def delete_container_task(container_vul, user_info, request_ip):
"""
删除漏洞容器
:param container_vul: container vul
:param user_info: user info
:param request_ip: request ip
:return:
"""
user_id = user_info.id
task_id = create_delete_container_task(container_vul=container_vul,
user_info=user_info)
if user_info.is_superuser or user_id == container_vul.user_id:
operation_args = ContainerVulSerializer(container_vul).data
sys_log = SysLog(user_id=user_id,
operation_type="容器",
operation_name="删除",
ip=request_ip,
operation_value=operation_args["vul_name"],
operation_args=json.dumps(operation_args))
sys_log.save()
# 下发停止容器任务
delete_container.delay(task_id)
else:
task_info = TaskInfo.objects.filter(task_id=task_id).first()
task_info.task_msg = json.dumps(R.build(msg="权限不足"))
task_info.task_status = 3
task_info.update_date = timezone.now()
task_info.save()
return task_id
def delete_image(self, request, pk=None):
"""
删除镜像
:param request:
:param pk:
:return:
"""
user = request.user
if not user.is_superuser:
return JsonResponse(R.build(msg="权限不足"))
img_info = ImageInfo.objects.filter(image_id=pk).first()
if not img_info:
return JsonResponse(R.ok())
operation_args = ImageInfoSerializer(img_info).data
request_ip = get_request_ip(request)
sys_log = SysLog(user_id=user.id,
operation_type="镜像",
operation_name="删除",
operation_value=operation_args["image_vul_name"],
operation_args=json.dumps(operation_args),
ip=request_ip)
sys_log.save()
image_id = img_info.image_id
container_vul = ContainerVul.objects.filter(image_id=image_id)
data_json = ContainerVulSerializer(container_vul, many=True)
if container_vul.count() == 0:
img_info.delete()
return JsonResponse(R.ok())
else:
return JsonResponse(
R.build(msg="镜像正在使用,无法删除!", data=data_json.data))
def check_flag(self, request, pk=None):
flag = request.GET.get('flag', None)
container_vul = self.get_object()
user_info = request.user
user_id = user_info.id
operation_args = ContainerVulSerializer(container_vul).data
request_ip = get_request_ip(request)
sys_log = SysLog(user_id=user_id,
operation_type="容器",
operation_name="提交Flag",
operation_value=operation_args["vul_name"],
operation_args={"flag": flag},
ip=request_ip)
sys_log.save()
if user_id != container_vul.user_id:
return JsonResponse(R.build(msg="Flag 与用户不匹配"))
if not flag:
return JsonResponse(R.build(msg="Flag不能为空"))
if flag != container_vul.container_flag:
return JsonResponse(R.build(msg="flag错误"))
else:
if not container_vul.is_check:
# 更新为通过
container_vul.is_check_date = timezone.now()
container_vul.is_check = True
container_vul.save()
# 停止 Docker
tasks.stop_container_task(container_vul=container_vul,
user_info=user_info,
request_ip=get_request_ip(request))
return JsonResponse(R.ok())
def status_container(self, request, pk=None):
container_vul = self.get_object()
user_id = request.user.id
operation_args = ContainerVulSerializer(container_vul).data
request_ip = get_request_ip(request)
sys_log = SysLog(user_id=user_id, operation_type="镜像", operation_name="状态",
operation_value=operation_args["vul_name"], operation_args=operation_args,
ip=request_ip)
sys_log.save()
if container_vul.user_id != user_id:
return JsonResponse({"code": "2003", "msg": "与用户不匹配"})
info = ContainerVulSerializer(container_vul)
rs_data = info.data
return JsonResponse(rs_data)
def check_flag(self, request, pk=None):
flag = request.GET.get('flag', None)
container_vul = self.get_object()
user_id = request.user.id
operation_args = ContainerVulSerializer(container_vul).data
request_ip = get_request_ip(request)
sys_log = SysLog(user_id=user_id, operation_type="镜像", operation_name="提交Flag",
operation_value=operation_args["vul_name"], operation_args={"flag": flag},
ip=request_ip)
sys_log.save()
if user_id != container_vul.user_id:
return JsonResponse({"code": "2003", "msg": "与用户不匹配"})
if not flag:
return JsonResponse({"code": "2003", "msg": "Flag不能为空"})
try:
if flag != container_vul.container_flag:
return JsonResponse({"code": "2001", "msg": "flag错误"})
else:
if not container_vul.is_check:
