test() - Code Metrics - Inspection of "Use nxapi" - nbs-system/spike - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 10e778...0dd3b0 )

by -

created 2016-05-19 12:12 UTC

test() A

↳ Parent: Project

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	1
CRAP Score	4.3145

Metric	Value
cc	2
dl	0
loc	7
ccs	1
cts	6
cp	0.1666
crap	4.3145
rs	9.4285

import logging
import re
import string

from time import time
from flask import Blueprint, render_template, request, redirect, flash, Response, url_for

from spike.model import db
from spike.model.naxsi_rules import NaxsiRules
from spike.model.naxsi_rulesets import NaxsiRuleSets
from spike.model import naxsi_mz, naxsi_score

rules = Blueprint('rules', __name__)


@rules.route("/")
def index():
    _rules = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).all()

    if not _rules:
        flash("No rules found, please create one", "success")
        return redirect(url_for("rules.new"))
    return render_template("rules/index.html", rules=_rules)


@rules.route("/plain/<int:sid>", methods=["GET"])
def plain(sid):
    _rule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()

    if not _rule:
        flash("No rules found, please create one", "error")
        return redirect(url_for("rules.new"))
    return Response(_rule.fullstr(), mimetype='text/plain')


@rules.route("/view/<int:sid>", methods=["GET"])
def view(sid):
    _rule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()

    if _rule is None:
        flash("no rules found, please create one", "error")
        return redirect(url_for("rules.index"))
    return render_template("rules/view.html", rule=_rule, rtext=_rule)


@rules.route("/search/", methods=["GET"])
def search():
    terms = request.args.get('s', '')

    if len(terms) < 2:
        return redirect(url_for("rules.index"))

    # No fancy injections
    whitelist = set(string.ascii_letters + string.digits + ':-_ ')
    filtered = ''.join(filter(whitelist.__contains__, terms))

    if filtered.isdigit():  # get rule by id
        _rules = db.session.query(NaxsiRules).filter(NaxsiRules.sid == int(filtered))
    else:
        cve = re.search('cve:\d{4}-\d{4,}', filtered, re.IGNORECASE)  # search by CVE


        expression = '%' + filtered + '%'
        _rules = db.session.query(NaxsiRules).filter(
            db.or_(
                NaxsiRules.msg.like(expression),
                NaxsiRules.rmks.like(expression),
                NaxsiRules.detection.like(expression)
            )
        )
        if cve:
            _rules.filter(NaxsiRules.msg.like('%' + cve.group() + '%'))
    _rules = _rules.order_by(NaxsiRules.sid.desc()).all()
    return render_template("rules/index.html", rules=_rules, selection="Search: %s" % filtered, lsearch=terms)


@rules.route("/new", methods=["GET", "POST"])
def new():
    latest_sid = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()

    if latest_sid is None:
        sid = 200001
    else:
        sid = latest_sid.sid + 1

    if request.method == "GET":
        _rulesets = NaxsiRuleSets.query.all()

        return render_template("rules/new.html", mz=naxsi_mz, rulesets=_rulesets, score=naxsi_score, latestn=sid)

    # create new rule
    logging.debug('Posted new request: %s', request.form)
    mz = "|".join(filter(len, request.form.getlist("mz") + request.form.getlist("custom_mz_val")))

    score = request.form.get("score", "")
    score += ':'
    score += request.form.get("score_%s" % request.form.get("score", ""), "")

    nrule = NaxsiRules(request.form.get("msg", ""), request.form.get("detection", ""), mz, score, sid,
                       request.form.get("ruleset", ""), request.form.get("rmks", ""), "1",
                       request.form.get("negative", "") == 'checked', int(time()))

    errors, warnings = nrule.validate()

    if errors:
        for error in errors:
            flash(error, category='error')
        return redirect(url_for("rules.new"))
    elif warnings:
        for warning in warnings:
            flash(warning, category='warnings')

    db.session.add(nrule)
    db.session.commit()

    return redirect("/rules/edit/%s" % sid)


@rules.route("/test/<int:sid>", methods=["GET", "POST"])
def test(sid):
    _rule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()

    if _rule is None:
        flash("no rules found, please create one", "error")
        return redirect(url_for("rules.index"))
    return render_template("rules/test.html", rule=_rule, rtext=_rule)

@rules.route("/edit/<int:sid>", methods=["GET", "POST"])
def edit(sid):
    rinfo = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()

    if not rinfo:
        return redirect(url_for("rules.index"))

