move logic to model and remove potential harmful code (void useing del)

This commit is contained in:
Sergio Giménez Antón 2024-11-16 18:08:11 +01:00
parent b7d7b9041d
commit 2813a095de
2 changed files with 36 additions and 34 deletions

View file

@ -1,3 +1,4 @@
import json
from django.db import models, connection
from utils.constants import ALGOS
@ -305,3 +306,32 @@ class Device:
if not self.last_evidence:
self.get_last_evidence()
return self.last_evidence.get_components()
def get_components_data(self, is_user_authenticated):
if is_user_authenticated:
return self.components
public_components = json.loads(json.dumps(self.components))
self.remove_sensitive_data_from(public_components)
return public_components
def remove_sensitive_data_from(self, components):
for component in components:
component.pop('SerialNumber', None)
component.pop('serial_number', None)
def get_device_data(self, should_include_sensitive_fields):
data = {
'id': self.id,
'shortid': self.shortid,
'uuids': self.uuids,
'hids': self.hids,
'components': self.get_components_data(should_include_sensitive_fields),
}
if should_include_sensitive_fields:
data.update({
'serial_number': self.serial_number,
})
return data

View file

@ -115,14 +115,15 @@ class PublicDeviceWebView(TemplateView):
template_name = "device_web.html"
def get(self, request, *args, **kwargs):
self.pk = kwargs['pk']
self.object = Device(id=self.pk)
self.object = Device(id=kwargs['pk'])
if not self.object.last_evidence:
raise Http404
if self.request.headers.get('Accept') == 'application/json':
return self.get_json_response()
json_response = self.create_json_response(
self.request.user.is_authenticated)
return json_response
return super().get(request, *args, **kwargs)
def get_context_data(self, **kwargs):
@ -133,37 +134,8 @@ class PublicDeviceWebView(TemplateView):
})
return context
@property
def public_fields(self):
return {
'id': self.object.id,
'shortid': self.object.shortid,
'uuids': self.object.uuids,
'hids': self.object.hids,
'components': self.remove_serial_number_from(self.object.components),
}
@property
def authenticated_fields(self):
return {
'serial_number': self.object.serial_number,
'components': self.object.components,
}
def remove_serial_number_from(self, components):
for component in components:
if 'serial_number' in component:
del component['SerialNumber']
return components
def get_device_data(self):
data = self.public_fields
if self.request.user.is_authenticated:
data.update(self.authenticated_fields)
return data
def get_json_response(self):
device_data = self.get_device_data()
def create_json_response(self, is_user_authenticated):
device_data = self.object.get_device_data(is_user_authenticated)
return JsonResponse(device_data)