Ejemplos de warning en Python

Ejemplo n.º 1

Archivo: third_party.py Proyecto: He1l0e/cobra

 def push(self):
     try:
         # 为杜绝前面环节问题导致输出重复,所以推送前先检查是否已经推送过
         exist_vuln = CobraResults.query.filter_by(id=self.vuln_id,
                                                   status=2).count()
         if exist_vuln == 0:
             logging.info("已经推送过")
             return False
         vulns = {'info': json.dumps(self.vulnerabilities)}
         response = requests.post(self.api, data=vulns)
         if response.text == 'done':
             logging.info('推送漏洞到第三方漏洞管理平台成功')
             """
             更新漏洞状态
             1. 漏洞状态是初始化(0) -> 更新(1)
             2. 漏洞状态是已推送(1) -> 不更新
             3. 漏洞状态是已修复(2) -> 不更新
             """
             if self.vuln_id is None:
                 logging.warning("漏洞ID不能为空")
             else:
                 vuln = CobraResults.query.filter_by(
                     id=self.vuln_id).first()
                 if vuln.status == 0:
                     vuln.status = 1
                     db.session.add(vuln)
                     db.session.commit()
             return True
         else:
             logging.critical('推送第三方漏洞管理平台失败 \r\n{0}'.format(response.text))
             return False
     except (requests.ConnectionError, requests.HTTPError) as e:
         logging.warning("推送第三方漏洞管理平台出现异常: {0}".format(e))
         return False

Ejemplo n.º 2

Archivo: third_party.py Proyecto: Introspelliam/cobra

 def push(self):
     try:
         # 为杜绝前面环节问题导致输出重复,所以推送前先检查是否已经推送过
         exist_vuln = CobraResults.query.filter_by(id=self.vuln_id, status=2).count()
         if exist_vuln == 0:
             logging.info("已经推送过")
             return False
         vulns = {'info': json.dumps(self.vulnerabilities)}
         response = requests.post(self.api, data=vulns)
         if response.text == 'done':
             logging.info('推送漏洞到第三方漏洞管理平台成功')
             """
             更新漏洞状态
             1. 漏洞状态是初始化(0) -> 更新(1)
             2. 漏洞状态是已推送(1) -> 不更新
             3. 漏洞状态是已修复(2) -> 不更新
             """
             if self.vuln_id is None:
                 logging.warning("漏洞ID不能为空")
             else:
                 vuln = CobraResults.query.filter_by(id=self.vuln_id).first()
                 if vuln.status == 0:
                     vuln.status = 1
                     db.session.add(vuln)
                     db.session.commit()
             return True
         else:
             logging.critical('推送第三方漏洞管理平台失败 \r\n{0}'.format(response.text))
             return False
     except (requests.ConnectionError, requests.HTTPError) as e:
         logging.warning("推送第三方漏洞管理平台出现异常: {0}".format(e))
         return False

Ejemplo n.º 3

 def type(self, *args, text=''):
     """输入，args为元素定位符，支持id，class name, xpath, text, msg"""
     logging.debug("元素: {} 输入: {}".format(args, text))
     text = text.strip()
     if not text:
         logging.warning("type() text参数为空!")
     input = self.find_element(*args)
     input.clear()
     input.send_keys(text)

Ejemplo n.º 4

Archivo: parse.py Proyecto: yingshang/cobra

 def log(self, level, message, test=True):
     if test:
         self.data.append('[{0}] {1}'.format(level.upper(), message))
     if level == 'critical':
         logging.critical(message)
     elif level == 'warning':
         logging.warning(message)
     elif level == 'info':
         logging.info(message)
     elif level == 'debug':
         logging.debug(message)
     elif level == 'error':
         logging.error(message)

Ejemplo n.º 5

Archivo: core.py Proyecto: Introspelliam/cobra

 def log(self, level, message, test=True):
     if test:
         self.data.append('[{0}] {1}'.format(level.upper(), message))
     if level == 'critical':
         logging.critical(message)
     elif level == 'warning':
         logging.warning(message)
     elif level == 'info':
         logging.info(message)
     elif level == 'debug':
         logging.debug(message)
     elif level == 'error':
         logging.error(message)