    _rulesets = NaxsiRuleSets.query.all()

    rruleset = NaxsiRuleSets.query.filter(NaxsiRuleSets.name == rinfo.ruleset).first()

    custom_mz = ""
    mz_check = rinfo.mz
    if re.search(r"^\$[A-Z]+:(.*)\|[A-Z]+", mz_check):
        custom_mz = mz_check
        rinfo.mz = "custom"
    return render_template("rules/edit.html", mz=naxsi_mz, rulesets=_rulesets, score=naxsi_score, rules_info=rinfo,
                           rule_ruleset=rruleset, custom_mz=custom_mz)


@rules.route("/save/<int:sid>", methods=["POST"])
def save(sid):
    mz = "|".join(filter(len, request.form.getlist("mz") + request.form.getlist("custom_mz_val")))
    score = "{}:{}".format(request.form.get("score", ""), request.form.get("score_%s" % request.form.get("score", "")))
    nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()

    nrule.msg = request.form.get("msg", "")
    nrule.detection = request.form.get("detection", "")
    nrule.mz = mz
    nrule.score = score
    nrule.ruleset = request.form.get("ruleset", "")
    nrule.rmks = request.form.get("rmks", "")
    nrule.active = request.form.get("active", "")
    nrule.negative = request.form.get("negative", "") == 'checked'
    nrule.timestamp = int(time())
    errors, warnings = nrule.validate()

    if errors:
        flash(",".join(errors), 'error')
        return redirect("/rules/edit/%s" % sid)
    elif warnings:
        flash(",".join(warnings), 'warning')


    db.session.add(nrule)
    db.session.commit()

    return redirect("/rules/edit/%s" % sid)


@rules.route("/del/<int:sid>", methods=["GET"])
def del_sid(sid=''):
    nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()

    if not nrule:
        return redirect(url_for("rules.index"))

    db.session.delete(nrule)
    db.session.commit()

    flash("Successfully deleted %s : %s" % (sid, nrule.msg), "success")
    return redirect(url_for("rules.index"))


@rules.route("/deact/<int:sid>", methods=["GET"])
def deact(sid):
    nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()

    if nrule is None:
        return redirect(url_for("rules.index"))

    fm = 'deactivate' if nrule.active else 'reactivate'
    nrule.active = not nrule.active

    db.session.add(nrule)
    db.session.commit()

    flash("Successfully deactivated %s %sd : %s" % (fm, sid, nrule.msg), "success")
    _rulesets = NaxsiRuleSets.query.all()

    return render_template("rules/edit.html", mz=naxsi_mz, rulesets=_rulesets, score=naxsi_score, rules_info=nrule)


