def add(request):
# firmware_id = req_post_param(request, "firmware_id")
title = req_post_param(request, "title")
author = req_post_param(request, "author")
type = req_post_param(request, "type")
platform = req_post_param(request, "platform")
# 获取可用的firmware_id,内部检查取值范围和是否冲突(firmware_id需要唯一)
firmware_id = firmware_db.get_suggest_firmware_id(None)
# with utils.sys.config.g_mongo_client.start_session(causal_consistency=True) as session:
# """事物必须在session下执行,with保证了session的正常关闭"""
# with session.start_transaction():
# """一旦出现异常会自动调用session.abort_transaction()"""
# 获取各字段的索引号,如果是新值,则添加一条新索引,并返回新的id号
author_id = firmware_db.fetch_field_id('author', author)
type_id = firmware_db.fetch_field_id('type', type)
platform_id = firmware_db.fetch_field_id('platform', platform)
# 组装漏洞信息,并添加
item = {'description': [firmware_id, title], 'date_published': SysUtils.get_now_time().strftime('%Y-%m-%d'),
'verified': 0, 'port': 0, 'customized': 1,
'author': {'id': author_id, 'name': author}, 'type': {'id': type_id, 'name': type},
'platform': {'id': platform_id, 'platform': platform}, 'firmware_id': firmware_id}
result = firmware_db.add(item)
# 为性能测试中降低CPU使用率,小段延时
time.sleep(1.0)
# 本版本不检查成功与否
#SysLog.success('新建漏洞', '成功添加漏洞信息,漏洞ID={}'.format(firmware_id))
return app_ok_p({'firmware_id': firmware_id, 'customized': 1, 'date_published': item['date_published']})
def fetch(request):
firmware_id = req_get_param(request, 'firmware_id')
if StrUtils.is_blank(firmware_id):
return sys_app_err('ERROR_INVALID_PARAMETER')
doc = firmware_db.fetch(firmware_id)
if doc is None:
#SysLog.fail('提取漏洞', '没有提取到漏洞信息(ID={})'.format(firmware_id))
return sys_app_err('ERROR_FWID_NOT_FOUND')
#SysLog.success('提取漏洞', '成功提取漏洞信息(ID={})'.format(firmware_id))
return app_ok_p(doc)
def poc_query(request):
offset = req_get_param_int(request, 'offset')
count = req_get_param_int(request, 'count')
# 获取信息总数
total = firmware_pocs.count()
# 指定偏移量越界,则报错
if offset >= total:
return app_err_p(Error.NO_MORE_DATA, {'total': total, 'count': 0})
# 读取利用方法数据
docs = firmware_pocs.query(offset, count)
#SysLog.success('查询POC', '成功查询漏洞的POC,总数={}'.format(len(docs)))
return app_ok_p({'total': total, 'count': len(docs), 'items': docs})
def search(request):
offset = req_get_param_int(request, 'offset')
count = req_get_param_int(request, 'count')
value = req_get_param(request, 'value')
# 查找利用信息
result_cursor = firmware_db.search(value)
item_list = list(result_cursor)
# 获取信息总数,并判断指定偏移量是否越界
total = len(item_list)
if total == 0 or offset >= total:
return app_err_p(Error.NO_MORE_DATA, {'total': total, 'count': 0})
# 读取指定位置和数量的利用信息
if count > total - offset:
count = total - offset
item_list = item_list[offset: offset + count]
# 为性能测试中降低CPU使用率,小段延时
time.sleep(1.0)
#SysLog.success('搜索漏洞', '成功搜索漏洞信息,查询到漏洞信息总数={}'.format(len(item_list)))
return app_ok_p({'total': total, 'count': len(item_list), 'items': item_list})
def filter(request):
offset = req_get_param_int(request, 'offset')
count = req_get_param_int(request, 'count')
field = req_get_param(request, 'field')
value = req_get_param(request, 'value')
# 查找利用信息
result_cursor = firmware_db.filter(field, value)
if result_cursor is None:
return app_err(Error.INVALID_REQ_PARAM)
item_list = list(result_cursor)
# 获取信息总数,并判断指定偏移量是否越界
total = len(item_list)
if total == 0 or offset >= total:
return app_err_p(Error.NO_MORE_DATA, {'total': total, 'count': 0})
# 读取指定位置和数量的利用信息
if count > total - offset:
count = total - offset
item_list = item_list[offset: offset + count]
#SysLog.success('查询漏洞', '成功查询漏洞信息,查询到漏洞信息总数={}'.format(len(item_list)))
return app_ok_p({'total': total, 'count': len(item_list), 'items': item_list})
def max_id(request):
max_id = firmware_db.max_firmware_id()
return app_ok_p({'max_id': max_id})
def query_platform(request):
return app_ok_p(firmware_db.query_platform())
def query_type(request):
return app_ok_p(firmware_db.query_type())