{ "info": { "author": "Steve Milner", "author_email": "", "bugtrack_url": null, "classifiers": [ "Framework :: Flask", "Intended Audience :: Developers", "Intended Audience :: System Administrators", "License :: OSI Approved :: GNU Affero General Public License v3", "Operating System :: OS Independent", "Programming Language :: Python", "Topic :: Internet :: WWW/HTTP :: WSGI :: Server", "Topic :: Security" ], "description": "Victims Web Service |Build Status| |PyPI version|\n=================================================\n\nThe victims web application.\n\nReport an Issue\n---------------\n\nIf you find an issue with the service at http://victi.ms or the code,\neither\n\n- Create a new issue at https://github.com/victims/victims-web/issues\n- Email vicitms@librelist.com\n\nContributing\n------------\n\n| If you have a patch or a feature that you want considered to be added\n to the project, feel free to send us a pull request.\n| Make sure you run pep8 before committing.\n\n.. code:: sh\n\n pep8 --repeat .\n\nUsing PyPI Package\n------------------\nYou can install and use the server by installing the `PyPI Package`_ and\nuse the provided entrypoint. Do ensure that the required database services\nare available and/or configured.\n\n.. code:: sh\n\n pip install --user victims-web\n victims-web-server\n\nDevelopment\n-----------\n\nThis is short guide on how to work on this code base using the provided\n``docker-compose`` configuration and development ``Dockerfile``. *Note*\nthat the ``Dockerfile`` provided in the base directory is not to be used\nin production and is only for development use.\n\nDocker builds\n~~~~~~~~~~~~~\n\nBuilding the image\n^^^^^^^^^^^^^^^^^^\n\nThe image can be built to provide a working environment with all\ndependencies installed.\n\n.. code:: sh\n\n docker build -t local/victims-web .\n\nUsing the docker image\n^^^^^^^^^^^^^^^^^^^^^^\n\nThe docker image built as shown above will not contain the application\nsource code but it expects the working directory to be mounted at\n``/opt/source``.\n\n.. code:: sh\n\n docker run --rm -it -v `pwd`:/opt/source local/victims-web\n\nDocker Compose\n~~~~~~~~~~~~~~\n\nThe ``docker-compose.yml`` file defines services required to run a\nworking copy of the server on your local machine. Starting the server\nvia ``docker-compose`` will;\n\n#. start a supported version of MongoDB instance\n#. seed the database with test data\n#. start the web server using ``python -m victims.web``\n#. bind to port 5000 on your localhost\n\nStarting a server\n^^^^^^^^^^^^^^^^^\n\nThis will start an instance of the server as described above. Note that\nthis is started with both ``DEBUG`` and ``TESTING`` enabled. This will\nalso ensure that your code is auto re-loaded if changed.\n\n.. code:: sh\n\n docker-compose up server\n\nExecuting tests against your working copy\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nIn order to execute tests against your working copy of code, you may use\nthe ``test`` service as described in the ``docker-compose.yml`` file.\nThis will start up dependant services, load seed data and then execute\napplication tests and ``pep8``.\n\n.. code:: sh\n\n docker-compose up test\n\nUsage\n-----\n\nSecured API Access\n~~~~~~~~~~~~~~~~~~\n\nSubmission endpoints like ``/service/submit/archive/java`` are secured\nby an implementation similar to what is used by AWS. The authentication\ntoken is expected in a HTTP header configured via the\n``VICTIMS_API_HEADER`` configuration (default: ``X-Victims-Api``). If\nthis is not present or if validation/authentication fails, then it falls\nback to *BASIC AUTH*.