1	1		import logging
2	1		import re
3	1		import string
4
5	1		from time import time
6	1		from flask import Blueprint, render_template, request, redirect, flash, Response, url_for
7
8	1		from spike.model import db
9	1		from spike.model.naxsi_rules import NaxsiRules
10	1		from spike.model.naxsi_rulesets import NaxsiRuleSets
11	1		from spike.model import naxsi_mz, naxsi_score
12
13	1		rules = Blueprint('rules', __name__)
14
15
16	1		@rules.route("/")
17			def index():
18	1		_rules = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).all()
			0 ignored issues – show Bug introduced 2016-03-04 13:07 UTC by Report Bug Copy Issue Report The Class `NaxsiRules` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
19	1		if not _rules:
20			flash("No rules found, please create one", "success")
21			return redirect(url_for("rules.new"))
22	1		return render_template("rules/index.html", rules=_rules)
23
24
25	1		@rules.route("/plain/<int:sid>", methods=["GET"])
26			def plain(sid):
27	1		_rule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
			0 ignored issues – show Bug introduced 2016-03-04 14:05 UTC by Report Bug Copy Issue Report The Class `NaxsiRules` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
28	1		if not _rule:
29			flash("No rules found, please create one", "error")
30			return redirect(url_for("rules.new"))
31	1		return Response(_rule.fullstr(), mimetype='text/plain')
32
33
34	1		@rules.route("/view/<int:sid>", methods=["GET"])
35			def view(sid):
36	1		_rule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
			0 ignored issues – show Bug introduced 2016-03-04 13:07 UTC by Report Bug Copy Issue Report The Class `NaxsiRules` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
37	1		if _rule is None:
38	1		flash("no rules found, please create one", "error")
39	1		return redirect(url_for("rules.index"))
40	1		return render_template("rules/view.html", rule=_rule, rtext=_rule)
41
42
43	1		@rules.route("/search/", methods=["GET"])
44			def search():
45	1		terms = request.args.get('s', '')
46
47	1		if len(terms) < 2:
48	1		return redirect(url_for("rules.index"))
49
50			# No fancy injections
51	1		whitelist = set(string.ascii_letters + string.digits + ':-_ ')
52	1		filtered = ''.join(filter(whitelist.__contains__, terms))
53
54	1		if filtered.isdigit(): # get rule by id
55	1		_rules = db.session.query(NaxsiRules).filter(NaxsiRules.sid == int(filtered))
56			else:
57	1		cve = re.search('cve:\d{4}-\d{4,}', filtered, re.IGNORECASE) # search by CVE
			0 ignored issues – show Bug introduced 2016-04-28 13:14 UTC by Report Bug Copy Issue Report A suspicious escape sequence `\d` was found. Did you maybe forget to add an `r` prefix? Escape sequences in Python are generally interpreted according to rules similar to standard C. Only if strings are prefixed with `r` or `R` are they interpreted as regular expressions. The escape sequence that was used indicates that you might have intended to write a regular expression. Learn more about the available escape sequences. in the Python documentation. Loading history...
58
59	1		expression = '%' + filtered + '%'
60	1		_rules = db.session.query(NaxsiRules).filter(
61			db.or_(
62			NaxsiRules.msg.like(expression),
63			NaxsiRules.rmks.like(expression),
64			NaxsiRules.detection.like(expression)
65			)
66			)
67	1		if cve:
68	1		_rules.filter(NaxsiRules.msg.like('%' + cve.group() + '%'))
69	1		_rules = _rules.order_by(NaxsiRules.sid.desc()).all()
70	1		return render_template("rules/index.html", rules=_rules, selection="Search: %s" % filtered, lsearch=terms)
71
72
73	1		@rules.route("/new", methods=["GET", "POST"])
74			def new():
75	1		latest_sid = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()
			0 ignored issues – show Bug introduced 2016-03-04 13:07 UTC by Report Bug Copy Issue Report The Class `NaxsiRules` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
76	1		if latest_sid is None:
77			sid = 200001
78			else:
79	1		sid = latest_sid.sid + 1
80
81	1		if request.method == "GET":
82	1		_rulesets = NaxsiRuleSets.query.all()
			0 ignored issues – show Bug introduced 2016-03-04 13:07 UTC by Report Bug Copy Issue Report The Class `NaxsiRuleSets` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
83	1		return render_template("rules/new.html", mz=naxsi_mz, rulesets=_rulesets, score=naxsi_score, latestn=sid)
84
85			# create new rule
86	1		logging.debug('Posted new request: %s', request.form)
87	1		mz = "\|".join(filter(len, request.form.getlist("mz") + request.form.getlist("custom_mz_val")))
88
89	1		score = request.form.get("score", "")
90	1		score += ':'
91	1		score += request.form.get("score_%s" % request.form.get("score", ""), "")
92
93	1		nrule = NaxsiRules(request.form.get("msg", ""), request.form.get("detection", ""), mz, score, sid,
94			request.form.get("ruleset", ""), request.form.get("rmks", ""), "1",
95			request.form.get("negative", "") == 'checked', int(time()))
96
97	1		errors, warnings = nrule.validate()
98
99	1		if errors:
100	1		for error in errors:
101	1		flash(error, category='error')
102	1		return redirect(url_for("rules.new"))
103	1		elif warnings:
104	1		for warning in warnings:
105	1		flash(warning, category='warnings')
106
