From efa94cc3ebe8fd90c21501f415f03563eb3f5d1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Wed, 2 Nov 2022 12:23:41 +0100 Subject: [PATCH] fix: Issue with flask upgrade --- poetry.lock | 70 +-------------------------------------- pyproject.toml | 1 - website/web/__init__.py | 45 +++++++++++++------------ website/web/genericapi.py | 20 +++++------ 4 files changed, 35 insertions(+), 101 deletions(-) diff --git a/poetry.lock b/poetry.lock index 1ba87adc..d28aba89 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1221,14 +1221,6 @@ category = "dev" optional = false python-versions = "*" -[[package]] -name = "types-click" -version = "7.1.8" -description = "Typing stubs for click" -category = "dev" -optional = false -python-versions = "*" - [[package]] name = "types-deprecated" version = "1.2.9" @@ -1237,38 +1229,6 @@ category = "dev" optional = false python-versions = "*" -[[package]] -name = "types-flask" -version = "1.1.6" -description = "Typing stubs for Flask" -category = "dev" -optional = false -python-versions = "*" - -[package.dependencies] -types-click = "*" -types-Jinja2 = "*" -types-Werkzeug = "*" - -[[package]] -name = "types-jinja2" -version = "2.11.9" -description = "Typing stubs for Jinja2" -category = "dev" -optional = false -python-versions = "*" - -[package.dependencies] -types-MarkupSafe = "*" - -[[package]] -name = "types-markupsafe" -version = "1.1.10" -description = "Typing stubs for MarkupSafe" -category = "dev" -optional = false -python-versions = "*" - [[package]] name = "types-pillow" version = "9.3.0.0" @@ -1320,14 +1280,6 @@ category = "dev" optional = false python-versions = "*" -[[package]] -name = "types-werkzeug" -version = "1.0.9" -description = "Typing stubs for Werkzeug" -category = "dev" -optional = false -python-versions = "*" - [[package]] name = "typing-extensions" version = "4.4.0" @@ -1478,7 +1430,7 @@ misp = ["python-magic", "pydeep2"] [metadata] lock-version = "1.1" python-versions = ">=3.8,<3.12" -content-hash = "008be70c0174b1ea15d7e0f1620fc753328b62f4474e8a110d122a4e469cb38b" +content-hash = "5296fbbca081592972274f79474be532a1d12865fdc576741a5308b9802f01a5" [metadata.files] aiohttp = [ @@ -2559,26 +2511,10 @@ types-beautifulsoup4 = [ {file = "types-beautifulsoup4-4.11.6.tar.gz", hash = "sha256:2670dd71995df464041e2941fa9bbb694795271e3dedd7262b4766649a1cbe82"}, {file = "types_beautifulsoup4-4.11.6-py3-none-any.whl", hash = "sha256:ac9dd1383481201ea07f27c5a43e7b1ee71caf9c720b7ae951db15d60d126e80"}, ] -types-click = [ - {file = "types-click-7.1.8.tar.gz", hash = "sha256:b6604968be6401dc516311ca50708a0a28baa7a0cb840efd7412f0dbbff4e092"}, - {file = "types_click-7.1.8-py3-none-any.whl", hash = "sha256:8cb030a669e2e927461be9827375f83c16b8178c365852c060a34e24871e7e81"}, -] types-deprecated = [ {file = "types-Deprecated-1.2.9.tar.gz", hash = "sha256:e04ce58929509865359e91dcc38720123262b4cd68fa2a8a90312d50390bb6fa"}, {file = "types_Deprecated-1.2.9-py3-none-any.whl", hash = "sha256:53d05621e1d75de537f5a57d93508c8df17e37c07ee60b9fb09d39e1b7586c1e"}, ] -types-flask = [ - {file = "types-Flask-1.1.6.tar.gz", hash = "sha256:aac777b3abfff9436e6b01f6d08171cf23ea6e5be71cbf773aaabb1c5763e9cf"}, - {file = "types_Flask-1.1.6-py3-none-any.whl", hash = "sha256:6ab8a9a5e258b76539d652f6341408867298550b19b81f0e41e916825fc39087"}, -] -types-jinja2 = [ - {file = "types-Jinja2-2.11.9.tar.gz", hash = "sha256:dbdc74a40aba7aed520b7e4d89e8f0fe4286518494208b35123bcf084d4b8c81"}, - {file = "types_Jinja2-2.11.9-py3-none-any.whl", hash = "sha256:60a1e21e8296979db32f9374d8a239af4cb541ff66447bb915d8ad398f9c63b2"}, -] -types-markupsafe = [ - {file = "types-MarkupSafe-1.1.10.tar.gz", hash = "sha256:85b3a872683d02aea3a5ac2a8ef590193c344092032f58457287fbf8e06711b1"}, - {file = "types_MarkupSafe-1.1.10-py3-none-any.whl", hash = "sha256:ca2bee0f4faafc45250602567ef38d533e877d2ddca13003b319c551ff5b3cc5"}, -] types-pillow = [ {file = "types-Pillow-9.3.0.0.tar.gz", hash = "sha256:0851a1b3ff002253a7af8f7eaf74d79fb761430933bd1aeb73d853a17f2a0a9d"}, {file = "types_Pillow-9.3.0.0-py3-none-any.whl", hash = "sha256:df09de7e557706c16fb30db887327c7f1c81e8ebc703d9d4739bfda7cad0e733"}, @@ -2603,10 +2539,6 @@ types-urllib3 = [ {file = "types-urllib3-1.26.25.1.tar.gz", hash = "sha256:a948584944b2412c9a74b9cf64f6c48caf8652cb88b38361316f6d15d8a184cd"}, {file = "types_urllib3-1.26.25.1-py3-none-any.whl", hash = "sha256:f6422596cc9ee5fdf68f9d547f541096a20c2dcfd587e37c804c9ea720bf5cb2"}, ] -types-werkzeug = [ - {file = "types-Werkzeug-1.0.9.tar.gz", hash = "sha256:5cc269604c400133d452a40cee6397655f878fc460e03fde291b9e3a5eaa518c"}, - {file = "types_Werkzeug-1.0.9-py3-none-any.whl", hash = "sha256:194bd5715a13c598f05c63e8a739328657590943bce941e8a3619a6b5d4a54ec"}, -] typing-extensions = [ {file = "typing_extensions-4.4.0-py3-none-any.whl", hash = "sha256:16fa4864408f655d35ec496218b85f79b3437c829e93320c7c9215ccfd92489e"}, {file = "typing_extensions-4.4.0.tar.gz", hash = "sha256:1511434bb92bf8dd198c12b1cc812e800d4181cfcb867674e0f8279cc93087aa"}, diff --git a/pyproject.toml b/pyproject.toml index b8fb104e..6a492841 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -78,7 +78,6 @@ mypy = "^0.982" ipython = "^8.6.0" types-redis = "^4.3.21.3" types-requests = "^2.28.11.2" -types-Flask = "^1.1.6" types-pkg-resources = "^0.1.3" types-Deprecated = "^1.2.9" types-python-dateutil = "^2.8.19.2" diff --git a/website/web/__init__.py b/website/web/__init__.py index 588c6a8d..659f489c 100644 --- a/website/web/__init__.py +++ b/website/web/__init__.py @@ -224,14 +224,14 @@ def after_request(response): def hashes_hostnode(tree_uuid: str, node_uuid: str): hashes = lookyloo.get_hashes(tree_uuid, hostnode_uuid=node_uuid) return send_file(BytesIO('\n'.join(hashes).encode()), - mimetype='test/plain', as_attachment=True, attachment_filename=f'hashes.{node_uuid}.txt') + mimetype='test/plain', as_attachment=True, download_name=f'hashes.{node_uuid}.txt') @app.route('/tree//host//text', methods=['GET']) def urls_hostnode(tree_uuid: str, node_uuid: str): hostnode = lookyloo.get_hostnode_from_tree(tree_uuid, node_uuid) return send_file(BytesIO('\n'.join(url.name for url in hostnode.urls).encode()), - mimetype='test/plain', as_attachment=True, attachment_filename=f'urls.{node_uuid}.txt') + mimetype='test/plain', as_attachment=True, download_name=f'urls.{node_uuid}.txt') @app.route('/tree//host/', methods=['GET']) @@ -479,7 +479,7 @@ def redirects(tree_uuid: str): else: to_return = BytesIO('\n'.join([cache.url] + cache.redirects).encode()) return send_file(to_return, mimetype='text/text', - as_attachment=True, attachment_filename='redirects.txt') + as_attachment=True, download_name='redirects.txt') @app.route('/tree//image', methods=['GET']) @@ -490,7 +490,7 @@ def image(tree_uuid: str): else: to_return = lookyloo.get_screenshot(tree_uuid) return send_file(to_return, mimetype='image/png', - as_attachment=True, attachment_filename='image.png') + as_attachment=True, download_name='image.png') @app.route('/tree//data', methods=['GET']) @@ -505,7 +505,7 @@ def data(tree_uuid: str): else: mime = filetype.guess_mime(data.getvalue()) return send_file(data, mimetype=mime, - as_attachment=True, attachment_filename=filename) + as_attachment=True, download_name=filename) @app.route('/tree//thumbnail/', defaults={'width': 64}, methods=['GET']) @@ -519,28 +519,28 @@ def thumbnail(tree_uuid: str, width: int): def html(tree_uuid: str): to_return = lookyloo.get_html(tree_uuid) return send_file(to_return, mimetype='text/html', - as_attachment=True, attachment_filename='page.html') + as_attachment=True, download_name='page.html') @app.route('/tree//cookies', methods=['GET']) def cookies(tree_uuid: str): to_return = lookyloo.get_cookies(tree_uuid) return send_file(to_return, mimetype='application/json', - as_attachment=True, attachment_filename='cookies.json') + as_attachment=True, download_name='cookies.json') @app.route('/tree//hashes', methods=['GET']) def hashes_tree(tree_uuid: str): hashes = lookyloo.get_hashes(tree_uuid) return send_file(BytesIO('\n'.join(hashes).encode()), - mimetype='test/plain', as_attachment=True, attachment_filename='hashes.txt') + mimetype='test/plain', as_attachment=True, download_name='hashes.txt') @app.route('/tree//export', methods=['GET']) def export(tree_uuid: str): to_return = lookyloo.get_capture(tree_uuid) return