def modify_vuln_info(request, vuln_id):
vuln_info = vulnerability_info.objects.get(vuln_id=vuln_id)
soft_folder = vuln_info.cve_info.vuln_soft.sourcecodepath
if request.method == "GET":
vuln_info.vuln_file = vuln_info.vuln_file[len(soft_folder):]
return render_to_response("modify_vuln_infos.html",
RequestContext(request,{'vuln_info':vuln_info}))
else:
vuln_file = request.POST.get("vuln_file")
vuln_func = request.POST.get("vuln_func")
if os.path.isfile(os.path.join(soft_folder, vuln_file)):
vuln_file = os.path.join(soft_folder, vuln_file)
else:
files = get_vuln_file(os.path.basename(vuln_file), soft_folder)
if len(files) == 1:
vuln_file = files[0]
else:
return HttpResponse("输入信息不正确")
lines = open(vuln_file, "r").readlines()
start, end = getFuncFromSrc(lines, vuln_func)
if start < 0:
return HttpResponse("找不到该函数")
else:
vuln_type=request.POST.get("vuln_type")
vuln_info.vuln_file = vuln_file
vuln_info.vuln_func = vuln_func
vuln_info.vuln_type = vuln_type
vuln_info.save()
return HttpResponse("修改成功")
def import_vuln_info(request):
if request.method == "GET":
vuln_info = vuln_info_class()
return render_to_response("import_vuln.html",\
RequestContext(request, {'vuln_info':vuln_info}))
else:
vuln_info = vuln_info_class(request.POST)
if vuln_info.is_valid():
_id = int(request.POST['cve_id'])
cve_info = cve_infos.objects.get(info_id = _id)
#检测漏洞文件位置
vuln_file = ""
if os.path.isfile(os.path.join(cve_info.vuln_soft.sourcecodepath,
vuln_info.cleaned_data['vuln_func_file'].strip())):
#轻松找到
vuln_file = os.path.join(cve_info.vuln_soft.sourcecodepath,
vuln_info.cleaned_data['vuln_func_file'].strip())
else:
#尝试搜索
files = get_vuln_file(os.path.basename(vuln_info.cleaned_data['vuln_func_file'].strip()),
cve_info.vuln_soft.sourcecodepath)
#未搜索到
if len(files) == 0:
return render_to_response("import_vuln.html",
RequestContext(request,{'vuln_info':vuln_info, 'no_file_found':True}))
#成功搜索到
elif len(files) == 1:
vuln_file = files[0]
#搜索到多个重名文件,
elif len(files) > 1:
return render_to_response("import_vuln.html",
RequestContext(request,{'vuln_info':vuln_info,
'multi_file_found':True}))
#允许函数名字段为空,填写的为None
if vuln_info.cleaned_data['vuln_func'].strip() == "None":
try:
obj = vulnerability_info.objects.get(cve_info=cve_info,
vuln_func="None",
vuln_file=vuln_file)
return render_to_response("import_vuln.html",
RequestContext(request,{'vuln_info':vuln_info,
'already':True}))
except vulnerability_info.DoesNotExist:
info = vulnerability_info(cve_info = cve_info,
vuln_file = vuln_file,
vuln_func = "None",
vuln_type = vuln_info.cleaned_data['vuln_type'].strip(),
user = request.user)
info.save()
return HttpResponse(u"录入成功,感谢" + request.user.username + u"对本平台的贡献" )
try:
obj = vulnerability_info.objects.get(cve_info=cve_info,
vuln_func = vuln_info.cleaned_data['vuln_func'].strip())
return render_to_response("import_vuln.html",
RequestContext(request,{'vuln_info':vuln_info,
'already':True}))
except vulnerability_info.DoesNotExist:
#检测该文件中是否有对应函数
line_contents = open(vuln_file, 'r').readlines()
start, end = getFuncFromSrc(line_contents, vuln_info.cleaned_data['vuln_func'])
if start == -1:
return render_to_response("import_vuln.html",
RequestContext(request,{'vuln_info':vuln_info, 'no_func_found':True}))
else:
info = vulnerability_info(cve_info = cve_info,
vuln_func = vuln_info.cleaned_data['vuln_func'].strip(),
vuln_file = vuln_file,
vuln_type = vuln_info.cleaned_data['vuln_type'].strip(),
user = request.user)
info.save()
return HttpResponse(u"录入成功,感谢" + request.user.username + u"对本平台的贡献" )
else:
return render_to_response("import_vuln.html", RequestContext(request,{'vuln_info':vuln_info}))
