From 077e8d1484b3bc8ca2deeaa7d8711a7cb5812a7c Mon Sep 17 00:00:00 2001 From: Domingo Dirutigliano Date: Wed, 6 Nov 2024 18:00:04 +0100 Subject: [PATCH] add: commit on db before sending event on redis --- backend/app.py | 1 + backend/routes/clients.py | 3 +++ backend/routes/exploits.py | 13 ++++++++++--- backend/routes/services.py | 3 +++ backend/routes/submitters.py | 4 +++- backend/routes/teams.py | 3 +++ backend/skio.py | 1 + backend/submitter.py | 2 ++ tests/xploit_test/config.toml | 2 +- 9 files changed, 27 insertions(+), 5 deletions(-) diff --git a/backend/app.py b/backend/app.py index 0850fe6..0980735 100644 --- a/backend/app.py +++ b/backend/app.py @@ -241,6 +241,7 @@ async def set_status(data: Dict[str, str|int|None], db: DBSession): config = Configuration.model_validate(config.model_dump() | data) await config.write_on_db() config.PASSWORD_HASH = "********" if config.PASSWORD_HASH else None + await db.commit() await redis_conn.publish(redis_channels.config, "update") return {"status": ResponseStatus.OK, "message": "The configuration has been updated", "response": config.model_dump()} diff --git a/backend/routes/clients.py b/backend/routes/clients.py index 02f3077..dc242b3 100644 --- a/backend/routes/clients.py +++ b/backend/routes/clients.py @@ -24,6 +24,7 @@ async def client_new_or_edit(data: ClientAddForm, db: DBSession): set_=json_like(data) ).returning(Client) )).one() + await db.commit() await redis_conn.publish(redis_channels.client, "update") return { "message": "Client created/updated successfully", "response": client } @@ -47,6 +48,7 @@ async def client_delete_hashed_or_uuid(client_id: ClientID, db: DBSession): if not result: raise HTTPException(404, "Client not found") + await db.commit() await redis_conn.publish(redis_channels.client, "update") return { "message": "Client deleted successfully", "response": json_like(result, unset=True) } @@ -55,5 +57,6 @@ async def client_edit(client_id: UnHashedClientID, data: ClientEditForm, db: DBS client = (await db.scalars(sqla.update(Client).values(json_like(data)).where(Client.id == client_id).returning(Client))).one_or_none() if not client: raise HTTPException(404, "Client not found") + await db.commit() await redis_conn.publish(redis_channels.client, "update") return { "message": "Client updated successfully", "response": json_like(client, unset=True) } \ No newline at end of file diff --git a/backend/routes/exploits.py b/backend/routes/exploits.py index ec3134e..401505f 100644 --- a/backend/routes/exploits.py +++ b/backend/routes/exploits.py @@ -58,7 +58,7 @@ async def exploit_new_or_edit(data: ExploitAddForm, db: DBSession): set_={ k: v for k, v in data.db_data().items() if k != "created_by" } ).returning(Exploit) )).one() - + await db.commit() await redis_conn.publish(redis_channels.exploit, "update") return { "message": "Exploit created/updated successfully", "response": json_like(exploit, unset=True) } @@ -79,7 +79,7 @@ async def exploit_delete(exploit_id: ExploitID, db: DBSession): file_path = os.path.join(EXPLOIT_SOURCES_DIR, f"{source.hash}.tar.gz") if os.path.exists(file_path): os.remove(file_path) - + await db.commit() await redis_conn.publish(redis_channels.exploit, "update") return { "message": "Exploit deleted successfully", "response": json_like(exploit, unset=True) } @@ -102,7 +102,7 @@ async def exploit_edit(exploit_id: ExploitID, data: ExploitEditForm, db: DBSessi if not result: raise HTTPException(404, "Exploit not found") - + await db.commit() await redis_conn.publish(redis_channels.exploit, "update") return { "message": "Exploit updated successfully", "response": json_like(result, unset=True) } @@ -149,6 +149,7 @@ async def attack_exec_commit(parsed_data: Dict[str, str]) -> int: return len(flags) results = await asyncio.gather(*[attack_exec_commit(data) for data in [ele.db_data() for ele in data]]) + await db.commit() if trigger_exploit_update: await redis_conn.publish(redis_channels.exploit, "update") await redis_conn.publish(redis_channels.attack_execution, "update") @@ -186,6 +187,7 @@ async def exploit_submit_manual(data: ManualSubmitForm, db: DBSession): .returning(Flag) )).all() + await db.commit() await redis_conn.publish(redis_channels.attack_execution, "update") return { "message": "Attack results submitted successfully", "response": { "flags": len(flags) } } @@ -241,6 +243,8 @@ async def new_exploit_source( final_file_path = os.path.join(EXPLOIT_SOURCES_DIR, f"{hash_id}.tar.gz") if not os.path.exists(final_file_path): shutil.move(temp_file.name, final_file_path) + + await db.commit() await redis_conn.publish(redis_channels.exploit_source, "update") return { "message": "Exploit Source pushed correctly", "response": expl_src.id } @@ -284,6 +288,8 @@ async def delete_exploit_source(source_id: ExploitSourceID, db: DBSession): if ele.id == source_id: await db.delete(ele) break + + await db.commit() await redis_conn.publish(redis_channels.exploit_source, "update") return { "message": "Source deleted successfully", "response": source_id } @@ -295,5 +301,6 @@ async def edit_exploit_source(source_id: ExploitSourceID, data: ExploitSourcePus )).one_or_none() if source_metadata is None: raise HTTPException(404, "Source file not found") + await db.commit() await redis_conn.publish(redis_channels.exploit_source, "update") return { "message": "Exploit