Exemple #1
0
    def post(self):
        role = self.get_secure_cookie("role")
        userid = self.get_secure_cookie("userid")
        print("ols pswd", self.get_argument("old_pswd"))
        input_old_pswd = get_md5(self.get_argument("old_pswd"))
        input_new_pswd = get_md5(self.get_argument("new_pswd"))
        print(userid)
        cursor = util.con.cursor()
        if role == b"student":
            user_type = 2
        elif role == b"teacher":
            user_type = 1
        elif role == b"admin":
            user_type = 0
        cursor.execute(
            "select passwd from passwd where userid = %s and user_type = %s", (userid, user_type)
        )
        print(cursor.statement)
        select_old_pswd = list(cursor)[0][0]
        print(select_old_pswd, input_old_pswd)

        if input_old_pswd != select_old_pswd:
            self.write(
                json.dumps({"result": "fail", "reason": "输入的旧密码错误,请重新输入"}, ensure_ascii=False)
            )
            return

        mysql = "update passwd set passwd= %s where userid = %s"
        cursor.execute(mysql, (input_new_pswd, userid))
        util.con.commit()
        cursor.close()
        self.write(json.dumps({"result": "success"}))
Exemple #2
0
def get_final_hash_local_dir(
    config_data: dict,
    manifest_cos_path: str,
    mod_num: int,
):
    '''
    获取经过hash取模转换后的csv文件路径
    '''
    manifest_md5 = get_md5(os.path.split(manifest_cos_path)[0])
    args_md5 = get_manifest_args_md5(**config_data)
    final_path_md5 = get_md5(manifest_md5 + args_md5)
    final_path_dir = os.path.join(tmp_folder, f'{PARTITION}_{mod_num}',
                                  final_path_md5)
    return final_path_dir
Exemple #3
0
def register():
    username = request.form.get('username')
    password = request.form.get('password')
    phone = request.form.get('phone')
    if util.validate([username, password, phone]):
        res = db.execute_query("select * from user where username=?",
                               (username, ))
        if len(res) == 0:
            # uid其实就是username的hash
            uid = util.get_md5(username)
            res = db.execute("insert into user values (?, ?, ?, ?, ?, ?, ?)",
                             (username, password, uid, phone, '', '', 0))
            # 每个用户自己的单词表
            res1 = db.execute(
                "create table [" + uid + "_table]" + " (" + "word integer," +
                "level integer)", ())
            # res1 = True
            if res and res1:
                return {'status': 200, 'msg': '注册成功', 'uid': uid}
            else:
                return {'status': 404, 'msg': '未知错误'}
        else:
            return {'status': 404, 'msg': '用户已存在'}
    else:
        return {'status': 404, 'msg': '字段格式错误'}
Exemple #4
0
 def parse_cert(self, cert_fname):
     input_bio = M2Crypto.BIO.MemoryBuffer(self.zip.read( cert_fname ))
     p7 = M2Crypto.SMIME.PKCS7(M2Crypto.m2.pkcs7_read_bio_der(input_bio._ptr()), 1)
     sk3 = p7.get0_signers(M2Crypto.X509.X509_Stack())
     cert = sk3.pop()
     self.cert_text = cert.as_text()
     self.cert_md5 = util.get_md5(cert.as_der())
Exemple #5
0
def get_manifest_args_md5(**kw):
    '''
    计算请求脚本运行参数的md5
    '''
    # * 下划线的参数作为参数,来计算hash
    data = str({k: v for k, v in kw.items() if '_' in k})
    return get_md5(data)
Exemple #6
0
def get_file_infos(dir):
    files = util.list_all_files(dir)
    infos = []
    for file in files:
        relfile = os.path.relpath(file, dir)
        md5 = util.get_md5(file)
        size = os.path.getsize(file)
        infos.append((relfile, size, md5))
    return infos
Exemple #7
0
 def _encrypted_id(song_dfs_id):
     byte1 = bytearray(b'3go8&$8*3*3h0k(2)2')
     byte2 = bytearray(song_dfs_id.encode('utf-8'))
     byte1_len = len(byte1)
     for i in range(len(byte2)):
         byte2[i] = byte2[i] ^ byte1[i % byte1_len]
     result = base64.b64encode(util.get_md5(byte2)).decode('ascii')
     result = result.replace('/', '_')
     result = result.replace('+', '-')
     return result
Exemple #8
0
    def login(self, username, password):
        headers = Session.__BASE_HEADERS.copy()

        post_data = {
            'username': username,
            'password': util.byte_array_to_str(util.get_md5(password)),
            'rememberLogin': '******'
        }

        resp = requests.post(Session.__API_LOGIN_URL, data=post_data, headers=headers)

        self.__profile = resp.json()['profile']
        self.__csrf = resp.cookies['__csrf']
def test_postgresql_example():
    from util import get_md5
    with OpenPostgreSQLsshTunnel() as pport:
        postgresql_example(port=pport)
    
