Exemple #1
0
    def pull_code(self, branch='master'):
        logging.info('Gitlab project')
        # Git
        if 'gitlab' in self.target:
            username = config.Config('git', 'username').value
            password = config.Config('git', 'password').value
        else:
            username = None
            password = None
        gg = git.Git(self.target,
                     branch=branch,
                     username=username,
                     password=password)

        # Git Clone Error
        try:
            clone_ret, clone_err = gg.clone()
            if clone_ret is False:
                return 4001, 'Clone Failed ({0})'.format(clone_err), gg
        except NotExistError:
            # update project status
            p = CobraProjects.query.filter_by(repository=self.target).first()
            if p is not None:
                if p.status == CobraProjects.get_status('on'):
                    p.status = CobraProjects.get_status('off')
                    db.session.add(p)
                    db.session.commit()
            return 4001, 'Repository Does not exist!', gg
        except AuthError:
            logging.critical('Git Authentication Failed')
            return 4001, 'Repository Authentication Failed', gg
        return 1001, 'Success', gg
Exemple #2
0
def test_rule():
    vc = ValidateClass(request, 'rid', 'pid')
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(code=4004, message=msg)

    # all projects
    if int(vc.vars.pid) == 0:
        project_directory = os.path.join(config.Config('upload', 'directory').value, 'versions')
    else:
        project = CobraProjects.query.filter(CobraProjects.id == vc.vars.pid).first()
        if 'gitlab' in project.repository or 'github' in project.repository:
            username = config.Config('git', 'username').value
            password = config.Config('git', 'password').value
            gg = git.Git(project.repository, branch='master', username=username, password=password)
            clone_ret, clone_err = gg.clone()
            if clone_ret is False:
                return jsonify(code=4001, message='Clone Failed ({0})'.format(clone_err))
            project_directory = gg.repo_directory
        else:
            project_directory = project.repository
    data = static.Static(project_directory, project_id=vc.vars.pid, rule_id=vc.vars.rid).analyse(test=True)
    data = '\r\n'.join(data)
    return jsonify(code=1001, message=data)
Exemple #3
0
 def test_git_diff(self):
     filename = 'test.php'
     git = git.Git(filename, '123', '124')
     git_diff = git.diff()
     print git_diff
Exemple #4
0
    def version(self, branch=None, new_version=None, old_version=None):
        # Gitlab
        if '.git' in self.target:
            logging.info('Gitlab project')
            # Git
            if 'gitlab' in self.target:
                username = config.Config('git', 'username').value
                password = config.Config('git', 'password').value
            else:
                username = None
                password = None
            gg = git.Git(self.target, branch=branch, username=username, password=password)
            repo_author = gg.repo_author
            repo_name = gg.repo_name
            repo_directory = gg.repo_directory
            # Git Clone Error
            clone_ret, clone_err = gg.clone()
            if clone_ret is False:
                return 4001, 'Clone Failed ({0})'.format(clone_err)
        elif 'svn' in self.target:
            # SVN
            repo_name = 'mogujie'
            repo_author = 'all'
            repo_directory = config.Config('upload', 'directory').value
        else:
            repo_name = 'Local Project'
            repo_author = getpass.getuser()
            repo_directory = self.target
            if not os.path.exists(repo_directory):
                return 1004, 'repo directory not exist ({0})'.format(repo_directory)

        if new_version == "" or old_version == "":
            scan_way = 1
        else:
            scan_way = 2
        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        # insert into task info table.
        task = CobraTaskInfo(self.target, branch, scan_way, new_version, old_version, 0, 0, 0, 1, 0, 0, current_time, current_time)

        p = CobraProjects.query.filter_by(repository=self.target).first()
        project = None

        # detection framework for project
        framework, language = detection.Detection(repo_directory).framework()
        if framework != '' or language != '':
            project_framework = '{0} ({1})'.format(framework, language)
        else:
            project_framework = ''
        project_id = 0
        if not p:
            # insert into project table.
            project = CobraProjects(self.target, '', repo_name, repo_author, project_framework, '', '', 1, current_time)
        else:
            project_id = p.id
            # update project's framework
            p.framework = project_framework
            db.session.add(p)
        try:
            db.session.add(task)
            if not p:
                db.session.add(project)
            db.session.commit()
            if not p:
                project_id = project.id
            cobra_path = os.path.join(config.Config().project_directory, 'cobra.py')

            if os.path.isfile(cobra_path) is not True:
                return 1004, 'cobra.py not found'
            # scan vulnerability
            subprocess.Popen(['python', cobra_path, "scan", "-p", str(project_id), "-i", str(task.id), "-t", repo_directory])
            # statistic code
            subprocess.Popen(['python', cobra_path, "statistic", "-i", str(task.id), "-t", repo_directory])
            # check repair
            subprocess.Popen(['python', cobra_path, "repair", "-p", str(project_id)])
            result = dict()
            result['scan_id'] = task.id
            result['project_id'] = project_id
            result['msg'] = u'success'
            return 1001, result
        except Exception as e:
            return 1004, 'Unknown error, try again later?' + e.message
Exemple #5
0
    def version(self, branch=None, new_version=None, old_version=None):
        # Gitlab
        if '.git' in self.target:
            # Git
            if 'gitlab' in self.target:
                username = config.Config('git', 'username').value
                password = config.Config('git', 'password').value
            else:
                username = False
                password = False
            gg = git.Git(self.target, branch=branch, username=username, password=password)
            repo_author = gg.repo_author
            repo_name = gg.repo_name
            repo_directory = gg.repo_directory
            # Git Clone Error
            if gg.clone() is False:
                return 4001, 'Clone Failed'
        elif 'svn' in self.target:
            # SVN
            repo_name = 'mogujie'
            repo_author = 'all'
            repo_directory = os.path.join(config.Config('upload', 'directory').value, 'versions/mogujie')
        else:
            return 1005, 'Repository must contained .git or svn'

        if new_version == "" or old_version == "":
            scan_way = 1
        else:
            scan_way = 2

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        # insert into task info table.
        task = CobraTaskInfo(self.target, branch, scan_way, new_version, old_version, 0, 0, 0, 1, 0, 0, current_time, current_time)

        p = CobraProjects.query.filter_by(repository=self.target).first()
        project = None

        # detection framework for project
        framework, language = detection.Detection(repo_directory).framework()
        project_framework = '{0} ({1})'.format(framework, language)
        if not p:
            # insert into project table.
            project = CobraProjects(self.target, '', repo_name, repo_author, project_framework, '', '', current_time)
            project_id = project.id
        else:
            project_id = p.id

            # update project's framework
            p.framework = project_framework
            db.session.add(p)
            db.session.commit()
        try:
            db.session.add(task)
            if not p:
                db.session.add(project)
            db.session.commit()

            cobra_path = os.path.join(config.Config().project_directory, 'cobra.py')

            if os.path.isfile(cobra_path) is not True:
                return 1004, 'Cobra Not Found'
            # Start Scanning
            subprocess.Popen(['python', cobra_path, "scan", "-p", str(project_id), "-i", str(task.id), "-t", repo_directory])
            # Statistic Code
            subprocess.Popen(['python', cobra_path, "statistic", "-i", str(task.id), "-t", repo_directory])
            result = dict()
            result['scan_id'] = task.id
            result['project_id'] = project_id
            result['msg'] = u'success'
            return 1001, result
        except Exception as e:
            return 1004, 'Unknown error, try again later?' + e.message