def get(self, name):
"""
uses the 'name' as key to obtain details from the datastore, then allows the user to edit it
"""
q = Script.all().filter('name = ', name)
user = users.get_current_user()
#the user is logged in at this point, owing to 'login: required' setting in apps.yaml
params = {}
if user:
params['user'] = user
params['logout_url'] = users.create_logout_url("/")
result = q.fetch(1)[0]
params['language'] = result.language
params['description'] = result.description
params['user_friendly_name'] = result.user_friendly_name
params['code'] = result.code.strip()
params['name'] = result.name
prev_scriptlets = False
if Script.all().filter('user ='******'prev_scriptlets'] = prev_scriptlets
self.response.out.write(template.render('templates/edit.html', params))
def post(self):
user = users.get_current_user()
language = self.request.POST['language']
code = self.request.POST['%s-code' % language]
if user:
script = Script(language=language, code=code)
script.put()
self.redirect('/view/%s' % script.name)
else:
auth_save = {'language': language, 'code': code}
self.response.headers.add_header('Set-Cookie', 'auth_save=%s' % urllib.urlencode(auth_save))
self.redirect(users.create_login_url("/"))
def _save_and_redirect(self, name, language, code):
if name == "":
name = baseN(abs(hash(time.time())), 36)
script = Script.all().filter('name =', name).get()
if (script):
script.language = language
script.code = code
script.put()
else:
script = Script(name=name, language=language, code=code)
script.put()
self.redirect('/view/%s' % script.name)
def get(self):
user = users.get_current_user()
auth_save = self.request.cookies.get('auth_save', None)
if auth_save:
self.response.headers.add_header('Set-Cookie', 'auth_save=; expires=Wed, 11-Sep-1985 11:00:00 GMT')
params = cgi.parse_qs(auth_save)
script = Script(language=params['language'][0], code=params['code'][0])
script.put()
self.redirect('/view/%s' % script.name)
else:
if user:
params = {'user': user, 'logout_url': users.create_logout_url("/")}
else:
params = {'user': user, 'login_url': users.create_login_url('/')}
self.response.out.write(template.render('templates/main.html', params))
def wrap(self):
parts = self.request.path.split('/')[1:]
if parts[-1] == '':
parts.pop()
if '.' in parts[-1]:
part, ext = parts[-1].split('.')
parts[-1] = part
else:
ext = None
script = Script.all().filter('id =', parts[0]).get()
version = None
if script:
if len(parts) > 1:
if parts[1] == 'latest':
return self.redirect('/%s/%s' % (script.id, script.latest_version.id))
else:
version = script.version_set.filter('id =', parts[1]).get()
else:
version = script.latest_version
if not version:
self.not_found()
elif self.should_run():
self.run(script, version)
else:
user = users.get_current_user()
if script.private and script.user.key() != user.key():
return self.not_authorized()
if ext == 'js':
self.response.headers['Content-Type'] = 'text/javascript'
self.response.out.write(version.body)
else:
f(self, script, version, user)
def get(self):
if self.request.path[-1] == '/':
self.redirect(self.request.path[:-1])
name = self.request.path.split('/')[-1]
script = Script.all().filter('name =', name).get()
self.response.out.write("#!%s\n" % script.language)
self.response.out.write(script.code)
def ScriptVulnInfo(script_id):
page_number = int(request.args.get('p'))
page_result = {}
result = []
lens = Vuln.objects(script=script_id).count()
page_result['total_page'] = str(lens // page_item_number + 1)
if page_number > lens // page_item_number + 1:
return json.dumps(page_result)
if page_number * page_item_number < lens:
vulns = Vuln.objects(
script=script_id)[lens - (page_number * page_item_number):lens -
(page_item_number * (page_number - 1))]
else:
vulns = Vuln.objects(script=script_id)[0:lens - (page_item_number *
(page_number - 1))]
for each in vulns:
info = {}
script = Script.objects(script_id=each.script).first()
try:
info['task_name'] = cgi.escape(
Task.objects(task_id=each.task_id).first().task_name)
except:
info['task_name'] = u'该任务已删除,无法查看'
info['task_id'] = each.task_id
info['target'] = each.target
info['script_name'] = script.script_name
info['script_id'] = each.script
info['message'] = each.message
info['script_type'] = each.script_type
info['time'] = str(each.create_time).split('.')[0]
info['level'] = script.script_level
result.append(info)
page_result['info'] = result
return json.dumps(page_result)
def validate(blueprint):
for data in re.findall(STRING_DATA_PATTERN, blueprint):
if not data.find('update'):
# Not a Lua block, or not doing anything.
continue
lines = data.split('\\r\\n')
idLine = lines[1] if lines[0] == '--[[' else lines[0]
canonical = Script.query(Script.idLine == idLine).get()
if canonical == None:
logging.info('No matching script.')
