Python ScannerManager Beispiele, core.components.scanner_manager.ScannerManager Python Beispiele

Beispiel #1

0

Datei anzeigen

Datei: web_console.py Projekt: UUUUnotfound/openrasp-iast

 async def handle_request(self, data):
     """
     请求格式：
     {
         "host": "1.2.3.4",
         "port": 80,
         "url_only": false
     }
     """
     try:
         host = data["host"]
         port = data.get("port", 80)
         url_only = data.get("url_only", False)
     except (KeyError, TypeError):
         ret = {"status": 1, "description": "请求json格式非法!"}
     else:
         if ScannerManager().is_scanning(host, port):
             ret = {
                 "status": 2,
                 "description": "目标主机:{}:{}正在被扫描，请先停止!".format(host, port)
             }
         else:
             ScannerManager().clean_target(host, port, url_only)
             ret = {"status": 0, "description": "ok"}
     return ret

Beispiel #2

0

Datei anzeigen

Datei: web_console.py Projekt: xysh90hou/openrasp-iast

 async def handle_request(self, data):
     """
     请求格式：
     {
         "scanner_id":0
     }
     """
     try:
         scanner_id = data["scanner_id"]
     except (KeyError, TypeError):
         ret = {"status": 1, "description": "请求json格式非法!"}
     else:
         try:
             success = ScannerManager().kill_scanner(scanner_id)
         except exceptions.InvalidScannerId:
             ret = {
                 "status": 2,
                 "description": "目标Scanner_id：{} 未在运行!".format(scanner_id)
             }
         else:
             if success:
                 ret = {"status": 0, "description": "ok"}
             else:
                 ret = {"status": 3, "description": "结束scanner进程失败!"}
     return ret

Beispiel #3

0

Datei anzeigen

Datei: web_console.py Projekt: xysh90hou/openrasp-iast

    async def handle_request(self, data):
        """
        请求格式：
        {
            "host":"1.2.3.4",
            "port": 80,
        }

        返回的data结构, 获取目标不存在返回default配置：
        {
            "scan_plugin_status": {
                "command_basic": true,
                "directory_basic": false
            },
            "scan_rate": {
                "max_concurrent_request": 20,
                "max_request_interval": 1000,
                "min_request_interval": 0
            }
        }
        """
        try:
            module_params = {
                "host": data["host"],
                "port": data.get("port", 80)
            }
        except (KeyError, TypeError):
            ret = {"status": 1, "description": "请求json格式非法!"}
        else:
            data = ScannerManager().get_config(module_params)
            ret = {"status": 0, "description": "ok", "data": data}
            return ret

Beispiel #4

0

Datei anzeigen

Datei: web_console.py Projekt: xysh90hou/openrasp-iast

    async def handle_request(self, data):
        """
        请求格式：
        {
            "host":"1.2.3.4",
            "port": 80
        }
        """
        try:
            module_params = {
                "host": data["host"],
                "port": data.get("port", 80)
            }

        except (KeyError, TypeError):
            ret = {"status": 1, "description": "请求json格式非法!"}
        else:
            try:
                ScannerManager().new_scanner(module_params)
            except exceptions.MaximumScannerExceede:
                ret = {"status": 2, "description": "并行扫描任务数量到达上限!"}
            except exceptions.TargetIsScanning:
                ret = {
                    "status":
                    3,
                    "description":
                    "目标主机:{}:{}正在被扫描，请先停止!".format(module_params["host"],
                                                   module_params["port"])
                }
            else:
                ret = {"status": 0, "description": "ok"}
        return ret

Beispiel #5

0

Datei anzeigen

Datei: web_console.py Projekt: xysh90hou/openrasp-iast

 async def handle_request(self, data):
     """
     请求格式：
     {}
     """
     status = ScannerManager().get_auto_start()
     ret = {"status": 0, "description": "ok", "data": {"status": status}}
     return ret

