def start(**kwargs):
"""
添加扫描任务
:param kwargs: 任务配置
:return:
"""
pro = None
try:
init()
result_file = '{0}.json'.format(kwargs.get("project_name"))
kwargs['result_file'] = result_file
pro = start_scan(**kwargs)
except SoftTimeLimitExceeded as ex:
logger.critical(ex)
if pro:
pro.update_scan_failed_status(ex)
except Exception as ex:
import traceback;traceback.print_exc()
logger.critical(ex)
except KeyboardInterrupt:
logger.error("user aborted")
except SystemExit:
raise
return False
def setUp(self):
init()
self.work_dir = os.path.join(BASEDIR, 'tests', 'data', 'seecode')
def setUp(self):
init()
def __init__(self, **kwargs):
"""
:param kwargs:
"""
self._logger = None
self._paths_log = ''
self._log_file = ''
self._remote_paths = ''
self._paths_project_origin = None
self._paths_project_scan = None
self._branch_commit = None
self._git = None
self._rotate_handler = None
self._statistics = {
'depends': [],
'file': [],
'total': 0,
'size': 0, # KB
'language': '',
'risk': {},
}
# scan
self._threads = parse_int_or_str(parse_int(kwargs.get('threads'), 20))
self._template = strip(kwargs.get('template'), display_type='lower')
self._template_full_path = strip(kwargs.get('template_full_path'))
self._work_dir = kwargs.get('work_dir') or '/data/seecode'
self._log_level = strip(kwargs.get('log_level')) or 'info'
self._task_id = parse_int(kwargs.get('task_id'))
self._project_name = strip(kwargs.get('project_name'))
self._project_branch = strip(kwargs.get('project_branch'))
self._project_ssh = strip(kwargs.get('project_ssh'))
self._project_web = strip(kwargs.get('project_web'))
self._project_local_path = strip(kwargs.get('project_local_path'))
self._project_type = strip(kwargs.get('project_type') or 'offline',
display_type='lower')
self._project_storage_type = strip(kwargs.get('project_storage_type'),
display_type='lower')
self._project_file_origin_name = strip(
kwargs.get('project_file_origin_name'))
self._project_file_hash = strip(kwargs.get('project_file_hash'))
self._group_name = strip(kwargs.get('group_name'))
self._group_key = strip(kwargs.get('group_key'))
# 强制更新代码,必须为线上项目
self._force_sync_code = parse_bool(kwargs.get('force_sync_code',
False))
# 强制扫描项目
self._force_project_scan = parse_bool(
kwargs.get('force_project_scan', False))
# 同步漏洞到 SeeCode Audit 服务端
self._sync_vuln_to_server = parse_bool(
kwargs.get('sync_vuln_to_server', False))
# 取证偏移
self._evidence_start_line_offset = parse_int(
kwargs.get('evidence_start_line_offset'), -1)
# 合并相同组件漏洞(依赖文件包含)
self._component_same_vuln_merge_enable = parse_bool(
kwargs.get('component_same_vuln_merge_enable', True))
self._evidence_count = parse_int(kwargs.get('evidence_count'), 5)
self._result_file = strip(kwargs.get('result_file'))
self._result_format = strip(kwargs.get('result_format'))
self._is_cli_call = parse_bool(kwargs.get('is_cli_call'))
self._issue_statistic_type = ['vulnerability']
self._send_size = parse_int_or_str(strip(kwargs.get('send_size', 50)))
# distributed
self._distributed = kwargs.get('distributed', conf.distributed)
self.storage = {}
self.__check_scan_parameters()
self.__init_work_dir()
self.__init_logger()
self.cp = CopyCMD()
self.find = FindCMD()
# check scan template
profile = os.path.join(paths.ROOT_PROFILE_PATH,
'{0}.xml'.format(self._template))
stat = os.stat(profile)
if not all((kb, kb.profiles)):
init()
if self._template_full_path and os.path.isfile(
self._template_full_path):
load_scan_template(template_file_path=self._template_full_path)
else:
load_scan_template()
kb.profiles_time[self._template] = stat.st_ctime
if kb.profiles_time[self._template] != stat.st_ctime:
load_scan_template()
kb.profiles_time[self._template] = stat.st_ctime
# result
if self.key not in kb.result:
kb.result[self.key] = {}
if not self._result_file:
self._result_file = '{0}.json'.format(self._task_id
or self._project_name)
if not self._result_file.startswith('/'):
self._result_file = os.path.join(self._paths_log,
self._result_file)
# remote storage
self.__init_distributed()
self._remote_log = os.path.join(self._remote_paths,
os.path.basename(self._log_file))
self._remote_result = os.path.join(self._remote_paths,
os.path.basename(self._result_file))
# scan task
if isinstance(self._task_id, int):
self._task_status = TaskStatus(task_id=self._task_id,
server=conf.server.domain,
server_token=conf.server.token,
logger=self.logger)
if self._sync_vuln_to_server:
self._task_status.update_initialization(
scan_template=self._template,
scan_template_version=kb.profiles[self._template].version,
log_path=self._remote_log,
)
else:
self._task_status = None
if self._template not in kb.profiles:
msg = "[ScanProject] Didn't find '{0}' template.".format(
self._template)
if self._task_status and self._sync_vuln_to_server:
self.update_scan_failed_status(msg)
raise ScanTemplateNotFound(msg)
def main():
"""
:return:
"""
try:
init()
args = cmd_line()
_mergeOptions(args, conf)
t1 = time.time()
if conf.agent.enable_monitor:
agent = AgentServices()
agent.start_monitor()
exit(0)
elif conf.general.enable_upgrade:
um = UpgradeManage()
um.start_upgrade()
exit(0)
elif conf.celery.enable:
cmd_list = [
'cd', BASEDIR, '&&',
get_python_path(), '$(which celery)', 'worker', '-A',
'seecode_scanner.celeryctl.celery_app', '-c',
str(conf.celery.concurrency), '-Q', 'seecode', '-n',
conf.celery.name
]
logger.info(' '.join(cmd_list))
os.system(' '.join(cmd_list))
exit(0)
elif conf.scan.project_path:
if not all((
args.project_path,
args.project_name,
)):
print("[*] Missing '--scan-path, --name' key parameters.\n")
exit(0)
# scan
start_scan(
task_id=conf.scan.task_id,
template=conf.scan.template,
template_full_path=conf.scan.template_full_path,
threads=conf.scan.threads,
log_level=conf.scan.log_level,
work_dir=conf.scan.work_dir,
project_name=conf.scan.project_name,
project_local_path=conf.scan.project_path,
project_branch=conf.scan.project_branch,
project_ssh=conf.scan.project_ssh,
project_web=conf.scan.project_web,
project_type=conf.scan.project_type,
project_storage_type=conf.scan.project_storage_type,
group_name=conf.scan.group_name,
group_key=conf.scan.group_key,
evidence_start_line_offset=conf.scan.evidence_start_line_offset,
evidence_count=conf.scan.evidence_count,
result_file=conf.scan.result_file,
result_format=conf.scan.result_format,
sync_vuln_to_server=conf.scan.sync_vuln_to_server,
force_sync_code=conf.scan.force_sync_code,
is_cli_call=True,
)
logger.info('Analysis completed, time consuming: {0}s'.format(
round(time.time() - t1, 2)))
except Exception as ex:
import traceback
traceback.print_exc()
if conf.scan.log_level == 'debug':
import traceback
traceback.print_exc()
logger.critical(ex)
exit(-1)
except KeyboardInterrupt:
logger.error("user aborted")
except EOFError:
logger.error("exit")
except SystemExit:
raise