return False
canonicalLines = re.split('\r?\n', canonical.body)
try:
start = lines.index(canonicalLines[0])
for i, canonicalLine in enumerate(canonicalLines):
line = lines[start + i]
if line != canonicalLine:
logging.info('"{}" does not match "{}".'.format(
line, canonicalLine))
return False
return lines[start:] == canonicalLines
except ValueError:
logging.info('Body not found (looking for "{}").'.format(
canonicalLines[0]))
return False
return True
def post(self, name):
"""
deletes the old entry and iserts a new one with the same name and new updated values
"""
language = self.request.POST['language']
description = self.request.POST['description'].strip()
user_friendly_name = self.request.POST['user_friendly_name'].strip()
name = self.request.POST['name']
code = self.request.POST['%s-code' % language].strip()
#delete old entry
q = Script.all().filter('name = ', name)
for item in q:
item.delete()
script = Script(name=name, language=language, code=code, description=description or 'None', user_friendly_name=user_friendly_name or 'None')
script.put()
self.redirect('/saved/')
def TaskInfo(task_id):
result = {}
result['info'] = {}
status = Status.objects(task_id=task_id).first()
if not status:
result['success'] = False
result['message'] = u'任务ID不存在。'
return json.dumps(result)
if status.status == STATUS.WAIT:
result['success'] = False
result['message'] = u'任务尚未开始,请等待。'
return json.dumps(result)
if status.status == STATUS.RUN:
result['success'] = False
result['message'] = u'扫描正在进行中,请等待。'
return json.dumps(result)
if status.status == STATUS.CLOSE:
result['success'] = False
result['message'] = u'该任务已关闭,无法查看。'
return json.dumps(result)
if status.status == STATUS.FAIL:
result['success'] = False
result['message'] = str(status.warning)
return json.dumps(result)
task = Task.objects(task_id=task_id).first()
if not task:
result['success'] = False
result['message'] = u'任务ID不存在.'
return json.dumps(result)
scan_result = Result.objects(task_id=task_id).first()
result['info']['task_name'] = cgi.escape(task.task_name)
result['info']['input_target'] = task.short_target
result['info']['scan_mode'] = task.scan_mode
result['info']['target_type'] = task.target_type
result['info']['script_type'] = task.script_type
result['info']['start_time'] = str(task.start_time).split('.')[0]
result['info']['finish_time'] = str(task.finish_time).split('.')[0]
result['info']['target_number'] = task.target_number
result['info']['full_target'] = task.full_target
result['info']['script_number'] = len(json.loads(task.script_info))
result['info']['high_count'] = scan_result.high_count
result['info']['medium_count'] = scan_result.medium_count
result['info']['low_count'] = scan_result.low_count
result['info']['result'] = scan_result.result
scripts_list = []
for script_name in json.loads(task.script_info):
script_data = {}
script = Script.objects(script_name=script_name).first()
script_data['script_name'] = script_name
script_data['script_title'] = script.script_title
script_data['script_id'] = script.script_id
script_data['script_level'] = script.script_level
scripts_list.append(script_data)
result['info']['scripts_info'] = scripts_list
result['info']['warning'] = status.warning
result['success'] = True
result['message'] = ''
return json.dumps(result)
def get(self):
"""
gets a list of available scripts for the logged in user
"""
q = Script.all().filter('user ='******'login: required' setting in apps.yaml
params = {}
params['user'] = user
params['logout_url'] = users.create_logout_url("/")
params['query'] = q
prev_scriptlets = False
if Script.all().filter('user ='******'prev_scriptlets'] = prev_scriptlets
self.response.out.write(template.render('templates/saved.html', params))
def GetScripts():
result = []
scripts = Script.objects().all()
for script in scripts:
info = {}
info['name'] = script.script_name
info['id'] = script.script_id
result.append(info)
return json.dumps(result)
def ScriptList(show_type):
result = []
page_result = {}
if show_type == 'index':
data = Vuln.objects.item_frequencies('script', normalize=True)
data = OrderedDict(
sorted(data.items(), key=lambda x: x[1], reverse=True))
for script_id, percent in data.items():
script = Script.objects(script_id=script_id).first()
info = {}
