move logic to model and remove potential harmful code (avoid using del) #32
|
@ -1,3 +1,4 @@
|
||||||
|
import json
|
||||||
from django.db import models, connection
|
from django.db import models, connection
|
||||||
|
|
||||||
from utils.constants import ALGOS
|
from utils.constants import ALGOS
|
||||||
|
@ -305,3 +306,32 @@ class Device:
|
||||||
if not self.last_evidence:
|
if not self.last_evidence:
|
||||||
self.get_last_evidence()
|
self.get_last_evidence()
|
||||||
return self.last_evidence.get_components()
|
return self.last_evidence.get_components()
|
||||||
|
|
||||||
|
def get_components_data(self, is_user_authenticated):
|
||||||
|
if is_user_authenticated:
|
||||||
|
return self.components
|
||||||
|
|
||||||
|
public_components = json.loads(json.dumps(self.components))
|
||||||
|
self.remove_sensitive_data_from(public_components)
|
||||||
|
return public_components
|
||||||
|
|
||||||
|
def remove_sensitive_data_from(self, components):
|
||||||
|
for component in components:
|
||||||
|
component.pop('SerialNumber', None)
|
||||||
|
component.pop('serial_number', None)
|
||||||
|
|
||||||
|
def get_device_data(self, should_include_sensitive_fields):
|
||||||
|
data = {
|
||||||
|
'id': self.id,
|
||||||
|
'shortid': self.shortid,
|
||||||
|
'uuids': self.uuids,
|
||||||
|
'hids': self.hids,
|
||||||
|
'components': self.get_components_data(should_include_sensitive_fields),
|
||||||
|
}
|
||||||
|
|
||||||
|
if should_include_sensitive_fields:
|
||||||
|
data.update({
|
||||||
|
'serial_number': self.serial_number,
|
||||||
|
})
|
||||||
|
|
||||||
|
return data
|
||||||
|
|
|
@ -115,14 +115,15 @@ class PublicDeviceWebView(TemplateView):
|
||||||
template_name = "device_web.html"
|
template_name = "device_web.html"
|
||||||
|
|
||||||
def get(self, request, *args, **kwargs):
|
def get(self, request, *args, **kwargs):
|
||||||
self.pk = kwargs['pk']
|
self.object = Device(id=kwargs['pk'])
|
||||||
self.object = Device(id=self.pk)
|
|
||||||
|
|
||||||
if not self.object.last_evidence:
|
if not self.object.last_evidence:
|
||||||
raise Http404
|
raise Http404
|
||||||
|
|
||||||
if self.request.headers.get('Accept') == 'application/json':
|
if self.request.headers.get('Accept') == 'application/json':
|
||||||
return self.get_json_response()
|
json_response = self.create_json_response(
|
||||||
|
self.request.user.is_authenticated)
|
||||||
|
return json_response
|
||||||
return super().get(request, *args, **kwargs)
|
return super().get(request, *args, **kwargs)
|
||||||
|
|
||||||
def get_context_data(self, **kwargs):
|
def get_context_data(self, **kwargs):
|
||||||
|
@ -133,37 +134,8 @@ class PublicDeviceWebView(TemplateView):
|
||||||
})
|
})
|
||||||
return context
|
return context
|
||||||
|
|
||||||
@property
|
def create_json_response(self, is_user_authenticated):
|
||||||
def public_fields(self):
|
device_data = self.object.get_device_data(is_user_authenticated)
|
||||||
return {
|
|
||||||
'id': self.object.id,
|
|
||||||
'shortid': self.object.shortid,
|
|
||||||
'uuids': self.object.uuids,
|
|
||||||
'hids': self.object.hids,
|
|
||||||
'components': self.remove_serial_number_from(self.object.components),
|
|
||||||
}
|
|
||||||
|
|
||||||
@property
|
|
||||||
def authenticated_fields(self):
|
|
||||||
return {
|
|
||||||
'serial_number': self.object.serial_number,
|
|
||||||
'components': self.object.components,
|
|
||||||
}
|
|
||||||
|
|
||||||
def remove_serial_number_from(self, components):
|
|
||||||
for component in components:
|
|
||||||
if 'serial_number' in component:
|
|
||||||
del component['SerialNumber']
|
|
||||||
return components
|
|
||||||
|
|
||||||
def get_device_data(self):
|
|
||||||
data = self.public_fields
|
|
||||||
if self.request.user.is_authenticated:
|
|
||||||
data.update(self.authenticated_fields)
|
|
||||||
return data
|
|
||||||
|
|
||||||
def get_json_response(self):
|
|
||||||
device_data = self.get_device_data()
|
|
||||||
return JsonResponse(device_data)
|
return JsonResponse(device_data)
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue