From 4042ee911639ad35179a7166ff52283381076275 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 8 Nov 2021 16:47:39 -0800 Subject: [PATCH] new: Add CORS config to submit --- lookyloo/lookyloo.py | 2 +- poetry.lock | 30 +++++++++++++++++++++++------- pyproject.toml | 3 ++- website/web/__init__.py | 2 ++ 4 files changed, 28 insertions(+), 9 deletions(-) diff --git a/lookyloo/lookyloo.py b/lookyloo/lookyloo.py index 88ef2946..88714073 100644 --- a/lookyloo/lookyloo.py +++ b/lookyloo/lookyloo.py @@ -366,7 +366,7 @@ class Lookyloo(): for key, value in query.items(): if isinstance(value, bool): query[key] = 1 if value else 0 - if isinstance(value, list): + if isinstance(value, (list, dict)): query[key] = json.dumps(value) if priority < -10: # Someone is probably abusing the system with useless URLs, remove them from the index diff --git a/poetry.lock b/poetry.lock index 6479afde..b0584784 100644 --- a/poetry.lock +++ b/poetry.lock @@ -316,6 +316,18 @@ Werkzeug = ">=2.0" async = ["asgiref (>=3.2)"] dotenv = ["python-dotenv"] +[[package]] +name = "flask-cors" +version = "3.0.10" +description = "A Flask extension adding a decorator for CORS support" +category = "main" +optional = false +python-versions = "*" + +[package.dependencies] +Flask = ">=0.9" +Six = "*" + [[package]] name = "flask-login" version = "0.5.0" @@ -776,7 +788,7 @@ pyasn1 = ">=0.4.6,<0.5.0" [[package]] name = "pycparser" -version = "2.20" +version = "2.21" description = "C parser in Python" category = "main" optional = false @@ -999,7 +1011,7 @@ use_chardet_on_py3 = ["chardet (>=3.0.2,<5)"] [[package]] name = "rich" -version = "10.12.0" +version = "10.13.0" description = "Render rich text, tables, progress bars, syntax highlighting, markdown and more to the terminal" category = "main" optional = false @@ -1340,7 +1352,7 @@ misp = ["python-magic", "pydeep"] [metadata] lock-version = "1.1" python-versions = ">=3.8,<3.11" -content-hash = "857976a52ec80ee98368059a0828bd2d0db5ca8a3430f2fc69ac068949577d93" +content-hash = "ebd2537ff48bcabf17c21f8cda40626b20b7353f39e4c3966cf89b18d7d3d455" [metadata.files] aiohttp = [ @@ -1615,6 +1627,10 @@ flask = [ {file = "Flask-2.0.2-py3-none-any.whl", hash = "sha256:cb90f62f1d8e4dc4621f52106613488b5ba826b2e1e10a33eac92f723093ab6a"}, {file = "Flask-2.0.2.tar.gz", hash = "sha256:7b2fb8e934ddd50731893bdcdb00fc8c0315916f9fcd50d22c7cc1a95ab634e2"}, ] +flask-cors = [ + {file = "Flask-Cors-3.0.10.tar.gz", hash = "sha256:b60839393f3b84a0f3746f6cdca56c1ad7426aa738b70d6c61375857823181de"}, + {file = "Flask_Cors-3.0.10-py2.py3-none-any.whl", hash = "sha256:74efc975af1194fc7891ff5cd85b0f7478be4f7f59fe158102e91abb72bb4438"}, +] flask-login = [ {file = "Flask-Login-0.5.0.tar.gz", hash = "sha256:6d33aef15b5bcead780acc339464aae8a6e28f13c90d8b1cf9de8b549d1c0b4b"}, {file = "Flask_Login-0.5.0-py2.py3-none-any.whl", hash = "sha256:7451b5001e17837ba58945aead261ba425fdf7b4f0448777e597ddab39f4fba0"}, @@ -2177,8 +2193,8 @@ pyasn1-modules = [ {file = "pyasn1_modules-0.2.8-py3.7.egg", hash = "sha256:c29a5e5cc7a3f05926aff34e097e84f8589cd790ce0ed41b67aed6857b26aafd"}, ] pycparser = [ - {file = "pycparser-2.20-py2.py3-none-any.whl", hash = "sha256:7582ad22678f0fcd81102833f60ef8d0e57288b6b5fb00323d101be910e35705"}, - {file = "pycparser-2.20.tar.gz", hash = "sha256:2d475327684562c3a96cc71adf7dc8c4f0565175cf86b6d7a404ff4c771f15f0"}, + {file = "pycparser-2.21-py2.py3-none-any.whl", hash = "sha256:8ee45429555515e1f6b185e78100aea234072576aa43ab53aefcae078162fca9"}, + {file = "pycparser-2.21.tar.gz", hash = "sha256:e644fdec12f7872f86c58ff790da456218b10f863970249516d60a5eaca77206"}, ] pydeep = [ {file = "pydeep-0.4.tar.gz", hash = "sha256:22866eb422d1d5907f8076ee792da65caecb172425d27576274e2a8eacf6afc1"}, @@ -2274,8 +2290,8 @@ requests = [ {file = "requests-2.26.0.tar.gz", hash = "sha256:b8aa58f8cf793ffd8782d3d8cb19e66ef36f7aba4353eec859e74678b01b07a7"}, ] rich = [ - {file = "rich-10.12.0-py3-none-any.whl", hash = "sha256:c30d6808d1cd3defd56a7bd2d587d13e53b5f55de6cf587f035bcbb56bc3f37b"}, - {file = "rich-10.12.0.tar.gz", hash = "sha256:83fb3eff778beec3c55201455c17cccde1ccdf66d5b4dade8ef28f56b50c4bd4"}, + {file = "rich-10.13.0-py3-none-any.whl", hash = "sha256:96d15285b64dbf8154e0717298d2fdfdbbe03da26a392632c23820068f06c3b3"}, + {file = "rich-10.13.0.tar.gz", hash = "sha256:d80fc76f34d819c481a48f73ec9ac396bed3bd6a16ecd57f9e0654cd89a8fb56"}, ] scrapy = [ {file = "Scrapy-2.5.1-py2.py3-none-any.whl", hash = "sha256:1a9a36970004950ee3c519a14c4db945f9d9a63fecb3d593dddcda477331dde9"}, diff --git a/pyproject.toml b/pyproject.toml index 64780879..0dbdef27 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -61,9 +61,10 @@ lief = "^0.11.4" Flask-Login = "^0.5.0" flask-restx = "^0.5.1" hiredis = "^2.0.0" -rich = "^10.12.0" +rich = "^10.13.0" pyphishtanklookup = "^1.0.1" chardet = "^4.0.0" +Flask-Cors = "^3.0.10" [tool.poetry.extras] misp = ['python-magic', 'pydeep'] diff --git a/website/web/__init__.py b/website/web/__init__.py index 1b94561c..21d9d60d 100644 --- a/website/web/__init__.py +++ b/website/web/__init__.py @@ -17,6 +17,7 @@ import pkg_resources from flask import (Flask, Response, flash, jsonify, redirect, render_template, request, send_file, url_for) from flask_bootstrap import Bootstrap # type: ignore +from flask_cors import CORS # type: ignore from flask_restx import Api # type: ignore from pymisp import MISPEvent, MISPServerError from werkzeug.security import check_password_hash @@ -1069,6 +1070,7 @@ authorizations = { } } +CORS(app, resources={r"/submit": {"origins": "*"}}) api = Api(app, title='Lookyloo API', description='API to submit captures and query a lookyloo instance.',