CIRCL
/
lookyloo
mirror of https://github.com/CIRCL/lookyloo
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: Issue with flask upgrade

pull/545/head
Raphaël Vinot 2022-11-02 12:23:41 +01:00
parent 108a0702df
commit efa94cc3eb
4 changed files with 35 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
poetry.lock generated
View File

@ -1221,14 +1221,6 @@ category = "dev"
optional = false
python-versions = "*"
[[package]]
name = "types-click"
version = "7.1.8"
description = "Typing stubs for click"
category = "dev"
optional = false
python-versions = "*"
[[package]]
name = "types-deprecated"
version = "1.2.9"
@ -1237,38 +1229,6 @@ category = "dev"
optional = false
python-versions = "*"
[[package]]
name = "types-flask"
version = "1.1.6"
description = "Typing stubs for Flask"
category = "dev"
optional = false
python-versions = "*"
[package.dependencies]
types-click = "*"
types-Jinja2 = "*"
types-Werkzeug = "*"
[[package]]
name = "types-jinja2"
version = "2.11.9"
description = "Typing stubs for Jinja2"
category = "dev"
optional = false
python-versions = "*"
[package.dependencies]
types-MarkupSafe = "*"
[[package]]
name = "types-markupsafe"
version = "1.1.10"
description = "Typing stubs for MarkupSafe"
category = "dev"
optional = false
python-versions = "*"
[[package]]
name = "types-pillow"
version = "9.3.0.0"
@ -1320,14 +1280,6 @@ category = "dev"
optional = false
python-versions = "*"
[[package]]
name = "types-werkzeug"
version = "1.0.9"
description = "Typing stubs for Werkzeug"
category = "dev"
optional = false
python-versions = "*"
[[package]]
name = "typing-extensions"
version = "4.4.0"
@ -1478,7 +1430,7 @@ misp = ["python-magic", "pydeep2"]
[metadata]
lock-version = "1.1"
python-versions = ">=3.8,<3.12"
content-hash = "008be70c0174b1ea15d7e0f1620fc753328b62f4474e8a110d122a4e469cb38b"
content-hash = "5296fbbca081592972274f79474be532a1d12865fdc576741a5308b9802f01a5"
[metadata.files]
aiohttp = [
@ -2559,26 +2511,10 @@ types-beautifulsoup4 = [
{file = "types-beautifulsoup4-4.11.6.tar.gz", hash = "sha256:2670dd71995df464041e2941fa9bbb694795271e3dedd7262b4766649a1cbe82"},
{file = "types_beautifulsoup4-4.11.6-py3-none-any.whl", hash = "sha256:ac9dd1383481201ea07f27c5a43e7b1ee71caf9c720b7ae951db15d60d126e80"},
]
types-click = [
{file = "types-click-7.1.8.tar.gz", hash = "sha256:b6604968be6401dc516311ca50708a0a28baa7a0cb840efd7412f0dbbff4e092"},
{file = "types_click-7.1.8-py3-none-any.whl", hash = "sha256:8cb030a669e2e927461be9827375f83c16b8178c365852c060a34e24871e7e81"},
]
types-deprecated = [
{file = "types-Deprecated-1.2.9.tar.gz", hash = "sha256:e04ce58929509865359e91dcc38720123262b4cd68fa2a8a90312d50390bb6fa"},
{file = "types_Deprecated-1.2.9-py3-none-any.whl", hash = "sha256:53d05621e1d75de537f5a57d93508c8df17e37c07ee60b9fb09d39e1b7586c1e"},
]
types-flask = [
{file = "types-Flask-1.1.6.tar.gz", hash = "sha256:aac777b3abfff9436e6b01f6d08171cf23ea6e5be71cbf773aaabb1c5763e9cf"},
{file = "types_Flask-1.1.6-py3-none-any.whl", hash = "sha256:6ab8a9a5e258b76539d652f6341408867298550b19b81f0e41e916825fc39087"},
]
types-jinja2 = [
{file = "types-Jinja2-2.11.9.tar.gz", hash = "sha256:dbdc74a40aba7aed520b7e4d89e8f0fe4286518494208b35123bcf084d4b8c81"},
{file = "types_Jinja2-2.11.9-py3-none-any.whl", hash = "sha256:60a1e21e8296979db32f9374d8a239af4cb541ff66447bb915d8ad398f9c63b2"},
