sandbox() - Code Metrics - Inspection of "Greatly improves scrutinizer's score" - nbs-system/spike - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Branch — master (365ab4)

by jvo

created 2016-03-17 14:00 UTC

sandbox() C

↳ Parent: Project

Complexity

Conditions

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	1
CRAP Score	61.3612

Metric	Value
cc	8
dl	0
loc	22
ccs	1
cts	17
cp	0.0588
crap	61.3612
rs	5.2631

import logging
import re
import string

from time import time
from flask import Blueprint, render_template, request, redirect, flash, Response
from sqlalchemy.exc import SQLAlchemyError

from spike.model import db
from spike.model.naxsi_rules import NaxsiRules
from spike.model.naxsi_rulesets import NaxsiRuleSets
from spike.model import naxsi_mz, naxsi_score

rules = Blueprint('rules', __name__)


@rules.route("/")
def index():
    _rules = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).all()
    if not _rules:
        flash("no rules found, please create one", "success")
        return redirect("/rules/new")
    return render_template("rules/index.html", rules=_rules)


@rules.route("/plain/<int:sid>", methods=["GET"])
def plain(sid):
    _rule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
    if not _rule:
        flash("no rules found, please create one", "error")
        return redirect("/rules/new")

    return Response(_rule.fullstr(), mimetype='text/plain')


@rules.route("/view/<int:sid>", methods=["GET"])
def view(sid):
    _rule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
    if _rule is None:
        flash("no rules found, please create one", "error")
        return redirect("/rules/")

    return render_template("rules/view.html", rule=_rule, rtext=_rule)


@rules.route("/search/", methods=["GET"])
def search():
    terms = request.args.get('s', '')

    if len(terms) < 2:
        return redirect('/rules')

    # No fancy injections
    whitelist = set(string.ascii_letters + string.digits + ':-_ ')
    filtered = ''.join(filter(whitelist.__contains__, terms))

    if filtered.isdigit():  # get rule by id
        _rules = db.session.query(NaxsiRules).filter(NaxsiRules.sid == int(filtered)).all()
    else:
        expression = '%' + filtered + '%'
        _rules = db.session.query(NaxsiRules).filter(
            db.or_(
                NaxsiRules.msg.like(expression),
                NaxsiRules.rmks.like(expression),
                NaxsiRules.detection.like(expression)
            )
        ).order_by(NaxsiRules.sid.desc()).all()
    return render_template("rules/index.html", rules=_rules, selection="Search: %s" % filtered, lsearch=terms)


@rules.route("/new", methods=["GET", "POST"])
def new():
    latest_sid = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()
    if latest_sid is None:
        sid = 200001
    else:
        sid = latest_sid.sid + 1

    if request.method == "GET":
        _rulesets = NaxsiRuleSets.query.all()
        return render_template("rules/new.html", mz=naxsi_mz, rulesets=_rulesets, score=naxsi_score, latestn=sid)

    # create new rule
    logging.debug('Posted new request: %s', request.form)
    mz = "|".join(filter(len, request.form.getlist("mz") + request.form.getlist("custom_mz_val")))

    score = request.form.get("score", "")
    score += ':'
    score += request.form.get("score_%s" % request.form.get("score", ""), "")

    nrule = NaxsiRules(request.form.get("msg", ""), request.form.get("detection", ""), mz, score, sid,
                       request.form.get("ruleset", ""), request.form.get("rmks", ""), "1",
                       request.form.get("negative", ""), int(time()))

    nrule.validate()

    if len(nrule.error):
        flash("ERROR: {0}".format(",".join(nrule.error)))
        return redirect("/rules/new")
    if len(nrule.warnings):
        flash("WARNINGS: {0}".format(",".join(nrule.warnings)))
    db.session.add(nrule)

    try:
        db.session.commit()
        flash("OK: created %s : %s" % (sid, request.form.get("msg", "")), "success")
        return redirect("/rules/edit/%s" % sid)
    except SQLAlchemyError:
        flash("ERROR while trying to create %s : %s" % (sid, request.form.get("msg", "")), "error")

    return redirect("/rules/new")


@rules.route("/edit/<int:sid>", methods=["GET", "POST"])
def edit(sid):
    rinfo = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
    if not rinfo:
        return redirect("/rules/")

    _rulesets = NaxsiRuleSets.query.all()
    rruleset = NaxsiRuleSets.query.filter(NaxsiRuleSets.name == rinfo.ruleset).first()
    custom_mz = ""
    mz_check = rinfo.mz
    if re.search(r"^\$[A-Z]+:(.*)\|[A-Z]+", mz_check):
        custom_mz = mz_check
        rinfo.mz = "custom"
    return render_template("rules/edit.html", mz=naxsi_mz, rulesets=_rulesets, score=naxsi_score, rules_info=rinfo,
                           rule_ruleset=rruleset, custom_mz=custom_mz)


