def update_task():
"""
更新任务信息,最主要的是修改hook_url
:return:
"""
try:
put_data = request.get_json(force=True)
if has_dict_value_blank(put_data, ["hook_rule", "task_id"]):
return jsonify(status=400,
message="更新任务失败",
data={"extra_info": "请确认是否正确传入hook_rule,task_id参数"})
hook_rule = put_data.get("hook_rule")
task_id = put_data.get("task_id")
# Task表修改一下hook_rule
TaskService.update(fields=({
Task.hook_rule: hook_rule
}),
where=(Task.id == task_id))
# redis更改任务hook_rule
RedisService.update_task_hook_rule(task_id, hook_rule)
return jsonify(status=200,
message="更新任务成功",
data={"extra_info": "修改成功,该任务由管理员修改"})
except Exception as e:
logger.exception("update_task exception")
return jsonify(status=500,
message="未知异常",
data={"extra_info": "创建任务时出现未知异常,请联系管理员查看异常日志"})
def stop_task():
"""
关闭任务,关闭任务之后将用户任务信息进行持久化到数据库,包括结束任务时间
:return:
"""
post_data = request.get_json(force=True)
if has_dict_value_blank(post_data, ["task_id"]):
return jsonify(status=400,
message="结束任务失败",
data={"extra_info": "task_id缺失,无法结束任务"})
try:
post_task_id = int(post_data.get("task_id"))
TaskService.update(fields=({
Task.task_status: TaskStatus.KILLED
}),
where=(Task.id == post_task_id))
RedisService.stop_task(post_task_id)
RedisService.clean_urlclassifications(post_task_id)
return jsonify(status=200,
message="结束任务成功",
data={"extra_info": "该任务由管理员关闭"})
except Exception as e:
logger.exception("stop_task exception")
return jsonify(status=500,
message="未知异常",
data={"extra_info": "创建任务时出现未知异常,请联系管理员查看异常日志"})
def create_task():
"""
创建任务,可以由浏览器插件或者直接在平台上创建,redis缓存查询用户信息
:return:
"""
try:
post_data = request.get_json(force=True)
if json_utils.has_dict_value_blank(
post_data, ['hook_rule', 'read_agreement', 'task_name']):
return jsonify(status=400,
message="创建任务失败",
data={"extra_info": "新建任务时没有设置网址正则或任务名称"})
if not post_data.get("read_agreement"):
return jsonify(status=400,
message="创建任务失败",
data={"extra_info": "请阅读用户协议并点击同意"})
current_user_name = session["user_name"]
post_hook_rule = post_data.get("hook_rule")
post_task_name = post_data.get("task_name")
current_user = RedisService.get_user(user_name=current_user_name)
receivers_email = current_user[
"email"] if "email" in current_user else None
task = TaskService.save(create_user_id=current_user["id"],
task_name=post_task_name,
receivers_email=receivers_email,
hook_rule=post_hook_rule)
#if UserTaskService.count(where=(UserTask.task_id == task.id, UserTask.user_id == current_user["id"])) == 0:
UserTaskService.save(task_id=task.id, user_id=current_user["id"])
RedisService.create_task(task.id, post_hook_rule, current_user_name,
TaskStatus.WORKING)
RedisService.update_user_field(current_user_name, "current_task_id",
task.id)
UserService.update(fields=({
User.recent_operation_time:
datetime.datetime.now()
}),
where=(User.user_name == current_user_name))
task_access_key = generate_access_key(
task.id, current_user_name).decode("utf-8")
TaskService.update(fields=({
Task.access_key: task_access_key
}),
where=(Task.id == task.id))
scan_celery.delay(post_data, task.id, current_user_name,
TaskStatus.WORKING)
return jsonify(status=200,
message="创建任务成功",
data={
"task_id": task.id,
"full_name": current_user["full_name"],
"create_time": get_current_time(),
"task_access_key": task_access_key
})
except Exception as e:
logger.exception("create_task exception")
return jsonify(status=500,
message="未知异常",
data={"extra_info": "创建任务时出现未知异常,请联系管理员查看异常日志"})
def scan_celery(package, task_id, create_user, status):
"""
celey 调度模式扫描
注意,scan_celery函数只有在celey开启的时候才会
:param package:
:param task_id:
:param create_user:
:param status:
:return:
"""
logger.setLevel(logging.INFO)
logger.info(logo)
if status == TaskStatus.WORKING:
# 更新任务状态和hunter状态
current_task_status = TaskService.get_task_status(task_id=task_id)
if current_task_status and current_task_status < TaskStatus.WORKING:
TaskService.update(fields=({
Task.task_status: TaskStatus.WORKING
}),
where=(Task.id == task_id))
TaskService.update(fields=({
Task.xssfork_status: TaskStatus.WORKING
}),
where=(Task.id == task_id))
logger.warn(
