Ejemplo n.º 1
0
def compile_arm(file_name, task_id):
    make_path = getmakepath(file_name)

    # clear make_component
    build_path = os.path.join(make_path, 'make_component')
    SysUtils.rm_filepath(build_path)

    ret = os.chdir(make_path)

    # cmd = 'CC=arm-linux-gnueabihf-gcc CXX=arm-linux-gnueabihf-g++ AR=arm-linux-gnueabihf-ar RANLIB=arm-linux-gnueabihf-ranlib ./Configure no-asm shared    --prefix=/usr/local/arm/openssl    linux-armv4'
    CC = 'CC=arm-linux-gnueabihf-gcc CXX=arm-linux-gnueabihf-g++ AR=arm-linux-gnueabihf-ar RANLIB=arm-linux-gnueabihf-ranlib ./Configure no-asm shared    --prefix='
    cmd = CC + build_path + ' linux-armv4'
    os.system(cmd)
    print(cmd)

    # 先清数据,防止再次编译时ERROR
    cmd = 'make clean'
    process, exit_code = runcmd(cmd, make_path, task_id)
    if exit_code != 0:
        return build_path, exit_code
    cmd = 'make'
    process, exit_code = runcmd(cmd, make_path, task_id)
    if exit_code != 0:
        return build_path, exit_code

    cmd = 'make install'
    process, exit_code = runcmd(cmd, make_path, task_id)

    return build_path, exit_code
Ejemplo n.º 2
0
def compile_x86(file_name, task_id):
    make_path = getmakepath(file_name)

    # cmd = './config && make'
    # cmd = './config'
    # clear make_component
    build_path = os.path.join(make_path, 'make_component')
    SysUtils.rm_filepath(build_path)

    if 'httpd' in file_name:
        cmd = './configure --prefix=' + build_path + ' --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr-util/'
    else:
        # 指定生成的目录,方便将新生成文件进行入库操作
        cmd = './config --prefix=' + build_path

    process, exit_code = runcmd(cmd, make_path, task_id)
    if exit_code != 0:
        return build_path, exit_code

    # 先清数据,防止再次编译时ERROR
    cmd = 'make clean'
    process, exit_code = runcmd(cmd, make_path, task_id)
    if exit_code != 0:
        return build_path, exit_code

    cmd = 'make'
    process, exit_code = runcmd(cmd, make_path, task_id)
    if exit_code != 0:
        return build_path, exit_code

    cmd = 'make install'
    process, exit_code = runcmd(cmd, make_path, task_id)

    return build_path, exit_code
Ejemplo n.º 3
0
def _proc_tasks(fw_download_url, g_fw_save_path, ftp_user, ftp_password, task_id):
    print("download task_id", task_id)
    # 检查本地保存路径 没有则创建
    SysUtils.check_filepath(g_fw_save_path)

    # 1 时间消耗总占比30  执行下载操作
    total_percentage = 30.0
    ret_download_info = fw_filename = ""
    file_list = []

    if 'ftp://' in fw_download_url:
        ret_download_info, fw_filename, file_list = Mydownload.ftp_download(fw_download_url, g_fw_save_path, ftp_user,
                                                                            ftp_password, task_id, total_percentage)
    else:
        ret_download_info, fw_filename, file_list = Mydownload.http_download(fw_download_url, g_fw_save_path, task_id,
                                                                             total_percentage)

    print(ret_download_info, fw_filename)
    MyTask.save_exec_info_name(task_id, fw_filename)

    # 2 时间消耗总占比0 保存到 pack_file to mongodb
    pack_id, pack_file_id = _save_pack_db(fw_download_url, os.path.join(g_fw_save_path, fw_filename), ret_download_info,
                                          task_id)
    MyTask.save_exec_info_pack_id(task_id, pack_id)

    # 3 时间消耗总占比0 解压缩固件包->系统镜像文件,提取文件到mongo
    img_filename = _proc_uncompress(os.path.join(g_fw_save_path, fw_filename), g_fw_save_path, task_id)
    if len(img_filename) == 0:
        print("package uncompress error")
        img_filename = fw_filename  # bin文件做为包名(文件名)
        # return "package uncompress error"

    # 4 时间消耗总占比0 保存系统镜像文件 to mongodb
    file_id = _save_file_db(os.path.join(g_fw_save_path, img_filename), pack_id)

    # 5 时间消耗总占比40 BIN提取子文件
    total_percentage = 70.0
    extract_bin_files = MyBinwalk.binwalk_file_extract(os.path.join(g_fw_save_path, img_filename))
    MyTask.save_exec_info(task_id, total_percentage, {'binwalk_file_extract': extract_bin_files})

    for file in extract_bin_files:
        # binwalk解包返回的文件名带全路径
        # 对变量类型进行判断 list 值带[] 如: ['C:\\GIT\\firmware_analyze_serv\\files\\firmware\\_CF-EW71-V2.6.0.bin-2.extracted\\40']
        if isinstance(file, list):
            file_id = _save_file_db(file[0], pack_id)
        else:
            file_id = _save_file_db(file, pack_id)

    # 6 时间消耗总占比30 提取文件系统
    FsImage.start_fs_image_extract_task(pack_id)

    total_percentage = 100.0
    MyTask.save_exec_info(task_id, total_percentage, {'download': "固件下载、提取、入库操作完成"})

    # 7 clear temp files
    return 'ERROR_OK'
Ejemplo n.º 4
0
def check_component(pack_id, task_id):

    MyRedis.set('running_check_com_flag', True)

    # 获取本固件包所有的二进制可执行文件记录
    fw_files_list = FwFileDO.search_files_of_pack(pack_id, FileType.EXEC_FILE)
    pack_item = PackFileDO.fetch_pack(pack_id)
    process_file_name = pack_item.get('name')  # pack_item['name']
    MyTask.save_exec_info_name(task_id, process_file_name)

    # 枚举每个文件,根据文件名检索组件库(make),校验
    total_count = len(fw_files_list)
    for index, file_item in enumerate(fw_files_list):
        percentage = round(index * 100 / total_count, 1)
        MyTask.save_exec_info(task_id, percentage)

        componentinfo = MakeCOMFileDO.search_component_name(
            file_item['file_name'])
        if componentinfo is None:
            continue
        FwFileDO.set_component(file_item['file_id'], 1)
        # 相似度匹配计算,标记漏洞(version / edbid)
        fw_file_id = file_item['file_id']
        component_file_id = componentinfo['file_id']

        print(SysUtils.get_now_time())
        # 计算相似度 比较耗时 openssl计算大约两分钟
        similarity = assembly.calc_cosine_algorithm(fw_file_id,
                                                    component_file_id)
        print(SysUtils.get_now_time())

        # 相似度阈值设定: 0-100
        if similarity < utils.sys.config.g_similarity:
            print(similarity)
            continue
        # 相似度大于阈值 标记漏洞(version / edbid)
        com_file_info = PackCOMFileDO.fetch_pack(componentinfo['pack_id'])
        version = com_file_info['version']
        name = com_file_info['name']
        edb_id = com_file_info['edb_id']
        FwFileDO.set_component_extra_props(
            fw_file_id, {
                'version': version,
                'name': name,
                'edb_id': edb_id,
                'similarity': similarity
            })

    MyRedis.set('running_check_com_flag', False)

    # 保存任务完成状态
    MyTask.save_exec_info(task_id, 100.0)

    return
Ejemplo n.º 5
0
    def export(file_id, file_name=None, folder=None, override=False):
        # 在存储桶中读取文件记录
        grid_out = fw_files_storage.find_one({'filename': file_id})
        item = SysUtils.grid_out_to_dict(grid_out)
        if item is None:
            return None

        # 设置文件路径,默认文件导出到临时目录
        if file_name is None:
            file_name = item['filename']
        if folder is None:
            folder = MyPath.temporary()
        file_path = os.path.join(folder, file_name)

        # 不设置覆写时,如果文件已存在,则跳过文件创建和写数据的操作
        if not override and MyFile.exist(file_path):
            return file_path

        # 读取文件数据
        data = grid_out.read()
        # 创建文件并写入数据
        with open(file_path, 'wb') as file:
            file.write(data)

        return file_path
Ejemplo n.º 6
0
    def save_file_item(pack_id,
                       file_id,
                       file_name,
                       file_type,
                       mode,
                       file_path='',
                       extra_props=None):
        # 如果文件路径未给定,则使用文件名称代替
        if len(file_path) == 0:
            file_path = file_name

        doc = {
            'pack_id': pack_id,
            'file_id': file_id,
            'file_name': file_name,
            'file_path': file_path,
            'file_type': file_type,
            'mode': mode,
            'create_time': SysUtils.get_now_time()
        }
        if extra_props is not None:
            doc['extra_props'] = extra_props

        # 更新一条函数分析结果,如果没有旧记录,则创建一条新记录
        rv = source_code_files_coll.update_one(
            {
                'file_id': file_id,
                'file_path': file_path
            }, {'$set': doc}, True)
Ejemplo n.º 7
0
def add(request):
    # firmware_id = req_post_param(request, "firmware_id")
    title = req_post_param(request, "title")
    author = req_post_param(request, "author")
    type = req_post_param(request, "type")
    platform = req_post_param(request, "platform")

    # 获取可用的firmware_id,内部检查取值范围和是否冲突(firmware_id需要唯一)
    firmware_id = firmware_db.get_suggest_firmware_id(None)

    # with utils.sys.config.g_mongo_client.start_session(causal_consistency=True) as session:
    #     """事物必须在session下执行,with保证了session的正常关闭"""
    # with session.start_transaction():
    #     """一旦出现异常会自动调用session.abort_transaction()"""
    # 获取各字段的索引号,如果是新值,则添加一条新索引,并返回新的id号
    author_id = firmware_db.fetch_field_id('author', author)
    type_id = firmware_db.fetch_field_id('type', type)
    platform_id = firmware_db.fetch_field_id('platform', platform)

    # 组装漏洞信息,并添加
    item = {'description': [firmware_id, title], 'date_published': SysUtils.get_now_time().strftime('%Y-%m-%d'),
            'verified': 0, 'port': 0, 'customized': 1,
            'author': {'id': author_id, 'name': author}, 'type': {'id': type_id, 'name': type},
            'platform': {'id': platform_id, 'platform': platform}, 'firmware_id': firmware_id}
    result = firmware_db.add(item)

    # 为性能测试中降低CPU使用率,小段延时
    time.sleep(1.0)

    # 本版本不检查成功与否
    #SysLog.success('新建漏洞', '成功添加漏洞信息,漏洞ID={}'.format(firmware_id))
    return app_ok_p({'firmware_id': firmware_id, 'customized': 1, 'date_published': item['date_published']})
Ejemplo n.º 8
0
    def init_exec_status(self):
        # 初始化缓存的任务信息
        task_info = {
            'task_id': self._task_id,
            'start_time': SysUtils.get_now_time_str(),
            'task_status': TaskStatus.RUNNING,
            'percentage': 0.0,
            'progress_history': [],
            'result': {}
        }
        task_info = dict(task_info, **self._extra_info)
        # 缓存该任务信息
        MyRedis.set(self._task_id, task_info, category=task_cat)

        # 在数据库中保存任务记录
        TasksDAO.save(task_info)

        # 保存任务详情日志
        LogRecords.save(task_info,
                        category='task',
                        action='任务启动',
                        desc='记录任务启动时状态及任务信息')

        # 返回该任务信息
        return task_info
Ejemplo n.º 9
0
def _proc_uncompress(path_file_name, uncompress_path, task_id):
    # uncompress zip  .zip .trx 解压缩 提取系统文件目录
    list = SysUtils.uncompress(path_file_name, uncompress_path)
    # sub_path = file_name.split('.')[0]
    # 提取.BIN文件
    bin_file = getfilebytype(list, ".bin")
    if len(bin_file) == 0:
        bin_file = getfilebytype(list, '.trx')
    if len(bin_file) == 0:
        bin_file = getfilebytype(list, '.img')
    if len(bin_file) == 0:
        bin_file = getfilebytype(list, '.w')
    if len(bin_file) == 0:
        bin_file = getfilebytype(list, '.chk')
    if len(bin_file) == 0:
        bin_file = getfilebytype(list, '.bix')
    if len(bin_file) == 0:
        bin_file = getfilebytype(list, '.Image')
    if len(bin_file) == 0:
        bin_file = getfilebytype(list, '.BootImage')
    if len(bin_file) == 0:
        bin_file = getfilebytype(list, '.jffs2')
    if len(bin_file) == 0:
        bin_file = getfilebytype(list, '.yaffs2')
    if len(bin_file) == 0:
        bin_file = getfilebytype(list, '.ubifs')
    if len(bin_file) == 0:
        bin_file = getfilebytype(list, '.cramfs')

    return bin_file
Ejemplo n.º 10
0
def testcmd(request):
    process, result = runcmd('pwd')
    process, result = runcmd('ls -l')
    # # cmd = ReqParams.one(request, 'url', protocol='GET')
    # cmd = 'tar -xzvf ' + 'openssl-1.0.0s.tar.gz'
    # # process, result = runcmd(cmd, MyPath.component())
    # process, result = runcmd(cmd)

    work_path = MyPath.component() + '/openssl-1.0.0s'

    testfile = work_path + '/CHANGES'
    SysUtils.chmod(testfile, "777")

    # save_make_files('18e2f698-487a-47d4-9bf0-3c33d7a78320', work_path)
    # return

    # cmd = MyPath.component() + '/openssl-1.0.0s/' + 'CC=arm-linux-gnueabihf-gcc CXX=arm-linux-gnueabihf-g++ AR=arm-linux-gnueabihf-ar RANLIB=arm-linux-gnueabihf-ranlib ./Configure no-asm shared --prefix=/usr/local/arm/openssl linux-armv4'
    # cmd = '/bin/sh -c CC=arm-linux-gnueabihf-gcc CXX=arm-linux-gnueabihf-g++ AR=arm-linux-gnueabihf-ar RANLIB=arm-linux-gnueabihf-ranlib ./Configure no-asm shared --prefix=/usr/local/arm/openssl linux-armv4'
    # runcmd(cmd, work_path)
    # cmd = '/bin/sh -c CC=arm-linux-gnueabihf-gccCXX=arm-linux-gnueabihf-g++AR=arm-linux-gnueabihf-arRANLIB=arm-linux-gnueabihf-ranlib ./Configure no-asm shared --prefix=/usr/local/arm/openssl linux-armv4'
    # runcmd(cmd, work_path)

    # cmd = 'CC=arm-linux-gnueabihf-gcc RANLIB=arm-linux-gnueabihf-ranlib ./Configure --prefix=/usr/local/arm/openssl linux-armv4'
    cmd = './Configure --prefix=/usr/local/arm/openssl linux-armv4'

    runcmd(
        cmd, work_path,
        "{'CC':'arm-linux-gnueabihf-gcc', 'RANLIB':'arm-linux-gnueabihf-ranlib'}"
    )

    cmd = '/bin/sh -c CC=arm-linux-gnueabihf-gccRANLIB=arm-linux-gnueabihf-ranlib ./Configure --prefix=/usr/local/arm/openssl linux-armv4'
    runcmd(cmd, work_path)

    tmp = tempfile.TemporaryFile()

    rval = subprocess.call(shlex.split(cmd), stdout=tmp, stderr=tmp)

    cmd = 'make'
    runcmd(cmd, work_path)

    # print(process)
    # print(result)

    #    result = output[1].decode('utf-8')
    #    print(result)
    return sys_app_ok_p({})
Ejemplo n.º 11
0
 def save(pack_id, file_id, edb_id, title, version, path_file_name, name=None, description='', pack_type=PackType.REAL,
          source_type=FileSource.REMOTE_DOWNLOAD, file_type=FileType.OTHER_FILE, source_addr=''):
     doc = {'pack_id': pack_id, 'file_id': file_id, 'edb_id': edb_id, 'title': title, 'version': version, 'compile': 0, 'name': name,
            'file_path': path_file_name, 'description': description,
            'pack_type': pack_type, 'source_type': source_type, 'file_type': file_type, 'source_addr': source_addr,
            'create_time': SysUtils.get_now_time()}
     # 更新一条函数分析结果,如果没有旧记录,则创建一条新记录
     pack_com_files_coll.update_one({'pack_id': pack_id}, {'$set': doc}, True)
Ejemplo n.º 12
0
def _check_file(task_id):
    # 枚举目录 获取文件
    # path = "C:\\GIT\\python\\firmware"
    path = "C:\\固件下载\\huawei"
    path = "C:\\固件下载\\ZS7035"
    # path = "C:\\TEMP"
    uncompress_path = "C:\\TEMP"

    dest = []
    enumfiles(path, dest)

    SysUtils.check_filepath(uncompress_path)
    os.chdir(uncompress_path)  # 将当前的目录设置为uncompress_path
    for file in dest:
        print(file)
        # 解压缩固件包->系统镜像文件,提取文件到mongo
        # file_path, file_name = os.path.split(file)
        if '.bin' in file:
            img_filename = file
        elif '.trx' in file:
            img_filename = file
        else:
            img_filename = _proc_uncompress(file, uncompress_path, task_id)
        if len(img_filename) == 0:
            continue
        # BINWALK 提取文件
        extract_bin_files = MyBinwalk._binwalk_file_extract(os.path.join(uncompress_path, img_filename),
                                                            uncompress_path)

        # binwalk解包返回的文件名带全路径 写文件
        with open('c:\\git\\file_tree_info0413.txt', 'a+') as fw:
            fw.write(file)
            fw.write('\r')
            for f in extract_bin_files:
                # print(b'Saving original ' + path.encode() + i.getPath().encode() + i.getName())
                if isinstance(f, list):
                    fw.write(os.path.basename(f[0]))
                else:
                    fw.write(os.path.basename(f))
                fw.write('\r')
            fw.close()

        del_file(uncompress_path)

    return
Ejemplo n.º 13
0
 def add(self, firmware_id, alias, content):
     type = SysUtils.parse_file_type(alias)
     # 更新POC到 GridFS 存储桶中
     # method_fs.put(content.encode(encoding="utf-8"), content_type=type, filename=firmware_id, aliases=[alias])
     self.method_fs.put(content,
                        content_type=type,
                        filename=firmware_id,
                        aliases=[alias])
     return True
Ejemplo n.º 14
0
 def _build_common_keys(file_id, func_addr, key_name, data_dict):
     func_addr_hex = hex(func_addr)
     return {
         'file_id': file_id,
         'func_addr': func_addr,
         'func_addr_hex': func_addr_hex,
         key_name: data_dict,
         'update_time': SysUtils.get_now_time()
     }
Ejemplo n.º 15
0
    def _calc_exec_time(task_info):
        percent = task_info['percentage']
        # 无意义的百分比,不做处理
        if percent <= 0:
            return

        # 计算已进行的时间(秒为单位,含小数)
        start_time = SysUtils.parse_time_str(task_info['start_time'])
        delta_time = SysUtils.elapsed_time_ms(start_time) / 1000.0

        # 任务完成时,剩余时间为0
        if percent >= 100.0:
            remain_time = 0.0
        else:
            remain_time = delta_time / percent * 100 - delta_time
        print(remain_time)

        return remain_time
Ejemplo n.º 16
0
 def save(file_id, task_id, cfg_result):
     doc = {
         'file_id': file_id,
         'task_id': task_id,
         'create_time': SysUtils.get_now_time()
     }
     doc = dict(doc, **cfg_result)
     # 更新一条 cfg 分析结果,如果没有旧记录,则创建一条新记录
     cfg_result_col.update_one({'file_id': file_id}, {'$set': doc}, True)
Ejemplo n.º 17
0
def _proc_component_tasks(com_download_url, components_save_path, task_id):
    print("download task_id", task_id)
    # 检查本地保存路径 没有则创建
    SysUtils.check_filepath(components_save_path)

    # 1 时间消耗总占比30  执行下载操作
    total_percentage = 30.0
    ret_download_info = com_filename = ""
    file_list = []

    ret_download_info, com_filename, file_list = Mydownload.http_download(com_download_url, components_save_path, task_id, total_percentage)

    print(ret_download_info, com_filename)
    MyTask.save_exec_info_name(task_id, com_filename)

    # 5 组件源码下载后关联漏洞库
    edb_id, title = associated_vulner_db(com_filename)
    total_percentage = 50.0
    MyTask.save_exec_info(task_id, total_percentage, {'download': "组件源码下载后关联漏洞库"})

    # 2 时间消耗总占比0 保存到 pack_com_file to mongodb
    pack_com_id, pack_com_file_id = _save_pack_com_db(os.path.join(components_save_path, com_filename), ret_download_info, edb_id, title, task_id)
    MyTask.save_exec_info_pack_id(task_id, pack_com_id)

    # 3 时间消耗总占比0 解压缩源码包,提取文件到mongo
    output_dir, file_name = os.path.split(os.path.join(components_save_path, com_filename))
    file_list = _proc_com_uncompress(os.path.join(components_save_path, com_filename), output_dir, task_id)

    total_percentage = 70.0
    MyTask.save_exec_info(task_id, total_percentage, {'download': "下载组件解压缩源码包操作完成"})
    # 4 时间消耗总占比0 保存源码文件 to mongodb
    file_id = _save_source_code_file_db(os.path.join(output_dir, file_name.split('.tar.gz')[0]), pack_com_id, task_id)

    total_percentage = 100.0
    MyTask.save_exec_info(task_id, total_percentage, {'download': "下载组件源码入库操作完成"})

    # 7 clear temp files
    return 'ERROR_OK'
Ejemplo n.º 18
0
def poc_download(request):
    firmware_id = req_get_param(request, 'firmware_id')
    item = firmware_pocs.fetch(firmware_id)
    if item is None:
        return sys_app_err('ERROR_FWPOC_NOT_FOUND')

    file_name = item['aliases']
    # 对文本类型的文件名称增加txt后缀
    download_name = SysUtils.add_plain_text_file_suffix(file_name)
    # 设置响应内容的文件下载参数
    response = HttpResponse(item['content'], content_type='application/octet-stream')
    response['Content-Disposition'] = 'attachment;filename="%s"' % (urlquote(download_name))
    #SysLog.success('下载POC', '成功下载POC文件,漏洞ID={}'.format(firmware_id))
    return response
Ejemplo n.º 19
0
    def fetch(self, firmware_id):
        grid_out = self.method_fs.find_one({'filename': firmware_id})
        item = SysUtils.grid_out_to_dict(grid_out)
        if item is None:
            return None

        data = grid_out.read()
        print(item['aliases'])

        # save path file
        filename = self.FW_PATH + item['aliases']
        outf = open(filename, 'wb')  # 创建文件
        outf.write(data)
        outf.close()
        return item['aliases']
Ejemplo n.º 20
0
    def save_exec_info(task_id, percent, result=None, notify=True):
        # 从缓存或数据库中读取该任务的记录
        task_info = MyTask.fetch_exec_info(task_id)

        # 没有该任务信息记录时,返回失败
        if task_info is None:
            return False

        # 设置百分比和运行状态
        task_info['percentage'] = percent

        # 结果集不为空时,用新的结果集替换
        if result is not None:
            task_info['result'] = result

        # 计算并记录执行时间(预计剩余时间)
        task_info['remain_time'] = MyTask._calc_exec_time(task_info)
        # 设置当前记录时间
        task_info['record_time'] = SysUtils.get_now_time_str()

        # 保存处理进程的历史记录
        MyTask._save_progress_history(task_info)

        # 调用 websocket task_feedback
        task_feedback(task_id, task_info)

        # 运行100%时,设置任务完成状态,并更新数据库,清理缓存
        if percent == 100.0:
            task_info['task_status'] = TaskStatus.COMPLETE
            TasksDAO.save(task_info)
            MyRedis.delete(task_id, category=task_cat)

            # 保存任务详情日志
            LogRecords.save(task_info,
                            category='task',
                            action='任务完成',
                            desc='任务执行100%,记录任务执行结果信息')
        else:
            # 缓存该任务的记录
            MyRedis.set(task_id, task_info, category=task_cat)

        # 发送执行状态的更新消息
        if notify:
            MyTask.notify_task_exec_info(task_info)

        return True
Ejemplo n.º 21
0
    def save(log_contents, category='debug', action='普通操作', desc='操作日志', user='******'):
        # 根据系统配置,不在配置参数中的日志类型,不做日志记录
        if not SystemConfig.is_log_on(category):
            return

        log_uuid = StrUtils.uuid_str()
        create_time = SysUtils.get_now_time()
        logs_coll.update_one({'uuid': log_uuid},
                             {'$set': {
                                 'uuid': log_uuid,
                                 'category': category,
                                 'action': action,
                                 'description': desc,
                                 'content': log_contents,
                                 'user_account': user,
                                 'create_time': create_time
                             }}, True)
        return
Ejemplo n.º 22
0
    def stop_task(task_id):
        # 从缓存中取出任务信息,同时删除这条缓存
        task_info = MyTask.fetch_exec_info(task_id, remove=True)

        # 只允许终止正在运行的任务
        if task_info['task_status'] != TaskStatus.RUNNING:
            return task_info

        # 设置停止状态和 stop_time
        task_info['task_status'] = TaskStatus.STOPPED
        task_info['stop_time'] = SysUtils.get_now_time_str()

        # 在数据库中保存任务信息
        TasksDAO.save(task_info)

        # 保存任务详情日志
        LogRecords.save(task_info,
                        category='task',
                        action='任务终止',
                        desc='任务被终止')

        return task_info
Ejemplo n.º 23
0
def websocket_callback(task_id, process, percent=50):
    print(task_id)
    # 从缓存或数据库中读取该任务的记录
    task_info = MyTask.fetch_exec_info(task_id)

    # 没有该任务信息记录时,返回失败
    if task_info is None:
        return False

    # 计算并记录执行时间(预计剩余时间)
    task_info['remain_time'] = MyTask._calc_exec_time(task_info)
    # 设置当前记录时间
    task_info['record_time'] = SysUtils.get_now_time_str()
    # 设置百分比和运行状态
    task_info['percentage'] = percent

    value_list = process.split('\n')
    for result in value_list:
        # 结果集不为空时,用新的结果集替换
        if result is not None:
            task_info['result'] = result

