From 2813a095deb359ddfd5a8c3fb4b51b4245db41ac Mon Sep 17 00:00:00 2001
From: sergiogimenez <hi@sergiogimenez.com>
Date: Sat, 16 Nov 2024 18:08:11 +0100
Subject: [PATCH] move logic to model and remove potential harmful code (void
 useing del)

---
 device/models.py | 30 ++++++++++++++++++++++++++++++
 device/views.py  | 40 ++++++----------------------------------
 2 files changed, 36 insertions(+), 34 deletions(-)

diff --git a/device/models.py b/device/models.py
index 4e0778f..a9799de 100644
--- a/device/models.py
+++ b/device/models.py
@@ -1,3 +1,4 @@
+import json
 from django.db import models, connection
 
 from utils.constants import ALGOS
@@ -305,3 +306,32 @@ class Device:
         if not self.last_evidence:
             self.get_last_evidence()
         return self.last_evidence.get_components()
+
+    def get_components_data(self, is_user_authenticated):
+        if is_user_authenticated:
+            return self.components
+
+        public_components = json.loads(json.dumps(self.components))
+        self.remove_sensitive_data_from(public_components)
+        return public_components
+
+    def remove_sensitive_data_from(self, components):
+        for component in components:
+            component.pop('SerialNumber', None)
+            component.pop('serial_number', None)
+
+    def get_device_data(self, should_include_sensitive_fields):
+        data = {
+            'id': self.id,
+            'shortid': self.shortid,
+            'uuids': self.uuids,
+            'hids': self.hids,
+            'components': self.get_components_data(should_include_sensitive_fields),
+        }
+
+        if should_include_sensitive_fields:
+            data.update({
+                'serial_number': self.serial_number,
+            })
+
+        return data
diff --git a/device/views.py b/device/views.py
index 319f8cf..501f6e1 100644
--- a/device/views.py
+++ b/device/views.py
@@ -115,14 +115,15 @@ class PublicDeviceWebView(TemplateView):
     template_name = "device_web.html"
 
     def get(self, request, *args, **kwargs):
-        self.pk = kwargs['pk']
-        self.object = Device(id=self.pk)
+        self.object = Device(id=kwargs['pk'])
 
         if not self.object.last_evidence:
             raise Http404
 
         if self.request.headers.get('Accept') == 'application/json':
-            return self.get_json_response()
+            json_response = self.create_json_response(
+                self.request.user.is_authenticated)
+            return json_response
         return super().get(request, *args, **kwargs)
 
     def get_context_data(self, **kwargs):
@@ -133,37 +134,8 @@ class PublicDeviceWebView(TemplateView):
         })
         return context
 
-    @property
-    def public_fields(self):
-        return {
-            'id': self.object.id,
-            'shortid': self.object.shortid,
-            'uuids': self.object.uuids,
-            'hids': self.object.hids,
-            'components': self.remove_serial_number_from(self.object.components),
-        }
-
-    @property
-    def authenticated_fields(self):
-        return {
-            'serial_number': self.object.serial_number,
-            'components': self.object.components,
-        }
-
-    def remove_serial_number_from(self, components):
-        for component in components:
-            if 'serial_number' in component:
-                del component['SerialNumber']
-        return components
-
-    def get_device_data(self):
-        data = self.public_fields
-        if self.request.user.is_authenticated:
-            data.update(self.authenticated_fields)
-        return data
-
-    def get_json_response(self):
-        device_data = self.get_device_data()
+    def create_json_response(self, is_user_authenticated):
+        device_data = self.object.get_device_data(is_user_authenticated)
         return JsonResponse(device_data)