def view_diff(request):
if request.method == "GET":
return render_to_response("diff_view.html", RequestContext(request,{'infos':get_show_infos(request)}))
#处理单个diff
elif request.POST.has_key('prase_diff'):
id = request.POST['vuln_id']
vuln = vulnerability_info.objects.get(vuln_id = id)
handle_diff_file(vuln)
return render_to_response("diff_view.html",RequestContext(request, {'infos':get_show_infos(request)}))
#清除所有diff
elif request.POST.has_key("clear_all"):
infos = vulnerability_info.objects.all()
for info in infos:
if info.vuln_func_source:
if os.path.isfile(info.vuln_func_source):
os.remove(info.vuln_func_source)
info.vuln_func_source = ""
if info.patched_func_source:
if os.path.isfile(info.patched_func_source):
os.remove(info.patched_func_source)
info.patched_func_source = ""
info.save()
return render_to_response("diff_view.html",RequestContext(request,{'infos':get_show_infos(request)}))
#生成所有diff
elif request.POST.has_key("make_all"):
infos = vulnerability_info.objects.all()
for info in infos:
if not info.vuln_func_source:
handle_diff_file(info)
return render_to_response("diff_view.html",RequestContext(request,{'infos':get_show_infos(request)}))
#全部加入特征数据库
elif request.POST.has_key("all_in_db"):
if is_db_on():
return HttpResponse("特征数据库已启动,请关闭后重试!关闭前请确认无任何使用情况")
th = Thread(target=all_in_db)
th.start()
return HttpResponse("生成中,请等候")
#全部删除特征数据库
elif request.POST.has_key("del_all"):
if is_db_on():
return HttpResponse("特征数据库已启动,请关闭后重试!关闭前请确认无任何使用情况")
del_all()
return HttpResponse("清除完成!")
def cal_funcs_similarity(request):
if request.method == "GET":
rs = func_similarity_reports.objects.all()
reports = []
for r in rs:
reports.append(cal_reports(r))
return render_to_response(
"ast_function_level.html",
RequestContext(request, {'reports': reports}))
else:
if os.path.isdir(
os.path.join(settings.NEO4J_DATABASE_PATH, "vuln_db",
"index")):
if is_db_on():
neo4jdb = JoernSteps()
try:
neo4jdb.setGraphDbURL('http://localhost:7474/db/data/')
neo4jdb.connectToDatabase()
except:
return HttpResponse("连接特征数据库失败,请联系管理员查明原因!")
th = Thread(target=vuln_patch_compare_all, args=(neo4jdb, ))
th.start()
return HttpResponse("启动线程计算中,请稍后查看!")
else:
return HttpResponse("特征数据库未启动,请先启动特征数据库")
else:
return HttpResponse("特征数据库不存在")
def func_pdg_comp_view(request):
if request.method == "GET":
funcs = funcs_sel()
infos = pdg_vuln_patch_funcs_report.objects.all()
return render_to_response("pdg_comp.html",
RequestContext(request,{"funcs":funcs, "infos":infos}))
else:
vuln_id = request.POST.get("funcs_sel")
try:
vuln_info = vulnerability_info.objects.get(vuln_id=vuln_id)
pdg_vuln_patch_funcs_report.objects.get(vuln_info=vuln_info)
return HttpResponse(u"已经计算过该函数")
except:
if os.path.isdir(os.path.join(settings.NEO4J_DATABASE_PATH, "vuln_db", "index")):
if is_db_on():
neo4jdb = JoernSteps()
try:
neo4jdb.setGraphDbURL('http://localhost:7474/db/data/')
neo4jdb.connectToDatabase()
except:
return HttpResponse(u"连接特征数据库失败,请联系管理员查明原因!")
