Python Git Exemples

Exemple #1

Fichier : test.py Projet : sigma-random/cobra

    def test_hard_coded_password(self):
        import os
        from app.models import CobraProjects, CobraResults
        from pickup.git import Git
        from utils import config, common
        projects = CobraProjects.query.order_by(CobraProjects.id.asc()).all()
        rank = []
        offline = []
        for project in projects:
            hard_coded_password_rule_ids = [137, 135, 134, 133, 132, 130, 129, 124, 123, 122]
            count_total = CobraResults.query.filter(CobraResults.project_id == project.id, CobraResults.rule_id.in_(hard_coded_password_rule_ids)).count()

            # detect project Cobra configuration file
            if project.repository[0] == '/':
                project_directory = project.repository
            else:
                project_directory = Git(project.repository).repo_directory
            cobra_properties = config.properties(os.path.join(project_directory, 'cobra'))
            need_scan = True
            if 'scan' in cobra_properties:
                need_scan = common.to_bool(cobra_properties['scan'])
            if need_scan:
                count_fixed = CobraResults.query.filter(CobraResults.project_id == project.id, CobraResults.rule_id.in_(hard_coded_password_rule_ids), CobraResults.status == 2).count()
                count_not_fixed = count_total - count_fixed
                remark = ''
            else:
                count_fixed = 0
                count_not_fixed = 0
                remark = 'offline'
            if count_total != 0:
                s = {
                    'name': project.name,
                    'id': project.id,
                    'not_fixed': count_not_fixed,
                    'fixed': count_fixed,
                    'total': count_total,
                    'remark': remark,
                    'author': project.author
                }
                if s['remark'] == 'offline':
                    offline.append(s)
                else:
                    rank.append(s)
        rank = sorted(rank, key=lambda x: x['not_fixed'], reverse=True)
        for r in rank:
            print("| [{0}](http://cobra.meili-inc.com/report/{1}) | {6} | {2} | {3} | {4} | {5} |".format(r['name'], r['id'], r['not_fixed'], r['fixed'], r['total'], r['remark'], r['author']))
        for r in offline:
            print("| [{0}](http://cobra.meili-inc.com/report/{1}) | {6} | {2} | {3} | {4} | {5} |".format(r['name'], r['id'], r['not_fixed'], r['fixed'], r['total'], r['remark'], r['author']))

Exemple #2

Fichier : __init__.py Projet : q1f3/cobra

 def run(self, pid=None):
     from app.models import CobraResults, CobraRules, CobraVuls
     from engine.core import Core
     from pickup.git import Git
     if pid is None:
         logging.critical("Please set --pid param")
         sys.exit()
     # Project info
     project_info = CobraProjects.query.filter_by(id=pid).first()
     if project_info.repository[0] == '/':
         project_directory = project_info.repository
     else:
         project_directory = Git(project_info.repository).repo_directory
     # Third-party ID
     vuln_all = CobraVuls.query.all()
     vuln_all_d = {}
     for vuln in vuln_all:
         vuln_all_d[vuln.id] = vuln.third_v_id
     # Not fixed vulnerabilities
     result_all = db.session().query(CobraRules, CobraResults).join(
         CobraResults, CobraResults.rule_id == CobraRules.id).filter(
             CobraResults.project_id == pid, CobraResults.status < 2).all()
     for index, (rule, result) in enumerate(result_all):
         # Rule
         result_info = {
             'task_id': result.task_id,
             'project_id': result.project_id,
             'project_directory': project_directory,
             'rule_id': result.rule_id,
             'result_id': result.id,
             'file_path': result.file,
             'line_number': result.line,
             'code_content': result.code,
             'third_party_vulnerabilities_name': rule.description,
             'third_party_vulnerabilities_type': vuln_all_d[rule.vul_id]
         }
         # White list
         white_list = []
         ws = CobraWhiteList.query.with_entities(
             CobraWhiteList.path).filter_by(project_id=result.project_id,
                                            rule_id=result.rule_id,
                                            status=1).all()
         if ws is not None:
             for w in ws:
                 white_list.append(w.path)
         Core(result_info, rule, project_info.name, white_list).repair()

Exemple #3

 def run(self, pid=None):
     from app.models import CobraResults, CobraRules, CobraVuls
     from engine.core import Core
     from pickup.git import Git
     if pid is None:
         logging.critical("Please set --pid param")
         sys.exit()
     # 项目信息
     project_info = CobraProjects.query.filter_by(id=pid).first()
     if project_info.repository[0] == '/':
         project_directory = project_info.repository
     else:
         project_directory = Git(project_info.repository).repo_directory
     # 漏洞第三方ID
     vuln_all = CobraVuls.query.all()
     vuln_all_d = {}
     for vuln in vuln_all:
         vuln_all_d[vuln.id] = vuln.third_v_id
     # 未修复的漏洞数据
     result_all = db.session().query(CobraRules, CobraResults).join(
         CobraResults, CobraResults.rule_id == CobraRules.id).filter(
             CobraResults.project_id == pid, CobraResults.status < 2).all()
     for index, (rule, result) in enumerate(result_all):
         # 核心规则校验
         result_info = {
             'task_id': result.task_id,
             'project_id': result.project_id,
             'project_directory': project_directory,
             'rule_id': result.rule_id,
             'file_path': result.file,
             'line_number': result.line,
             'code_content': result.code,
             'third_party_vulnerabilities_name': rule.description,
             'third_party_vulnerabilities_type': vuln_all_d[rule.vul_id]
         }
         ret_status, ret_result = Core(result_info, rule, project_info.name,
                                       []).repair()
         if ret_status is False:
             logging.info("修复 R: False {0}".format(ret_result))
             continue

Exemple #4

Fichier : route.py Projet : paranoidjk/cobra

def vulnerabilities_detail():
    v_id = request.form.get("id", None)
    # query result/rules/vulnerabilities
    v_detail = CobraResults.query.filter_by(id=v_id).first()
    rule_info = CobraRules.query.filter_by(id=v_detail.rule_id).first()
    vulnerabilities_description = CobraVuls.query.filter_by(
        id=rule_info.vul_id).first()

    if rule_info.author.strip() == '':
        rule_info.author = 'Undefined'

    # get code content
    project = CobraProjects.query.filter_by(id=v_detail.project_id).first()
    if project.repository[0] == '/':
        # upload directory
        project_code_path = project.repository
    else:
        # git
        project_path_split = project.repository.replace('.git', '').split('/')
        project_path = os.path.join(project_path_split[3],
                                    project_path_split[4])
        upload = os.path.join(
            config.Config('upload', 'directory').value, 'versions')
        project_code_path = os.path.join(upload, project_path)
    if v_detail.file[0] == '/':
        v_detail.file = v_detail.file[1:]
    file_path = os.path.join(project_code_path, v_detail.file)

    if os.path.isfile(file_path) is not True:
        return jsonify(status_code=4004,
                       message='Failed get code: {0}'.format(file_path))

    # get committer
    c_ret, c_author, c_time = Git.committer(v_detail.file, project_code_path,
                                            v_detail.line)
    if c_ret is not True:
        c_author = 'Not support'
        c_time = 'Not support'

    code_content = ''
    fp = open(file_path, 'r')
    block_lines = 50
    if v_detail.line < block_lines:
        block_start = 0
        block_end = v_detail.line + block_lines
    else:
        block_start = v_detail.line - block_lines
        block_end = v_detail.line + block_lines
    for i, line in enumerate(fp):
        if block_start <= i <= block_end:
            code_content = code_content + line
    fp.close()

    return_data = {
        'detail': {
            'id': v_detail.id,
            'file': v_detail.file,
            'line_trigger': v_detail.line - block_start,
            'line_start': block_start + 1,
            'code': code_content,
            'c_ret': c_ret,
            'c_author': c_author,
            'c_time': c_time,
            'status': v_detail.status,
            'created': v_detail.created_at,
            'updated': v_detail.updated_at
        },
        'rule': {
            'id': rule_info.id,
            'language': rule_info.language,
            'description': rule_info.description,
            'repair': rule_info.repair,
            'author': rule_info.author,
            'level': rule_info.level,
            'status': rule_info.status,
            'created': rule_info.created_at,
            'updated': rule_info.updated_at
        },
        'description': {
            'id': vulnerabilities_description.id,
            'name': vulnerabilities_description.name,
            'description': vulnerabilities_description.description,
            'repair': vulnerabilities_description.repair,
            'third_v_id': vulnerabilities_description.third_v_id
        }
    }
    return jsonify(status_code=1001, message='success', data=return_data)

Exemple #5

def reports(vid, start_time, end_time):
    projects = CobraProjects.query.order_by(CobraProjects.id.asc()).all()
    rank = []
    count_project_not_fixed = 0
    count_project_fixed = 0
    count_vulnerability_not_fixed = 0
    count_vulnerability_fixed = 0

    special_rules_ids = []
    if vid is 0:
        vulnerability_fixed_week = CobraResults.query.with_entities(
            CobraResults.id).filter(
                CobraResults.updated_at > '2016-11-28 00:00:00',
                CobraResults.updated_at < '2016-11-04 23:59:59',
                CobraResults.status == 2).count()
        vulnerability_not_fixed_week = CobraResults.query.with_entities(
            CobraResults.id).filter(
                CobraResults.updated_at > '2016-11-28 00:00:00',
                CobraResults.updated_at < '2016-11-04 23:59:59',
                CobraResults.status < 2).count()
    else:
        rules = CobraRules.query.with_entities(
            CobraRules.id).filter(CobraRules.vul_id == vid).all()
        for rule in rules:
            special_rules_ids.append(rule.id)
        vulnerability_fixed_week = CobraResults.query.filter(
            CobraResults.rule_id.in_(special_rules_ids),
            CobraResults.created_at > '2016-11-28 00:00:00',
            CobraResults.created_at < '2016-11-04 23:59:59',
            CobraResults.status == 2).count()
        vulnerability_not_fixed_week = CobraResults.query.with_entities(
            CobraResults.id).filter(
                CobraResults.updated_at > '2016-11-28 00:00:00',
                CobraResults.updated_at < '2016-11-04 23:59:59',
                CobraResults.status < 2).count()

    filter_group = (
        CobraResults.created_at > '{0} 00:00:00'.format(start_time),
        CobraResults.created_at < '{0} 23:59:59'.format(end_time),
    )
    for project in projects:
        if vid is 0:
            filter_group_total_base = (CobraResults.project_id == project.id, )
            if start_time == '0' and end_time == '0':
                filter_group_total = filter_group_total_base + ()
                count_total = CobraResults.query.filter(
                    *filter_group_total).count()
            else:
                filter_group_total = filter_group + filter_group_total_base + (
                )
                count_total = CobraResults.query.filter(
                    *filter_group_total).count()
        else:
            filter_group_total_base = (
                CobraResults.project_id == project.id,
                CobraResults.rule_id.in_(special_rules_ids),
            )
            if start_time == '0' and end_time == '0':
                filter_group_total = filter_group_total_base + ()
                count_total = CobraResults.query.filter(
                    *filter_group_total).count()
            else:
                filter_group_total = filter_group + filter_group_total_base + (
                )
                count_total = CobraResults.query.filter(
                    *filter_group_total).count()