    csv_md5 = {'booking.csv': '90fd6d84b6234ff73acc5208995cf85e',
               'contact.csv': 'b1d0f7c24d7ac5dfd70668c17c5e559d',
               'hobby.csv': '0b3fbf0ef6bcec8f2c5c68cc111931fd',
               'hobby_shadow.csv': 'a9919bc60b43b4fb092924ed1ad4df5a',
               'person.csv': 'fcb0b9c85213e0999eff0b197931f624',
               'person_hobby.csv': 'cb4bbd262f356c91d48d88009872f3c2',}

    for fn_, md5 in csv_md5.items():
        md5_ = get_md5(fn_)
        assert md5_ == md5
Exemple #10
0
def prase_movie_list(base_url, html, movie_list, large):
    '''
    解析列表页 返回 影片信息
    :param base_url:
    :param html:
    :param movie_list:
    :param large:
    :return:
    '''
    pattern = re.compile('共\s*(\d+)\s*頁')
    soup = BeautifulSoup(html, 'lxml')
    li_list = soup.select('ul[class="ml waterfall cl"] li')
    for li in li_list:
        a = li.select('div[class="c cl"] a')[0]
        movie_url = urljoin('http://www.52av.tv', a['href'])
        image_url = a.select('img')[0]['src']
        title = a['title']
        span = li.select('div[class="auth cl"] span')
        try:
            issue_time = span[0]['title']
        except:
            content = li.select('div[class="auth cl"]')[0]
            res = pattern.findall(content.text)
            if len(res) > 0:
                issue_time = res[0]
            else:
                issue_time = datetime.datetime.now().strftime('%Y-%m-%d')
        movie_object_id = get_md5(movie_url)
        image_path = 'None'
        issue_time = datetime.datetime.strptime(issue_time, '%Y-%m-%d')
        movie_list.append([title, movie_url, image_url, image_path, issue_time, movie_object_id])
    if large:
        large_num_label = soup.select('div[class="pg"] label span')
        try:
            if large_num_label:
                large_num = large_num_label[0]['title']
                large_result = pattern.findall(large_num)
                if large_result:
                    return large_result[0]
                else:
                    print('not found')
        except IndexError:
            print('未找到最大目录')
    else:
        return None
Exemple #11
0
def generate_github_link(project_link, commit_hash, file_path_and_name):
    """Generate GitHub anchor tag that links to file in a commit.

    Args:
        project_link (str): A link to a projet on GitHub, e.g.:
            https://github.com/github/linguist
        commit_hash (str): Hash of git commit
        file_path_and_name (str): File path in project and filename. The MD5
            hash can be used as an anchor to jump to this section of a
            multi-file commit on GitHub.
    """
    #TODO: detect when inserting forward slashes is necessary and add as needed
    #rather than assuming.

    url = ("%s/commit/%s#diff-%s" %
           (project_link, commit_hash, get_md5(file_path_and_name)))

    return '<a href="%s">GitHub Link</a>' % url
 def post(self):
     jdatas = json.loads(self.request.body)
     #device_mac = self.get_argument('mac', '')
     #device_location = self.get_argument('location', '')
     device_mac = jdatas['mac']
     device_location = jdatas['location']
     print device_mac,'location:',device_location
     dev = Device()
     dev.mac=get_md5(device_mac)
     dev.location=device_location
     if None == dev.get_device_by_mac(device_mac):
         device_id = dev.create()
     else:
         device_id = dev.update_info()
     print device_id
     if not device_id:
         self.write('fail')
         return
     self.write('ok')
Exemple #13
0
    def parse_mf (self, mf_raw):
        self.mf_md5 = util.get_md5(mf_raw)

        CURRENT_IS_OTHER, CURRENT_IS_AXML, CURRENT_IS_DEX, CURRENT_IS_ARSC = range(4)
        current_file = CURRENT_IS_OTHER

        for line in mf_raw.splitlines():
            kv = line.rstrip().split(":")
            if len(kv) < 2:
                continue

            if current_file == CURRENT_IS_AXML:
                self.axml_digest_method = kv[0].strip()
                self.axml_digest = kv[1].strip()
                current_file = CURRENT_IS_OTHER
                continue
            elif current_file == CURRENT_IS_DEX:
                self.dex_digest_method = kv[0].strip()
                self.dex_digest = kv[1].strip()
                current_file = CURRENT_IS_OTHER
                continue
            elif current_file == CURRENT_IS_ARSC:
                self.arsc_digest_method = kv[0].strip()
                self.arsc_digest = kv[1].strip()
                current_file = CURRENT_IS_OTHER
                continue
            else:
                pass

