def update_task(): """ 更新任务信息,最主要的是修改hook_url :return: """ try: put_data = request.get_json(force=True) if has_dict_value_blank(put_data, ["hook_rule", "task_id"]): return jsonify(status=400, message="更新任务失败", data={"extra_info": "请确认是否正确传入hook_rule,task_id参数"}) hook_rule = put_data.get("hook_rule") task_id = put_data.get("task_id") # Task表修改一下hook_rule TaskService.update(fields=({ Task.hook_rule: hook_rule }), where=(Task.id == task_id)) # redis更改任务hook_rule RedisService.update_task_hook_rule(task_id, hook_rule) return jsonify(status=200, message="更新任务成功", data={"extra_info": "修改成功,该任务由管理员修改"}) except Exception as e: logger.exception("update_task exception") return jsonify(status=500, message="未知异常", data={"extra_info": "创建任务时出现未知异常,请联系管理员查看异常日志"})
def stop_task(): """ 关闭任务,关闭任务之后将用户任务信息进行持久化到数据库,包括结束任务时间 :return: """ post_data = request.get_json(force=True) if has_dict_value_blank(post_data, ["task_id"]): return jsonify(status=400, message="结束任务失败", data={"extra_info": "task_id缺失,无法结束任务"}) try: post_task_id = int(post_data.get("task_id")) TaskService.update(fields=({ Task.task_status: TaskStatus.KILLED }), where=(Task.id == post_task_id)) RedisService.stop_task(post_task_id) RedisService.clean_urlclassifications(post_task_id) return jsonify(status=200, message="结束任务成功", data={"extra_info": "该任务由管理员关闭"}) except Exception as e: logger.exception("stop_task exception") return jsonify(status=500, message="未知异常", data={"extra_info": "创建任务时出现未知异常,请联系管理员查看异常日志"})
def create_task(): """ 创建任务,可以由浏览器插件或者直接在平台上创建,redis缓存查询用户信息 :return: """ try: post_data = request.get_json(force=True) if json_utils.has_dict_value_blank( post_data, ['hook_rule', 'read_agreement', 'task_name']): return jsonify(status=400, message="创建任务失败", data={"extra_info": "新建任务时没有设置网址正则或任务名称"}) if not post_data.get("read_agreement"): return jsonify(status=400, message="创建任务失败", data={"extra_info": "请阅读用户协议并点击同意"}) current_user_name = session["user_name"] post_hook_rule = post_data.get("hook_rule") post_task_name = post_data.get("task_name") current_user = RedisService.get_user(user_name=current_user_name) receivers_email = current_user[ "email"] if "email" in current_user else None task = TaskService.save(create_user_id=current_user["id"], task_name=post_task_name, receivers_email=receivers_email, hook_rule=post_hook_rule) #if UserTaskService.count(where=(UserTask.task_id == task.id, UserTask.user_id == current_user["id"])) == 0: UserTaskService.save(task_id=task.id, user_id=current_user["id"]) RedisService.create_task(task.id, post_hook_rule, current_user_name, TaskStatus.WORKING) RedisService.update_user_field(current_user_name, "current_task_id", task.id) UserService.update(fields=({ User.recent_operation_time: datetime.datetime.now() }), where=(User.user_name == current_user_name)) task_access_key = generate_access_key( task.id, current_user_name).decode("utf-8") TaskService.update(fields=({ Task.access_key: task_access_key }), where=(Task.id == task.id)) scan_celery.delay(post_data, task.id, current_user_name, TaskStatus.WORKING) return jsonify(status=200, message="创建任务成功", data={ "task_id": task.id, "full_name": current_user["full_name"], "create_time": get_current_time(), "task_access_key": task_access_key }) except Exception as e: logger.exception("create_task exception") return jsonify(status=500, message="未知异常", data={"extra_info": "创建任务时出现未知异常,请联系管理员查看异常日志"})
def scan_celery(package, task_id, create_user, status): """ celey 调度模式扫描 注意,scan_celery函数只有在celey开启的时候才会 :param package: :param task_id: :param create_user: :param status: :return: """ logger.setLevel(logging.INFO) logger.info(logo) if status == TaskStatus.WORKING: # 更新任务状态和hunter状态 current_task_status = TaskService.get_task_status(task_id=task_id) if current_task_status and current_task_status < TaskStatus.WORKING: TaskService.update(fields=({ Task.task_status: TaskStatus.WORKING }), where=(Task.id == task_id)) TaskService.update(fields=({ Task.xssfork_status: TaskStatus.WORKING }), where=(Task.id == task_id)) logger.warn( "there is a task [task_id:{}, create_user:{}] has start".format( task_id, create_user)) elif status == TaskStatus.KILLED: try: TaskService.update(fields=({ Task.xssfork_status: TaskStatus.DONE }), where=(Task.id == task_id)) current_task = TaskService.get_fields_by_where( where=(Task.id == task_id))[0] if current_task.hunter_status == TaskStatus.DONE and current_task.sqlmap_status == TaskStatus.DONE \ and current_task.xssfork_status == TaskStatus.DONE: TaskService.update(fields=({ Task.task_status: TaskStatus.DONE }), where=(Task.id == task_id)) task_notice_celery.delay( message={ "type": BroadCastType.TASK, "action": BroadCastAction.COMPLETE_TASK_NOTIFICATION, "data": { "task_id": task_id } }) except Exception: logger.exception("scan_celery error") logger.warn( "there is a task [task_id:{}, create_user:{}] has killed".format( task_id, create_user)) else: scan(package=package, task_id=task_id, create_user=create_user, status=status)
def update_task(): """ 更新任务信息,最主要的是修改hook_url :return: """ post_data = request.get_json(force=True) if json_utils.has_dict_value_blank(post_data, ["hook_rule", "task_id"]): return jsonify(status=400, message="更新任务失败", data={"extra_info": "请确认是否正确传入hook_rule,task_id参数"}) try: post_hook_rule = post_data.get("hook_rule") post_task_id = post_data.get("task_id") current_user_name = session["user_name"] # current_user_name = "b5mali4" current_user = RedisService.get_user(current_user_name) if UserTaskService.count( where=(UserTask.user_id == int(current_user["id"]), UserTask.task_id == post_task_id)) == 0: return jsonify(status=403, message="更新任务失败", data={"extra_info": "请勿尝试非法更改非自己权限的任务"}) TaskService.update(fields=({ Task.hook_rule: post_hook_rule }), where=(Task.id == post_task_id)) RedisService.update_task_hook_rule(post_task_id, post_hook_rule) return jsonify(status=200, message="更新任务成功", data={"extra_info": "修改成功,刷新页面即可看到更改结果"}) except Exception as e: logger.exception("update_task exception") if isinstance(e, UserNotFoundInRedisException): return jsonify(status=403, message="结束任务失败", data={"extra_info": "请勿尝试非法关闭非自己权限任务"}) return jsonify(status=500, message="未知异常", data={"extra_info": "创建任务时出现未知异常,请联系管理员查看异常日志"})
def stop_task(): """ 关闭任务,关闭任务之后将用户任务信息进行持久化到数据库,包括结束任务时间 :return: """ post_data = request.get_json(force=True) if json_utils.has_dict_value_blank(post_data, ["task_id"]): return jsonify(status=400, message="结束任务失败", data={"extra_info": "task_id缺失,无法结束任务"}) post_task_id = int(post_data.get("task_id")) current_user_name = session["user_name"] try: user = RedisService.get_user(current_user_name) if UserTaskService.count( where=(UserTask.user_id == user["id"], UserTask.task_id == post_task_id)) == 0: return jsonify(status=403, message="结束任务失败", data={"extra_info": "请勿尝试非法关闭非自己权限任务"}) task = TaskService.get_fields_by_where( fields=(Task.task_status), where=(Task.id == post_task_id))[0] if task.task_status in [TaskStatus.DONE, TaskStatus.KILLED]: return jsonify(status=200, message="结束任务成功", data={ "fullname": user["full_name"], "extra_info": "该任务早已经结束,请登录后台查看扫描结果", "stop_time": get_current_time() }) TaskService.update(fields=({ Task.task_status: TaskStatus.KILLED, Task.killed_time: datetime.datetime.now() }), where=(Task.id == post_task_id)) UserService.update(fields=({ User.recent_operation_time: datetime.datetime.now() }), where=(User.user_name == current_user_name)) scan_celery.delay(post_data, post_task_id, current_user_name, TaskStatus.KILLED) RedisService.stop_task(post_task_id) RedisService.clean_urlclassifications(post_task_id) return jsonify(status=200, message="结束任务成功", data={ "full_name": user["full_name"], "extra_info": "请登录后台查看扫描结果", "stop_time": datetime.datetime.now().strftime("%Y-%m-%d %H:%M") }) except Exception as e: logger.exception("stop_task exception") if isinstance(e, UserNotFoundInRedisException): return jsonify(status=403, message="结束任务失败", data={ "extra_info": "认证失败,请重新登录进行授权", "auth_site": "" }) return jsonify(status=500, message="未知异常", data={"extra_info": "创建任务时出现未知异常,请联系管理员查看异常日志"})