        # detect project Cobra configuration file
        if project.repository[0] == '/':
            project_directory = project.repository
        else:
            project_directory = Git(project.repository).repo_directory
        cobra_properties = config.properties(
            os.path.join(project_directory, 'cobra'))
        need_scan = True
        if 'scan' in cobra_properties:
            need_scan = common.to_bool(cobra_properties['scan'])
        if need_scan:
            if vid is 0:
                filter_group_fixed_base = (
                    CobraResults.project_id == project.id,
                    CobraResults.status == 2,
                )
                if start_time == '0' and end_time == '0':
                    filter_group_fixed = filter_group_fixed_base + ()
                    count_fixed = CobraResults.query.filter(
                        *filter_group_fixed).count()
                else:
                    filter_group_fixed = filter_group + filter_group_fixed_base + (
                    )
                    count_fixed = CobraResults.query.filter(
                        *filter_group_fixed).count()
            else:
                filter_group_fixed_base = (
                    CobraResults.project_id == project.id,
                    CobraResults.status == 2,
                    CobraResults.rule_id.in_(special_rules_ids))
                if start_time == '0' and end_time == '0':
                    filter_group_fixed = filter_group_fixed_base + ()
                    count_fixed = CobraResults.query.filter(
                        *filter_group_fixed).count()
                else:
                    filter_group_fixed = filter_group + filter_group_fixed_base + (
                    )
                    count_fixed = CobraResults.query.filter(
                        *filter_group_fixed).count()
            if project.status == 1:
                count_not_fixed = count_total - count_fixed
                remark = ''
            else:
                count_fixed = count_total
                count_not_fixed = 0
                remark = 'deleted'
        else:
            count_fixed = count_total
            count_not_fixed = 0
            remark = 'offline'
        if count_total != 0:
            if need_scan:
                if project.status == 1:
                    if count_not_fixed == 0:
                        count_project_fixed += 1
                        count_vulnerability_fixed += count_fixed
                        ret_whole = 'fixed'
                    else:
                        count_project_not_fixed += 1
                        count_vulnerability_fixed += count_fixed
                        count_vulnerability_not_fixed += count_not_fixed
                        ret_whole = 'not_fixed'
                else:
                    # deleted project
                    count_project_fixed += 1
                    count_vulnerability_fixed += count_fixed
                    ret_whole = 'fixed'
            else:
                count_project_fixed += 1
                count_vulnerability_fixed += count_fixed
                ret_whole = 'fixed'
            report = 'http://' + config.Config(
                'cobra', 'domain').value + '/report/' + str(project.id)
            s = {
                'name': project.name,
                'id': project.id,
                'not_fixed': count_not_fixed,
                'fixed': count_fixed,
                'total': count_total,
                'remark': remark,
                'author': project.author,
                'report': report,
                'class': ret_whole
            }
            rank.append(s)
    rank = sorted(rank, key=lambda x: x['not_fixed'], reverse=True)
    vulnerabilities_types = CobraVuls.query.all()
    if start_time == '0':
        start_time = ''
    if end_time == '0':
        end_time = ''
    data = {
        'rank': rank,
        'vulnerabilities_types': vulnerabilities_types,
        'vid': vid,
        'count': {
            'vulnerability': {
                'not_fixed': count_vulnerability_not_fixed,
                'fixed': count_vulnerability_fixed,
                'total':
                count_vulnerability_not_fixed + count_vulnerability_fixed
            },
            'project': {
                'not_fixed': count_project_not_fixed,
                'fixed': count_project_fixed,
                'total': count_project_not_fixed + count_project_fixed
            },
            'week': {
                'fixed':
                "{0}({1})".format(
                    vulnerability_fixed_week,
                    common.percent(vulnerability_fixed_week,
                                   count_vulnerability_fixed)),
                'not_fixed':
                "{0}({1})".format(
                    vulnerability_not_fixed_week,
                    common.percent(vulnerability_not_fixed_week,
                                   count_vulnerability_not_fixed))
            }
        },
        'filter': {
            'start': start_time,
            'end': end_time
        }
    }
    return render_template("backend/report/report.html", data=data)

Exemple #6

Fichier : route.py Projet : bongwa/cobra

def report(project_id):
    # 待搜索的task id
    search_task_id = request.args.get("search_task", "")
    search_task_id = None if search_task_id == "all" or search_task_id == "" else search_task_id
    # 判断project id 和 task id 是否存在
    # 获取 project id 相关的信息
    project_info = CobraProjects.query.filter(
        CobraProjects.id == project_id).first()
    if project_info is None:
        # 没有该project id
        abort(404)

    # 获取task信息
    if search_task_id is None:
        # 没有传入task id，获取该project的最新task，用于获取task的基础信息
        task_info = CobraTaskInfo.query.filter(
            CobraTaskInfo.target == project_info.repository).order_by(
                CobraTaskInfo.id.desc()).first()
    else:
        # 传入了task id，获取信息
        task_info = CobraTaskInfo.query.filter(
            CobraTaskInfo.id == search_task_id).first()

    # 判断是否取得task info
    if task_info is None:
        abort(404)

    # 获取 task info 中的部分信息
    code_number = u"统计中..." \
        if task_info.code_number is None or task_info.code_number == 0 \
        else common.convert_number(task_info.code_number)

    # 时间戳->datetime
    time_start = time.strftime("%H:%M:%S",
                               time.localtime(task_info.time_start))
    time_end = time.strftime("%H:%M:%S", time.localtime(task_info.time_end))

    # 任务信息
    tasks = CobraTaskInfo.query.filter_by(
        target=project_info.repository).order_by(
            CobraTaskInfo.updated_at.desc()).all()

    # 没有指定task id，获取该project的所有扫描结果
    # 指定了task id，选取该task的结果
    if search_task_id is None:
        # Default task id
        search_task_id = tasks[0].id

