-
Notifications
You must be signed in to change notification settings - Fork 0
/
xss_hit.go
90 lines (79 loc) · 1.98 KB
/
xss_hit.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
package models
import (
"github.com/google/uuid"
"gorm.io/gorm"
)
type XssHit struct {
gorm.Model
Ip string
Referer string
UserAgent string
Origin string
CorrelationKey string `gorm:"not null"`
PublicId string
Cookies string
LocalStorage string
SessionStorage string
Url string
Dom string
Screenshot string
OwnerID int
Owner User `json:"-"`
HandlerID int
Handler Handler `json:"-"`
CollectedPages []CollectedPage
}
func (hit *XssHit) CanView(user_id int) bool {
for _, member := range hit.Handler.Members {
if member.UserID == user_id {
return true
}
}
return false
}
func (hit *XssHit) CanUpdate(user_id int) bool {
for _, member := range hit.Handler.Members {
if member.UserID == user_id && (member.Permission == WRITE || member.Permission == OWNER) {
return true
}
}
return false
}
func (hit *XssHit) CanDelete(user_id int) bool {
for _, member := range hit.Handler.Members {
if member.UserID == user_id && member.Permission == OWNER {
return true
}
}
return false
}
func GetHitByCorrelationKey(key string) XssHit {
var hit XssHit
DB.Preload("CollectedPages").Preload("Handler.Members").First(&hit, "correlation_key = ?", key)
return hit
}
func GetViewableHitPaginated(user_id int, pagination *Pagination) (hits []XssHit) {
rbacs := GetHandleRbacForUser(user_id)
var handlers_id []int
for _, rbac := range rbacs {
handlers_id = append(handlers_id, rbac.HandlerID)
}
DB.Scopes(Paginate(hits, pagination, DB)).Preload("Handler").Find(&hits, "handler_id IN ?", handlers_id)
return
}
func GetHitBySharingKey(key string) XssHit {
var hit XssHit
DB.Preload("CollectedPages").Preload("Handler.Members").First(&hit, "public_id = ?", key)
return hit
}
func (hit *XssHit) EnableSharing() {
hit.PublicId = uuid.New().String()
DB.Save(hit)
}
func (hit *XssHit) DisableSharing() {
hit.PublicId = ""
DB.Save(hit)
}
func (hit *XssHit) Delete() {
DB.Delete(hit)
}