@rules.route("/save/<int:sid>", methods=["POST"])
def save(sid):
    mz = "|".join(filter(len, request.form.getlist("mz") + request.form.getlist("custom_mz_val")))
    score = "{}:{}".format(request.form.get("score", ""), request.form.get("score_%s" % request.form.get("score", "")))
    nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
    nrule.msg = request.form.get("msg", "")
    nrule.detection = request.form.get("detection", "")
    nrule.mz = mz
    nrule.score = score
    nrule.ruleset = request.form.get("ruleset", "")
    nrule.rmks = request.form.get("rmks", "")
    nrule.active = request.form.get("active", "")
    nrule.negative = request.form.get("negative", "")
    nrule.timestamp = int(time())
    nrule.validate()
    if len(nrule.error):
        flash("ERROR: {0}".format(",".join(nrule.error)))
        logging.debug("ERROR: {0}".format(",".join(nrule.error)))
        return redirect("/rules/edit/%s" % sid)
    if len(nrule.warnings):
        flash("WARNINGS: {0}".format(",".join(nrule.warnings)))
        logging.debug("WARNINGS: {0}".format(",".join(nrule.warnings)))
    db.session.add(nrule)
    try:
        db.session.commit()
    except SQLAlchemyError:
        flash("ERROR while trying to update %s : %s" % (sid, nrule.error), "error")
    return redirect("/rules/edit/%s" % sid)


@rules.route("/del/<int:sid>", methods=["GET"])
def del_sid(sid=''):
    nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
    if not nrule:
        return redirect("/rules/")

    db.session.delete(nrule)
    try:
        db.session.commit()
        flash("OK: deleted %s : %s" % (sid, nrule.msg), "success")
    except SQLAlchemyError:
        flash("ERROR while trying to update %s : %s" % (sid, nrule.msg), "error")

    return redirect("/rules/")


@rules.route("/deact/<int:sid>", methods=["GET"])
def deact(sid):
    nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
    if nrule is None:
        return redirect("/rules/")

    fm = 'deactivate' if nrule.active else 'reactivate'
    nrule.active = not nrule.active

    db.session.add(nrule)
    try:
        db.session.commit()
        flash("OK: %s %sd : %s" % (fm, sid, nrule.msg), "success")
    except SQLAlchemyError:
        flash("ERROR while trying to %s %s : %s" % (fm, sid, nrule.msg), "error")

    _rulesets = NaxsiRuleSets.query.all()
    return render_template("rules/edit.html", mz=naxsi_mz, rulesets=_rulesets, score=naxsi_score, rules_info=nrule)


@rules.route("/explain/", methods=["GET"])
def explain():
    rule = request.args.get('rule', '')
    if not rule:
        return redirect("/rules/")
    elif rule.isdigit():  # explain a rule by id
        _rule = NaxsiRules.query.filter(NaxsiRules.sid == rule).first()
        if _rule is None:
            flash('Not rule with id %s' % rule)
            return redirect("/rules/")
    else:
        _textual_rule = request.form["rule"]
        _rule = NaxsiRules()
        _rule.parse_rule(_textual_rule)

    return render_template("rules/sandbox.html", explaination=_rule.explain(), rule=_rule)


@rules.route("/sandbox/", methods=["GET", "POST"])
def sandbox():
    if request.method == 'GET' or not request.form.get("rule", ''):
        return render_template("rules/sandbox.html")

    _textual_rule = request.form["rule"]
    _rule = NaxsiRules()
    _rule.parse_rule(_textual_rule)

    if 'visualise' in request.form:
        print(_rule.detection)
        if _rule.detection.startswith('rx:'):
            return redirect('https://regexper.com/#' + _rule.detection[3:])
    elif 'explain' in request.form:
        return render_template("rules/sandbox.html", explaination=_rule.explain(), rule=_rule)


    if len(_rule.error):
        flash("ERROR: {0}".format(",".join(_rule.error)))
    if len(_rule.warnings):
        flash("WARNINGS: {0}".format(",".join(_rule.warnings)))
    return render_template("rules/sandbox.html")