        # 获取漏洞总数
        scan_results_number = CobraResults.query.filter(
            CobraResults.project_id == project_id).count()
        # scan_results_number = db.session.query(func.count()).filter(CobraResults.project_id == project_id)
        # 待修复的漏洞总数
        unrepair_results_number = CobraResults.query.filter(
            CobraResults.project_id == project_id,
            CobraResults.status < 2).count()
        # 已修复的漏洞总数
        repaired_results_number = CobraResults.query.filter(
            CobraResults.project_id == project_id,
            CobraResults.status == 2).count()
        # 获取出现的待修复的漏洞类型
        showed_vul_type = db.session.query(
            func.count().label("showed_vul_number"), CobraVuls.name,
            CobraVuls.id).filter(
                and_(CobraResults.project_id == project_id,
                     CobraResults.rule_id == CobraRules.id,
                     CobraVuls.id == CobraRules.vul_id)).group_by(
                         CobraVuls.name, CobraVuls.id).all()
        # 获取出现的待修复的规则类型
        showed_rule_type = db.session.query(
            CobraRules.description, CobraRules.id).filter(
                and_(CobraResults.project_id == project_id,
                     CobraResults.rule_id == CobraRules.id,
                     CobraVuls.id == CobraRules.vul_id)).group_by(
                         CobraRules.id).all()
        # 获取不同等级的 已修复 漏洞数量
        showed_repaired_level_number = db.session.query(
            func.count().label('vuln_number'), CobraRules.level).filter(
                and_(
                    CobraResults.project_id == project_id,
                    CobraResults.rule_id == CobraRules.id,
                    CobraResults.status == 2,
                    CobraVuls.id == CobraRules.vul_id,
                )).group_by(CobraRules.level).all()
        # 获取不同等级的 未修复 漏洞数量
        showed_unrepair_level_number = db.session.query(
            func.count().label('vuln_number'), CobraRules.level).filter(
                and_(
                    CobraResults.project_id == project_id,
                    CobraResults.rule_id == CobraRules.id,
                    CobraResults.status < 2,
                    CobraVuls.id == CobraRules.vul_id,
                )).group_by(CobraRules.level).all()
        # 获取不同等级的 总共 漏洞数量
        showed_level_number = db.session.query(
            func.count().label('vuln_number'), CobraRules.level).filter(
                and_(
                    CobraResults.project_id == project_id,
                    CobraResults.rule_id == CobraRules.id,
                    CobraVuls.id == CobraRules.vul_id,
                )).group_by(CobraRules.level).all()
    else:
        # 指定了task id， 选取该task的结果
        # 全部漏洞数量
        scan_results_number = CobraResults.query.filter(
            CobraResults.task_id == search_task_id).count()
        # 待修复的漏洞数量
        unrepair_results_number = CobraResults.query.filter(
            CobraResults.task_id == search_task_id,
            CobraResults.status < 2).count()
        # 已修复的漏洞数量
        repaired_results_number = CobraResults.query.filter(
            CobraResults.task_id == search_task_id,
            CobraResults.status == 2).count()
        # 获取出现的待修复的漏洞类型
        showed_vul_type = db.session.query(
            func.count().label("showed_vul_number"), CobraVuls.name,
            CobraVuls.id).filter(
                and_(CobraResults.task_id == search_task_id,
                     CobraResults.rule_id == CobraRules.id,
                     CobraVuls.id == CobraRules.vul_id)).group_by(
                         CobraVuls.name, CobraVuls.id).all()
        # 获取出现的待修复的规则类型
        showed_rule_type = db.session.query(
            CobraRules.description, CobraRules.id).filter(
                and_(CobraResults.task_id == search_task_id,
                     CobraResults.rule_id == CobraRules.id,
                     CobraVuls.id == CobraRules.vul_id)).group_by(
                         CobraRules.id).all()
        # 获取不同等级的 已修复 漏洞数量
        showed_repaired_level_number = db.session.query(
            func.count().label('vuln_number'), CobraRules.level).filter(
                and_(
                    CobraResults.task_id == search_task_id,
                    CobraResults.rule_id == CobraRules.id,
                    CobraResults.status == 2,
                    CobraVuls.id == CobraRules.vul_id,
                )).group_by(CobraRules.level).all()
        # 获取不同等级的 未修复 漏洞数量
        showed_unrepair_level_number = db.session.query(
            func.count().label('vuln_number'), CobraRules.level).filter(
                and_(
                    CobraResults.task_id == search_task_id,
                    CobraResults.rule_id == CobraRules.id,
                    CobraResults.status < 2,
                    CobraVuls.id == CobraRules.vul_id,
                )).group_by(CobraRules.level).all()
        # 获取不同等级的 总共 漏洞数量
        showed_level_number = db.session.query(
            func.count().label('vuln_number'), CobraRules.level).filter(
                and_(
                    CobraResults.task_id == search_task_id,
                    CobraResults.rule_id == CobraRules.id,
                    CobraVuls.id == CobraRules.vul_id,
                )).group_by(CobraRules.level).all()