        # 调用 websocket task_feedback
        task_feedback(task_id, task_info)
Ejemplo n.º 24
0
    def save(self, pack_id):

        title_name = '固件分析报告'

        result_pack = pack_files_col.find({'pack_id': pack_id})

        pack_list = list(result_pack)

        firmware_name = ''
        firmware_file_num = 0
        execute_file_num = 0
        fw_file_lists = ''

        firmware_md5 = ''
        firmware_size = ''

        if pack_list is not None and len(pack_list) > 0:
            pack_info = pack_list[0]
            firmware_name = pack_info.get('name')
            pack_id = pack_info.get('pack_id')
            pack_file_id = pack_info.get('file_id')

            result_files = fw_files_col.find({'pack_id': pack_id})
            fw_file_lists = list(result_files)
            if fw_file_lists is not None or len(fw_file_lists) > 0:
                firmware_file_num = len(fw_file_lists)

                for file_info in fw_file_lists:
                    fw_file_type = file_info.get('file_type')

                    if fw_file_type == 4:
                        execute_file_num += 1

            item = PackFilesStorage.fetch(pack_file_id)

            firmware_md5 = item.get('md5')
            length_b = item.get('length')
            length_kb = length_b / 1024
            length_mb = length_kb / 1024
            if length_kb < 1:
                firmware_size = str('%.2f' % length_b) + ' B'
            elif length_mb < 1:
                firmware_size = str('%.2f' % length_kb) + ' KB'
            else:
                firmware_size = str('%.2f' % length_mb) + ' MB'
        else:
            return sys_app_err('ERROR_INVALID_PARAMETER')

        # firmware_inst = 'MIPS'
        # firmware_decomp_size = '7.2M'

        content = list()

        report_time = SysUtils.get_now_time_str()

        self.draw_con(content, title_name,
                      self.text_type(20, 30, colors.black, 1))
        self.draw_con(content, '报告生成时间:' + report_time,
                      self.text_type(11, 20, colors.black, 2))
        content.append(Spacer(300, 20))  # 添加空白,长度300,宽20

        # 1 固件分析综述
        self.summary_info(content, firmware_name, firmware_md5, firmware_size,
                          pack_id, firmware_file_num, execute_file_num)

        ct = self.text_type(10, 15, colors.black, 1)
        # 设置自动换行
        ct.wordWrap = 'CJK'

        # 2 组件关联的漏洞
        self.relation_loophole(content, fw_file_lists, firmware_name, ct)

        # 3 可执行文件详情
        self.fw_file_table(content, fw_file_lists, ct)

        # 4 特征码
        self.file_inverted_table(content, fw_file_lists, ct)

        self.draw_con(content, '报告结束', self.text_type(11, 20, colors.black, 1))

        time_stamp = SysUtils.parse_time_stamp_str()
        inde = firmware_name.index('.')

        if inde > -1:
            firmware_name = firmware_name[0:inde]

        pdf_name = firmware_name + title_name + time_stamp + '.pdf'

        path = './firmware_analyze_serv_report/'

        if not os.path.exists(path):
            os.mkdir(path)

        pdf_path = path + pdf_name
        # 生成pdf文件
        doc = SimpleDocTemplate(pdf_path, pagesize=letter)
        doc.build(content)

        report_id = StrUtils.uuid_str()
        report_record_info = {
            'report_id': report_id,
            'pack_id': pack_id,
            'pack_name': firmware_name,
            'pdf_path': pdf_path,
            'pdf_name': pdf_name,
            'create_time': report_time
        }

        report_record_col.save(report_record_info)

        return sys_app_ok()
Ejemplo n.º 25
0
def _proc_com_uncompress(path_file_name, uncompress_path, task_id):
    return SysUtils.uncompress(path_file_name, uncompress_path)
Ejemplo n.º 26
0
 def _build_common_keys(file_id, key_name, data_dict):
     return {'file_id': file_id, key_name: data_dict, 'update_time': SysUtils.get_now_time()}
Ejemplo n.º 27
0
 def fetch(file_id):
     grid_out = fw_files_storage.find_one({'filename': file_id})
     item = SysUtils.grid_out_to_dict(grid_out)
     return item