\n\nAn example using curl is as follows:\n\n.. code:: sh\n\n $ curl -v -X PUT -H \"X-Victims-Api: $APIKEY:$SIGNATURE\" -H \"Date: Thu, 22 Aug 2013 15:20:37 GMT\" -F archive=@$ARCHIVE https://$VICTIMS_SERVER/service/submit/archive/java?version=VID\\&groupId=GID\\&artifactId=AID\\&cves=CVE-2013-0000,CVE-2013-0001\n\nThis can also be done using *BASIC-AUTH* as follows:\n\n.. code:: sh\n\n curl -v -u $USERNAME:$PASSWORD -X PUT -F archive=@$ARCHIVE_FILE https://$VICTIMS_SERVER/service/submit/archive/java?version=VID\\&groupId=GID\\&artifactId=AID\\&cves=CVE-2013-0000,CVE-2013-0001\n\nAPI Key and Client Secret Key\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\nEach account on victi.ms is allocated an API Key and Secret key by\ndefault. This can be retrieved by visiting ``https://victi.ms/account``.\nThese can be regenerated using the form at\n``https://victi.ms/account_edit``.\n\nSignature\n^^^^^^^^^\n\nThe signature is generated using ``HTTP Method``, ``Path``, ``Date`` and\nthe *MD5 hexdigest*.\n\n**Notes\\:**\n\n- The ``Path`` includes the query string parameters, e.g:\n ``/service/submit/archive/java?cves=CVE-0000-0000``\n- The MD5 checksum includes the data (if available) of all files that\n are being submitted. The checksums are sorted in ascending order\n before adding to the string.\n- The date is expected to be in ``GMT``. Eg:\n ``Thu, 22 Aug 2013 15:20:37 GMT``.\n\nThe following is a reference implementation in python:\n\n.. code:: py\n\n from hmac import HMAC\n\n def generate_signature(secret, method, path, date, md5sums):\n md5sums.sort()\n ordered = [method, path, date] + md5sums\n string = ''\n\n for content in ordered:\n if content is None:\n raise ValueError('Required header not found')\n string += str(content)\n\n return HMAC(\n key=bytes(secret),\n msg=string.lower(),\n digestmod=sha512\n ).hexdigest().upper()\n\n.. |Build Status| image:: https://travis-ci.org/victims/victims-web.png\n :target: https://travis-ci.org/victims/victims-web\n.. |PyPI version| image:: https://badge.fury.io/py/victims-web.svg\n :target: https://badge.fury.io/py/victims-web\n.. _PyPI Package: https://pypi.python.org/pypi/victims-web\n\n\n", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://victi.ms", "keywords": "", "license": "AGPLv3", "maintainer": "", "maintainer_email": "", "name": "victims-web", "package_url": "https://pypi.org/project/victims-web/", "platform": "", "project_url": "https://pypi.org/project/victims-web/", "project_urls": { "Homepage": "http://victi.ms" }, "release_url": "https://pypi.org/project/victims-web/2.2.1/", "requires_dist": [ "Flask (>=0.10)", "Flask-Admin (>=1.0.7)", "Flask-Bcrypt", "Flask-Bootstrap", "Flask-Cache", "Flask-Login (==0.2.11)", "Flask-MongoEngine (==0.7.0)", "Flask-Reggie", "Flask-SSLify", "Flask-SeaSurf", "Flask-Views", "Flask-WTF (>=0.9.1)", "PyYAML", "blinker", "mongoengine (==0.8.4)", "pymongo (==2.6.2)", "raven[flask]", "requests" ], "requires_python": "", "summary": "Victims Web Service", "version": "2.2.1" }, "last_serial": 3063777, "releases": { "2.1.1": [ { "comment_text": "", "digests": { "md5": "bc8ee79c7de5a29df173dce6773de347", "sha256": "49febfcda7a5c5270bafe3d70cc9f9d5552fa7c19741e91bce23dc3111ebf261" }, "downloads": -1, "filename": "victims-web-2.1.1.tar.gz", "has_sig": false, "md5_digest": "bc8ee79c7de5a29df173dce6773de347", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 