    # 提供给筛选列表
    select_vul_type = list()
    # 存下每种漏洞数量
    chart_vuls_number = list()
    for r in showed_vul_type:
        select_vul_type.append([r[1], r[2]])
        chart_vuls_number.append({"vuls_name": r[1], "vuls_number": r[0]})
    select_rule_type = list()
    for r in showed_rule_type:
        select_rule_type.append([r[0], r[1]])
    # 统计不同等级的漏洞信息
    # 1-低危， 2-中危， 3-高危， 其他值-未定义
    # 总共数量
    low_level_number = medium_level_number = high_level_number = unknown_level_number = 0
    for every_level in showed_level_number:
        if every_level[1] == 1:
            low_level_number = every_level[0]
        elif every_level[1] == 2:
            medium_level_number = every_level[0]
        elif every_level[1] == 3:
            high_level_number = every_level[0]
        else:
            unknown_level_number = every_level[0]
    # 已经修复的数量
    repaired_low_level_number = repaired_medium_level_number = repaired_high_level_number = repaired_unknown_level_number = 0
    for every_level in showed_repaired_level_number:
        if every_level[1] == 1:
            repaired_low_level_number = every_level[0]
        elif every_level[1] == 2:
            repaired_medium_level_number = every_level[0]
        elif every_level[1] == 3:
            repaired_high_level_number = every_level[0]
        else:
            repaired_unknown_level_number = every_level[0]
    # 未修复的数量
    unrepair_low_level_number = unrepair_medium_level_number = unrepair_high_level_number = unrepair_unknown_level_number = 0
    for every_level in showed_unrepair_level_number:
        if every_level[1] == 1:
            unrepair_low_level_number = every_level[0]
        elif every_level[1] == 2:
            unrepair_medium_level_number = every_level[0]
        elif every_level[1] == 3:
            unrepair_high_level_number = every_level[0]
        else:
            unrepair_unknown_level_number = every_level[0]

    # 漏洞状态信息
    vuls_status = [
        {
            "status": "All",
            "value": 0
        },
        {
            "status": "Fixed",
            "value": 1
        },
        {
            "status": "Not fixed",
            "value": 2
        },
        {
            "status": "Other",
            "value": 3
        },
    ]

    # detect project Cobra configuration file
    if project_info.repository[0] == '/':
        project_directory = project_info.repository
    else:
        project_directory = Git(project_info.repository).repo_directory
    cobra_properties = config.properties(
        os.path.join(project_directory, 'cobra'))
    need_scan = True
    if 'scan' in cobra_properties:
        need_scan = common.to_bool(cobra_properties['scan'])

    data = {
        "project_id": project_id,
        "task_id": search_task_id,
        "select_vul_type": select_vul_type,
        "select_rule_type": select_rule_type,
        "chart_vuls_number": chart_vuls_number,
        "task_info": task_info,
        "project_info": project_info,
        "code_number": code_number,
        "file_count": common.convert_number(task_info.file_count),
        "tasks": tasks,
        "vuls_status": vuls_status,
        'need_scan': need_scan,
        "task_time": {
            "time_start": time_start,
            "time_end": time_end,
            "time_consume": common.convert_time(task_info.time_consume)
        },
        "vuls_number": {
            "unrepair": {
                "low": unrepair_low_level_number,
                "medium": unrepair_medium_level_number,
                "high": unrepair_high_level_number,
                "unknown": unrepair_unknown_level_number,
            },
            "repaired": {
                "low": repaired_low_level_number,
                "medium": repaired_medium_level_number,
                "high": repaired_high_level_number,
                "unknown": repaired_unknown_level_number,
            },
            "total_number": {
                "low": low_level_number,
                "medium": medium_level_number,
                "high": high_level_number,
                "unknown": unknown_level_number
            },
            "result_number": {
                "scan_result_number": scan_results_number,
                "repaired_result_number": repaired_results_number,
                "unrepair_result_number": unrepair_results_number,
            }
        },
    }
    return render_template('report.html', data=data)

Exemple #7

def report(project_id):
    is_login = session.get('is_login') and session.get('is_login') is True
    search_task_id = request.args.get("search_task", "")
    search_task_id = None if search_task_id == "all" or search_task_id == "" else search_task_id
    project_info = CobraProjects.query.filter(
        CobraProjects.id == project_id).first()
    if project_info is None:
        abort(404)

    # Use the project's latest task if not have task id
    if search_task_id is None:
        task_info = CobraTaskInfo.query.filter(
            CobraTaskInfo.target == project_info.repository).order_by(
                CobraTaskInfo.id.desc()).first()
    else:
        task_info = CobraTaskInfo.query.filter(
            CobraTaskInfo.id == search_task_id).first()

    if task_info is None:
        abort(404)

    code_number = u"Statistics..." \
        if task_info.code_number is None or task_info.code_number == 0 \
        else common.convert_number(task_info.code_number)

    # timestamp->datetime
    time_start = time.strftime("%H:%M:%S",
                               time.localtime(task_info.time_start))
    time_end = time.strftime("%H:%M:%S", time.localtime(task_info.time_end))

    # tasks
    tasks = CobraTaskInfo.query.filter_by(
        target=project_info.repository).order_by(
            CobraTaskInfo.updated_at.desc()).all()

    # get project's all result if not have task id
    if search_task_id is None:
        # Default task id
        search_task_id = tasks[0].id