1	1	import logging
2	1	import re
3	1	import string
4
5	1	from time import time
6	1	from flask import Blueprint, render_template, request, redirect, flash, Response
7	1	from sqlalchemy.exc import SQLAlchemyError
8
9	1	from spike.model import db
10	1	from spike.model.naxsi_rules import NaxsiRules
11	1	from spike.model.naxsi_rulesets import NaxsiRuleSets
12	1	from spike.model import naxsi_mz, naxsi_score
13
14	1	rules = Blueprint('rules', __name__)
15
16
17	1	@rules.route("/")
18		def index():
19	1	_rules = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).all()
20	1	if not _rules:
21		flash("no rules found, please create one", "success")
22		return redirect("/rules/new")
23	1	return render_template("rules/index.html", rules=_rules)
24
25
26	1	@rules.route("/plain/<int:sid>", methods=["GET"])
27		def plain(sid):
28	1	_rule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
29	1	if not _rule:
30		flash("no rules found, please create one", "error")
31		return redirect("/rules/new")
32
33	1	return Response(_rule.fullstr(), mimetype='text/plain')
34
35
36	1	@rules.route("/view/<int:sid>", methods=["GET"])
37		def view(sid):
38	1	_rule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
39	1	if _rule is None:
40	1	flash("no rules found, please create one", "error")
41	1	return redirect("/rules/")
42
43	1	return render_template("rules/view.html", rule=_rule, rtext=_rule)
44
45
46	1	@rules.route("/search/", methods=["GET"])
47		def search():
48	1	terms = request.args.get('s', '')
49
50	1	if len(terms) < 2:
51	1	return redirect('/rules')
52
53		# No fancy injections
54	1	whitelist = set(string.ascii_letters + string.digits + ':-_ ')
55	1	filtered = ''.join(filter(whitelist.__contains__, terms))
56
57	1	if filtered.isdigit(): # get rule by id
58	1	_rules = db.session.query(NaxsiRules).filter(NaxsiRules.sid == int(filtered)).all()
59		else:
60	1	expression = '%' + filtered + '%'
61	1	_rules = db.session.query(NaxsiRules).filter(
62		db.or_(
63		NaxsiRules.msg.like(expression),
64		NaxsiRules.rmks.like(expression),
65		NaxsiRules.detection.like(expression)
66		)
67		).order_by(NaxsiRules.sid.desc()).all()
68	1	return render_template("rules/index.html", rules=_rules, selection="Search: %s" % filtered, lsearch=terms)
69
70
71	1	@rules.route("/new", methods=["GET", "POST"])
72		def new():
73	1	latest_sid = NaxsiRules.query.order_by(NaxsiRules.sid.desc()).first()
74	1	if latest_sid is None:
75		sid = 200001
76		else:
77	1	sid = latest_sid.sid + 1
78
79	1	if request.method == "GET":
80	1	_rulesets = NaxsiRuleSets.query.all()
81	1	return render_template("rules/new.html", mz=naxsi_mz, rulesets=_rulesets, score=naxsi_score, latestn=sid)
82
83		# create new rule
84	1	logging.debug('Posted new request: %s', request.form)
85	1	mz = "\|".join(filter(len, request.form.getlist("mz") + request.form.getlist("custom_mz_val")))
86
87	1	score = request.form.get("score", "")
88	1	score += ':'
89	1	score += request.form.get("score_%s" % request.form.get("score", ""), "")
90
91	1	nrule = NaxsiRules(request.form.get("msg", ""), request.form.get("detection", ""), mz, score, sid,
92		request.form.get("ruleset", ""), request.form.get("rmks", ""), "1",
93		request.form.get("negative", ""), int(time()))
94
95	1	nrule.validate()
96
97	1	if len(nrule.error):
98	1	flash("ERROR: {0}".format(",".join(nrule.error)))
99	1	return redirect("/rules/new")
100	1	if len(nrule.warnings):
101	1	flash("WARNINGS: {0}".format(",".join(nrule.warnings)))
102	1	db.session.add(nrule)
103
104	1	try:
105	1	db.session.commit()
106	1	flash("OK: created %s : %s" % (sid, request.form.get("msg", "")), "success")
107	1	return redirect("/rules/edit/%s" % sid)
108		except SQLAlchemyError:
109		flash("ERROR while trying to create %s : %s" % (sid, request.form.get("msg", "")), "error")
110
111		return redirect("/rules/new")
112
113
114	1	@rules.route("/edit/<int:sid>", methods=["GET", "POST"])
115		def edit(sid):
116	1	rinfo = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
117	1	if not rinfo:
118	1	return redirect("/rules/")
119
120	1	_rulesets = NaxsiRuleSets.query.all()
121	1	rruleset = NaxsiRuleSets.query.filter(NaxsiRuleSets.name == rinfo.ruleset).first()
122	1	custom_mz = ""
123	1	mz_check = rinfo.mz
124	1	if re.search(r"^\$[A-Z]+:(.*)\\|[A-Z]+", mz_check):
125		custom_mz = mz_check
126		rinfo.mz = "custom"