th = Thread(target=func_pdg_similarity_proc, args=(vuln_id, neo4jdb))
th.start()
return HttpResponse(u"已经启动线程进行计算")
else:
return HttpResponse(u"特征数据库未启动,请先启动特征数据库")
else:
return HttpResponse(u"特征数据库不存在")
def func_pdg_comp_view(request):
if request.method == "GET":
funcs = funcs_sel()
infos = pdg_vuln_patch_funcs_report.objects.all()
return render_to_response(
"pdg_comp.html",
RequestContext(request, {
"funcs": funcs,
"infos": infos
}))
else:
vuln_id = request.POST.get("funcs_sel")
try:
vuln_info = vulnerability_info.objects.get(vuln_id=vuln_id)
pdg_vuln_patch_funcs_report.objects.get(vuln_info=vuln_info)
return HttpResponse(u"已经计算过该函数")
except:
if os.path.isdir(
os.path.join(settings.NEO4J_DATABASE_PATH, "vuln_db",
"index")):
if is_db_on():
neo4jdb = JoernSteps()
try:
neo4jdb.setGraphDbURL('http://localhost:7474/db/data/')
neo4jdb.connectToDatabase()
except:
return HttpResponse(u"连接特征数据库失败,请联系管理员查明原因!")
th = Thread(target=func_pdg_similarity_proc,
args=(vuln_id, neo4jdb))
th.start()
return HttpResponse(u"已经启动线程进行计算")
else:
return HttpResponse(u"特征数据库未启动,请先启动特征数据库")
else:
return HttpResponse(u"特征数据库不存在")
def graph_manager(request):
if request.method == "GET":
#检测各数据的真实状态,因为如果服务器崩溃,数据库里的状态与真实状态不一致
infos = graph_dbs.objects.all()
for info in infos:
if info.status == "started" and not is_db_on(info.port):
info.status = "stoped"
info.port = 0
info.save()
status = ""
obs = vulnerability_info.objects.filter(is_in_db=True)
if len(obs) > 0:
if is_db_on():
status = "ON"
else:
status = "OFF"
else:
status = "NO_DB"
return render_to_response("graph_status.html",
RequestContext(request, {'infos':graph_dbs.objects.all(),'status':status}))
else:
if request.POST.has_key('start_db'):
soft_id = int(request.POST['start'])
#th = Thread(target=start_neo4j_db, args=(soft_id, 7474+soft_id))
#th.start()
#端口号为7475-7485
ports = range(7475,7485)
inuse_ports = set()
for port in graph_dbs.objects.values("port"):
inuse_ports.add(port['port'])
port = filter(lambda x: not(x in inuse_ports), ports)
if port is None:
return HttpResponse(u"端口已全部被占用!")
start_neo4j_db(soft_id, port[0])
infos = graph_dbs.objects.all()
status = ""
obs = vulnerability_info.objects.filter(is_in_db=True)
if len(obs) > 0:
if is_db_on():
status = "ON"
else:
status = "OFF"
else:
status = "NO_DB"
return render_to_response("graph_status.html",
RequestContext(request, {'infos':infos,"status":status}))
elif request.POST.has_key('stop_db'):
soft_id = int(request.POST['stop'])
stop_neo4j_db(soft_id)
infos = graph_dbs.objects.all()
status = ""
obs = vulnerability_info.objects.filter(is_in_db=True)
if len(obs) > 0:
if is_db_on():
status = "ON"
else:
status = "OFF"
else:
status = "NO_DB"
return render_to_response("graph_status.html",
RequestContext(request, {'infos':infos,"status":status}))
elif request.POST.has_key("start"):
start_character_db()
infos = graph_dbs.objects.all()
status = ""
obs = vulnerability_info.objects.filter(is_in_db=True)
if len(obs) > 0:
if is_db_on():
status = "ON"
else:
status = "OFF"
else:
status = "NO_DB"
return render_to_response("graph_status.html",
RequestContext(request, {'infos':infos,"status":status}))
elif request.POST.has_key("shut_down"):
stop_character_db()
infos = graph_dbs.objects.all()
status = ""
obs = vulnerability_info.objects.filter(is_in_db=True)
if len(obs) > 0:
if is_db_on():
status = "ON"
else:
status = "OFF"
else:
status = "NO_DB"
