-
Notifications
You must be signed in to change notification settings - Fork 77
/
Copy pathviews.py
101 lines (78 loc) · 3.15 KB
/
views.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
import re
import time
from datetime import datetime
from flask import jsonify, render_template, request
from server import app, auth, database, reloader
from server.models import FlagStatus
@app.template_filter('timestamp_to_datetime')
def timestamp_to_datetime(s):
return datetime.fromtimestamp(s)
@app.route('/')
@auth.auth_required
def index():
distinct_values = {}
for column in ['sploit', 'status', 'team']:
rows = database.query('SELECT DISTINCT {} FROM flags ORDER BY {}'.format(column, column))
distinct_values[column] = [item[column] for item in rows]
config = reloader.get_config()
server_tz_name = time.strftime('%Z')
if server_tz_name.startswith('+'):
server_tz_name = 'UTC' + server_tz_name
return render_template('index.html',
flag_format=config['FLAG_FORMAT'],
distinct_values=distinct_values,
server_tz_name=server_tz_name)
FORM_DATETIME_FORMAT = '%Y-%m-%d %H:%M'
FLAGS_PER_PAGE = 30
@app.route('/ui/show_flags', methods=['POST'])
@auth.auth_required
def show_flags():
conditions = []
for column in ['sploit', 'status', 'team']:
value = request.form[column]
if value:
conditions.append(('{} = ?'.format(column), value))
for column in ['flag', 'checksystem_response']:
value = request.form[column]
if value:
conditions.append(('INSTR(LOWER({}), ?)'.format(column), value.lower()))
for param in ['time-since', 'time-until']:
value = request.form[param].strip()
if value:
timestamp = round(datetime.strptime(value, FORM_DATETIME_FORMAT).timestamp())
sign = '>=' if param == 'time-since' else '<='
conditions.append(('time {} ?'.format(sign), timestamp))
page_number = int(request.form['page-number'])
if page_number < 1:
raise ValueError('Invalid page-number')
if conditions:
chunks, values = list(zip(*conditions))
conditions_sql = 'WHERE ' + ' AND '.join(chunks)
conditions_args = list(values)
else:
conditions_sql = ''
conditions_args = []
sql = 'SELECT * FROM flags ' + conditions_sql + ' ORDER BY time DESC LIMIT ? OFFSET ?'
args = conditions_args + [FLAGS_PER_PAGE, FLAGS_PER_PAGE * (page_number - 1)]
flags = database.query(sql, args)
sql = 'SELECT COUNT(*) FROM flags ' + conditions_sql
args = conditions_args
total_count = database.query(sql, args)[0][0]
return jsonify({
'rows': [dict(item) for item in flags],
'rows_per_page': FLAGS_PER_PAGE,
'total_count': total_count,
})
@app.route('/ui/post_flags_manual', methods=['POST'])
@auth.auth_required
def post_flags_manual():
config = reloader.get_config()
flags = re.findall(config['FLAG_FORMAT'], request.form['text'])
cur_time = round(time.time())
rows = [(item, 'Manual', '*', cur_time, FlagStatus.QUEUED.name)
for item in flags]
db = database.get()
db.executemany("INSERT OR IGNORE INTO flags (flag, sploit, team, time, status) "
"VALUES (?, ?, ?, ?, ?)", rows)
db.commit()
return ''