Beispiel #6

0

Datei anzeigen

Datei: web_console.py Projekt: xysh90hou/openrasp-iast

    async def handle_request(self, data):
        """
        请求格式：
        {
            "host":"1.2.3.4",
            "port": 80,
            "config": {
                "scan_plugin_status": {
                    "command_basic": {
                        "enable": true,
                        "show_name": "命令注入检测插件",
                        "description": "xxxx"
                    },
                    ...
                },
                "scan_rate": {
                    "max_concurrent_request": 20,
                    "max_request_interval": 1000,
                    "min_request_interval": 0
                },
                "white_url_reg": "^/logout",
                "scan_proxy": "http://127.0.0.1:8080"
            }
        }
        """
        try:
            module_params = {
                "host": data["host"],
                "port": data.get("port", 80),
                "config": data.get("config", {})
            }
            self.config_validtor.validate(module_params["config"])
            if "white_url_reg" in module_params["config"]:
                re.compile(module_params["config"]["white_url_reg"])

            if "scan_proxy" in module_params["config"]:
                proxy_url = module_params["config"]["scan_proxy"]
                if proxy_url != "":
                    scheme = urllib.parse.urlparse(proxy_url).scheme
                    if scheme not in ("http", "https"):
                        assert False

        except (KeyError, TypeError, jsonschema.exceptions.ValidationError):
            ret = {"status": 1, "description": "请求json格式非法!"}
        except re.error:
            ret = {"status": 2, "description": "白名单正则不合法!"}
        except AssertionError:
            ret = {"status": 3, "description": "代理协议应为http或https!"}
        else:
            ScannerManager().mod_config(module_params)
            ret = {"status": 0, "description": "ok"}
        return ret

Beispiel #7

0

Datei anzeigen

Datei: web_console.py Projekt: xysh90hou/openrasp-iast

 async def handle_request(self, data):
     """
     请求格式：
     {
         "auto_start": true
     }
     """
     try:
         auto_start = data["auto_start"]
     except (KeyError, TypeError):
         ret = {"status": 1, "description": "请求json格式非法!"}
     else:
         ScannerManager().set_auto_start(auto_start)
         ret = {"status": 0, "description": "ok"}
         return ret

Beispiel #8

0

Datei anzeigen

Datei: web_console.py Projekt: xysh90hou/openrasp-iast

 async def handle_request(self, data):
     """
     请求格式：
     {
         "page":1
     }
     """
     page = data.get("page", 1)
     result, total = ScannerManager().get_all_target(page)
     ret = {
         "status": 0,
         "description": "ok",
         # data 格式参考get_all_target返回值
         "data": {
             "total": total,
             "result": result
         }
     }
     return ret

Beispiel #9

0

Datei anzeigen

    async def handle_request(self, data):
        """
        请求格式：
        {
            "host":"1.2.3.4",
            "port": 80,
            "config": {
                "scan_plugin_status": {
                    "command_basic": {
                        "enable": true,
                        "show_name": "命令注入检测插件",
                        "description": "xxxx"
                    },
                    ...
                },
                "scan_rate": {
                    "max_concurrent_request": 20,
                    "max_request_interval": 1000,
                    "min_request_interval": 0
                },
                "white_url_reg": "^/logout"
            }
        }
        """
        try:
            module_params = {
                "host": data["host"],
                "port": data.get("port", 80),
                "config": data.get("config", {})
            }
            self.config_validtor.validate(module_params["config"])
            if "white_url_reg" in module_params["config"]:
                re.compile(module_params["config"]["white_url_reg"])

        except (KeyError, TypeError, jsonschema.exceptions.ValidationError):
            ret = {"status": 1, "description": "请求json格式非法!"}
        except re.error:
            ret = {"status": 2, "description": "白名单正则不合法!"}
        else:
            ScannerManager().mod_config(module_params)
            ret = {"status": 0, "description": "ok"}
        return ret

Beispiel #10

0

Datei anzeigen

Datei: web_console.py Projekt: UUUUnotfound/openrasp-iast

 async def handle_request(self, data):
     """
     请求格式：
     {
         "scanner_id":0
     }
     """
     try:
         scanner_id = data["scanner_id"]
     except (KeyError, TypeError):
         ret = {"status": 1, "description": "请求json格式非法!"}
     else:
         try:
             ScannerManager().resume_scanner(scanner_id)
         except exceptions.InvalidScannerId:
             ret = {
                 "status": 2,
                 "description": "目标Scanner_id：{} 不存在!".format(scanner_id)
             }
         else:
             ret = {"status": 0, "description": "ok"}
     return ret

Beispiel #11

0

Datei anzeigen

    def run(self):
        """
        Monitor 主函数
        """

        # 多线程开始前初始化
        RuntimeInfo()

        if Config().get_config("cloud_api.enable"):
            self.cloud_thread = threading.Thread(target=self._upload_report,
                                                 name="upload_report_thread",
                                                 daemon=True)
            self.cloud_thread.start()