107	1		db.session.add(nrule)
108	1		db.session.commit()
109
110	1		return redirect("/rules/edit/%s" % sid)
111
112
113	1		@rules.route("/test/<int:sid>", methods=["GET", "POST"])
114			def test(sid):
115			_rule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
			0 ignored issues – show Bug introduced 2016-05-19 12:14 UTC by Report Bug Copy Issue Report The Class `NaxsiRules` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
116			if _rule is None:
117			flash("no rules found, please create one", "error")
118			return redirect(url_for("rules.index"))
119			return render_template("rules/test.html", rule=_rule, rtext=_rule)
120
121	1		@rules.route("/edit/<int:sid>", methods=["GET", "POST"])
122			def edit(sid):
123	1		rinfo = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
			0 ignored issues – show Bug introduced 2016-03-04 13:07 UTC by Report Bug Copy Issue Report The Class `NaxsiRules` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
124	1		if not rinfo:
125	1		return redirect(url_for("rules.index"))
126
127	1		_rulesets = NaxsiRuleSets.query.all()
			0 ignored issues – show Bug introduced 2016-03-04 13:07 UTC by Report Bug Copy Issue Report The Class `NaxsiRuleSets` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
128	1		rruleset = NaxsiRuleSets.query.filter(NaxsiRuleSets.name == rinfo.ruleset).first()
			0 ignored issues – show Bug introduced 2016-03-04 13:07 UTC by Report Bug Copy Issue Report The Class `NaxsiRuleSets` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
129	1		custom_mz = ""
130	1		mz_check = rinfo.mz
131	1		if re.search(r"^\$[A-Z]+:(.*)\\|[A-Z]+", mz_check):
132			custom_mz = mz_check
133			rinfo.mz = "custom"
134	1		return render_template("rules/edit.html", mz=naxsi_mz, rulesets=_rulesets, score=naxsi_score, rules_info=rinfo,
135			rule_ruleset=rruleset, custom_mz=custom_mz)
136
137
138	1		@rules.route("/save/<int:sid>", methods=["POST"])
139			def save(sid):
140	1		mz = "\|".join(filter(len, request.form.getlist("mz") + request.form.getlist("custom_mz_val")))
141	1		score = "{}:{}".format(request.form.get("score", ""), request.form.get("score_%s" % request.form.get("score", "")))
142	1		nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
			0 ignored issues – show Bug introduced 2016-03-04 13:07 UTC by Report Bug Copy Issue Report The Class `NaxsiRules` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
143	1		nrule.msg = request.form.get("msg", "")
144	1		nrule.detection = request.form.get("detection", "")
145	1		nrule.mz = mz
146	1		nrule.score = score
147	1		nrule.ruleset = request.form.get("ruleset", "")
148	1		nrule.rmks = request.form.get("rmks", "")
149	1		nrule.active = request.form.get("active", "")
150	1		nrule.negative = request.form.get("negative", "") == 'checked'
151	1		nrule.timestamp = int(time())
152	1		errors, warnings = nrule.validate()
153
154	1		if errors:
155	1		flash(",".join(errors), 'error')
156	1		return redirect("/rules/edit/%s" % sid)
157	1		elif warnings:
158	1	View Code Duplication	flash(",".join(warnings), 'warning')
			0 ignored issues – show Duplication introduced 2016-04-28 13:14 UTC by Report Bug Copy Issue Report This code seems to be duplicated in your project. Loading history...
159
160	1		db.session.add(nrule)
161	1		db.session.commit()
162
163	1		return redirect("/rules/edit/%s" % sid)
164
165
166	1		@rules.route("/del/<int:sid>", methods=["GET"])
167	1		def del_sid(sid=''):
168	1		nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
			0 ignored issues – show Bug introduced 2016-03-04 13:07 UTC by Report Bug Copy Issue Report The Class `NaxsiRules` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
169	1		if not nrule:
170			return redirect(url_for("rules.index"))
171
172	1		db.session.delete(nrule)
173	1		db.session.commit()
174
175	1		flash("Successfully deleted %s : %s" % (sid, nrule.msg), "success")
176	1		return redirect(url_for("rules.index"))
177
178
179	1		@rules.route("/deact/<int:sid>", methods=["GET"])
180			def deact(sid):
181	1		nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
			0 ignored issues – show Bug introduced 2016-03-04 13:07 UTC by Report Bug Copy Issue Report The Class `NaxsiRules` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
182	1		if nrule is None:
183	1		return redirect(url_for("rules.index"))
184
185	1		fm = 'deactivate' if nrule.active else 'reactivate'
186	1		nrule.active = not nrule.active
187
188	1		db.session.add(nrule)
189	1		db.session.commit()
190
191	1		flash("Successfully deactivated %s %sd : %s" % (fm, sid, nrule.msg), "success")
192	1		_rulesets = NaxsiRuleSets.query.all()
			0 ignored issues – show Bug introduced 2016-03-04 13:07 UTC by Report Bug Copy Issue Report The Class `NaxsiRuleSets` does not seem to have a member named `query`. This check looks for calls to members that are non-existent. These calls will fail. The member could have been renamed or removed. Loading history...
193			return render_template("rules/edit.html", mz=naxsi_mz, rulesets=_rulesets, score=naxsi_score, rules_info=nrule)
194

nbs-system / spike

Push — master ( 10e778...0dd3b0 )

test() A

Complexity

Size

Duplication

Code Coverage

Duplication Side-by-Side

Filter issues like