Beispiel #1
0
def status_task():
    scan_id = request.json.get('scan_id')
    key = request.json.get('key')
    if common.verify_key(key) is False:
        return jsonify(code=4002, msg=u'Key verify failed')
    c = CobraTaskInfo.query.filter_by(id=scan_id).first()
    if not c:
        return jsonify(status=4004)
    status = {
        0: 'init',
        1: 'scanning',
        2: 'done',
        3: 'error'
    }
    status_text = status[c.status]
    config = ConfigParser.ConfigParser()
    config.read('config')
    domain = config.get('cobra', 'domain')
    result = {
        'status': status_text,
        'text': u'放过',
        'report': 'http://' + domain + '/report/' + scan_id,
        'allow_deploy': True
    }
    return jsonify(status=1001, result=result)
Beispiel #2
0
def status_task():
    scan_id = request.json.get('scan_id')
    key = request.json.get('key')
    if common.verify_key(key) is False:
        return jsonify(code=4002, msg=u'Key verify failed')
    c = CobraTaskInfo.query.filter_by(id=scan_id).first()
    if not c:
        return jsonify(status=4004)
    status = {0: 'init', 1: 'scanning', 2: 'done', 3: 'error'}
    status_text = status[c.status]
    config = ConfigParser.ConfigParser()
    config.read('config')
    domain = config.get('cobra', 'domain')
    result = {
        'status': status_text,
        'text': u'放过',
        'report': 'http://' + domain + '/report/' + scan_id,
        'allow_deploy': True
    }
    return jsonify(status=1001, result=result)
Beispiel #3
0
def add_task():
    """ Add a new task api.
    post json to http://url/api/add_new_task
    example:
        {
            "key": "34b9a295d037d47eec3952e9dcdb6b2b",              // must, client key
            "target": "https://gitlab.com/username/project.git",    // must, gitlab address
            "branch": "master",                                     // must, the project branch
            "old_version": "old version here",                      // optional, if you choice diff scan mode, you should provide old version hash.
            "new_version": "new version here",                      // optional, if you choice diff scan mode, you should provide new version hash.
        }
    :return:
        The return value also in json format, usually is:
        {"code": 1001, "msg": "error reason or success."}
        code: 1005: Unknown Protocol
        code: 1004: Unknown error, if you see this error code, most time is cobra's database error.
        code: 1003: You support the parameters is not json.
        code: 1002: Some parameters is empty. More information in "msg".
        code: 1001: Success, no error.
    """
    result = {}
    data = request.json
    if not data or data == "":
        return jsonify(code=1003, msg=u'Only support json, please post json data.')

    # Params
    key = data.get('key')
    if common.verify_key(key) is False:
        return jsonify(code=4002, msg=u'Key verify failed')
    target = data.get('target')
    branch = data.get('branch')
    new_version = data.get('new_version')
    old_version = data.get('old_version')

    # Verify
    if not key or key == "":
        return jsonify(code=1002, msg=u'key can not be empty.')
    if not target or target == "":
        return jsonify(code=1002, msg=u'url can not be empty.')
    if not branch or branch == "":
        return jsonify(code=1002, msg=u'branch can not be empty.')

    # Parse
    current_time = time.strftime('%Y-%m-%d %X', time.localtime())

    # Gitlab
    if '.git' in target:
        # Git
        if 'gitlab' in target:
            username = config.Config('git', 'username').value
            password = config.Config('git', 'password').value
        else:
            username = False
            password = False
        gg = GitTools.Git(target, branch=branch, username=username, password=password)
        repo_author = gg.repo_author
        repo_name = gg.repo_name
        repo_directory = gg.repo_directory
        # Git Clone Error
        if gg.clone() is False:
            return jsonify(code=4001)
    elif 'svn' in target:
        # SVN

        repo_name = 'mogujie'
        repo_author = 'all'
        repo_directory = os.path.join(config.Config('cobra', 'upload_directory').value, 'uploads/mogujie/')
    else:
        return jsonify(code=1005)

    if new_version == "" or old_version == "":
        scan_way = 1
    else:
        scan_way = 2

    # insert into task info table.
    task = CobraTaskInfo(target, branch, scan_way, new_version, old_version, None, None, None, 1, None, 0,
                         current_time, current_time)

    p = CobraProjects.query.filter_by(repository=target).first()
    project = None
    if not p:
        # insert into project table.
        project = CobraProjects(target, repo_name, repo_author, None, None, current_time, current_time)
        project_id = project.id
    else:
        project_id = p.id
    try:
        db.session.add(task)
        if not p:
            db.session.add(project)
        db.session.commit()

        cobra_path = os.path.join(config.Config().project_directory, 'cobra.py')

        if os.path.isfile(cobra_path) is not True:
            return jsonify(code=1004, msg=u'Cobra Not Found')
        # Start Scanning
        subprocess.Popen(
            ['python', cobra_path, "scan", "-p", str(project_id), "-i", str(task.id), "-t", repo_directory])
        # Statistic Code
        subprocess.Popen(
            ['python', cobra_path, "statistic", "-i", str(task.id), "-t", repo_directory])

        result['scan_id'] = task.id
        result['project_id'] = project_id
        result['msg'] = u'success'
        return jsonify(code=1001, result=result)
    except Exception as e:
        return jsonify(code=1004, msg=u'Unknown error, try again later?' + e.message)