Mercurial > farol
changeset 17:deced0345829
Add more error handling in the /new page.
| author | Benoît Allard <benoit.allard@greenbone.net> |
|---|---|
| date | Tue, 30 Sep 2014 16:23:03 +0200 |
| parents | eedf9606ab33 |
| children | d547b6a0038e |
| files | farol/main.py |
| diffstat | 1 files changed, 49 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/farol/main.py Tue Sep 30 15:12:25 2014 +0200 +++ b/farol/main.py Tue Sep 30 16:23:03 2014 +0200 @@ -25,6 +25,8 @@ import os import logging from logging import FileHandler +import urllib2 +from xml.etree import ElementTree as ET import farolluz from farolluz.cvrf import CVRF, ValidationError @@ -86,8 +88,49 @@ def welcome(): return render_template('welcome.j2') -def parse_url(url): - set_current(parse(urlopen(url).read())) +def set_url(url): + try: content = urlopen(url).read() + except urllib2.HTTPError as e: + flash('Unable to retrieve %s: %s' % (url, e)) + return + try: doc = parse(content) + except ET.ParseError as e: + flash('Unable to parse %s: %s' % (url, e)) + return + set_current(doc) + +def set_RHSA(id_): + # validate input + if ':' not in id_: + flash('Wrong RHSA id: %s' % id_) + return + year, index = id_.split(':', 1) + try: + int(year) + int(index) + except ValueError: + flash('Wrong RHSA id: %s' % id_) + return + # Process it + set_url("https://www.redhat.com/security/data/cvrf/%(year)s/cvrf-rhsa-%(year)s-%(index)s.xml" % {'year': year, 'index': index}) + +def set_oracle(id_): + try: int(id_) + except ValueError: + flash('Wrong Oracle id: %s' % id_) + return + set_url("http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/%s.xml" % id_) + +def set_cisco(id_): + if id_.count('-') < 2: + flash('Wrong cisco id: %s' % id_) + return + kind, date, name = id_.split('-', 2) + try: kind = {'sa': 'Advisory', 'sr': 'Response'}[kind] + except KeyError: + flash('Wrong cisco id: %s' % id_) + return + set_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': id_}) @app.route('/new', methods=['GET', 'POST']) def new(): @@ -95,19 +138,16 @@ return render_template('new.j2', has_document=has_current(), now=utcnow()) if 'rhsa' in request.form: - year, index = request.form['id'].split(':') - parse_url("https://www.redhat.com/security/data/cvrf/%(year)s/cvrf-rhsa-%(year)s-%(index)s.xml" % {'year': year, 'index': index}) + set_RHSA(request.form['id']) elif 'oracle' in request.form: - parse_url("http://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/%s.xml" % request.form['id']) + set_oracle(request.form['id']) elif 'cisco' in request.form: - kind, date, name = request.form['id'].split('-', 2) - kind = {'sa': 'Advisory', 'sr': 'Response'}[kind] - parse_url("http://tools.cisco.com/security/center/contentxml/CiscoSecurity%(kind)s/cisco-%(id)s/cvrf/cisco-%(id)s_cvrf.xml" % {'kind': kind, 'id': request.form['id']}) + set_cisco(request.form['id']) elif 'nasl' in request.form: flash("I'm not able to parse NASL scripts yet", 'danger') return redirect(url_for('new')) elif 'url' in request.form: - parse_url(request.form['url']) + set_url(request.form['url']) elif 'local' in request.files: upload = request.files['local'] if not upload.filename.endswith('.xml'):