send_file(to_return, mimetype='application/zip', - as_attachment=True, attachment_filename='capture.zip') + as_attachment=True, download_name='capture.zip') @app.route('/tree//urls_rendered_page', methods=['GET']) @@ -701,7 +701,7 @@ def tree(tree_uuid: str, node_uuid: Optional[str]=None): @flask_login.login_required def mark_as_legitimate(tree_uuid: str): if request.data: - legitimate_entries: Dict = request.get_json(force=True) + legitimate_entries: Dict = request.get_json(force=True) # type: ignore lookyloo.add_to_legitimate(tree_uuid, **legitimate_entries) else: lookyloo.add_to_legitimate(tree_uuid) @@ -936,7 +936,10 @@ def capture_web(): elif 'document' in request.files: # File upload capture_query['document'] = request.files['document'].stream.read() - capture_query['document_name'] = request.files['document'].filename + if request.files['document'].filename: + capture_query['document_name'] = request.files['document'].filename + else: + capture_query['document_name'] = 'unknown_name.bin' perma_uuid = lookyloo.enqueue_capture(capture_query, source='web', user=user, authenticated=flask_login.current_user.is_authenticated) time.sleep(2) return redirect(url_for('tree', tree_uuid=perma_uuid)) @@ -988,7 +991,7 @@ def statsfull(): def whois(query: str): to_return = lookyloo.uwhois.whois(query) return send_file(BytesIO(to_return.encode()), - mimetype='test/plain', as_attachment=True, attachment_filename=f'whois.{query}.txt') + mimetype='test/plain', as_attachment=True, download_name=f'whois.{query}.txt') # ##### Methods related to a specific URLNode ##### @@ -1000,7 +1003,7 @@ def urlnode_request_cookies(tree_uuid: str, node_uuid: str): return return send_file(BytesIO(json.dumps(urlnode.request_cookie, indent=2).encode()), - mimetype='text/plain', as_attachment=True, attachment_filename='request_cookies.txt') + mimetype='text/plain', as_attachment=True, download_name='request_cookies.txt') @app.route('/tree//url//response_cookies', methods=['GET']) @@ -1010,7 +1013,7 @@ def urlnode_response_cookies(tree_uuid: str, node_uuid: str): return return send_file(BytesIO(json.dumps(urlnode.response_cookie, indent=2).encode()), - mimetype='text/plain', as_attachment=True, attachment_filename='response_cookies.txt') + mimetype='text/plain', as_attachment=True, download_name='response_cookies.txt') @app.route('/tree//url//urls_in_rendered_content', methods=['GET']) @@ -1027,7 +1030,7 @@ def urlnode_urls_in_rendered_content(tree_uuid: str, node_uuid: str): to_return = StringIO() to_return.writelines([f'{u}\n' for u in not_loaded_urls]) return send_file(BytesIO(to_return.getvalue().encode()), mimetype='text/plain', - as_attachment=True, attachment_filename='urls_in_rendered_content.txt') + as_attachment=True, download_name='urls_in_rendered_content.txt') @app.route('/tree//url//rendered_content', methods=['GET']) @@ -1036,7 +1039,7 @@ def urlnode_rendered_content(tree_uuid: str, node_uuid: str): if not urlnode.rendered_html: return return send_file(BytesIO(urlnode.rendered_html.getvalue()), mimetype='text/plain', - as_attachment=True, attachment_filename='rendered_content.txt') + as_attachment=True, download_name='rendered_content.txt') @app.route('/tree//url//posted_data', methods=['GET']) @@ -1061,10 +1064,10 @@ def urlnode_post_request(tree_uuid: str, node_uuid: str): if is_blob: return send_file(to_return, mimetype='application/octet-stream', - as_attachment=True, attachment_filename='posted_data.bin') + as_attachment=True, download_name='posted_data.bin') else: return send_file(to_return, mimetype='text/plain', - as_attachment=True, attachment_filename='posted_data.txt') + as_attachment=True, download_name='posted_data.txt') @app.route('/tree//url//ressource', methods=['POST', 'GET']) @@ -1083,7 +1086,7 @@ def get_ressource(tree_uuid: str, node_uuid: str): to_return = BytesIO(b'Unknown Hash') filename = 'file.txt' mimetype = 'text/text' - return send_file(to_return, mimetype=mimetype, as_attachment=True, attachment_filename=filename) + return send_file(to_return, mimetype=mimetype, as_attachment=True, download_name=filename) @app.route('/tree//url//ressource_preview', methods=['GET']) @@ -1095,7 +1098,7 @@ def get_ressource_preview(tree_uuid: str, node_uuid: str, h_ressource: Optional[ filename, r, mimetype = ressource if mimetype.startswith('image'): return send_file(r, mimetype=mimetype, - as_attachment=True, attachment_filename=filename) + as_attachment=True, download_name=filename) return Response('No preview available.', mimetype='text/text') @@ -1103,7 +1106,7 @@ def get_ressource_preview(tree_uuid: str, node_uuid: str, h_ressource: Optional[ def hashes_urlnode(tree_uuid: str, node_uuid: str): hashes = lookyloo.get_hashes(tree_uuid, urlnode_uuid=node_uuid) return send_file(BytesIO('\n'.join(hashes).encode()), - mimetype='test/plain', as_attachment=True, attachment_filename='hashes.txt') + mimetype='test/plain', as_attachment=True, download_name='hashes.txt') @app.route('/tree//url//add_context', methods=['POST']) diff --git a/website/web/genericapi.py b/website/web/genericapi.py index d7448834..b8f3b3d0 100644 --- a/website/web/genericapi.py +++ b/website/web/genericapi.py @@ -3,7 +3,7 @@ import base64 import hashlib import json -from typing import Any, Dict +from typing import Any, Dict, Optional import flask_login # type: ignore from flask import request, send_file @@ -41,15 +41,15 @@ class AuthToken(Resource): @api.param('username', 'Your username') @api.param('password', 'Your password') def get(self): - username = request.args['username'] if request.args.get('username') else False - password = request.args['password'] if request.args.get('password') else False - if username in self.users_table and check_password_hash(self.users_table[username]['password'], password): + username: Optional[str] = request.args['username'] if request.args.get('username') else None + password: Optional[str] = request.args['password'] if request.args.get('password') else None + if username and password and username in self.users_table and check_password_hash(self.users_table[username]['password'], password): return {'authkey': self.users_table[username]['authkey']} return {'error': 'User/Password invalid.'}, 401 @api.doc(body=token_request_fields) def post(self): - auth: Dict = request.get_json(force=True) + auth: Dict = request.get_json(force=True) # type: ignore if 'username' in auth and 'password' in auth: # Expected keys in json if (auth['username'] in self.users_table and check_password_hash(self.users_table[auth['username']]['password'], auth['password'])): @@ -208,7 +208,7 @@ class MISPPush(Resource): @api.doc(body=misp_push_fields) def post(self, capture_uuid: str): - parameters: Dict = request.get_json(force=True) + parameters: Dict = request.get_json(force=True) # type: ignore with_parents = True if parameters.get('with_parents') else False allow_duplicates = True if parameters.get('allow_duplicates') else False @@ -246,7 +246,7 @@ trigger_modules_fields = api.model('TriggerModulesFields', { class TriggerModules(Resource): @api.doc(body=trigger_modules_fields) def post(self, capture_uuid: str): - parameters: Dict = request.get_json(force=True) + parameters: Dict = request.get_json(force=True) # type: ignore force = True if parameters.get('force') else False return lookyloo.trigger_modules(capture_uuid, force=force) @@ -276,7 +276,7 @@ class URLInfo(Resource): @api.doc(body=url_info_fields) def post(self): - to_query: Dict = request.get_json(force=True) + to_query: Dict = request.get_json(force=True) # type: ignore occurrences = lookyloo.get_url_occurrences(to_query.pop('url'), **to_query) return occurrences @@ -293,7 +293,7 @@ class HostnameInfo(Resource): @api.doc(body=hostname_info_fields) def post(self): - to_query: Dict = request.get_json(force=True) + to_query: Dict = request.get_json(force=True) # type: ignore occurrences = lookyloo.get_hostname_occurrences(to_query.pop('hostname'), **to_query) return occurrences @@ -399,7 +399,7 @@ class SubmitCapture(Resource): user = flask_login.current_user.get_id() else: user = src_request_ip(request) - to_query: Dict = request.get_json(force=True) + to_query: Dict = request.get_json(force=True) # type: ignore perma_uuid = lookyloo.enqueue_capture(to_query, source='api', user=user, authenticated=flask_login.current_user.is_authenticated) return perma_uuid