Added notes for report generation (including markdown/base64)

timb-machine-mirrors · Dec 16, 2021 · 4619def · 4619def
1 parent 5895312
commit 4619def
Show file tree

Hide file tree

Showing 6 changed files with 40 additions and 2 deletions.
diff --git a/documentation/report/report_fields.txt b/documentation/report/report_fields.txt
@@ -64,6 +64,12 @@
 8. functions {function_name}
     8.1 format_date
 
+9. notes {note_id}
+    9.1 name
+    9.2 host_id (or  '')
+    9.3 html
+    9.4 markdown
+
 Functions
 
 latex_escape(s: str) -> str # escape string to insert it inside latex template

diff --git a/requirements.txt b/requirements.txt
@@ -31,6 +31,8 @@ psycopg2-binary==2.9.1
 git+https://gitlab.com/invuls/pentest-projects/pcf_tools/qmarkpg_fork
 Flask-Caching==1.10.1
 secure==0.3.0
+markdownify==0.10.1
+
 #tools
 python-libnmap==0.7.2
 git+https://github.com/bmx0r/python-libnessus/

diff --git a/requirements_unix.txt b/requirements_unix.txt
@@ -24,6 +24,8 @@ psycopg2-binary==2.9.1
 git+https://gitlab.com/invuls/pentest-projects/pcf_tools/qmarkpg_fork
 Flask-Caching==1.10.1
 secure==0.3.0
+markdownify==0.10.1
+
 #tools
 python-libnmap==0.7.2
 git+https://github.com/bmx0r/python-libnessus/

diff --git a/requirements_windows.txt b/requirements_windows.txt
@@ -22,6 +22,8 @@ psycopg2-binary==2.9.1
 qmarkpg==0.2
 Flask-Caching==1.10.1
 secure==0.3.0
+markdownify==0.10.1
+
 #tools
 python-libnmap==0.7.2
 git+https://github.com/bmx0r/python-libnessus/

diff --git a/routes/ui/project.py b/routes/ui/project.py
@@ -2628,6 +2628,7 @@ def docx_image(image_id, width=None, height=None):
                             "hostnames": project_dict['hostnames'],
                             "grouped_issues": project_dict['grouped_issues'],
                             "docx_image": docx_image,
+                            "notes": project_dict['notes'],
                             "functions": {
                                 "format_date": lambda unix_time,
                                                       str_format: datetime.datetime.fromtimestamp(int(unix_time)).strftime(str_format),
@@ -2721,8 +2722,8 @@ def docx_image(image_id, width=None, height=None):
                                         pocs=project_dict['pocs'],
                                         ports=project_dict['ports'],
                                         hostnames=project_dict['hostnames'],
-                                        grouped_issues=project_dict[
-                                            'grouped_issues'],
+                                        grouped_issues=project_dict['grouped_issues'],
+                                        notes=project_dict['notes'],
                                         latex_escape=latex_str_escape,
                                         functions={
                                             "format_date": lambda unix_time,
@@ -2808,6 +2809,7 @@ def docx_image(image_id, width=None, height=None):
                                                     ports=project_dict['ports'],
                                                     hostnames=project_dict['hostnames'],
                                                     grouped_issues=project_dict['grouped_issues'],
+                                                    notes=project_dict['notes'],
                                                     latex_escape=latex_str_escape,
                                                     functions={
                                                         "format_date": lambda unix_time,

diff --git a/system/db.py b/system/db.py
@@ -11,6 +11,7 @@
 import psycopg2
 from base64 import b64encode
 import qmarkpg
+from markdownify import markdownify
 
 
 class Database:
@@ -1115,6 +1116,13 @@ def select_project_notes(self, project_id, host_id=''):
         result = self.return_arr_dict()
         return result
 
+    def select_all_project_notes(self, project_id):
+        self.execute(
+            '''SELECT * FROM Notes WHERE project_id=?''',
+            (project_id,))
+        result = self.return_arr_dict()
+        return result
+
     def select_project_note(self, project_id, note_id):
         self.execute(
             '''SELECT * FROM Notes WHERE project_id=? and id = ? ''',
@@ -2430,6 +2438,22 @@ def select_report_info_sorted(self, project_id):
                 result['grouped_issues'][
                     result['issues'][issue_id]['name']].append(issue_id)
 
+        # notes
+        result['notes'] = {}
+        notes = self.select_all_project_notes(project_id)
+        for note in notes:
+            result['notes'][note['id']] = {
+                'name': note['name'],
+                'host_id': note['host_id'],
+                'html': note['text'],
+                'markdown': '',
+                'base64': base64.b64encode(note['text'].encode('charmap')).decode('charmap')
+            }
+            try:
+                result['notes'][note['id']]['markdown'] = markdownify(note['text'])
+            except Exception as e:
+                pass
+        print(result['notes'])
         return result
 
     def insert_token(self, user_id, name='', create_date=0,