def load_poc_file_as_module(dir_or_file, filename=None): '''加载 POC 文件为 Python module :return: imp.load_source 的结果 ''' if filename is None: (dir, name) = (os.path.dirname(dir_or_file), os.path.basename(dir_or_file)) else: (dir, name) = (dir_or_file, filename) mod_name = '{}-{}'.format( os.path.basename(name).rstrip('.py'), str(uuid.uuid4()) ).replace('.', '_') poc_file = os.path.join(dir, name) try: logger.debug('Loading {}'.format(poc_file)) return imp.load_source( 'CScanPoc.{}'.format(mod_name), poc_file) except Exception as e: logger.error('Error loading {} {}'.format(poc_file, e)) raise e
def load_file_as_module(dir_or_file, filename=None): '''加载 POC 文件为 Python module :param dir_or_file: @param{filename} 为空时,将该参数当作文件路径加载 :param filename: 不为空时,加载 @param{dir_or_file} 目录下的该文件 :return: imp.load_source 的结果 ''' if filename is None: (dirpath, name) = (path.dirname(dir_or_file), path.basename(dir_or_file)) else: (dirpath, name) = (dir_or_file, filename) mod_name = '{}-{}'.format( path.basename(name).rstrip('.py'), str(uuid.uuid4())).replace('.', '_') poc_file = path.join(dirpath, name) try: logger.debug('Loading %s', poc_file) return imp.load_source('CScanPoc.{}'.format(mod_name), poc_file) except Exception as err: logger.error('Error loading %s %s', poc_file, err) raise
def sync_vuln_detail(self, vuln_detail_dir, vuln_detail_static_dir, vuln_ids=None): ''' :param vuln_detail_dir: 漏洞详情存放目录 - htmls/... - imgs/... :param vuln_detail_static_dir: Cscan 站点漏洞静态资源目录 :param vuln_ids: 为空/空列表时同步所有,为列表时只同步列表中指定的漏洞 ID ''' logger.info('同步漏洞详情') vuln_update_sql = '''UPDATE vuln SET exploit=%s WHERE vuln_id=%s''' cursor = self.cnx.cursor() for f in Path(path.join(vuln_detail_dir, 'htmls')).glob('**/*.html'): vuln_id = f.name.rstrip('.html') if vuln_ids and vuln_id not in vuln_ids: continue logger.info('同步 %s' % f) try: cursor.execute(vuln_update_sql, (f.read_text(), vuln_id)) except Exception as e: logger.error('更新失败 %s' % f, e) self.cnx.commit() if vuln_detail_static_dir: logger.info('同步静态资源') src_path = path.join(vuln_detail_dir, 'imgs') img_path = path.join(vuln_detail_static_dir, 'imgs') if not path.exists(img_path): os.makedirs(img_path) for i in os.listdir(src_path): fp = path.join(src_path, i) if not path.isfile(fp): continue logger.debug('同步 %s' % i) copyfile(fp, path.join(img_path, i))