        # vulnerability count
        scan_results_number = CobraResults.query.filter(
            CobraResults.project_id == project_id).count()
        # scan_results_number = db.session.query(func.count()).filter(CobraResults.project_id == project_id)
        # Not fixed vulnerability count
        unrepair_results_number = CobraResults.query.filter(
            CobraResults.project_id == project_id,
            CobraResults.status < 2).count()
        # Fixed vulnerability count
        repaired_results_number = CobraResults.query.filter(
            CobraResults.project_id == project_id,
            CobraResults.status == 2).count()
        # Not fixed vulnerability types
        showed_vul_type = db.session.query(
            func.count().label("showed_vul_number"), CobraVuls.name,
            CobraVuls.id).filter(
                and_(CobraResults.project_id == project_id,
                     CobraResults.rule_id == CobraRules.id,
                     CobraVuls.id == CobraRules.vul_id)).group_by(
                         CobraVuls.name, CobraVuls.id).all()
        # Not fixed rules types
        showed_rule_type = db.session.query(
            CobraRules.description, CobraRules.id).filter(
                and_(CobraResults.project_id == project_id,
                     CobraResults.rule_id == CobraRules.id,
                     CobraVuls.id == CobraRules.vul_id)).group_by(
                         CobraRules.id).all()
        # Fixed vulnerability count group by level
        showed_repaired_level_number = db.session.query(
            func.count().label('vuln_number'), CobraRules.level).filter(
                and_(
                    CobraResults.project_id == project_id,
                    CobraResults.rule_id == CobraRules.id,
                    CobraResults.status == 2,
                    CobraVuls.id == CobraRules.vul_id,
                )).group_by(CobraRules.level).all()
        # Not fixed vulnerability count group by level
        showed_unrepair_level_number = db.session.query(
            func.count().label('vuln_number'), CobraRules.level).filter(
                and_(
                    CobraResults.project_id == project_id,
                    CobraResults.rule_id == CobraRules.id,
                    CobraResults.status < 2,
                    CobraVuls.id == CobraRules.vul_id,
                )).group_by(CobraRules.level).all()
        # Total vulnerability count group by level
        showed_level_number = db.session.query(
            func.count().label('vuln_number'), CobraRules.level).filter(
                and_(
                    CobraResults.project_id == project_id,
                    CobraResults.rule_id == CobraRules.id,
                    CobraVuls.id == CobraRules.vul_id,
                )).group_by(CobraRules.level).all()
    else:
        # Select the task's result if have special task id
        # Total vulnerability count
        scan_results_number = CobraResults.query.filter(
            CobraResults.task_id == search_task_id).count()
        # Not fixed vulnerability count
        unrepair_results_number = CobraResults.query.filter(
            CobraResults.task_id == search_task_id,
            CobraResults.status < 2).count()
        # Fixed vulnerability count
        repaired_results_number = CobraResults.query.filter(
            CobraResults.task_id == search_task_id,
            CobraResults.status == 2).count()
        # Not fixed vulnerability types
        showed_vul_type = db.session.query(
            func.count().label("showed_vul_number"), CobraVuls.name,
            CobraVuls.id).filter(
                and_(CobraResults.task_id == search_task_id,
                     CobraResults.rule_id == CobraRules.id,
                     CobraVuls.id == CobraRules.vul_id)).group_by(
                         CobraVuls.name, CobraVuls.id).all()
        # Not fixed vulnerability rules types
        showed_rule_type = db.session.query(
            CobraRules.description, CobraRules.id).filter(
                and_(CobraResults.task_id == search_task_id,
                     CobraResults.rule_id == CobraRules.id,
                     CobraVuls.id == CobraRules.vul_id)).group_by(
                         CobraRules.id).all()
        # Fixed vulnerability count group by level
        showed_repaired_level_number = db.session.query(
            func.count().label('vuln_number'), CobraRules.level).filter(
                and_(
                    CobraResults.task_id == search_task_id,
                    CobraResults.rule_id == CobraRules.id,
                    CobraResults.status == 2,
                    CobraVuls.id == CobraRules.vul_id,
                )).group_by(CobraRules.level).all()
        # Not fixed vulnerability count group by level
        showed_unrepair_level_number = db.session.query(
            func.count().label('vuln_number'), CobraRules.level).filter(
                and_(
                    CobraResults.task_id == search_task_id,
                    CobraResults.rule_id == CobraRules.id,
                    CobraResults.status < 2,
                    CobraVuls.id == CobraRules.vul_id,
                )).group_by(CobraRules.level).all()
        # Total vulnerability count group by level
        showed_level_number = db.session.query(
            func.count().label('vuln_number'), CobraRules.level).filter(
                and_(
                    CobraResults.task_id == search_task_id,
                    CobraResults.rule_id == CobraRules.id,
                    CobraVuls.id == CobraRules.vul_id,
                )).group_by(CobraRules.level).all()

    # For frontpage filter
    select_vul_type = list()
    # Every vulnerability count
    chart_vuls_number = list()
    for r in showed_vul_type:
        select_vul_type.append([r[1], r[2]])
        chart_vuls_number.append({"vuls_name": r[1], "vuls_number": r[0]})
    select_rule_type = list()
    for r in showed_rule_type:
        select_rule_type.append([r[0], r[1]])
    # Statistic every vulnerability status level description
    # 1-low， 2-medium， 3-high， other-undefined
    # Total number
    low_level_number = medium_level_number = high_level_number = unknown_level_number = 0
    for every_level in showed_level_number:
        if every_level[1] == 1:
            low_level_number = every_level[0]
        elif every_level[1] == 2:
            medium_level_number = every_level[0]
        elif every_level[1] == 3:
            high_level_number = every_level[0]
        else:
            unknown_level_number = every_level[0]
    # Fixed number
    repaired_low_level_number = repaired_medium_level_number = repaired_high_level_number = repaired_unknown_level_number = 0
    for every_level in showed_repaired_level_number:
        if every_level[1] == 1:
            repaired_low_level_number = every_level[0]
        elif every_level[1] == 2:
            repaired_medium_level_number = every_level[0]
        elif every_level[1] == 3:
            repaired_high_level_number = every_level[0]
        else:
            repaired_unknown_level_number = every_level[0]
    # Not fixed number
    unrepair_low_level_number = unrepair_medium_level_number = unrepair_high_level_number = unrepair_unknown_level_number = 0
    for every_level in showed_unrepair_level_number:
        if every_level[1] == 1:
            unrepair_low_level_number = every_level[0]
        elif every_level[1] == 2:
            unrepair_medium_level_number = every_level[0]
        elif every_level[1] == 3:
            unrepair_high_level_number = every_level[0]
        else:
            unrepair_unknown_level_number = every_level[0]

    # Status description
    vuls_status = [
        {
            "status": "All",
            "value": 0
        },
        {
            "status": "Fixed",
            "value": 1
        },
        {
            "status": "Not fixed",
            "value": 2
        },
        {
            "status": "Other",
            "value": 3
        },
    ]