"there is a task [task_id:{}, create_user:{}] has start".format(
task_id, create_user))
elif status == TaskStatus.KILLED:
try:
TaskService.update(fields=({
Task.xssfork_status: TaskStatus.DONE
}),
where=(Task.id == task_id))
current_task = TaskService.get_fields_by_where(
where=(Task.id == task_id))[0]
if current_task.hunter_status == TaskStatus.DONE and current_task.sqlmap_status == TaskStatus.DONE \
and current_task.xssfork_status == TaskStatus.DONE:
TaskService.update(fields=({
Task.task_status: TaskStatus.DONE
}),
where=(Task.id == task_id))
task_notice_celery.delay(
message={
"type": BroadCastType.TASK,
"action": BroadCastAction.COMPLETE_TASK_NOTIFICATION,
"data": {
"task_id": task_id
}
})
except Exception:
logger.exception("scan_celery error")
logger.warn(
"there is a task [task_id:{}, create_user:{}] has killed".format(
task_id, create_user))
else:
scan(package=package,
task_id=task_id,
create_user=create_user,
status=status)
def update_task():
"""
更新任务信息,最主要的是修改hook_url
:return:
"""
post_data = request.get_json(force=True)
if json_utils.has_dict_value_blank(post_data, ["hook_rule", "task_id"]):
return jsonify(status=400,
message="更新任务失败",
data={"extra_info": "请确认是否正确传入hook_rule,task_id参数"})
try:
post_hook_rule = post_data.get("hook_rule")
post_task_id = post_data.get("task_id")
current_user_name = session["user_name"]
# current_user_name = "b5mali4"
current_user = RedisService.get_user(current_user_name)
if UserTaskService.count(
where=(UserTask.user_id == int(current_user["id"]),
UserTask.task_id == post_task_id)) == 0:
return jsonify(status=403,
message="更新任务失败",
data={"extra_info": "请勿尝试非法更改非自己权限的任务"})
TaskService.update(fields=({
Task.hook_rule: post_hook_rule
}),
where=(Task.id == post_task_id))
RedisService.update_task_hook_rule(post_task_id, post_hook_rule)
return jsonify(status=200,
message="更新任务成功",
data={"extra_info": "修改成功,刷新页面即可看到更改结果"})
except Exception as e:
logger.exception("update_task exception")
if isinstance(e, UserNotFoundInRedisException):
return jsonify(status=403,
message="结束任务失败",
data={"extra_info": "请勿尝试非法关闭非自己权限任务"})
return jsonify(status=500,
message="未知异常",
data={"extra_info": "创建任务时出现未知异常,请联系管理员查看异常日志"})
def stop_task():
"""
关闭任务,关闭任务之后将用户任务信息进行持久化到数据库,包括结束任务时间
:return:
"""
post_data = request.get_json(force=True)
if json_utils.has_dict_value_blank(post_data, ["task_id"]):
return jsonify(status=400,
message="结束任务失败",
data={"extra_info": "task_id缺失,无法结束任务"})
post_task_id = int(post_data.get("task_id"))
current_user_name = session["user_name"]
try:
user = RedisService.get_user(current_user_name)
if UserTaskService.count(
where=(UserTask.user_id == user["id"],
UserTask.task_id == post_task_id)) == 0:
return jsonify(status=403,
message="结束任务失败",
data={"extra_info": "请勿尝试非法关闭非自己权限任务"})
task = TaskService.get_fields_by_where(
fields=(Task.task_status), where=(Task.id == post_task_id))[0]
if task.task_status in [TaskStatus.DONE, TaskStatus.KILLED]:
return jsonify(status=200,
message="结束任务成功",
data={
"fullname": user["full_name"],
"extra_info": "该任务早已经结束,请登录后台查看扫描结果",
"stop_time": get_current_time()
})
TaskService.update(fields=({
Task.task_status: TaskStatus.KILLED,
Task.killed_time: datetime.datetime.now()
}),
where=(Task.id == post_task_id))
UserService.update(fields=({
User.recent_operation_time:
datetime.datetime.now()
}),
where=(User.user_name == current_user_name))
scan_celery.delay(post_data, post_task_id, current_user_name,
TaskStatus.KILLED)
RedisService.stop_task(post_task_id)
RedisService.clean_urlclassifications(post_task_id)
return jsonify(status=200,
message="结束任务成功",
data={
"full_name":
user["full_name"],
"extra_info":
"请登录后台查看扫描结果",
"stop_time":
datetime.datetime.now().strftime("%Y-%m-%d %H:%M")
})
except Exception as e:
logger.exception("stop_task exception")
if isinstance(e, UserNotFoundInRedisException):
return jsonify(status=403,
message="结束任务失败",
data={
"extra_info": "认证失败,请重新登录进行授权",
"auth_site": ""
})
return jsonify(status=500,
message="未知异常",
data={"extra_info": "创建任务时出现未知异常,请联系管理员查看异常日志"})