move logic to model and remove potential harmful code (avoid using del) #32
|
@ -1,3 +1,4 @@
|
|||
import json
|
||||
from django.db import models, connection
|
||||
|
||||
from utils.constants import ALGOS
|
||||
|
@ -305,3 +306,32 @@ class Device:
|
|||
if not self.last_evidence:
|
||||
self.get_last_evidence()
|
||||
return self.last_evidence.get_components()
|
||||
|
||||
def get_components_data(self, is_user_authenticated):
|
||||
if is_user_authenticated:
|
||||
return self.components
|
||||
|
||||
public_components = json.loads(json.dumps(self.components))
|
||||
self.remove_sensitive_data_from(public_components)
|
||||
return public_components
|
||||
|
||||
def remove_sensitive_data_from(self, components):
|
||||
for component in components:
|
||||
component.pop('SerialNumber', None)
|
||||
component.pop('serial_number', None)
|
||||
|
||||
def get_device_data(self, should_include_sensitive_fields):
|
||||
data = {
|
||||
'id': self.id,
|
||||
'shortid': self.shortid,
|
||||
'uuids': self.uuids,
|
||||
'hids': self.hids,
|
||||
'components': self.get_components_data(should_include_sensitive_fields),
|
||||
}
|
||||
|
||||
if should_include_sensitive_fields:
|
||||
data.update({
|
||||
'serial_number': self.serial_number,
|
||||
})
|
||||
|
||||
return data
|
||||
|
|
|
@ -115,14 +115,15 @@ class PublicDeviceWebView(TemplateView):
|
|||
template_name = "device_web.html"
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
self.pk = kwargs['pk']
|
||||
self.object = Device(id=self.pk)
|
||||
self.object = Device(id=kwargs['pk'])
|
||||
|
||||
if not self.object.last_evidence:
|
||||
raise Http404
|
||||
|
||||
if self.request.headers.get('Accept') == 'application/json':
|
||||
return self.get_json_response()
|
||||
json_response = self.create_json_response(
|
||||
self.request.user.is_authenticated)
|
||||
return json_response
|
||||
return super().get(request, *args, **kwargs)
|
||||
|
||||
def get_context_data(self, **kwargs):
|
||||
|
@ -133,37 +134,8 @@ class PublicDeviceWebView(TemplateView):
|
|||
})
|
||||
return context
|
||||
|
||||
@property
|
||||
def public_fields(self):
|
||||
return {
|
||||
'id': self.object.id,
|
||||
'shortid': self.object.shortid,
|
||||
'uuids': self.object.uuids,
|
||||
'hids': self.object.hids,
|
||||
'components': self.remove_serial_number_from(self.object.components),
|
||||
}
|
||||
|
||||
@property
|
||||
def authenticated_fields(self):
|
||||
return {
|
||||
'serial_number': self.object.serial_number,
|
||||
'components': self.object.components,
|
||||
}
|
||||
|
||||
def remove_serial_number_from(self, components):
|
||||
for component in components:
|
||||
if 'serial_number' in component:
|
||||
del component['SerialNumber']
|
||||
return components
|
||||
|
||||
def get_device_data(self):
|
||||
data = self.public_fields
|
||||
if self.request.user.is_authenticated:
|
||||
data.update(self.authenticated_fields)
|
||||
return data
|
||||
|
||||
def get_json_response(self):
|
||||
device_data = self.get_device_data()
|
||||
def create_json_response(self, is_user_authenticated):
|
||||
device_data = self.object.get_device_data(is_user_authenticated)
|
||||
return JsonResponse(device_data)
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue