def push(self):
v = Vulnerabilities()
data = [{
"name":
"{0}项目{1}漏洞({2})".format(self.project_name, self.vuln_name,
self.vuln_id),
"time":
self.time,
"vuln_type":
self.vuln_type,
"filepath":
self.file_path,
"linenum":
self.line_number,
"code":
"\r\n\r\n{0}".format(self.code),
"summitid":
v.key,
"signid":
self.vuln_id,
'description':
'\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!'
}]
push_vulnerabilities.apply_async(data,
link_error=error_handler.s(),
serializer='json')
def push(self):
status = Config('third_party_vulnerabilities', 'status').value
if int(status):
v = Vulnerabilities()
data = [{
"name":
"Cobra发现{0}项目一处{1}漏洞({2})".format(self.project_name,
self.vuln_name,
self.vuln_id),
"time":
self.time,
"vuln_type":
self.vuln_type,
"filepath":
self.file_path,
"linenum":
self.line_number,
"code":
"\r\n\r\n{0}".format(self.code),
"summitid":
v.key,
"signid":
self.vuln_id,
'description':
'\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!'
}]
push_vulnerabilities.apply_async(data,
link_error=error_handler.s(),
serializer='json')
else:
return True
def push(self):
v = Vulnerabilities()
data = [{
"name": "{0}项目{1}漏洞({2})".format(self.project_name, self.vuln_name, self.vuln_id),
"time": self.time,
"vuln_type": self.vuln_type,
"filepath": self.file_path,
"linenum": self.line_number,
"code": "\r\n\r\n{0}".format(self.code),
"summitid": v.key,
"signid": self.vuln_id,
'description': '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!'
}]
push_vulnerabilities.apply_async(data, link_error=error_handler.s(), serializer='json')
def test_push(self):
from daemon import push_vulnerabilities, error_handler
from utils.third_party import Vulnerabilities
v = Vulnerabilities()
data = [{
"name": "Cobra发现(/path/to/mogujie)项目一处SSRF漏洞",
"time": "2016-09-12 17:01:40",
"vuln_type": "10000000",
"filepath": "/path/to/test.php",
"linenum": "123",
"code": "\r\n\r\n$str = $_GET['test'];\r\necho $str;",
"summitid": v.key,
"signid": '12',
'description': '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!'
}]
push_vulnerabilities.apply_async(data, link_error=error_handler.s(), serializer='json')