request.form['id'].split(':')
        parse_url("https://www.redhat.com/security/data/cvrf/%(year)s/cvrf-rhsa-%(year)s-%(index)s.xml" % {'year': year, 'index': index})
    elif 'oracle' in request.form:
        parse_url("http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/%s.xml" % request.form['id'])
    elif 'cisco' in request.form:
        kind, date, name = request.form['id'].split('-', 2)
        kind = {'sa': 'Advisory', 'sr': 'Response'}[kind]
        parse_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': request.form['id']})
    elif 'nasl' in request.form:
        flash("I'm not able to parse NASL scripts yet", 'danger')
        return redirect(url_for('new'))
    elif 'url' in request.form:
        parse_url(request.form['url'])
    elif 'local' in request.files:
        upload = request.files['local']
        if not upload.filename.endswith('.xml'):
            flash('Uploaded files should end in .xml', 'danger')
            return redirect(url_for('new'))
        fpath = os.path.join('/tmp', secure_filename(upload.filename))
        upload.save(fpath)
        with open(fpath, 'rt') as f:
            set_current(parse(f))
        os.remove(fpath)
    elif 'text' in request.form:
        set_current(parse(request.form['text'].encode('utf-8')))
    else:
        set_current(CVRF(request.form['title'], request.form['type']))
    return redirect(url_for('document.view'))

@app.route('/render/<format_>')
@document_required
def render(format_):
    cvrf = get_current()
    doc = render_cvrf(cvrf, format_ + '.j2')
    return render_template('render.j2', format_=format_, title=cvrf._title, type_=cvrf._type, doc=doc )

@app.route('/about')
def about():
    versions = (('farol', __version__), ('farolluz', farolluz.__version__), ('flask', flask.__version__))
    return render_template('about.j2', instance_dir=app.instance_path, versions=versions)
http://farol.wald.intevation.org