    # detect project Cobra configuration file
    if project_info.repository[0] == '/':
        project_directory = project_info.repository
    else:
        project_directory = Git(project_info.repository).repo_directory
    cobra_properties = config.properties(
        os.path.join(project_directory, 'cobra'))
    need_scan = True
    if 'scan' in cobra_properties:
        need_scan = common.to_bool(cobra_properties['scan'])

    data = {
        "project_id": project_id,
        "task_id": search_task_id,
        "select_vul_type": select_vul_type,
        "select_rule_type": select_rule_type,
        "chart_vuls_number": chart_vuls_number,
        "task_info": task_info,
        "project_info": project_info,
        "code_number": code_number,
        "file_count": common.convert_number(task_info.file_count),
        "tasks": tasks,
        "vuls_status": vuls_status,
        'need_scan': need_scan,
        "task_time": {
            "time_start": time_start,
            "time_end": time_end,
            "time_consume": common.convert_time(task_info.time_consume)
        },
        "vuls_number": {
            "unrepair": {
                "low": unrepair_low_level_number,
                "medium": unrepair_medium_level_number,
                "high": unrepair_high_level_number,
                "unknown": unrepair_unknown_level_number,
            },
            "repaired": {
                "low": repaired_low_level_number,
                "medium": repaired_medium_level_number,
                "high": repaired_high_level_number,
                "unknown": repaired_unknown_level_number,
            },
            "total_number": {
                "low": low_level_number,
                "medium": medium_level_number,
                "high": high_level_number,
                "unknown": unknown_level_number
            },
            "result_number": {
                "scan_result_number": scan_results_number,
                "repaired_result_number": repaired_results_number,
                "unrepair_result_number": unrepair_results_number,
            }
        },
        'is_login': is_login
    }
    return render_template('report.html', data=data)

Exemple #8

def vulnerabilities_detail():
    v_id = request.form.get("id", None)
    # query result/rules/vulnerabilities
    v_detail = CobraResults.query.filter_by(id=v_id).first()
    rule_info = CobraRules.query.filter_by(id=v_detail.rule_id).first()
    language_info = CobraLanguages.query.filter(
        CobraLanguages.id == rule_info.language).first()
    language = language_info.language
    vulnerabilities_description = CobraVuls.query.filter_by(
        id=rule_info.vul_id).first()

    if rule_info.author.strip() == '':
        rule_info.author = 'Undefined'

    # get code content
    project = CobraProjects.query.filter_by(id=v_detail.project_id).first()
    if project.repository[0] == '/':
        # upload directory
        project_code_path = project.repository
    else:
        # git
        project_path_split = project.repository.replace('.git', '').split('/')
        project_path = os.path.join(project_path_split[3],
                                    project_path_split[4])
        upload = os.path.join(
            config.Config('upload', 'directory').value, 'versions')
        project_code_path = os.path.join(upload, project_path)
    if v_detail.file[0] == '/':
        v_detail.file = v_detail.file[1:]
    file_path = os.path.join(project_code_path, v_detail.file)

    # https://codemirror.net/mode/clike/index.html
    mode_mime = {
        'javascript': 'javascript',
        'php': 'php',
        'python': 'python',
        'lua': 'lua',
        'ruby': 'ruby',
        'perl': 'perl',
        'go': 'go',
        'cmake': 'cmake',
        'html': 'htmlmixed',
        'jsp': 'htmlmixed',
        'xml': 'xml',
        'yaml': 'yaml',
        'css': 'css',
        'markdown': 'markdown',
        'shell': 'shell',
        'sql': 'sql',
        'c': 'text/x-csrc',
        'c++': 'text/x-c++src',
        'java': 'text/x-java',
        'c#': 'text/x-csharp',
        'objective-c': 'text/x-objectivec',
        'scale': 'text/x-scale',
        'shader': 'text/x-vertex',
        'squirrel': 'text/x-squirrel',
        'kotlin': 'text/x-kotlin',
        'ceylon': 'text/ceylon'
    }
    if language.lower() in mode_mime:
        mode = mode_mime[language.lower()]
    else:
        mode = 'htmlmixed'
        if '.' in file_path:
            ext = file_path.split('.')[-1:][0]
            if ext.lower() in mode_mime:
                mode = mode_mime[ext.lower()]

    if os.path.isfile(file_path) is not True:
        code_content = '// File does not exist'
        line_trigger = 1
        line_start = 1
        c_author = 'Not support'
        c_time = 'Not support'
        c_ret = False
    else:
        # get committer
        c_ret, c_author, c_time = Git.committer(v_detail.file,
                                                project_code_path,
                                                v_detail.line)
        if c_ret is not True:
            c_author = 'Not support'
            c_time = 'Not support'

        code_content = ''
        fp = open(file_path, 'r')
        block_lines = 50
        block_start = 0
        if v_detail.line < block_lines:
            block_end = v_detail.line + block_lines
        else:
            block_end = v_detail.line + block_lines
        for i, line in enumerate(fp):
            if block_start <= i <= block_end:
                code_content = code_content + line
        fp.close()

        line_trigger = v_detail.line - block_start
        line_start = block_start + 1

        try:
            jsonify(data=code_content)
        except Exception as e:
            code_content = '// The file encoding type is not supported'
            line_trigger = 1
            line_start = 1