info['name'] = script.script_name
info['create_time'] = script.script_update_time
info['author'] = script.script_author
info['title'] = script.script_title
info['level'] = script.script_level
result.append(info)
if len(result) > 10:
result = result[0:10]
elif show_type == 'all':
data = Script.objects.all()
for each in data:
info = {}
info['id'] = each.script_id
info['detail'] = each.script_info
info['create_time'] = each.script_update_time
info['author'] = each.script_author
info['level'] = each.level
result.append(info)
result.reverse()
elif show_type == 'page':
page_number = int(request.args.get('p'))
lens = len(Script.objects)
page_result['total_page'] = str(lens // page_item_number + 1)
if page_number > lens // page_item_number + 1:
return json.dumps(page_result)
if page_number * page_item_number < lens:
data = Script.objects[lens -
(page_number * page_item_number):lens -
(page_item_number * (page_number - 1))]
else:
data = Script.objects[0:lens - (page_item_number *
(page_number - 1))]
for each in data:
info = {}
info['id'] = each.script_id
info['detail'] = each.script_info
info['create_time'] = each.script_update_time
info['author'] = each.script_author
info['level'] = each.script_level
info['count'] = Vuln.objects(script=each.script_id).count()
info['title'] = each.script_title
result.append(info)
result.reverse()
page_result['info'] = result
return json.dumps(page_result)
return json.dumps(result)
def get(self):
user = users.get_current_user()
auth_save = self.request.cookies.get("auth_save", None)
if auth_save:
self.response.headers.add_header("Set-Cookie", "auth_save=; expires=Wed, 11-Sep-1985 11:00:00 GMT")
params = cgi.parse_qs(auth_save)
script = Script(language=params["language"][0], code=params["code"][0])
script.put()
self.redirect("/view/%s" % script.name)
else:
if user:
prev_scriptlets = False
if Script.all().filter("user ="******"user": user, "logout_url": users.create_logout_url("/"), "prev_scriptlets": prev_scriptlets}
else:
params = {"user": user, "login_url": users.create_login_url("/")}
self.response.out.write(template.render("templates/main.html", params))
def ScriptUpdate():
message = {}
try:
scripts_info = ScriptsInfo()
Script.objects().delete()
for script in scripts_info:
if Script.objects(script_id=hashlib.md5(
script['name']).hexdigest()).count() == 0:
Script(script_id=hashlib.md5(script['name']).hexdigest(),
script_name=script['name'],
script_info=script['info'],
script_author=script['author'],
script_update_time=script['time'],
script_level=script['level'],
script_title=script['title']).save()
except Exception, e:
message['success'] = False
message['message'] = repr(e)
return json.dumps(message)
def send_script(uri):
compiled = cache.get(uri)
if compiled is None:
try:
s = Script.get(Script.uri == uri)
compiled = s.compiled
except Script.DoesNotExist:
abort(404)
cache.set(uri, compiled, timeout=CACHE_TIMEOUT)
return Response(compiled, status=200, content_type='application/javascript')
def post(self):
name = self.request.get('name')
script = Script(parent=script_key(name))
script.version = self.request.get('version')
script.idLine = self.request.get('id-line').replace('"', '\\"')
script.body = self.request.get('body').replace('"', '\\"')
script.put()
self.redirect('/')
def post(self):
"""
deletes an script that the logged in user dosen't want
"""
for script_name in self.request.POST.items():
if script_name[0] == 'delete':
query_item = Script.all().filter('name =', script_name[1])
if query_item.count() == 1:
for item in query_item.fetch(1):
item.delete()
self.redirect('/saved/')
def post(self):
user = users.get_current_user()
language = self.request.POST["language"]
description = self.request.POST["description"].strip()
user_friendly_name = self.request.POST["user_friendly_name"].strip()
code = self.request.POST["%s-code" % language]
if user:
script = Script(
language=language,
code=code,
description=description or "None",
user_friendly_name=user_friendly_name or "None",
)
script.put()
self.redirect("/view/%s" % script.name)
else:
auth_save = {"language": language, "code": code}
self.response.headers.add_header("Set-Cookie", "auth_save=%s" % urllib.urlencode(auth_save))
self.redirect(users.create_login_url("/"))
def get(self):
if self.request.path[-1] == '/':
self.redirect(self.request.path[:-1])
name = self.request.path.split('/')[-1]
script = Script.all().filter('name =', name).get()
user = users.get_current_user()
if not script or (not user or user != script.user):
self.redirect(users.create_login_url("/"))
self._get_main(script.name, script.language, script.code)
def createScript():
""" Script creation """
try:
if "username" in session:
if request.method == 'POST':
myScript = Script(
scriptname=request.form["inputScriptName"],
scriptdescription=request.form["inputScriptDescription"],
scripttechnology=request.form["inputScriptTechnology"],
businessowner=request.form["inputBusinessOwner"],
executionfrequency=request.form["inputExecutionFrequency"])
myScript.save()
flash('Script saved !!! ', 'message')
return redirect(url_for('listeScript'))
if request.method == 'GET':
return render_template('createscript.html')
else:
flash('Unknown user !!! ', 'error')
return render_template('login.html')
except:
return redirect(url_for('appError'))
def partial_update():
connect('stock_exchange')
codes = Trade.objects().distinct(field='code')
watchlists = User.objects().only('watchlist')
for watchlist in watchlists:
codes.extend(watchlist.watchlist)
codes = set(codes)
# Testing Only
# for i in Script.objects(code__in=codes):
# get_company_data(i, count())
executor = futures.ThreadPoolExecutor()
indResults = executor.map(update_index, Indicies.objects, count())
results = executor.map(get_company_data, Script.objects(code__in=codes), count())
def get_company_info(tag, count):
try:
if tag['href'] == '': return
soup = utilities.get_soup(tag['href'])
code = soup.find('input', {'id': 'ap_sc_id'})['value'].lower()
company = Script.objects(code=code).update_one(set__url=tag['href'],
upsert=True)
print(count, '.\t' + code)
except Exception as e:
print(type(e).__name__)
print(e)
print(count, '.\t' + tag)
return
def ScriptUpdate():
message = {}
try:
scripts_info = ScriptsInfo()
Script.objects().delete()
for script in scripts_info:
if Script.objects(script_id = hashlib.md5(script['name']).hexdigest()).count() == 0:
Script(
script_id=hashlib.md5(script['name']).hexdigest(),
script_name=script['name'],
script_info=script['info'],
script_author=script['author'],
script_update_time=script['time'],
script_level=script['level'],
script_title=script['title']
).save()
except:
message['success'] = False
return json.dumps(message)
message['success'] = True
message['message'] = time.strftime("%Y/%m.%d %H:%M:%S", time.localtime())
return json.dumps(message)
def parse_metadata(self, metadata, stack):
if self.indent is None:
self.indent = metadata.indent
if metadata.indent < self.indent:
self.close(metadata, stack)
return
match = regex_jump.match(metadata.line)
if match:
label = match["label"]
jump = Jump(label, metadata)
self.context.add_child(jump)
return
match = regex_call.match(metadata.line)
if match:
label = match["label"]
call = Call(label, metadata)
self.context.add_child(call)
return
match = regex_script.match(metadata.line)
if match:
script_code = match["script"]
script = Script(script_code, metadata)
self.context.add_child(script)
return
match = regex_condition.match(metadata.line)
if match:
parser = ConditionParser(self, metadata)
stack.push(parser)
stack.parse_metadata(metadata)
return
match = regex_menu.match(metadata.line)
if match:
parser = MenuParser(self, metadata)
stack.push(parser)
return
match = regex_python_block.match(metadata.line)
if match:
parser = PythonScriptParser(self, metadata)
stack.push(parser)
return
self.context.add_child(Text(metadata.line, metadata))
def get(self):
if self.request.path[-1] == '/':
self.redirect(self.request.path[:-1])
name = self.request.path.split('/')[-1]
script = Script.all().filter('name =', name).get()
prev_scriptlets = False
if Script.all().filter('user ='******'script':script, 'lines': script.code.count("\n"), 'run_url': self.request.url.replace('view', 'run')}
user = users.get_current_user()
if user:
params['user'] = user
params['logout_url'] = users.create_logout_url("/")
else:
params['user'] = user
params['login_url'] = users.create_login_url('/')
params['prev_scriptlets'] = prev_scriptlets
self.response.out.write(template.render('templates/view.html', params))
else:
self.redirect('/')
