From 9c7a646307b383371ce3dc12a69328c687454b8a Mon Sep 17 00:00:00 2001 From: Simon Brakhane Date: Tue, 28 Jun 2016 14:36:53 +0200 Subject: [PATCH 1/6] Add virtualenv directory to .gitignore Usually people use something like ENV to store their virtualenv, let's have it in the .gitignore. --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 0315c6845..920689096 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ skf/skf.pyc skf/test_skf.pyc skf/server.crt skf/server.key +ENV From f918fc9978d155be8679e701b96f55b5cfcb8330 Mon Sep 17 00:00:00 2001 From: Simon Brakhane Date: Tue, 28 Jun 2016 14:46:13 +0200 Subject: [PATCH 2/6] Minor cleanup to make it work (TM) ;) * The github dependency to flask is now gone - the package now requires flask in version 0.11.x * Updated the .gitignore with content from https://github.com/github/gitignore to get rid of all the temporary files from vim and python related tools * Moved away from the version.txt to not have to read it from a file. It's now in its own version.py to keep it in the package. Also, the setup.py pulls it from there (that's kind of hacky and might not be optimal, but it does the job). * Fixed the tests to work with the new project layout. * You can now run 'python setup.py test' to get your tests ran by pytest * There were some git merge artifacts which weren't completed. I did my best to resolve them, but it still might be broken (tests are green, so...). --- .gitignore | 108 ++++++++++++++++++++++++++++++++++++- pytest.ini | 2 + requirements.txt | 10 ++-- setup.cfg | 2 + setup.py | 25 +++++---- skf/__init__.py | 0 skf/skf.py | 20 ++----- skf/static/js/actions.js | 5 +- skf/{ => test}/test_skf.py | 4 +- skf/version.py | 1 + 10 files changed, 139 insertions(+), 38 deletions(-) create mode 100644 pytest.ini create mode 100644 setup.cfg create mode 100644 skf/__init__.py rename skf/{ => test}/test_skf.py (99%) create mode 100644 skf/version.py diff --git a/.gitignore b/.gitignore index 920689096..ca4697a5f 100644 --- a/.gitignore +++ b/.gitignore @@ -13,4 +13,110 @@ skf/skf.pyc skf/test_skf.pyc skf/server.crt skf/server.key -ENV + +# From: https://github.com/github/gitignore/blob/master/Global/Vim.gitignore +# License: CC0 1.0 Universal + +# swap +[._]*.s[a-w][a-z] +[._]s[a-w][a-z] +# session +Session.vim +# temporary +.netrwhist +*~ +# auto-generated tag files +tags + + +# From: https://github.com/github/gitignore/blob/master/Python.gitignore +# License: CC0 1.0 Universal +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +env/ +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +nosetests.xml +coverage.xml +*,cover +.hypothesis/ + +# Translations +*.mo +*.pot + +# Django stuff: +*.log +local_settings.py + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# IPython Notebook +.ipynb_checkpoints + +# pyenv +.python-version + +# celery beat schedule file +celerybeat-schedule + +# dotenv +.env + +# virtualenv +venv/ +ENV/ + +# Spyder project settings +.spyderproject + +# Rope project settings +.ropeproject diff --git a/pytest.ini b/pytest.ini new file mode 100644 index 000000000..b2453b028 --- /dev/null +++ b/pytest.ini @@ -0,0 +1,2 @@ +[pytest] +testpaths = skf diff --git a/requirements.txt b/requirements.txt index 5bff5d135..8eb57fc89 100755 --- a/requirements.txt +++ b/requirements.txt @@ -1,11 +1,9 @@ -https://github.com/mitsuhiko/flask/tarball/master#egg=flask -lxml==3.4.2 +flask==0.11.1, <0.12 markdown==2.6.3 -cryptography==0.8.2 -pyOpenSSL -python-docx BeautifulSoup +python-docx +lxml==3.4.2 +pyOpenSSL requests importlib -bcrypt flask-bcrypt diff --git a/setup.cfg b/setup.cfg new file mode 100644 index 000000000..b7e478982 --- /dev/null +++ b/setup.cfg @@ -0,0 +1,2 @@ +[aliases] +test=pytest diff --git a/setup.py b/setup.py index ad74ab2fe..fcaef91e9 100755 --- a/setup.py +++ b/setup.py @@ -3,8 +3,12 @@ except ImportError: from distutils.core import setup +filename = "%s/version.py" % 'skf' +with open(filename) as f: + exec(f.read()) + setup(name='owasp-skf', - version='1.3.17', + version=__version__, description='The OWASP Security Knowledge Framework', url='https://github.com/blabla1337/skf-flask', author='Glenn ten Cate, Riccardo ten Cate', @@ -17,14 +21,17 @@ The Security Knowledge Framework is an fully open-source Python-Flask web-application. It is an expert system application that uses OWASP Application Security Verification Standard """, -<<<<<<< HEAD - install_requires=['markdown','BeautifulSoup', 'python-docx','lxml==3.4.2', 'cryptography==0.8.2', 'pyOpenSSL', 'requests', 'importlib', 'bcrypt', 'flask-bcrypt'], -======= - install_requires=['markdown==2.6.3','BeautifulSoup', 'python-docx','lxml==3.4.2', 'cryptography==0.8.2', 'pyOpenSSL', 'requests', 'importlib','flask-bcrypt'], ->>>>>>> origin/master - dependency_links= [ - 'https://github.com/mitsuhiko/flask/tarball/master#egg=Flask-owasp' - ], + install_requires=['flask>0.11, <0.12', + 'markdown==2.6.3', + 'BeautifulSoup', + 'python-docx', + 'lxml==3.4.2', + 'pyOpenSSL', + 'requests', + 'importlib', + 'flask-bcrypt'], + setup_requires=['pytest-runner'], + tests_require=['pytest', 'jsonschema'], classifiers=[ "Development Status :: 5 - Production/Stable", "Framework :: Flask", diff --git a/skf/__init__.py b/skf/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/skf/skf.py b/skf/skf.py index a09d6c306..074835308 100755 --- a/skf/skf.py +++ b/skf/skf.py @@ -30,8 +30,8 @@ from flask.ext.bcrypt import Bcrypt from flask import Flask, request, session, g, redirect, url_for, abort, \ render_template, flash, Markup, make_response - - + +from . import version # create the application app = Flask(__name__) @@ -91,11 +91,6 @@ def log(message, value, threat): # If not exists, create the file file = open('logs/'+dateLog+'.txt', 'w+') file.write(dateTime +' '+ message +' ' + ' ' + value + ' ' + threat + ' ' +ip + "\r\n") -<<<<<<< HEAD - file.close() - -def valAlphaNum(value, countLevel): -======= file.close() def blockUsers(): @@ -116,8 +111,7 @@ def blockUsers(): if count > 11: sys.exit('Due to to many FAILED logs in your logging file we have the suspicion your application has been under attack by hackers. Please check your log files to validate and take repercussions. After validation clear your log or simply change the FAIL items to another value.') -def valAlphaNum(value): ->>>>>>> origin/master +def valAlphaNum(value, countLevel): match = re.findall(r"[^ a-zA-Z0-9_.-]", value) if match: log("User supplied not an a-zA-Z0-9 value", "FAIL", "MEDIUM") @@ -255,9 +249,7 @@ def check_version(): return False def get_version(): - with open ("version.txt", "r") as myfile: - version_final = myfile.read().replace('\n', '') - return version_final + return version.__version__ def projects_functions_techlist(): """get list of technology used for creating project functions""" @@ -1609,10 +1601,6 @@ def download_file_function(projectID): return make_response((body, headers)) if __name__ == "__main__": -<<<<<<< HEAD -======= - print("Generated Password for access SKF: test-skf") ->>>>>>> origin/master #Command line options to enable debug and/or saas (bind to 0.0.0.0) cmdargs = str(sys.argv) total = len(sys.argv) diff --git a/skf/static/js/actions.js b/skf/static/js/actions.js index 11feb268b..f5b3bafb3 100755 --- a/skf/static/js/actions.js +++ b/skf/static/js/actions.js @@ -151,11 +151,8 @@ $(document).ready(function() { $("#accordion .panel a:contains('not available item')").parent().parent().parent().remove(); -<<<<<<< HEAD // Select Items - -======= ->>>>>>> origin/master + $( "#selectable" ).bind( "mousedown", function ( e ) { e.metaKey = true; } ).selectable({ diff --git a/skf/test_skf.py b/skf/test/test_skf.py similarity index 99% rename from skf/test_skf.py rename to skf/test/test_skf.py index 3b397b9a4..136a832b5 100755 --- a/skf/test_skf.py +++ b/skf/test/test_skf.py @@ -7,9 +7,9 @@ import pytest import tempfile -import os +import os import datetime -import skf +from skf import skf @pytest.fixture diff --git a/skf/version.py b/skf/version.py new file mode 100644 index 000000000..b62eaaa24 --- /dev/null +++ b/skf/version.py @@ -0,0 +1 @@ +__version__ = '1.3.37' From 856ed8f54768699a47017ddbeb411481a45dcb4a Mon Sep 17 00:00:00 2001 From: Simon Brakhane Date: Tue, 28 Jun 2016 15:42:27 +0200 Subject: [PATCH 3/6] Try to fix .travis.yml I have no idea what I'm doing, but it looks reasonable... --- .travis.yml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/.travis.yml b/.travis.yml index c1765de8d..b0be56646 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,18 +4,10 @@ python: - "2.6" - "2.7" install: - - pip install owasp-skf - - pip install https://github.com/mitsuhiko/flask/tarball/master - - pip install pytest-cov - pip install coverage - pip install python-coveralls - - pip install importlib - -script: - - python setup.py test - - cd skf - - python -m pytest --cov test_skf.py + - python setup.py install after_script: - - coverage run test_skf.py test + - coverage run --source skf setup.py test after_success: - coveralls From 1c39b33910bff76d7b733ac1431727483ecfa318 Mon Sep 17 00:00:00 2001 From: Simon Brakhane Date: Tue, 28 Jun 2016 15:47:24 +0200 Subject: [PATCH 4/6] Add script command to make travis happy 'Please override the script: key in your .travis.yml to run tests.' - sure, will do --- .travis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index b0be56646..9dab92fa2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,6 +7,8 @@ install: - pip install coverage - pip install python-coveralls - python setup.py install +script: + - python setup.py test after_script: - coverage run --source skf setup.py test after_success: From 4f206a1ed66cafab0ca9710d0bcab2f057c31b4d Mon Sep 17 00:00:00 2001 From: Simon Brakhane Date: Tue, 28 Jun 2016 16:11:37 +0200 Subject: [PATCH 5/6] Fix travis execution order According to the travis build lifecycle (https://docs.travis-ci.com/user/customizing-the-build/#The-Build-Lifecycle) after_success is called way before after_script is called. To actually send coverage data to coveralls, the coverage data has to be generated before so... --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9dab92fa2..a78ec6615 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,6 @@ install: - python setup.py install script: - python setup.py test -after_script: - - coverage run --source skf setup.py test after_success: + - coverage run --source skf setup.py test - coveralls From d39afaca6eab5a47a22a402f132b3c013ecabcae Mon Sep 17 00:00:00 2001 From: Simon Brakhane Date: Tue, 28 Jun 2016 16:42:16 +0200 Subject: [PATCH 6/6] Add .coveragerc and (hopefully) fix coveralls push I've moved the commandline switches into .coveragerc, also this config is now omitting every *.html as it seems to crash coveralls with the following exception: coverage.misc.NotPython: Couldn't parse '/the/path/...' as Python source: 'invalid syntax' at line 1 --- .coveragerc | 3 +++ .travis.yml | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 .coveragerc diff --git a/.coveragerc b/.coveragerc new file mode 100644 index 000000000..204dc8704 --- /dev/null +++ b/.coveragerc @@ -0,0 +1,3 @@ +[run] +omit = *.html +source = skf diff --git a/.travis.yml b/.travis.yml index a78ec6615..afda83db9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -10,5 +10,5 @@ install: script: - python setup.py test after_success: - - coverage run --source skf setup.py test + - coverage run setup.py test - coveralls