return render_to_response("graph_status.html",
RequestContext(request, {'infos':infos,"status":status}))
def bug_finder(request):
if request.method == "GET":
software_sel = software_sel_form()
return render_to_response(
"bug_finder.html",
RequestContext(request, {"software_sel": software_sel}))
else:
if request.POST.has_key("sel_vuln"):
soft_id = int(request.POST.get("software"))
soft_name = softwares.objects.get(
software_id=soft_id).software_name
#查询当前软件(不含版本)所涉及的所有漏洞函数
softs = softwares.objects.filter(software_name=soft_name)
#先查到涉及的所有cve
cves = []
for soft in softs:
cves.extend(soft.cve_infos_set.all())
#查到涉及的所有漏洞
sel_vuln = vulnerability_info.objects.filter(cve_info__in=cves,
is_in_db=True)
software_sel = software_sel_form(request.POST)
return render_to_response(
"bug_finder.html",
RequestContext(request, {
"sel_vuln": sel_vuln,
"software_sel": software_sel
}))
elif request.POST.has_key("find"):
if not is_db_on():
return HttpResponse(u"特征数据库未启动,请先启动特征数据库")
soft = softwares.objects.get(
software_id=int(request.POST.get("software")))
try:
db = graph_dbs.objects.get(soft=soft)
#检测软件数据库是否启动
if not is_db_on(db.port):
return HttpResponse("软件图形数据库未启动")
#连接软件数据库
soft_db = JoernSteps()
try:
soft_db.setGraphDbURL("http://localhost:%d/db/data/" %
db.port)
soft_db.connectToDatabase()
except:
return HttpResponse("连接软件数据库失败! port:%d" % db.port)
#连接特征数据库
character_db = JoernSteps()
try:
character_db.setGraphDbURL(
"http://localhost:7474/db/data/")
character_db.connectToDatabase()
except:
return HttpResponse("连接特征数据库失败!")
#根据选择使用不同的算法
alg = request.POST.get("algorithm")
if alg == "CFG":
th = Thread(target=func_similarity_cfgLevel_proc,
args=(soft, soft_db, character_db,
request.POST.getlist("vuln_infos")))
th.start()
elif alg == "PDG":
th = Thread(target=func_similarity_pdgLevel_proc,
args=(soft, soft_db, character_db,
request.POST.getlist("vuln_infos")))
th.start()
return HttpResponse("已启动线程进行计算,请等候!")
except graph_dbs.DoesNotExist:
return HttpResponse("软件图形数据库未生成")
def bug_finder(request):
if request.method == "GET":
software_sel = software_sel_form()
return render_to_response("bug_finder.html", RequestContext(request, {"software_sel":software_sel}))
else:
if request.POST.has_key("sel_vuln"):
soft_id = int(request.POST.get("software"))
soft_name = softwares.objects.get(software_id=soft_id).software_name
#查询当前软件(不含版本)所涉及的所有漏洞函数
softs = softwares.objects.filter(software_name = soft_name)
#先查到涉及的所有cve
cves = []
for soft in softs:
cves.extend(soft.cve_infos_set.all())
#查到涉及的所有漏洞
sel_vuln = vulnerability_info.objects.filter(cve_info__in = cves, is_in_db=True)
software_sel = software_sel_form(request.POST)
return render_to_response("bug_finder.html",
RequestContext(request, {"sel_vuln":sel_vuln,"software_sel":software_sel}))
elif request.POST.has_key("find"):
if not is_db_on():
return HttpResponse(u"特征数据库未启动,请先启动特征数据库")
soft = softwares.objects.get(software_id=int(request.POST.get("software")))
try:
db = graph_dbs.objects.get(soft=soft)
#检测软件数据库是否启动
if not is_db_on(db.port):
return HttpResponse("软件图形数据库未启动")
#连接软件数据库
soft_db = JoernSteps()
try:
soft_db.setGraphDbURL("http://localhost:%d/db/data/" % db.port)
soft_db.connectToDatabase()
except:
return HttpResponse("连接软件数据库失败! port:%d" % db.port)
#连接特征数据库
character_db = JoernSteps()
try:
character_db.setGraphDbURL("http://localhost:7474/db/data/")
character_db.connectToDatabase()
except:
return HttpResponse("连接特征数据库失败!")