source updated successfully", "response": json_like(source_metadata, unset=True) } diff --git a/backend/routes/services.py b/backend/routes/services.py index 4064d56..7497ca9 100644 --- a/backend/routes/services.py +++ b/backend/routes/services.py @@ -18,6 +18,7 @@ async def service_new(data: ServiceAddForm, db: DBSession): .values(json_like(data)) .returning(Service) )).one() + await db.commit() await redis_conn.publish(redis_channels.service, "update") return { "message": "Service created successfully", "response": service } @@ -31,6 +32,7 @@ async def service_delete(service_id: ServiceID, db: DBSession): )).one_or_none() if not service: raise HTTPException(404, "Service not found") + await db.commit() await redis_conn.publish(redis_channels.service, "update") return { "message": "Service deleted successfully", "response": service } @@ -44,5 +46,6 @@ async def service_edit(service_id: ServiceID, data: ServiceEditForm, db: DBSessi )).one_or_none() if not service: raise HTTPException(404, "Service not found") + await db.commit() await redis_conn.publish(redis_channels.service, "update") return { "message": "Service updated successfully", "response": service } \ No newline at end of file diff --git a/backend/routes/submitters.py b/backend/routes/submitters.py index 03afb0d..22b7da7 100644 --- a/backend/routes/submitters.py +++ b/backend/routes/submitters.py @@ -43,7 +43,7 @@ async def new_submitter(data: SubmitterAddForm, db: DBSession): .returning(Submitter) )).one() submitter.model_validate(submitter) - + await db.commit() await redis_conn.publish(redis_channels.submitter, "update") return { "message": "The submitter has been created", "response": json_like(submitter, unset=True)} @@ -117,6 +117,7 @@ async def update_submitter(submitter_id: SubmitterID, data: SubmitterEditForm, d .values(json_like(data)) .returning(Submitter) )).one() + await db.commit() await redis_conn.publish(redis_channels.submitter, "update") return { "message": "The submitter has been updated", "response": json_like(submitter, unset=True)} @@ -136,6 +137,7 @@ async def delete_submitter(submitter_id: SubmitterID, db: DBSession): raise HTTPException(404, "Submitter not found") await db.delete(submitter) + await db.commit() await redis_conn.publish(redis_channels.submitter, "update") return { "message": "The submitter has been deleted", "response": json_like(submitter, unset=True)} diff --git a/backend/routes/teams.py b/backend/routes/teams.py index af0da5c..0ac7b81 100644 --- a/backend/routes/teams.py +++ b/backend/routes/teams.py @@ -24,6 +24,7 @@ async def team_new(data: List[TeamAddForm], db: DBSession): async def team_delete_list(data: List[TeamID], db: DBSession): stsm = sqla.delete(Team).where(Team.id.in_(data)).returning(Team) teams = (await db.scalars(stsm)).all() + await db.commit() await redis_conn.publish(redis_channels.submitter, "update") return { "message": "Teams deleted successfully", "response": json_like(teams, unset=True) } @@ -31,6 +32,7 @@ async def team_delete_list(data: List[TeamID], db: DBSession): async def team_delete(team_id: TeamID, db: DBSession): stmt = sqla.delete(Team).where(Team.id == team_id).returning(Team) team = (await db.scalars(stmt)).one() + await db.commit() await redis_conn.publish(redis_channels.submitter, "update") return { "message": "Team deleted successfully", "response": json_like(team, unset=True) } @@ -45,6 +47,7 @@ async def team_edit_list(data: List[TeamEditForm], db: DBSession): ] teams = [o.one_or_none() for o in await asyncio.gather(*[db.scalars(ele) for ele in updates_queries])] teams = [team for team in teams if team is not None] + await db.commit() await redis_conn.publish(redis_channels.submitter, "update") return { "message": "Teams updated successfully", "response": json_like(teams, unset=True) } diff --git a/backend/skio.py b/backend/skio.py index c57dcb1..c362333 100644 --- a/backend/skio.py +++ b/backend/skio.py @@ -59,6 +59,7 @@ async def check_exploits_disabled(): elif current_status != ExploitStatus.disabled and expl.id in disabled_exploits: disabled_exploits.remove(expl.id) if trigger_update: + await db.commit() await redis_conn.publish(redis_channels.exploit, "update") await asyncio.sleep(5) diff --git a/backend/submitter.py b/backend/submitter.py index d6417be..1bec370 100644 --- a/backend/submitter.py +++ b/backend/submitter.py @@ -202,6 +202,7 @@ async def submit_flags(): updated = (await db.scalars(stmt)).all() if len(updated) > 0: logging.warning(f"{len(updated)} flags have been timeouted by FLAG_TIMEOUT") + await db.commit() await redis_conn.publish(redis_channels.attack_execution, "update") flags_to_submit = ( @@ -220,6 +221,7 @@ async def submit_flags(): logging.info(f"Submitting {len(flags_to_submit)} flags") print(datetime_now(), f"Submitting {len(flags_to_submit)} flags") status = await run_submit_routine(flags_to_submit) + await db.commit() await err_warn_event_update() g.last_submission = time.time() diff --git a/tests/xploit_test/config.toml b/tests/xploit_test/config.toml index b877934..e9b3966 100644 --- a/tests/xploit_test/config.toml +++ b/tests/xploit_test/config.toml @@ -3,4 +3,4 @@ name = "xploit_test" interpreter = "python3" run = "main.py" language = "python" -service = "2e0a6092-5fd3-41f8-8d29-f93083c66f3c" +service = "4fccde4a-d591-4903-835a-55afaab913fd"