def POST(self): web.header("Access-Control-Allow-Origin", "*") data = web.data() data = json.loads(data) print(data) action = data['action'] ids = data['ids'] if action == None or ids == None: return self.JSON({'code': '1:lack of data'}) elif ids == -1: con, cur = connect_db() cur.execute("update EVENT set state=?", (action, )) con.commit() save_log('INFO', 'all data state change to' + action) close_db(con, cur) elif ids != []: con, cur = connect_db() for id in ids: cur.execute("update EVENT set state=? where id=?", ( action, id, )) con.commit() save_log( 'DEBUG', 'data state change to {} where id is{}'.format(action, id)) close_db(con, cur) return self.JSON({'code': '0'})
def transformData(id): save_log('DEBUG', 'transforming data whose id is {}'.format(id)) data = sql_select(id) org_site = data[1] detail = json.loads(data[2]) module_type = data[3] state = data[4] if module_type == 'weakness': result = {} result['vender_id'] = 2 result['org_site'] = org_site result['url'] = detail['url'] result['display_name'] = detail['value'].get('name', None) result['happen_time'] = detail['created_at'] result['poc'] = detail['value'] result['type'] = detail['value'].get('type', None) result['vul_id'] = detail['value'].get('vul_id', None) result['detail'] = detail['value'].get('detail', None) if state != 'push': data = json.dumps(result, indent=2) return data elif module_type == 'content': result = {} result['vender_id'] = 2 result['org_site'] = org_site result['id'] = id result['url'] = detail['url'] result['happen_time'] = detail['created_at'] result['poc'] = detail['value'] type = detail.get('type', None) # TODO 4:身份证批量泄露 5:黑页 12:外链 type = 2 if type == 'black_links' or type == 'black_link' else type type = 4 if type == 'email_address_disclosure' or type == 'email_address_disclosure_out' else type type = 6 if type.lower() == 'webshell' else type type = 7 if type == 'malscan' else type type = 8 if type == 'cryjack' else type type = 10 if type == 'keyword' else type type = 11 if type == 'broken_links' or type == 'broken_link' else type result['type'] = type if state != 'push': data = json.dumps(result, indent=2) return data else: save_log( 'DEBUG', 'data with id={} has been pushed, do not push again'.format( id)) pass
class RevScanData(BaseHandler): ''' 接受扫描结果并入库:event.db -> EVENT ''' def POST(self): data = webapi.rawinput('POST') decode = None try: decode = json.loads(data.parameter) except Exception, e: print(e.message) print(repr(data)) return u'{"code":0,"message":"decode fail"}' if decode['total'] > 0: if decode['module_type'] == 'weakness' or decode[ 'module_type'] == 'content': for i in decode['values']: data_site = decode['site'] happen_time = i['created_at'] data_value = json.dumps(i, indent=2) data_type = decode['module_type'] data_state = "unknown" if data_value != None and len(data_value) > 3: push_time = '' save_time = datetime.datetime.now().strftime( '%Y-%m-%d %H:%M:%S') sql_insert(data_site, data_value, data_type, data_state, save_time, push_time, happen_time) save_log('DEBUG', data_site + 'insert into database successful') return self.JSON({'code': 0, 'message': 'ok'})
def GET(self): web.header("Access-Control-Allow-Origin", "*") get_dict = web.input() token = get_dict.get('token', None) start_time = get_dict.get('start_time', '0') end_time = get_dict.get( 'end_time', datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')) con, cur = connect_db() cur.execute('select token from token') real_token = cur.fetchall()[0][0] if token == real_token: save_log('INFO', 'token success, prepare for data') push_time = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S') ids = get_weakness_ids() con, cur = connect_db() value = [] for i in ids: data = sql_select(i[0]) happen_time = data[7] if check_time(start_time, end_time, happen_time): data = transformData(i[0]) value.append(data) cur.execute("update EVENT set state=? where id=?", ( 'push', int(i[0]), )) cur.execute("update EVENT set push_time=? where id=?", ( push_time, int(i[0]), )) con.commit() close_db(con, cur) save_log('DEBUG', 'weakness database changed') save_log('INFO', 'generate weakness data successful') response = {"status": 200, "errMsg": 'success', "data": value} save_log('INFO', 'send weakness data...') return self.JSON(response) else: save_log('INFO', 'failed with invalide token') web.header("status_code", "400") response = {"status": 400, "errMsg": 'token is invalid'} return self.JSON(response)
def POST(self): web.header("Access-Control-Allow-Origin", "*") rawdata = web.data() rawdata = json.loads(rawdata) state = rawdata.get('state', None) action = rawdata.get('action', None) if action == None or state == None: return self.JSON({'code': '1:lack of data'}) else: con, cur = connect_db() cur.execute("update EVENT set state=? where state=?", ( action, state, )) con.commit() save_log( 'DEBUG', 'all data where state is {} change to {}'.format( state, action)) close_db(con, cur) return self.JSON({'code': '0'})