def load_poc_file_as_module(dir_or_file, filename=None):
'''加载 POC 文件为 Python module
:return: imp.load_source 的结果
'''
if filename is None:
(dir, name) = (os.path.dirname(dir_or_file), os.path.basename(dir_or_file))
else:
(dir, name) = (dir_or_file, filename)
mod_name = '{}-{}'.format(
os.path.basename(name).rstrip('.py'),
str(uuid.uuid4())
).replace('.', '_')
poc_file = os.path.join(dir, name)
try:
logger.debug('Loading {}'.format(poc_file))
return imp.load_source(
'CScanPoc.{}'.format(mod_name), poc_file)
except Exception as e:
logger.error('Error loading {} {}'.format(poc_file, e))
raise e
def load_file_as_module(dir_or_file, filename=None):
'''加载 POC 文件为 Python module
:param dir_or_file: @param{filename} 为空时,将该参数当作文件路径加载
:param filename: 不为空时,加载 @param{dir_or_file} 目录下的该文件
:return: imp.load_source 的结果
'''
if filename is None:
(dirpath, name) = (path.dirname(dir_or_file),
path.basename(dir_or_file))
else:
(dirpath, name) = (dir_or_file, filename)
mod_name = '{}-{}'.format(
path.basename(name).rstrip('.py'),
str(uuid.uuid4())).replace('.', '_')
poc_file = path.join(dirpath, name)
try:
logger.debug('Loading %s', poc_file)
return imp.load_source('CScanPoc.{}'.format(mod_name), poc_file)
except Exception as err:
logger.error('Error loading %s %s', poc_file, err)
raise
def sync_vuln_detail(self,
vuln_detail_dir,
vuln_detail_static_dir,
vuln_ids=None):
'''
:param vuln_detail_dir: 漏洞详情存放目录
- htmls/...
- imgs/...
:param vuln_detail_static_dir: Cscan 站点漏洞静态资源目录
:param vuln_ids: 为空/空列表时同步所有,为列表时只同步列表中指定的漏洞 ID
'''
logger.info('同步漏洞详情')
vuln_update_sql = '''UPDATE vuln SET exploit=%s WHERE vuln_id=%s'''
cursor = self.cnx.cursor()
for f in Path(path.join(vuln_detail_dir, 'htmls')).glob('**/*.html'):
vuln_id = f.name.rstrip('.html')
if vuln_ids and vuln_id not in vuln_ids:
continue
logger.info('同步 %s' % f)
try:
cursor.execute(vuln_update_sql, (f.read_text(), vuln_id))
except Exception as e:
logger.error('更新失败 %s' % f, e)
self.cnx.commit()
if vuln_detail_static_dir:
logger.info('同步静态资源')
src_path = path.join(vuln_detail_dir, 'imgs')
img_path = path.join(vuln_detail_static_dir, 'imgs')
if not path.exists(img_path):
os.makedirs(img_path)
for i in os.listdir(src_path):
fp = path.join(src_path, i)
if not path.isfile(fp):
continue
logger.debug('同步 %s' % i)
copyfile(fp, path.join(img_path, i))