]
types-markupsafe = [
{file = "types-MarkupSafe-1.1.10.tar.gz", hash = "sha256:85b3a872683d02aea3a5ac2a8ef590193c344092032f58457287fbf8e06711b1"},
{file = "types_MarkupSafe-1.1.10-py3-none-any.whl", hash = "sha256:ca2bee0f4faafc45250602567ef38d533e877d2ddca13003b319c551ff5b3cc5"},
]
types-pillow = [
{file = "types-Pillow-9.3.0.0.tar.gz", hash = "sha256:0851a1b3ff002253a7af8f7eaf74d79fb761430933bd1aeb73d853a17f2a0a9d"},
{file = "types_Pillow-9.3.0.0-py3-none-any.whl", hash = "sha256:df09de7e557706c16fb30db887327c7f1c81e8ebc703d9d4739bfda7cad0e733"},
@ -2603,10 +2539,6 @@ types-urllib3 = [
{file = "types-urllib3-1.26.25.1.tar.gz", hash = "sha256:a948584944b2412c9a74b9cf64f6c48caf8652cb88b38361316f6d15d8a184cd"},
{file = "types_urllib3-1.26.25.1-py3-none-any.whl", hash = "sha256:f6422596cc9ee5fdf68f9d547f541096a20c2dcfd587e37c804c9ea720bf5cb2"},
]
types-werkzeug = [
{file = "types-Werkzeug-1.0.9.tar.gz", hash = "sha256:5cc269604c400133d452a40cee6397655f878fc460e03fde291b9e3a5eaa518c"},
{file = "types_Werkzeug-1.0.9-py3-none-any.whl", hash = "sha256:194bd5715a13c598f05c63e8a739328657590943bce941e8a3619a6b5d4a54ec"},
]
typing-extensions = [
{file = "typing_extensions-4.4.0-py3-none-any.whl", hash = "sha256:16fa4864408f655d35ec496218b85f79b3437c829e93320c7c9215ccfd92489e"},
{file = "typing_extensions-4.4.0.tar.gz", hash = "sha256:1511434bb92bf8dd198c12b1cc812e800d4181cfcb867674e0f8279cc93087aa"},

1
pyproject.toml
View File

@ -78,7 +78,6 @@ mypy = "^0.982"
ipython = "^8.6.0"
types-redis = "^4.3.21.3"
types-requests = "^2.28.11.2"
types-Flask = "^1.1.6"
types-pkg-resources = "^0.1.3"
types-Deprecated = "^1.2.9"
types-python-dateutil = "^2.8.19.2"

45
website/web/__init__.py
View File

@ -224,14 +224,14 @@ def after_request(response):
def hashes_hostnode(tree_uuid: str, node_uuid: str):
hashes = lookyloo.get_hashes(tree_uuid, hostnode_uuid=node_uuid)
return send_file(BytesIO('\n'.join(hashes).encode()),
mimetype='test/plain', as_attachment=True, attachment_filename=f'hashes.{node_uuid}.txt')
mimetype='test/plain', as_attachment=True, download_name=f'hashes.{node_uuid}.txt')
@app.route('/tree/<string:tree_uuid>/host/<string:node_uuid>/text', methods=['GET'])
def urls_hostnode(tree_uuid: str, node_uuid: str):
hostnode = lookyloo.get_hostnode_from_tree(tree_uuid, node_uuid)
return send_file(BytesIO('\n'.join(url.name for url in hostnode.urls).encode()),
mimetype='test/plain', as_attachment=True, attachment_filename=f'urls.{node_uuid}.txt')
mimetype='test/plain', as_attachment=True, download_name=f'urls.{node_uuid}.txt')
@app.route('/tree/<string:tree_uuid>/host/<string:node_uuid>', methods=['GET'])
@ -479,7 +479,7 @@ def redirects(tree_uuid: str):
else:
to_return = BytesIO('\n'.join([cache.url] + cache.redirects).encode())
return send_file(to_return, mimetype='text/text',
as_attachment=True, attachment_filename='redirects.txt')
as_attachment=True, download_name='redirects.txt')
@app.route('/tree/<string:tree_uuid>/image', methods=['GET'])
@ -490,7 +490,7 @@ def image(tree_uuid: str):
else:
to_return = lookyloo.get_screenshot(tree_uuid)
return send_file(to_return, mimetype='image/png',
as_attachment=True, attachment_filename='image.png')
as_attachment=True, download_name='image.png')
