fix: [submit_paste] restrict source name

This commit is contained in:
Terrtia 2021-05-28 17:37:46 +02:00
parent 75bc585242
commit a2ebd09c2a
No known key found for this signature in database
GPG key ID: 1E1B1F50D84613D0
4 changed files with 49 additions and 36 deletions

View file

@ -79,6 +79,9 @@ class SubmitPaste(AbstractModule):
password = self.r_serv_db.get(f'{uuid}:password') password = self.r_serv_db.get(f'{uuid}:password')
source = self.r_serv_db.get(f'{uuid}:source') source = self.r_serv_db.get(f'{uuid}:source')
if source in ['crawled', 'tests']:
source = 'submitted'
self.redis_logger.debug(f'isfile UUID {isfile}') self.redis_logger.debug(f'isfile UUID {isfile}')
self.redis_logger.debug(f'source UUID {source}') self.redis_logger.debug(f'source UUID {source}')
self.redis_logger.debug(f'paste_content UUID {paste_content}') self.redis_logger.debug(f'paste_content UUID {paste_content}')
@ -168,7 +171,6 @@ class SubmitPaste(AbstractModule):
content = f.read() content = f.read()
self.r_serv_log_submit.set(uuid + ':nb_total', 1) self.r_serv_log_submit.set(uuid + ':nb_total', 1)
self.create_paste(uuid, content.encode(), ltags, ltagsgalaxies, uuid, source) self.create_paste(uuid, content.encode(), ltags, ltagsgalaxies, uuid, source)
self.remove_submit_uuid(uuid)
except: except:
self.abord_file_submission(uuid, "file error") self.abord_file_submission(uuid, "file error")
@ -261,15 +263,17 @@ class SubmitPaste(AbstractModule):
# delete uuid # delete uuid
self.r_serv_db.srem('submitted:uuid', uuid) self.r_serv_db.srem('submitted:uuid', uuid)
self.redis_logger.debug(f'{uuid} all file submitted') self.redis_logger.debug(f'{uuid} all file submitted')
print(f'{uuid} all file submitted')
def create_paste(self, uuid, paste_content, ltags, ltagsgalaxies, name, source=None): def create_paste(self, uuid, paste_content, ltags, ltagsgalaxies, name, source=None):
# # TODO: Use Item create
result = False result = False
now = datetime.datetime.now() now = datetime.datetime.now()
source = source if source else 'submitted' source = source if source else 'submitted'
save_path = source + '/' + now.strftime("%Y") + '/' + now.strftime("%m") + '/' + now.strftime("%d") + '/' + name + '.gz' save_path = source + '/' + now.strftime("%Y") + '/' + now.strftime("%m") + '/' + now.strftime("%d") + '/submitted_' + name + '.gz'
full_path = filename = os.path.join(os.environ['AIL_HOME'], full_path = filename = os.path.join(os.environ['AIL_HOME'],
self.process.config.get("Directories", "pastes"), save_path) self.process.config.get("Directories", "pastes"), save_path)
@ -309,6 +313,7 @@ class SubmitPaste(AbstractModule):
self.r_serv_log_submit.set(f'{uuid}:end', 1) self.r_serv_log_submit.set(f'{uuid}:end', 1)
self.redis_logger.debug(f' {rel_item_path} send to Global') self.redis_logger.debug(f' {rel_item_path} send to Global')
print(f' {rel_item_path} send to Global')
self.r_serv_log_submit.sadd(f'{uuid}:paste_submit_link', rel_item_path) self.r_serv_log_submit.sadd(f'{uuid}:paste_submit_link', rel_item_path)
curr_date = datetime.date.today() curr_date = datetime.date.today()
@ -334,7 +339,7 @@ class SubmitPaste(AbstractModule):
def addError(self, uuid, errorMessage): def addError(self, uuid, errorMessage):
self.redis_logger.debug(errorMessage) self.redis_logger.debug(errorMessage)
print(errorMessage)
error = self.r_serv_log_submit.get(f'{uuid}:error') error = self.r_serv_log_submit.get(f'{uuid}:error')
if error != None: if error != None:
self.r_serv_log_submit.set(f'{uuid}:error', error + '<br></br>' + errorMessage) self.r_serv_log_submit.set(f'{uuid}:error', error + '<br></br>' + errorMessage)
@ -351,7 +356,7 @@ class SubmitPaste(AbstractModule):
self.serv_statistics.hincrby(curr_date.strftime("%Y%m%d"),'submit_abord', 1) self.serv_statistics.hincrby(curr_date.strftime("%Y%m%d"),'submit_abord', 1)
self.remove_submit_uuid(uuid) self.remove_submit_uuid(uuid)
# # TODO: use Item function
def get_item_date(self, item_filename): def get_item_date(self, item_filename):
l_directory = item_filename.split('/') l_directory = item_filename.split('/')
return f'{l_directory[-4]}{l_directory[-3]}{l_directory[-2]}' return f'{l_directory[-4]}{l_directory[-3]}{l_directory[-2]}'

