BlackSnufkin
ce9a926246
Backend (Python):
- Split app/routes.py (1,389 lines) into 6 Flask blueprints (upload, analysis,
results, doppelganger, management, api) under app/blueprints/, plus
service modules (rendering, summary, tool_check, error_handling) under
app/services/, and the shared RouteHelpers class in app/helpers.py.
app/__init__.py wires shared deps via app.extensions['litterbox'].
- Split app/utils.py (1,400 lines) into the app/utils/ package with
single-concern modules: file_io, validators, path_manager, risk_analyzer,
forensics, json_helpers, reporting. No facade — every caller migrated.
- Extracted BaseSubprocessAnalyzer in app/analyzers/base.py; refactored 9
subprocess analyzers (yara/checkplz/stringnalyzer static; yara/pe_sieve/
moneta/patriot/hsb/hollows_hunter dynamic) as thin subclasses that only
declare config + implement _parse_output.
Frontend (JS):
- Split results.js (2,060), holygrail.js (1,025), byovd_info.js (1,069),
and upload.js (974) into per-concern ES6 modules under
app/static/js/{results,holygrail,byovd,upload}/.
- Added app/static/js/utils/ with shared helpers: escape, formatters,
severity, fetch, modals, dom (single source of truth for escapeHtml,
formatBytes, severity-color mapping, etc.).
- Converted base.js, summary.js, blender.js, fuzzy.js to ES6 modules;
every <script> tag now uses type="module". window.X assignments preserved
so inline onclick handlers in templates keep resolving.
- Targeted XSS hardening at user-data interpolation sites in results
renderers (str.data, hex_dump, scan_info.target, list items).
Templates:
- New app/templates/partials/_macros.html with reusable scanner-table
macros + 3-card status grid; static_info.html and dynamic_info.html
migrated to use them, eliminating identical-HTML duplication.
CSS:
- Fixed broken @apply in .drag-over (no Tailwind build pipeline → @apply
was silently ignored, leaving drag-and-drop visual feedback broken).
Replaced with raw CSS equivalent.
- Dedented stray 8-space-indented block (lines 127-end) for consistency.
- Added header comment documenting the no-build-pipeline constraint.
Gitignore:
- Anchored Results/, Uploads/, DoppelgangerDB/Blender/, and Scanners/*
patterns to repo root with leading slash so they don't shadow same-
named directories elsewhere (notably the new app/static/js/results/
module directory and app/blueprints/results.py).
- Added /Scanners/PE-Sieve/process_*/ for runtime scan artifacts.
72 lines
2.4 KiB
JavaScript
72 lines
2.4 KiB
JavaScript
// app/static/js/utils/fetch.js
|
|
// Thin wrapper around fetch() with consistent JSON parsing and error shape.
|
|
// Replaces 5+ inconsistent inline try/fetch/catch blocks across the codebase.
|
|
|
|
class HttpError extends Error {
|
|
constructor(message, status, data) {
|
|
super(message);
|
|
this.name = 'HttpError';
|
|
this.status = status;
|
|
this.data = data;
|
|
}
|
|
}
|
|
|
|
async function parseError(response) {
|
|
const fallback = `HTTP ${response.status}`;
|
|
try {
|
|
const data = await response.json();
|
|
return new HttpError(data.error || data.message || fallback, response.status, data);
|
|
} catch (_) {
|
|
return new HttpError(fallback, response.status, null);
|
|
}
|
|
}
|
|
|
|
export async function apiGet(url, options = {}) {
|
|
const response = await fetch(url, { method: 'GET', ...options });
|
|
if (!response.ok) throw await parseError(response);
|
|
return response.json();
|
|
}
|
|
|
|
export async function apiPost(url, body = null, options = {}) {
|
|
const isFormData = (typeof FormData !== 'undefined') && (body instanceof FormData);
|
|
const headers = { ...(options.headers || {}) };
|
|
if (!isFormData && body !== null) {
|
|
headers['Content-Type'] = headers['Content-Type'] || 'application/json';
|
|
}
|
|
const response = await fetch(url, {
|
|
method: 'POST',
|
|
headers,
|
|
body: isFormData ? body : (body === null ? undefined : JSON.stringify(body)),
|
|
...options,
|
|
// Re-apply headers after spread so caller-supplied options.headers can't get lost.
|
|
});
|
|
if (!response.ok) throw await parseError(response);
|
|
return response.json();
|
|
}
|
|
|
|
export async function apiDelete(url, options = {}) {
|
|
const response = await fetch(url, { method: 'DELETE', ...options });
|
|
if (!response.ok) throw await parseError(response);
|
|
return response.json();
|
|
}
|
|
|
|
// Cached GET — useful for relatively-static endpoints (e.g. /api/results/<hash>/info).
|
|
// Returns the cached promise on repeat calls; pass {forceRefresh:true} to bypass.
|
|
const _cache = new Map();
|
|
export async function apiGetCached(url, { forceRefresh = false, ...options } = {}) {
|
|
if (!forceRefresh && _cache.has(url)) return _cache.get(url);
|
|
const promise = apiGet(url, options).catch((err) => {
|
|
_cache.delete(url);
|
|
throw err;
|
|
});
|
|
_cache.set(url, promise);
|
|
return promise;
|
|
}
|
|
|
|
export function clearApiCache(url) {
|
|
if (url) _cache.delete(url);
|
|
else _cache.clear();
|
|
}
|
|
|
|
export { HttpError };
|