@app.route('/tree/<string:tree_uuid>/data', methods=['GET'])
@ -505,7 +505,7 @@ def data(tree_uuid: str):
else:
mime = filetype.guess_mime(data.getvalue())
return send_file(data, mimetype=mime,
as_attachment=True, attachment_filename=filename)
as_attachment=True, download_name=filename)
@app.route('/tree/<string:tree_uuid>/thumbnail/', defaults={'width': 64}, methods=['GET'])
@ -519,28 +519,28 @@ def thumbnail(tree_uuid: str, width: int):
def html(tree_uuid: str):
to_return = lookyloo.get_html(tree_uuid)
return send_file(to_return, mimetype='text/html',
as_attachment=True, attachment_filename='page.html')
as_attachment=True, download_name='page.html')
@app.route('/tree/<string:tree_uuid>/cookies', methods=['GET'])
def cookies(tree_uuid: str):
to_return = lookyloo.get_cookies(tree_uuid)
return send_file(to_return, mimetype='application/json',
as_attachment=True, attachment_filename='cookies.json')
as_attachment=True, download_name='cookies.json')
@app.route('/tree/<string:tree_uuid>/hashes', methods=['GET'])
def hashes_tree(tree_uuid: str):
hashes = lookyloo.get_hashes(tree_uuid)
return send_file(BytesIO('\n'.join(hashes).encode()),
mimetype='test/plain', as_attachment=True, attachment_filename='hashes.txt')
mimetype='test/plain', as_attachment=True, download_name='hashes.txt')
@app.route('/tree/<string:tree_uuid>/export', methods=['GET'])
def export(tree_uuid: str):
to_return = lookyloo.get_capture(tree_uuid)
return send_file(to_return, mimetype='application/zip',
as_attachment=True, attachment_filename='capture.zip')
as_attachment=True, download_name='capture.zip')
@app.route('/tree/<string:tree_uuid>/urls_rendered_page', methods=['GET'])
@ -701,7 +701,7 @@ def tree(tree_uuid: str, node_uuid: Optional[str]=None):
@flask_login.login_required
def mark_as_legitimate(tree_uuid: str):
if request.data:
legitimate_entries: Dict = request.get_json(force=True)
legitimate_entries: Dict = request.get_json(force=True) # type: ignore
lookyloo.add_to_legitimate(tree_uuid, **legitimate_entries)
else:
lookyloo.add_to_legitimate(tree_uuid)
@ -936,7 +936,10 @@ def capture_web():
elif 'document' in request.files:
# File upload
capture_query['document'] = request.files['document'].stream.read()
capture_query['document_name'] = request.files['document'].filename
if request.files['document'].filename:
capture_query['document_name'] = request.files['document'].filename
else:
capture_query['document_name'] = 'unknown_name.bin'
perma_uuid = lookyloo.enqueue_capture(capture_query, source='web', user=user, authenticated=flask_login.current_user.is_authenticated)
time.sleep(2)
return redirect(url_for('tree', tree_uuid=perma_uuid))
@ -988,7 +991,7 @@ def statsfull():
def whois(query: str):
to_return = lookyloo.uwhois.whois(query)
return send_file(BytesIO(to_return.encode()),
mimetype='test/plain', as_attachment=True, attachment_filename=f'whois.{query}.txt')
mimetype='test/plain', as_attachment=True, download_name=f'whois.{query}.txt')
# ##### Methods related to a specific URLNode #####
@ -1000,7 +1003,7 @@ def urlnode_request_cookies(tree_uuid: str, node_uuid: str):
return
return send_file(BytesIO(json.dumps(urlnode.request_cookie, indent=2).encode()),
mimetype='text/plain', as_attachment=True, attachment_filename='request_cookies.txt')