def _run_script(self):
name = self.request.path.split('/')[-1]
script = Script.all().filter('name =', name).get()
if script:
payload = dict(self.request.POST)
headers = dict(self.request.headers)
if headers.get('Content-Type'):
del headers['Content-Type']
headers['Run-Code'] = base64.b64encode(script.code)
headers['Run-Code-URL'] = self.request.url.replace('run', 'code')
self.response.out.write(urlfetch.fetch(
url='%s?%s' % (language_engines[script.language], self.request.query_string),
payload=urllib.urlencode(payload) if len(payload) else None,
method=self.request.method,
headers=headers).content)
else:
self.redirect('/')
def post(self):
user = users.get_current_user()
body = self.request.get('script')
if body:
script = Script()
script.put()
version = Version(script=script, body=body)
version.put()
script.latest_version = version
script.put()
self.redirect('/%s' % script.id)
else:
self.redirect('/new')
def _get_main(self, name, language, code):
user = users.get_current_user()
auth_save = self.request.cookies.get('auth_save', None)
if auth_save:
self.response.headers.add_header('Set-Cookie', 'auth_save=; expires=Wed, 11-Sep-1985 11:00:00 GMT')
params = cgi.parse_qs(auth_save)
self._save_and_redirect(params['name'][0], params['language'][0], params['code'][0])
else:
scripts = Script.all().filter('user ='******'user': user, 'scripts': scripts, 'name': name, 'language': language, 'code': code}
if user:
params['logout_url'] = users.create_logout_url("/")
else:
params['login_url'] = users.create_login_url('/')
self.response.out.write(template.render('templates/main.html', params))
def ScriptIdToScriptName(scripts):
md5_reg = r'^[a-z0-9]{32}'
script_list = []
script_tmp = []
if ',' in scripts:
script_list = scripts.split(',')
else:
if re.match(re.compile(md5_reg), scripts):
script_list.append(scripts)
for script_id in script_list:
if re.match(re.compile(md5_reg), script_id):
script = Script.objects(script_id=script_id).first()
if script == None:
return ''
script_tmp.append(script.script_name)
else:
return ''
scripts_name = ','.join(script_tmp)
return scripts_name
def create_script(filename, content, author_id): new_script = Script(filename=filename, content=content, author_id=author_id or None) db.session.add(new_script) db.session.commit() return jsonify(new_script.as_dict())
if os.path.exists('./app.db'):
os.remove('./app.db')
# Create the database
db.create_all()
for dataType in DATATYPES:
dt = DataType(name=dataType)
db.session.add(dt)
for consumptionType in CONSUMPTIONTYPES:
ct = ConsumptionType(name=consumptionType['name'], data_type_id=consumptionType['data_type_id'])
db.session.add(ct)
for script in SCRIPTS:
spt = Script(name=script['name'])
db.session.add(spt)
for obj in OBJECTS:
if 'script_id' in obj:
spt_id = obj['script_id']
else:
spt_id = None
o = Object(name=obj['name'], current_value=obj['current_value'], address=obj['address'],
data_type_id=obj['data_type_id'], script_id=spt_id)
db.session.add(o)
db.engine.execute('CREATE TABLE `event` ( \
`id` INTEGER NOT NULL PRIMARY KEY AUTOINCREMENT, \
`object_id` INTEGER NOT NULL, \
def upload():
""" Retrieving the file from the request object """
# creation of the folder on disk and upload the file selected
target=os.path.join(APP_ROOT,"upload")
if not os.path.isdir(target):
os.mkdir(target)
try :
file=request.files["InputFile"]
filename=file.filename
destination="/".join((target,filename))
file.save(destination)
myTable=request.form["inputTable"]
recImported=0
# Management of the scripts
if myTable=="Script" :
with open(destination,"r") as f:
for line in f:
# Init the variables for the process
fields=[]
fields=line.split(",")
# Retrieving the values of the fields
if len(fields)== 5 :
myScript=Script()
myScript.scriptname=fields[0]
myScript.scriptdescription=fields[1]
myScript.scripttechnology=fields[2]
myScript.businessowner=fields[3]
myScript.executionfrequency=fields[4]
myScript.save()
recImported+=1
flash('Congratulations, {} Script(s) records have been imported recently !!! '.format(recImported), 'message')
# Management of the scripts
if myTable=="Application" :
with open(destination,"r") as f:
for line in f:
# Init the variables for the process
fields=[]
fields=line.split(",")