        # 初始化调度类
        scanner_schedulers = {}
        for module_name in RuntimeInfo().get_latest_info().keys():
            if module_name.startswith("Scanner"):
                scanner_schedulers[module_name] = ScannerScheduler(module_name)
        ScannerManager().init_manager(scanner_schedulers)

        # 启动后台http server
        # web_console = WebConsole()
        # self.web_console_thread = threading.Thread(
        #     target=web_console.run,
        #     name="web_console_thread",
        #     daemon=True
        # )
        # self.web_console_thread.start()

        # 向云控后台发送心跳，用于建立ws连接

        transaction = Transaction()
        self.transaction_thread = threading.Thread(target=transaction.run,
                                                   name="transaction_thread",
                                                   daemon=True)
        self.transaction_thread.start()

        time.sleep(1)
        if self._check_alive():
            print("[-] OpenRASP-IAST init success!")
            print("[-] Visit web console in cloud server: {}".format(
                Config().get_config("cloud_api.backend_url")))
            print(
                "[-] Before start scan task, set OpenRASP agent plugin algorithmConfig option 'fuzz_server' (edit iast.js or use cloud server web console)  with url: 'http://{}:{}{}'"
                .format(self._get_self_ip(),
                        Config().get_config("preprocessor.http_port"),
                        Config().get_config("preprocessor.api_path")))

            Logger().info("Monitor init success!")
        else:
            self._terminate_modules()
            sys.exit(1)

        while True:
            try:
                # 执行调度
                RuntimeInfo().refresh_info()
                for module_name in scanner_schedulers:
                    scanner_schedulers[module_name].do_schedule()
                time.sleep(Config().get_config("monitor.schedule_interval"))

                # 检测模块存活
                if not self._check_alive():
                    self._terminate_modules()
                    if self.crash_module == "main":
                        Logger().info("OpenRASP-IAST exit!")
                        print("[!] OpenRASP-IAST exit!")
                        self._clean_mei()
                        sys.exit(0)
                    else:
                        Logger().critical(
                            "Detect Module {} down, exit!".format(
                                self.crash_module))
                        self._clean_mei()
                        sys.exit(1)

            except Exception as e:
                Logger().critical("Monitor module crash with unknow error!",
                                  exc_info=e)
                self._terminate_modules()
                self._clean_mei()
                sys.exit(2)

Beispiel #12

0

Datei anzeigen

    def run(self):
        """
        Monitor 主函数
        """

        # 多线程开始前初始化
        RuntimeInfo()

        # 启动后台http server
        web_console = WebConsole()
        self.web_console_thread = threading.Thread(target=web_console.run,
                                                   name="web_console_thread",
                                                   daemon=True)
        self.web_console_thread.start()

        if Config().get_config("cloud_api.enable"):
            self.cloud_thread = threading.Thread(target=self._upload_report,
                                                 name="upload_report_thread",
                                                 daemon=True)
            self.cloud_thread.start()

        # 初始化调度类
        scanner_schedulers = {}
        for module_name in RuntimeInfo().get_latest_info().keys():
            if module_name.startswith("Scanner"):
                scanner_schedulers[module_name] = ScannerScheduler(module_name)
        ScannerManager().init_manager(scanner_schedulers)

        time.sleep(1)
        if self._check_alive():
            print("[-] OpenRASP-IAST init success!")
            print("[-] Visit web console with url: http://{}:{}/".format(
                self._get_self_ip(),
                Config().get_config("monitor.console_port")))
            print(
                "[-] Set OpenRASP agent plugin option 'fuzz_server' with url: http://{}:{}{}"
                .format(self._get_self_ip(),
                        Config().get_config("preprocessor.http_port"),
                        Config().get_config("preprocessor.api_path")))

            Logger().info("Monitor init success!")
        else:
            self._terminate_modules()
            exit(1)

        while True:
            try:
                # 执行调度
                RuntimeInfo().refresh_info()
                for module_name in scanner_schedulers:
                    scanner_schedulers[module_name].do_schedule()
                time.sleep(Config().get_config("monitor.schedule_interval"))

                # 检测模块存活
                if not self._check_alive():
                    self._terminate_modules()
                    if self.crash_module == "main":
                        Logger().info("OpenRASP-IAST exit!")
                        print("[!] OpenRASP-IAST exit!")
                        os._exit(0)
                    else:
                        Logger().critical(
                            "Detect Module {} down, exit!".format(
                                self.crash_module))
                        os._exit(1)

            except Exception as e:
                Logger().critical("Monitor module crash with unknow error!",
                                  exc_info=e)
                self._terminate_modules()
                os._exit(2)