mimetype='text/plain', as_attachment=True, download_name='request_cookies.txt')
@app.route('/tree/<string:tree_uuid>/url/<string:node_uuid>/response_cookies', methods=['GET'])
@ -1010,7 +1013,7 @@ def urlnode_response_cookies(tree_uuid: str, node_uuid: str):
return
return send_file(BytesIO(json.dumps(urlnode.response_cookie, indent=2).encode()),
mimetype='text/plain', as_attachment=True, attachment_filename='response_cookies.txt')
mimetype='text/plain', as_attachment=True, download_name='response_cookies.txt')
@app.route('/tree/<string:tree_uuid>/url/<string:node_uuid>/urls_in_rendered_content', methods=['GET'])
@ -1027,7 +1030,7 @@ def urlnode_urls_in_rendered_content(tree_uuid: str, node_uuid: str):
to_return = StringIO()
to_return.writelines([f'{u}\n' for u in not_loaded_urls])
return send_file(BytesIO(to_return.getvalue().encode()), mimetype='text/plain',
as_attachment=True, attachment_filename='urls_in_rendered_content.txt')
as_attachment=True, download_name='urls_in_rendered_content.txt')
@app.route('/tree/<string:tree_uuid>/url/<string:node_uuid>/rendered_content', methods=['GET'])
@ -1036,7 +1039,7 @@ def urlnode_rendered_content(tree_uuid: str, node_uuid: str):
if not urlnode.rendered_html:
return
return send_file(BytesIO(urlnode.rendered_html.getvalue()), mimetype='text/plain',
as_attachment=True, attachment_filename='rendered_content.txt')
as_attachment=True, download_name='rendered_content.txt')
@app.route('/tree/<string:tree_uuid>/url/<string:node_uuid>/posted_data', methods=['GET'])
@ -1061,10 +1064,10 @@ def urlnode_post_request(tree_uuid: str, node_uuid: str):
if is_blob:
return send_file(to_return, mimetype='application/octet-stream',
as_attachment=True, attachment_filename='posted_data.bin')
as_attachment=True, download_name='posted_data.bin')
else:
return send_file(to_return, mimetype='text/plain',
as_attachment=True, attachment_filename='posted_data.txt')
as_attachment=True, download_name='posted_data.txt')
@app.route('/tree/<string:tree_uuid>/url/<string:node_uuid>/ressource', methods=['POST', 'GET'])
@ -1083,7 +1086,7 @@ def get_ressource(tree_uuid: str, node_uuid: str):
to_return = BytesIO(b'Unknown Hash')
filename = 'file.txt'
mimetype = 'text/text'
return send_file(to_return, mimetype=mimetype, as_attachment=True, attachment_filename=filename)
return send_file(to_return, mimetype=mimetype, as_attachment=True, download_name=filename)
@app.route('/tree/<string:tree_uuid>/url/<string:node_uuid>/ressource_preview', methods=['GET'])
@ -1095,7 +1098,7 @@ def get_ressource_preview(tree_uuid: str, node_uuid: str, h_ressource: Optional[
filename, r, mimetype = ressource
if mimetype.startswith('image'):
return send_file(r, mimetype=mimetype,
as_attachment=True, attachment_filename=filename)
as_attachment=True, download_name=filename)
return Response('No preview available.', mimetype='text/text')
@ -1103,7 +1106,7 @@ def get_ressource_preview(tree_uuid: str, node_uuid: str, h_ressource: Optional[
def hashes_urlnode(tree_uuid: str, node_uuid: str):
hashes = lookyloo.get_hashes(tree_uuid, urlnode_uuid=node_uuid)
return send_file(BytesIO('\n'.join(hashes).encode()),
mimetype='test/plain', as_attachment=True, attachment_filename='hashes.txt')
mimetype='test/plain', as_attachment=True, download_name='hashes.txt')