34714, "upload_time": "2017-07-31T15:30:40", "url": "https://files.pythonhosted.org/packages/f2/e4/26ef643f4bc6b9ae1001e42c704b1fe6c40d2eda942b6e3183f37fe62759/victims-web-2.1.1.tar.gz" } ], "2.1.2": [ { "comment_text": "", "digests": { "md5": "0a72e47388311f295c121e5b8d74633f", "sha256": "16f30cca196a54d3f58cd677fb500d275c6866778b8f2ca0129e4469e83d4490" }, "downloads": -1, "filename": "victims-web-2.1.2.tar.gz", "has_sig": false, "md5_digest": "0a72e47388311f295c121e5b8d74633f", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 46752, "upload_time": "2017-08-01T05:07:58", "url": "https://files.pythonhosted.org/packages/2f/4d/bc39da186ccf9aaf0c202d19e8adf4d2afc75ffc06e8ecc1e456e4545016/victims-web-2.1.2.tar.gz" } ], "2.2.0": [ { "comment_text": "", "digests": { "md5": "59932f9727d9e638e169131a15873d26", "sha256": "bc65fb607855e66c68b30dae514fe7d5ded8a57bb28f9116bc4426742d8c5e73" }, "downloads": -1, "filename": "victims-web-2.2.0.tar.gz", "has_sig": false, "md5_digest": "59932f9727d9e638e169131a15873d26", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 49044, "upload_time": "2017-08-01T06:47:59", "url": "https://files.pythonhosted.org/packages/b5/64/521e4dfc959bce99c2b2c2bd0bb35a8f6758f459a52d7c8e69425a7e852b/victims-web-2.2.0.tar.gz" } ], "2.2.1": [ { "comment_text": "", "digests": { "md5": "ab250f043ed6575cbd77a340519b8d91", "sha256": "edfbf9c92ee4049fb4c729439a300db086be977b00ec9f3a9896eef05a135794" }, "downloads": -1, "filename": "victims_web-2.2.1-py2-none-any.whl", "has_sig": false, "md5_digest": "ab250f043ed6575cbd77a340519b8d91", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 105618, "upload_time": "2017-08-01T09:07:25", "url": "https://files.pythonhosted.org/packages/84/f7/e8a681469b541ce16469c67edc94ee5e7464c73982ce725d90f9f12503da/victims_web-2.2.1-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "02210bb46e26bc39678f228a5c853ab1", "sha256": "5841c274ea7441f5e28fc1c08442dac0bf6087db7951a2cafba5c9b2bbaed748" }, "downloads": -1, "filename": "victims-web-2.2.1.tar.gz", "has_sig": false, "md5_digest": "02210bb46e26bc39678f228a5c853ab1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 49045, "upload_time": "2017-08-01T09:07:28", "url": "https://files.pythonhosted.org/packages/f0/aa/7876d63c8f3e3d69867da431087505c9416dd35c1ce99d2f36ae72c599d5/victims-web-2.2.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "ab250f043ed6575cbd77a340519b8d91", "sha256": "edfbf9c92ee4049fb4c729439a300db086be977b00ec9f3a9896eef05a135794" }, "downloads": -1, "filename": "victims_web-2.2.1-py2-none-any.whl", "has_sig": false, "md5_digest": "ab250f043ed6575cbd77a340519b8d91", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 105618, "upload_time": "2017-08-01T09:07:25", "url": "https://files.pythonhosted.org/packages/84/f7/e8a681469b541ce16469c67edc94ee5e7464c73982ce725d90f9f12503da/victims_web-2.2.1-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "02210bb46e26bc39678f228a5c853ab1", "sha256": "5841c274ea7441f5e28fc1c08442dac0bf6087db7951a2cafba5c9b2bbaed748" }, "downloads": -1, "filename": "victims-web-2.2.1.tar.gz", "has_sig": false, "md5_digest": "02210bb46e26bc39678f228a5c853ab1", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 49045, "upload_time": "2017-08-01T09:07:28", "url": "https://files.pythonhosted.org/packages/f0/aa/7876d63c8f3e3d69867da431087505c9416dd35c1ce99d2f36ae72c599d5/victims-web-2.2.1.tar.gz" } ] }