View file

@ -45,7 +45,7 @@ redis_logger = publisher
# Port of the redis instance used by pubsublogger # Port of the redis instance used by pubsublogger
redis_logger.port = 6380 redis_logger.port = 6380
# Channel name to publish logs # Channel name to publish logs
redis_logger.channel = 'front' redis_logger.channel = 'Flask'
sys.path.append('../../configs/keys') sys.path.append('../../configs/keys')

View file

@ -11,7 +11,6 @@ import os
import sys import sys
import json import json
import string import string
import subprocess
import datetime import datetime
import redis import redis
import unicodedata import unicodedata
@ -19,8 +18,10 @@ import uuid
from io import BytesIO from io import BytesIO
from Date import Date from Date import Date
from flask import Flask, render_template, jsonify, request, Blueprint, url_for, redirect, abort
from functools import wraps from functools import wraps
# Flask
from flask import Flask, render_template, jsonify, request, Blueprint, url_for, redirect, abort
from Role_Manager import login_admin, login_analyst from Role_Manager import login_admin, login_analyst
from flask_login import login_required from flask_login import login_required
@ -277,6 +278,13 @@ def submit():
paste_content = request.form['paste_content'] paste_content = request.form['paste_content']
paste_source = request.form['paste_source'] paste_source = request.form['paste_source']
# limit source length
paste_source = paste_source.replace('/', '')[:80]
if paste_source in ['crawled', 'tests']:
content = f'Invalid source'
logger.info(paste_source)
return content, 400
is_file = False is_file = False
if 'file' in request.files: if 'file' in request.files:
file_import = request.files['file'] file_import = request.files['file']

View file

@ -100,7 +100,7 @@
<div class="col-12 col-lg-10" id="core_content"> <div class="col-12 col-lg-10" id="core_content">
{% if message %} {% if message %}
<p>{{ message }}</p> <p>{{ message }}</p>
{% endif %} {% endif %}
<form action="{{ url_for('PasteSubmit.submit') }}" id="pasteSubmitForm" method="post" <form action="{{ url_for('PasteSubmit.submit') }}" id="pasteSubmitForm" method="post"
@ -112,7 +112,7 @@
<div class="card mt-2 mb-4"> <div class="card mt-2 mb-4">
<div class="card-header py-3 d-flex flex-row align-items-center justify-content-between"> <div class="card-header py-3 d-flex flex-row align-items-center justify-content-between">
<h6 class="m-0 font-weight-bold text-primary">Submit Paste</h6> <h6 class="m-0 font-weight-bold text-primary">Submit Item</h6>
</div> </div>
<div class="card-body"> <div class="card-body">
@ -150,8 +150,8 @@
Tags <i class="fas fa-tags"></i></button> Tags <i class="fas fa-tags"></i></button>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
{% for taxo in active_taxonomies %} {% for taxo in active_taxonomies %}
<button class="dropdown-item" type="button" <button class="dropdown-item" type="button"
id="{{ taxo }}-id{{ loop.index0 }}">{{ taxo }}</button> id="{{ taxo }}-id{{ loop.index0 }}">{{ taxo }}</button>
{% endfor %} {% endfor %}
</div> </div>
</div> </div>
@ -174,8 +174,8 @@
<i class="fas fa-tags"></i></button> <i class="fas fa-tags"></i></button>
<div class="dropdown-divider"></div> <div class="dropdown-divider"></div>
{% for galaxy in active_galaxies %} {% for galaxy in active_galaxies %}
<button class="dropdown-item" type="button" <button class="dropdown-item" type="button"
id="{{ galaxy }}-idgalax{{ loop.index0 }}">{{ galaxy }}</button> id="{{ galaxy }}-idgalax{{ loop.index0 }}">{{ galaxy }}</button>
{% endfor %} {% endfor %}
</div> </div>
</div> </div>
@ -320,22 +320,22 @@
}); });
{% for taxo in active_taxonomies %} {% for taxo in active_taxonomies %}
jQuery("#{{ taxo }}-id{{ loop.index0 }}").on("click", function (e) { jQuery("#{{ taxo }}-id{{ loop.index0 }}").on("click", function (e) {
$.getJSON("{{ url_for('Tags.get_tags_taxonomie') }}?taxonomie={{ taxo }}", $.getJSON("{{ url_for('Tags.get_tags_taxonomie') }}?taxonomie={{ taxo }}",
function (data) { function (data) {
ltags.setData(data) ltags.setData(data)
}); });
}); });
{% endfor %} {% endfor %}
</script> </script>
<script> <script>
{% for galaxy in active_galaxies %} {% for galaxy in active_galaxies %}
jQuery("#{{ galaxy }}-idgalax{{ loop.index0 }}").on("click", function (e) { jQuery("#{{ galaxy }}-idgalax{{ loop.index0 }}").on("click", function (e) {
$.getJSON("{{ url_for('Tags.get_tags_galaxy') }}?galaxy={{ galaxy }}", $.getJSON("{{ url_for('Tags.get_tags_galaxy') }}?galaxy={{ galaxy }}",
function (data) { function (data) {
ltagsgalaxies.setData(data) ltagsgalaxies.setData(data)
}); });
}); });
{% endfor %} {% endfor %}
</script> </script>