#根据选择使用不同的算法
alg = request.POST.get("algorithm")
if alg == "CFG":
th = Thread(target=func_similarity_cfgLevel_proc,
args=(soft, soft_db, character_db, request.POST.getlist("vuln_infos")))
th.start()
elif alg == "PDG":
th = Thread(target=func_similarity_pdgLevel_proc,
args=(soft, soft_db, character_db, request.POST.getlist("vuln_infos")))
th.start()
return HttpResponse("已启动线程进行计算,请等候!")
except graph_dbs.DoesNotExist:
return HttpResponse("软件图形数据库未生成")
def graph_manager(request):
if request.method == "GET":
#检测各数据的真实状态,因为如果服务器崩溃,数据库里的状态与真实状态不一致
infos = graph_dbs.objects.all()
for info in infos:
if info.status == "started" and not is_db_on(info.port):
info.status = "stoped"
info.port = 0
info.save()
status = ""
obs = vulnerability_info.objects.filter(is_in_db=True)
if len(obs) > 0:
if is_db_on():
status = "ON"
else:
status = "OFF"
else:
status = "NO_DB"
return render_to_response(
"graph_status.html",
RequestContext(request, {
'infos': graph_dbs.objects.all(),
'status': status
}))
else:
if request.POST.has_key('start_db'):
soft_id = int(request.POST['start'])
#th = Thread(target=start_neo4j_db, args=(soft_id, 7474+soft_id))
#th.start()
#端口号为7475-7485
ports = range(7475, 7485)
inuse_ports = set()
for port in graph_dbs.objects.values("port"):
inuse_ports.add(port['port'])
port = filter(lambda x: not (x in inuse_ports), ports)
if port is None:
return HttpResponse(u"端口已全部被占用!")
start_neo4j_db(soft_id, port[0])
infos = graph_dbs.objects.all()
status = ""
obs = vulnerability_info.objects.filter(is_in_db=True)
if len(obs) > 0:
if is_db_on():
status = "ON"
else:
status = "OFF"
else:
status = "NO_DB"
return render_to_response(
"graph_status.html",
RequestContext(request, {
'infos': infos,
"status": status
}))
elif request.POST.has_key('stop_db'):
soft_id = int(request.POST['stop'])
stop_neo4j_db(soft_id)
infos = graph_dbs.objects.all()
status = ""
obs = vulnerability_info.objects.filter(is_in_db=True)
if len(obs) > 0:
if is_db_on():
status = "ON"
else:
status = "OFF"
else:
status = "NO_DB"
return render_to_response(
"graph_status.html",
RequestContext(request, {
'infos': infos,
"status": status
}))
elif request.POST.has_key("start"):
start_character_db()
infos = graph_dbs.objects.all()
status = ""
obs = vulnerability_info.objects.filter(is_in_db=True)
if len(obs) > 0:
if is_db_on():
status = "ON"
else:
status = "OFF"
else:
status = "NO_DB"
return render_to_response(
"graph_status.html",
RequestContext(request, {
'infos': infos,
"status": status
}))
elif request.POST.has_key("shut_down"):
stop_character_db()
infos = graph_dbs.objects.all()
status = ""
obs = vulnerability_info.objects.filter(is_in_db=True)
if len(obs) > 0:
if is_db_on():
status = "ON"
else:
status = "OFF"
else:
status = "NO_DB"
return render_to_response(
"graph_status.html",
RequestContext(request, {
'infos': infos,
"status": status
}))