# Retrieving the values of the fields
if len(fields)== 8 :
myApplication=Application()
myApplication.systemname=fields[0]
myApplication.systemdescription=fields[1]
myApplication.systemtechnology=fields[2]
myApplication.systemprovider=fields[3]
myApplication.systemowner=fields[4]
myApplication.systemstatus=fields[5]
myApplication.systemurl=fields[6]
myApplication.systemcategory=fields[7]
myApplication.save()
recImported+=1
flash('Congratulations, {} Application(s) records have been imported recently !!! '.format(recImported), 'message')
# Management of the scripts
if myTable=="Contract" :
with open(destination,"r") as f:
for line in f:
# Init the variables for the process
fields=[]
fields=line.split(",")
# Retrieving the values of the fields
if len(fields)== 8 :
myContract=Contract()
myContract.contractref=fields[0]
myContract.systemname=fields[1]
myContract.contractrenewtype=fields[2]
myContract.contractcost=fields[3]
myContract.contractstartingdate=fields[4]
myContract.contractendingdate=fields[5]
myContract.contractcomment=fields[6]
mystring=fields[7]
mystring=mystring[:-2]
myContract.contractyear=int(mystring)
myContract.save()
recImported+=1
flash('Congratulations, {} Contract(s) records have been imported recently !!! '.format(recImported), 'message')
except:
flash('Sorry, check the inputs of the importation process !!! ', 'error')
return redirect(url_for('menu'))
return redirect(url_for('menu'))
def complete_update():
connect('stock_exchange')
executor = futures.ThreadPoolExecutor()
indResults = executor.map(update_index, Indicies.objects, count())
results = executor.map(get_company_data, Script.objects(name__ne=None), count())
def DataSearch(search_type):
keyword = request.args.get('keyword')
page_number = int(request.args.get('p'))
result = []
page_result = {}
if search_type == 'script':
lens = len(
Script.objects(__raw__={
'script_info': re.compile(keyword)
}).all())
page_result['total_page'] = str(lens // page_item_number + 1)
if page_number > lens // page_item_number + 1:
return json.dumps(page_result)
if page_number * page_item_number < lens:
scripts = Script.objects(
__raw__={'script_info': re.compile(keyword)
})[lens - (page_number * page_item_number):lens -
(page_item_number * (page_number - 1))]
else:
scripts = Script.objects(
__raw__={'script_info': re.compile(keyword)
})[0:lens - (page_item_number * (page_number - 1))]
for each in scripts:
info = {}
info['id'] = each.script_id
info['detail'] = each.script_info
info['create_time'] = each.script_update_time
info['author'] = each.script_author
info['level'] = each.script_level
info['count'] = Vuln.objects(script=each.script_id).count()
info['title'] = each.script_title
result.append(info)
elif search_type == 'task':
lens = len(
Status.objects(__raw__={
'task_name': re.compile(keyword)
}).all())
page_result['total_page'] = str(lens // page_item_number + 1)
if page_number > lens // page_item_number + 1:
return json.dumps(page_result)
if page_number * page_item_number < lens:
tasks = Status.objects(__raw__={'task_name': re.compile(
keyword)})[lens - (page_number * page_item_number):lens -
(page_item_number * (page_number - 1))]
else:
tasks = Status.objects(__raw__={'task_name': re.compile(
keyword)})[0:lens - (page_item_number * (page_number - 1))]
for each in tasks:
info = {}
info['create_time'] = str(each.create_time).split('.')[0]
info['task_name'] = cgi.escape(each.task_name)
info['task_id'] = each.task_id
info['status'] = each.status
info['progress'] = each.progress
result.append(info)
elif search_type == 'vuln':
lens = len(Vuln.objects(__raw__={'target': re.compile(keyword)}).all())
page_result['total_page'] = str(lens // page_item_number + 1)
if page_number > lens // page_item_number + 1:
return json.dumps(page_result)
if page_number * page_item_number < lens:
vulns = Vuln.objects(__raw__={'target': re.compile(
keyword)})[lens - (page_number * page_item_number):lens -
(page_item_number * (page_number - 1))]
else:
vulns = Vuln.objects(
__raw__={'target': re.compile(keyword)})[0:lens -
(page_item_number *
(page_number - 1))]
for each in vulns:
info = {}
script = Script.objects(script_id=each.script).first()
try:
info['task_name'] = cgi.escape(
Task.objects(task_id=each.task_id).first().task_name)
except:
info['task_name'] = u'该任务已删除,无法查看'
info['task_id'] = each.task_id
info['target'] = each.target
info['script_name'] = script.script_name
info['script_id'] = each.script
info['message'] = each.message
info['script_type'] = each.script_type
info['time'] = str(each.create_time).split('.')[0]
info['level'] = script.script_level
result.append(info)
page_result['info'] = result
return json.dumps(page_result)
def get(self):
if self.request.path[-1] == '/':
self.redirect(self.request.path[:-1])
name = self.request.path.split('/')[-1]
script = Script.all().filter('name =', name).get()
self.response.out.write(base64.b64encode(script.code))
company['shareholding'] = holdings
except (AttributeError):
pass
standalone = get_standalone_results(company['code'].upper())
if len(standalone) > 0 :
company['standalone'] = standalone
consolidated = get_consolidated_results(company['code'].upper())
if len(consolidated) > 0:
company['consolidated'] = consolidated
if any(key in company for key in ['shareholding', 'standalone', 'consolidated']):
company.save()
print(index, '\t ' + company['name'])
else:
print(index, '\t ' + company['name'] + '\t failed')
if __name__ == "__main__":
connect('stock_exchange')
j = 0
# for i in Script.objects(name__ne=None):
# try:
# get_details(i, j)
# j = j+1
# except Exception as e:
# print(e)
executor = futures.ThreadPoolExecutor()
results = executor.map(get_details, Script.objects(name__ne=None), count())
def create_script(request):
request_content = json.loads(request.body)
script = Script()
script.name = request_content["name"]
script.resouce = request_content["source"]
script.category = request_content["category"]
script.content = request_content["content"]
script.remark = request_content["remark"]
script.version = 1
script.created_by = request.user.username
script.save()
return render_json({"result": True, "message": "ok"})
def VulnList(show_type):
result = []
page_result = {}
if show_type == 'index':
data = Vuln.objects.item_frequencies('script', normalize=True)
data = OrderedDict(
sorted(data.items(), key=lambda x: x[1], reverse=True))
for script_id, percent in data.items():
info = {}
info['script'] = Script.objects(
script_id=script_id).first().script_name
info['count'] = str(Vuln.objects(script=script_id).count())
info['percent'] = "%.02f%%" % (percent * 100)
result.append(info)
if len(result) > 10:
result = result[0:10]
elif show_type == 'all':
data = Vuln.objects().all()
for each in data:
info = {}
script = Script.objects(script_id=each.script).first()
try:
info['task_name'] = cgi.escape(
Task.objects(task_id=each.task_id).first().task_name)
except:
info['task_name'] = u'该任务已删除,无法查看'
info['task_id'] = each.task_id
info['target'] = each.target
info['script_name'] = script.script_name
info['script_id'] = each.script
info['message'] = each.message
info['script_type'] = each.script_type
info['time'] = str(each.create_time).split('.')[0]
info['level'] = script.script_level
result.append(info)
result.reverse()
elif show_type == 'page':
page_number = int(request.args.get('p'))
lens = len(Vuln.objects)
page_result['total_page'] = str(lens // page_item_number + 1)
if page_number > lens // page_item_number + 1:
return json.dumps(page_result)
if page_number * page_item_number < lens:
data = Vuln.objects[lens - (page_number * page_item_number):lens -
(page_item_number * (page_number - 1))]
else:
data = Vuln.objects[0:lens - (page_item_number *
(page_number - 1))]
for each in data:
info = {}
script = Script.objects(script_id=each.script).first()
try:
info['task_name'] = cgi.escape(
Task.objects(task_id=each.task_id).first().task_name)
except:
info['task_name'] = u'该任务已删除,无法查看'
info['task_id'] = each.task_id
info['target'] = each.target
info['script_name'] = script.script_name
info['script_id'] = each.script
info['message'] = each.message
info['script_type'] = each.script_type
info['time'] = str(each.create_time).split('.')[0]
info['level'] = script.script_level
result.append(info)
result.reverse()
page_result['info'] = result
return json.dumps(page_result)
return json.dumps(result)
def add_clicked(self, event):
idx = self.tabCount - 1
title = 'New Script {}'.format(idx + 1)
script = Script(self.extender, self.callbacks, self.helpers, title)
self.scripts.add(script)