Ejemplo n.º 6

 def run(self, is_all=None, pid=None):
     if bool(is_all) is True:
         message = '[START] Pull all projects code'
         print(message)
         logging.info(message)
         projects = CobraProjects.query.with_entities(
             CobraProjects.repository).filter(
                 CobraProjects.status == CobraProjects.get_status(
                     'on')).all()
         for project in projects:
             if '.git' not in project.repository:
                 continue
             code, msg, gg = scan.Scan(project.repository).pull_code()
             message = 'Pull code: {msg} {directory}'.format(
                 msg=msg, directory=gg.repo_directory)
             if code == 1001:
                 logging.info(message)
             else:
                 logging.warning(message)
             print(message)
         message = '[END] Scan all projects'
         print(message)
         logging.info(message)
     elif pid is not None:
         project = CobraProjects.query.filter_by(id=pid).first()
         if project is None:
             message = 'Project not found'
             print(message)
             logging.critical(message)
         else:
             if '.git' not in project.repository:
                 message = 'Not git repository'
                 print(message)
                 logging.info(message)
             code, msg, gg = scan.Scan(project.repository).pull_code()
             message = 'Pull code: {msg} {directory}'.format(
                 msg=msg, directory=gg.repo_directory)
             if code == 1001:
                 logging.info(message)
             else:
                 logging.warning(message)
             print(message)
     else:
         message = 'Please set --target param'
         print(message)
         logging.critical(message)
         sys.exit()

Ejemplo n.º 7

Archivo: pull.py Proyecto: Introspelliam/cobra

 def run(self, is_all=None, pid=None):
     if bool(is_all) is True:
         message = '[START] Pull all projects code'
         print(message)
         logging.info(message)
         projects = CobraProjects.query.with_entities(CobraProjects.repository).filter(CobraProjects.status == CobraProjects.get_status('on')).all()
         for project in projects:
             if '.git' not in project.repository:
                 continue
             code, msg, gg = scan.Scan(project.repository).pull_code()
             message = 'Pull code: {msg} {directory}'.format(msg=msg, directory=gg.repo_directory)
             if code == 1001:
                 logging.info(message)
             else:
                 logging.warning(message)
             print(message)
         message = '[END] Scan all projects'
         print(message)
         logging.info(message)
     elif pid is not None:
         project = CobraProjects.query.filter_by(id=pid).first()
         if project is None:
             message = 'Project not found'
             print(message)
             logging.critical(message)
         else:
             if '.git' not in project.repository:
                 message = 'Not git repository'
                 print(message)
                 logging.info(message)
             code, msg, gg = scan.Scan(project.repository).pull_code()
             message = 'Pull code: {msg} {directory}'.format(msg=msg, directory=gg.repo_directory)
             if code == 1001:
                 logging.info(message)
             else:
                 logging.warning(message)
             print(message)
     else:
         message = 'Please set --target param'
         print(message)
         logging.critical(message)
         sys.exit()

Ejemplo n.º 8

Archivo: subversion.py Proyecto: Introspelliam/cobra

    def __init__(self, filename, current_version=None, online_version=None):
        self.filename = filename
        self.current_version = current_version
        self.online_version = online_version

        self.username = config.Config('svn', 'username').value
        self.password = config.Config('svn', 'password').value

        # Test SVN
        cmd = self.svn + " info --no-auth-cache --non-interactive --username='******' --password='******' %s" % (
            self.username,
            self.password,
            self.filename
        )
        p = subprocess.Popen(cmd, shell=True, stderr=subprocess.PIPE, stdout=subprocess.PIPE)
        (diff_out, diff_err) = p.communicate()
        if len(diff_err) == 0:
            logging.debug("svn diff success")
        elif 'authorization failed' in diff_err:
            logging.warning("svn diff auth failed")
            sys.exit(1)
        elif 'Not a valid URL' in diff_err:
            logging.warning("svn diff url not a valid")
            sys.exit(1)

Ejemplo n.º 9

Archivo: subversion.py Proyecto: evilwebshell/cobra

    def __init__(self, filename, current_version=None, online_version=None):
        self.filename = filename
        self.current_version = current_version
        self.online_version = online_version

        self.username = config.Config('svn', 'username').value
        self.password = config.Config('svn', 'password').value

        # Test SVN
        cmd = self.svn + " info --no-auth-cache --non-interactive --username='******' --password='******' %s" % (
            self.username,
            self.password,
            self.filename
        )
        p = subprocess.Popen(cmd, shell=True, stderr=subprocess.PIPE, stdout=subprocess.PIPE)
        (diff_out, diff_err) = p.communicate()
        if len(diff_err) == 0:
            logging.debug("svn diff success")
        elif 'authorization failed' in diff_err:
            logging.warning("svn diff auth failed")
            sys.exit(1)
        elif 'Not a valid URL' in diff_err:
            logging.warning("svn diff url not a valid")
            sys.exit(1)

Ejemplo n.º 10

Archivo: parse.py Proyecto: evilwebshell/cobra

    def is_controllable_param(self):
        """
        参数是否可控
        :return:
        """
        param_name = re.findall(self.rule, self.code)
        if len(param_name) == 1:
            param_name = param_name[0].strip()
            self.param_name = param_name
            logging.debug('参数: `{0}`'.format(param_name))
            # 固定字符串判断
            regex_string = self.regex[self.language]['string']
            string = re.findall(regex_string, param_name)
            if len(string) >= 1 and string[0] != '':
                logging.debug("是否字符串: 是")
                logging.info("返回: 不可控 (字符串)")
                return False
            logging.debug("是否字符串: 否")

            # 变量判断
            if param_name[:1] == '$':
                logging.debug("参数是否变量: 是")

                # 获取参数赋值代码块
                param_block_code = self.block_code(0)
                if param_block_code is False:
                    logging.debug("向上搜索参数区块代码: 未找到")
                    logging.info("返回: 可控 (代码未找到)")
                    return True
                logging.debug("向上搜索参数区块代码: {0}".format(param_block_code))

                # 外部取参赋值
                """
                # Need match
                $url = $_GET['test'];
                $url = $_POST['test'];
                $url = $_REQUEST['test'];
                $url = $_SERVER['user_agent'];
                # Don't match
                $url = $_SERVER
                $url = $testsdf;
                """
                regex_get_param = r'({0}\s*=\s*\$_[GET|POST|REQUEST|SERVER]+(?:\[))'.format(
                    re.escape(param_name))
                regex_get_param_result = re.findall(regex_get_param,
                                                    param_block_code)
                if len(regex_get_param_result) >= 1:
                    self.param_value = regex_get_param_result[0]
                    logging.debug("参数是否直接取自外部: 是")
                    logging.info("返回: 可控(取外部入参)")
                    return True
                logging.debug("参数是否直接取自外部入参: 否")

                # 函数入参
                regex_function_param = r'(function\s*\w+\s*\(.*{0})'.format(
                    re.escape(param_name))
                regex_function_param_result = re.findall(
                    regex_function_param, param_block_code)
                if len(regex_function_param_result) >= 1:
                    self.param_value = regex_function_param_result[0]
                    logging.debug("参数是否函数入参: 是")
                    logging.info("返回: 可控(函数入参)")
                    return True
                logging.debug("参数是否直接函数入参: 否")

                # 常量赋值
                uc_rule = r'{0}\s?=\s?([A-Z_]*)'.format(re.escape(param_name))
                uc_rule_result = re.findall(uc_rule, param_block_code)
                if len(uc_rule_result) >= 1:
                    logging.debug("参数变量是否直接赋值常量: 是 `{0} = {1}`".format(
                        param_name, uc_rule_result[0]))
                    logging.info("返回: 不可控")
                    return False
                logging.debug("参数变量是否直接赋值常量: 否")

                # 固定字符串判断
                regex_assign_string = self.regex[
                    self.language]['assign_string'].format(
                        re.escape(param_name))
                string = re.findall(regex_assign_string, param_block_code)
                if len(string) >= 1 and string[0] != '':
                    logging.debug("是否赋值字符串: 是")
                    logging.info("返回: 不可控 (字符串)")
                    return False
                logging.debug("是否赋值字符串: 否")

                logging.info("返回: 可控(默认情况)")
                return True
            else:
                if self.language == 'java':
                    # Java 变量就是没有$
                    param_block_code = self.block_code(0)
                    if param_block_code is False:
                        logging.debug("向上搜索参数区块代码: 未找到")
                        logging.info("返回: 可控 (代码未找到)")
                        return True
                    logging.debug("向上搜索参数区块代码: {0}".format(param_block_code))
                    regex_assign_string = self.regex[
                        self.language]['assign_string'].format(
                            re.escape(param_name))
                    string = re.findall(regex_assign_string, param_block_code)
                    if len(string) >= 1 and string[0] != '':
                        logging.debug("是否赋值字符串: 是")
                        logging.info("返回: 不可控 (字符串)")
                        return False
                    logging.debug("是否赋值字符串: 否")

                    # 是否取外部参数
                    regex_get_param = r'String\s{0}\s=\s\w+\.getParameter(.*)'.format(
                        re.escape(param_name))
                    get_param = re.findall(regex_get_param, param_block_code)
                    if len(get_param) >= 1 and get_param[0] != '':
                        logging.debug("是否赋值外部取参: 是")
                        logging.info("返回: 不可控 (外部取参)")
                        return False
                    logging.debug("是否赋值外部取参: 否")

                    logging.info("返回: 可控 (变量赋值)")
                    return True
                logging.debug("参数是否变量: 否 (没有包含$)")
                logging.info("返回: 不可控(参数不为变量)")
                return False
        else:
            logging.warning("未获取到参数名,请检查定位规则")