# HG changeset patch # User BenoƮt Allard # Date 1412086983 -7200 # Node ID deced0345829e29173f9f62ecd44015b8a12d8ea # Parent eedf9606ab33ed2faa864f458b3dff11e7f0edb2 Add more error handling in the /new page. diff -r eedf9606ab33 -r deced0345829 farol/main.py --- a/farol/main.py Tue Sep 30 15:12:25 2014 +0200 +++ b/farol/main.py Tue Sep 30 16:23:03 2014 +0200 @@ -25,6 +25,8 @@ import os import logging from logging import FileHandler +import urllib2 +from xml.etree import ElementTree as ET import farolluz from farolluz.cvrf import CVRF, ValidationError @@ -86,8 +88,49 @@ def welcome(): return render_template('welcome.j2') -def parse_url(url): - set_current(parse(urlopen(url).read())) +def set_url(url): + try: content = urlopen(url).read() + except urllib2.HTTPError as e: + flash('Unable to retrieve %s: %s' % (url, e)) + return + try: doc = parse(content) + except ET.ParseError as e: + flash('Unable to parse %s: %s' % (url, e)) + return + set_current(doc) + +def set_RHSA(id_): + # validate input + if ':' not in id_: + flash('Wrong RHSA id: %s' % id_) + return + year, index = id_.split(':', 1) + try: + int(year) + int(index) + except ValueError: + flash('Wrong RHSA id: %s' % id_) + return + # Process it + set_url("https://www.redhat.com/security/data/cvrf/%(year)s/cvrf-rhsa-%(year)s-%(index)s.xml" % {'year': year, 'index': index}) + +def set_oracle(id_): + try: int(id_) + except ValueError: + flash('Wrong Oracle id: %s' % id_) + return + set_url("http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/%s.xml" % id_) + +def set_cisco(id_): + if id_.count('-') < 2: + flash('Wrong cisco id: %s' % id_) + return + kind, date, name = id_.split('-', 2) + try: kind = {'sa': 'Advisory', 'sr': 'Response'}[kind] + except KeyError: + flash('Wrong cisco id: %s' % id_) + return + set_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_}) @app.route('/new', methods=['GET', 'POST']) def new(): @@ -95,19 +138,16 @@ return render_template('new.j2', has_document=has_current(), now=utcnow()) if 'rhsa' in request.form: - year, index = request.form['id'].split(':') - parse_url("https://www.redhat.com/security/data/cvrf/%(year)s/cvrf-rhsa-%(year)s-%(index)s.xml" % {'year': year, 'index': index}) + set_RHSA(request.form['id']) elif 'oracle' in request.form: - parse_url("http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/%s.xml" % request.form['id']) + set_oracle(request.form['id']) elif 'cisco' in request.form: - kind, date, name = request.form['id'].split('-', 2) - kind = {'sa': 'Advisory', 'sr': 'Response'}[kind] - parse_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': request.form['id']}) + set_cisco(request.form['id']) elif 'nasl' in request.form: flash("I'm not able to parse NASL scripts yet", 'danger') return redirect(url_for('new')) elif 'url' in request.form: - parse_url(request.form['url']) + set_url(request.form['url']) elif 'local' in request.files: upload = request.files['local'] if not upload.filename.endswith('.xml'):