# 更新为通过
container_vul.is_check_date = django.utils.timezone.now()
container_vul.is_check = True
try:
docker_container_id = container_vul.docker_container_id
docker_container = client.containers.get(container_id=docker_container_id)
docker_container.stop()
container_vul.container_status = 'stop'
container_vul.save()
except Exception as e:
pass
return JsonResponse({"code": "2000", "msg": "OK"}, status=201)
except Exception as e:
return JsonResponse({"code": "2002", "msg": str(e)})
def delete_container(self, request, pk=None):
user_info = request.user
container_vul = self.get_object()
user_id = user_info.id
operation_args = ContainerVulSerializer(container_vul).data
request_ip = get_request_ip(request)
sys_log = SysLog(user_id=user_id, operation_type="镜像", operation_name="删除",
operation_value=operation_args["vul_name"], operation_args=operation_args,
ip=request_ip)
sys_log.save()
if user_info.is_superuser or user_id == container_vul.user_id:
# docker 连接容器ID
docker_container_id = container_vul.docker_container_id
try:
# 连接Docker容器
docker_container = client.containers.get(docker_container_id)
# 停止容器运行
docker_container.stop()
# 删除容器
docker_container.remove()
except Exception as e:
print(e)
# 删除对象
container_vul.delete()
return JsonResponse({"msg": "删除成功", "code": "201"}, status=201)
else:
return JsonResponse({"msg": "权限不足", "code": "202"})
def stop_container(self, request, pk=None):
"""
停止容器运行
:param request:
:param pk:
:return:
"""
user_info = request.user
container_vul = self.get_object()
user_id = user_info.id
operation_args = ContainerVulSerializer(container_vul).data
request_ip = get_request_ip(request)
sys_log = SysLog(user_id=user_id, operation_type="镜像", operation_name="停止",
operation_value=operation_args["vul_name"], operation_args=operation_args,
ip=request_ip)
sys_log.save()
if user_info.is_superuser or user_id == container_vul.user_id:
try:
# docker 连接容器ID
docker_container_id = container_vul.docker_container_id
# 连接 Docker 容器
docker_container = client.containers.get(docker_container_id)
docker_container.stop()
container_vul.container_status = 'stop'
container_vul.save()
return JsonResponse({"msg": "停止成功", "code": "202"}, status=201)
except NotFound as not_found:
container_vul.delete()
return JsonResponse({"msg": "停止成功", "code": "202"}, status=201)
except Exception as e:
return JsonResponse({"msg": "停止失败,服务器内部错误", "code": "500"}, status=500)
else:
return JsonResponse({"msg": "权限不足", "code": "202"})
def check_flag(self, request, pk=None):
"""
验证Flag是否正确
:param request:
:param pk:
:return:
"""
request = self.request
flag = request.GET.get('flag', "")
container_vul = self.get_object()
user_info = request.user
user_id = user_info.id
operation_args = ContainerVulSerializer(container_vul).data
request_ip = get_request_ip(request)
sys_log = SysLog(user_id=user_id,
operation_type="容器",
operation_name="提交Flag",
operation_value=operation_args["vul_name"],
operation_args={"flag": flag},
ip=request_ip)
sys_log.save()
if user_id != container_vul.user_id:
return JsonResponse(R.build(msg="Flag 与用户不匹配"))
if not flag:
return JsonResponse(R.build(msg="Flag不能为空"))
if flag != container_vul.container_flag:
return JsonResponse(R.build(msg="flag错误"))
else:
if not container_vul.is_check:
# 更新为通过
container_vul.is_check_date = timezone.now()
container_vul.is_check = True
container_vul.save()
# 检测是否在时间模式中
now_time = datetime.datetime.now().timestamp()
time_moudel_data = TimeMoudel.objects.filter(
user_id=user_id, end_time__gte=now_time).first()
if time_moudel_data:
rank = 0
time_model_id = time_moudel_data.time_id
successful = ContainerVul.objects.filter(
is_check=True,
user_id=user_id,
time_model_id=time_model_id)
rd = TimeRank.objects.filter(
time_temp_id=time_moudel_data.temp_time_id_id,
user_id=user_id).first()
for i in successful:
rank += i.image_id.rank
if rank >= rd.rank:
rd.rank = rank
rd.save()
# 停止 Docker
tasks.stop_container_task(container_vul=container_vul,
user_info=user_info,
request_ip=get_request_ip(request))
return JsonResponse(R.ok())