    return_data = {
        'detail': {
            'id': v_detail.id,
            'file': v_detail.file,
            'line_trigger': line_trigger,
            'line_start': line_start,
            'code': code_content,
            'c_ret': c_ret,
            'c_author': c_author,
            'c_time': c_time,
            'mode': mode,
            'repair':
            const.Vulnerabilities(v_detail.repair).repair_description(),
            'status':
            const.Vulnerabilities(v_detail.status).status_description(),
            'created': str(v_detail.created_at),
            'updated': str(v_detail.updated_at)
        },
        'rule': {
            'id': rule_info.id,
            'language': language,
            'description': rule_info.description,
            'repair': rule_info.repair,
            'author': rule_info.author,
            'level':
            const.Vulnerabilities(rule_info.level).level_description(),
            'status': rule_info.status,
            'created': str(rule_info.created_at),
            'updated': str(rule_info.updated_at)
        },
        'description': {
            'id': vulnerabilities_description.id,
            'name': vulnerabilities_description.name,
            'description': vulnerabilities_description.description,
            'repair': vulnerabilities_description.repair,
            'third_v_id': vulnerabilities_description.third_v_id
        }
    }
    return jsonify(status_code=1001, message='success', data=return_data)

Exemple #9

Fichier : route.py Projet : Introspelliam/cobra

def vulnerabilities_detail():
    v_id = request.form.get("id", None)
    # query result/rules/vulnerabilities
    v_detail = CobraResults.query.filter_by(id=v_id).first()
    rule_info = CobraRules.query.filter_by(id=v_detail.rule_id).first()
    language_info = CobraLanguages.query.filter(CobraLanguages.id == rule_info.language).first()
    language = language_info.language
    vulnerabilities_description = CobraVuls.query.filter_by(id=rule_info.vul_id).first()

    if rule_info.author.strip() == '':
        rule_info.author = 'Undefined'

    # get code content
    project = CobraProjects.query.filter_by(id=v_detail.project_id).first()
    if project.repository[0] == '/':
        # upload directory
        project_code_path = project.repository
    else:
        # git
        project_path_split = project.repository.replace('.git', '').split('/')
        project_path = os.path.join(project_path_split[3], project_path_split[4])
        upload = os.path.join(config.Config('upload', 'directory').value, 'versions')
        project_code_path = os.path.join(upload, project_path)
    if v_detail.file[0] == '/':
        v_detail.file = v_detail.file[1:]
    file_path = os.path.join(project_code_path, v_detail.file)

    # https://codemirror.net/mode/clike/index.html
    mode_mime = {
        'javascript': 'javascript',
        'php': 'php',
        'python': 'python',
        'lua': 'lua',
        'ruby': 'ruby',
        'perl': 'perl',
        'go': 'go',
        'cmake': 'cmake',
        'html': 'htmlmixed',
        'jsp': 'htmlmixed',
        'xml': 'xml',
        'yaml': 'yaml',
        'css': 'css',
        'markdown': 'markdown',
        'shell': 'shell',
        'sql': 'sql',
        'c': 'text/x-csrc',
        'c++': 'text/x-c++src',
        'java': 'text/x-java',
        'c#': 'text/x-csharp',
        'objective-c': 'text/x-objectivec',
        'scale': 'text/x-scale',
        'shader': 'text/x-vertex',
        'squirrel': 'text/x-squirrel',
        'kotlin': 'text/x-kotlin',
        'ceylon': 'text/ceylon'
    }
    if language.lower() in mode_mime:
        mode = mode_mime[language.lower()]
    else:
        mode = 'htmlmixed'
        if '.' in file_path:
            ext = file_path.split('.')[-1:][0]
            if ext.lower() in mode_mime:
                mode = mode_mime[ext.lower()]

    if os.path.isfile(file_path) is not True:
        code_content = '// File does not exist'
        line_trigger = 1
        line_start = 1
        c_author = 'Not support'
        c_time = 'Not support'
        c_ret = False
    else:
        # get committer
        c_ret, c_author, c_time = Git.committer(v_detail.file, project_code_path, v_detail.line)
        if c_ret is not True:
            c_author = 'Not support'
            c_time = 'Not support'

        # get code content
        code_content = ''
        fp = open(file_path, 'r')
        block_lines = 50
        block_start = 0
        if v_detail.line < block_lines:
            block_end = v_detail.line + block_lines
        else:
            block_end = v_detail.line + block_lines
        for i, line in enumerate(fp):
            if i == 0 and len(line) > 1024:
                code_content = '// Compressed file preview is not supported'
                break
            else:
                if block_start <= i <= block_end:
                    code_content = code_content + line
        fp.close()

        line_trigger = v_detail.line - block_start
        line_start = block_start + 1

        try:
            jsonify(data=code_content)
        except Exception as e:
            code_content = '// The file encoding type is not supported'
            line_trigger = 1
            line_start = 1

    return_data = {
        'detail': {
            'id': v_detail.id,
            'file': v_detail.file,
            'line_trigger': line_trigger,
            'line_start': line_start,
            'code': code_content,
            'c_ret': c_ret,
            'c_author': c_author,
            'c_time': c_time,
            'mode': mode,
            'repair': const.Vulnerabilities(v_detail.repair).repair_description(),
            'status': const.Vulnerabilities(v_detail.status).status_description(),
            'created': str(v_detail.created_at),
            'updated': str(v_detail.updated_at)
        },
        'rule': {
            'id': rule_info.id,
            'language': language,
            'description': rule_info.description,
            'repair': rule_info.repair,
            'author': rule_info.author,
            'level': const.Vulnerabilities(rule_info.level).level_description(),
            'status': rule_info.status,
            'created': str(rule_info.created_at),
            'updated': str(rule_info.updated_at)
        },
        'description': {
            'id': vulnerabilities_description.id,
            'name': vulnerabilities_description.name,
            'description': vulnerabilities_description.description,
            'repair': vulnerabilities_description.repair,
            'third_v_id': vulnerabilities_description.third_v_id
        }
    }
    return jsonify(status_code=1001, message='success', data=return_data)