127	1	return render_template("rules/edit.html", mz=naxsi_mz, rulesets=_rulesets, score=naxsi_score, rules_info=rinfo,
128		rule_ruleset=rruleset, custom_mz=custom_mz)
129
130
131	1	@rules.route("/save/<int:sid>", methods=["POST"])
132		def save(sid):
133		mz = "\|".join(filter(len, request.form.getlist("mz") + request.form.getlist("custom_mz_val")))
134		score = "{}:{}".format(request.form.get("score", ""), request.form.get("score_%s" % request.form.get("score", "")))
135		nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
136		nrule.msg = request.form.get("msg", "")
137		nrule.detection = request.form.get("detection", "")
138		nrule.mz = mz
139		nrule.score = score
140		nrule.ruleset = request.form.get("ruleset", "")
141		nrule.rmks = request.form.get("rmks", "")
142		nrule.active = request.form.get("active", "")
143		nrule.negative = request.form.get("negative", "")
144		nrule.timestamp = int(time())
145		nrule.validate()
146		if len(nrule.error):
147		flash("ERROR: {0}".format(",".join(nrule.error)))
148		logging.debug("ERROR: {0}".format(",".join(nrule.error)))
149		return redirect("/rules/edit/%s" % sid)
150		if len(nrule.warnings):
151		flash("WARNINGS: {0}".format(",".join(nrule.warnings)))
152		logging.debug("WARNINGS: {0}".format(",".join(nrule.warnings)))
153		db.session.add(nrule)
154		try:
155		db.session.commit()
156		except SQLAlchemyError:
157		flash("ERROR while trying to update %s : %s" % (sid, nrule.error), "error")
158		return redirect("/rules/edit/%s" % sid)
159
160
161	1	@rules.route("/del/<int:sid>", methods=["GET"])
162	1	def del_sid(sid=''):
163	1	nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
164	1	if not nrule:
165		return redirect("/rules/")
166
167	1	db.session.delete(nrule)
168	1	try:
169	1	db.session.commit()
170	1	flash("OK: deleted %s : %s" % (sid, nrule.msg), "success")
171		except SQLAlchemyError:
172		flash("ERROR while trying to update %s : %s" % (sid, nrule.msg), "error")
173
174	1	return redirect("/rules/")
175
176
177	1	@rules.route("/deact/<int:sid>", methods=["GET"])
178		def deact(sid):
179	1	nrule = NaxsiRules.query.filter(NaxsiRules.sid == sid).first()
180	1	if nrule is None:
181	1	return redirect("/rules/")
182
183	1	fm = 'deactivate' if nrule.active else 'reactivate'
184	1	nrule.active = not nrule.active
185
186	1	db.session.add(nrule)
187	1	try:
188	1	db.session.commit()
189	1	flash("OK: %s %sd : %s" % (fm, sid, nrule.msg), "success")
190		except SQLAlchemyError:
191		flash("ERROR while trying to %s %s : %s" % (fm, sid, nrule.msg), "error")
192
193	1	_rulesets = NaxsiRuleSets.query.all()
194	1	return render_template("rules/edit.html", mz=naxsi_mz, rulesets=_rulesets, score=naxsi_score, rules_info=nrule)
195
196
197	1	@rules.route("/explain/", methods=["GET"])
198		def explain():
199	1	rule = request.args.get('rule', '')
200	1	if not rule:
201	1	return redirect("/rules/")
202	1	elif rule.isdigit(): # explain a rule by id
203	1	_rule = NaxsiRules.query.filter(NaxsiRules.sid == rule).first()
204	1	if _rule is None:
205	1	flash('Not rule with id %s' % rule)
206	1	return redirect("/rules/")
207		else:
208		_textual_rule = request.form["rule"]
209		_rule = NaxsiRules()
210		_rule.parse_rule(_textual_rule)
211
212	1	return render_template("rules/sandbox.html", explaination=_rule.explain(), rule=_rule)
213
214
215	1	@rules.route("/sandbox/", methods=["GET", "POST"])
216		def sandbox():
217		if request.method == 'GET' or not request.form.get("rule", ''):
218		return render_template("rules/sandbox.html")
219
220		_textual_rule = request.form["rule"]
221		_rule = NaxsiRules()
222		_rule.parse_rule(_textual_rule)
223
224		if 'visualise' in request.form:
225		print(_rule.detection)
226		if _rule.detection.startswith('rx:'):
227		return redirect('https://regexper.com/#' + _rule.detection[3:])
228		elif 'explain' in request.form:
229		return render_template("rules/sandbox.html", explaination=_rule.explain(), rule=_rule)
230
231
232		if len(_rule.error):
233		flash("ERROR: {0}".format(",".join(_rule.error)))
234		if len(_rule.warnings):
235		flash("WARNINGS: {0}".format(",".join(_rule.warnings)))
236		return render_template("rules/sandbox.html")
237

nbs-system / spike

Branch — master (365ab4)

sandbox() C

Complexity

Size

Duplication

Code Coverage

Duplication Side-by-Side

Filter issues like