@app.route('/tree/<string:tree_uuid>/url/<string:node_uuid>/add_context', methods=['POST'])

20
website/web/genericapi.py
View File

@ -3,7 +3,7 @@
import base64
import hashlib
import json
from typing import Any, Dict
from typing import Any, Dict, Optional
import flask_login # type: ignore
from flask import request, send_file
@ -41,15 +41,15 @@ class AuthToken(Resource):
@api.param('username', 'Your username')
@api.param('password', 'Your password')
def get(self):
username = request.args['username'] if request.args.get('username') else False
password = request.args['password'] if request.args.get('password') else False
if username in self.users_table and check_password_hash(self.users_table[username]['password'], password):
username: Optional[str] = request.args['username'] if request.args.get('username') else None
password: Optional[str] = request.args['password'] if request.args.get('password') else None
if username and password and username in self.users_table and check_password_hash(self.users_table[username]['password'], password):
return {'authkey': self.users_table[username]['authkey']}
return {'error': 'User/Password invalid.'}, 401
@api.doc(body=token_request_fields)
def post(self):
auth: Dict = request.get_json(force=True)
auth: Dict = request.get_json(force=True) # type: ignore
if 'username' in auth and 'password' in auth: # Expected keys in json
if (auth['username'] in self.users_table
and check_password_hash(self.users_table[auth['username']]['password'], auth['password'])):
@ -208,7 +208,7 @@ class MISPPush(Resource):
@api.doc(body=misp_push_fields)
def post(self, capture_uuid: str):
parameters: Dict = request.get_json(force=True)
parameters: Dict = request.get_json(force=True) # type: ignore
with_parents = True if parameters.get('with_parents') else False
allow_duplicates = True if parameters.get('allow_duplicates') else False
@ -246,7 +246,7 @@ trigger_modules_fields = api.model('TriggerModulesFields', {
class TriggerModules(Resource):
@api.doc(body=trigger_modules_fields)
def post(self, capture_uuid: str):
parameters: Dict = request.get_json(force=True)
parameters: Dict = request.get_json(force=True) # type: ignore
force = True if parameters.get('force') else False
return lookyloo.trigger_modules(capture_uuid, force=force)
@ -276,7 +276,7 @@ class URLInfo(Resource):
@api.doc(body=url_info_fields)
def post(self):
to_query: Dict = request.get_json(force=True)
to_query: Dict = request.get_json(force=True) # type: ignore
occurrences = lookyloo.get_url_occurrences(to_query.pop('url'), **to_query)
return occurrences
@ -293,7 +293,7 @@ class HostnameInfo(Resource):
@api.doc(body=hostname_info_fields)
def post(self):
to_query: Dict = request.get_json(force=True)
to_query: Dict = request.get_json(force=True) # type: ignore
occurrences = lookyloo.get_hostname_occurrences(to_query.pop('hostname'), **to_query)
return occurrences
@ -399,7 +399,7 @@ class SubmitCapture(Resource):
user = flask_login.current_user.get_id()
else:
user = src_request_ip(request)
to_query: Dict = request.get_json(force=True)
to_query: Dict = request.get_json(force=True) # type: ignore
perma_uuid = lookyloo.enqueue_capture(to_query, source='api', user=user, authenticated=flask_login.current_user.is_authenticated)
return perma_uuid