            if kv[0].lower().strip() == "name":
                fname = kv[1].lower().strip()
                if fname == "classes.dex":
                    current_file = CURRENT_IS_DEX
                elif fname == "resources.arsc":
                    current_file = CURRENT_IS_ARSC
                elif fname == "androidmanifest.xml":
                    current_file = CURRENT_IS_AXML
                else:
                    current_file = CURRENT_IS_OTHER
Exemple #14
0
def prase_all_item(html, debug=False):
    temp_session = requests.Session()
    temp_session.headers = header
    pattern = re.compile('(\d{4}-\d{1,2}-\d{1,2})')
    soup = BeautifulSoup(html, 'lxml')
    li_list = soup.select('ul[class="ml waterfall cl"] li')
    for li in li_list:
        a = li.select('div[class="c cl"] a')[0]
        movie_url = urljoin('http://www.52av.tv', a['href'])
        image_url = a.select('img')[0]['src']
        title = a['title']
        span = li.select('div[class="auth cl"] span')
        try:
            issue_time = span[0]['title']
        except:
            content = li.select('div[class="auth cl"]')[0]
            res = pattern.findall(content.text)
            if len(res) > 0:
                issue_time = res[0]
            else:
                issue_time = datetime.datetime.now().strftime('%Y-%m-%d')
        movie_object_id = get_md5(movie_url)
        if query_from_sql(movie_object_id):
            continue
        image_path = download_image(image_url, movie_object_id)
        if not image_path:
            image_path = 'None'
        try:
            video_url = get_m3u8_url(temp_session, movie_url)
        except:
            video_url = None
        if not video_url:
            continue
        if debug:
            print('[*]', video_url)
        issue_time = datetime.datetime.strptime(issue_time, '%Y-%m-%d')
        parmars = (title, movie_url, image_url, image_path, issue_time,
                   movie_object_id, video_url)
        insert_to_mysql(parmars)
Exemple #15
0
    def post(self, action):
        role = self.get_secure_cookie("role")
        if role != b"admin":
            dump_err(self, "无权访问此接口")

        if action == "list":
            cursor = con.cursor()
            cursor.execute("select * from {}".format(self.table_name))
            print("list:", cursor.statement)
            records = []
            for data in cursor:
                data_dict = {}
                for ind in range(len(self.col_names)):
                    data_dict[self.col_names[ind]] = str(data[ind])
                records.append(data_dict)
            cursor.close()
            print("list records", records)

            result = {}
            result["Result"] = "OK"
            result["Records"] = records
            print(json.dumps(result))
            self.write(json.dumps(result))
            return

        if action == "create":
            data = [self.get_argument(col_name) for col_name in self.col_names[1:]]
            print("create paramaters", data)
            cursor = con.cursor()
            names = ""
            for name in self.col_names[1:-1]:
                names += name + ","
            names += self.col_names[-1]
            query = (
                "insert into {} ("
                + names
                + ") values ("
                + "%s," * (len(self.col_names) - 2)
                + "%s"
                + ")"
            ).format(self.table_name)
            cursor.execute(query, data)
            print(cursor.statement)
            new_id = cursor.lastrowid
            """ 添加一个默认密码 """
            sql = "insert into passwd values (%s, %s, %s, %s)"
            if self.table_name == "teacher":
                username = util.get_pinyin(data[0]) + data[9].split("-")[0][-2:]
            else:
                username = util.get_pinyin(data[0]) + data[6].split("-")[0][-2:]
            cursor.execute(
                sql, (username, util.get_md5(util.default_password), self.user_type, new_id),
            )
            print("insert passwd:", cursor.statement)
            con.commit()

            """ 如果学生,添加财务记录 """
            if self.user_type == 2:
                sql = "insert into finance values (%s, %s, %s)"
                cursor.execute(sql, (new_id, 10000, 0))
                con.commit()

            print(list(cursor))
            cursor.close()

            result = {}
            result["Result"] = "OK"
            data.insert(0, new_id)
            temp = {}
            for ind in range(len(self.col_names)):
                temp[self.col_names[ind]] = data[ind]
            result["Record"] = temp

            print(json.dumps(result))
            self.write(json.dumps(result))

        if action == "update":
            data = [self.get_argument(col_name) for col_name in self.col_names]
            print("update paramaters", data)

            cursor = con.cursor()
            query = "update {} set ".format(self.table_name)
            for ind, col in enumerate(self.col_names[1:-1]):
                query += col + "= %s,"
            query += self.col_names[-1] + "= %s"
            query += " where " + self.col_names[0] + "= '{}'".format(data[0])
            cursor.execute(query, data[1:])
            print("update: ", cursor.statement)
            con.commit()
            cursor.close()

            result = {}
            result["Result"] = "OK"
            self.write(json.dumps(result))

        if action == "delete":
            key_value = self.get_argument(self.col_names[0])
            print("delete param", key_value)

            cursor = con.cursor()
            # 从密码表中删除记录
            sql = "delete from passwd where userid = %s and user_type = %s"
            cursor.execute(sql, (key_value, self.user_type))
            print(cursor.statement)

            # 从财务表中删除记录
            if self.user_type == 2:
                sql = "delete from finance where studentid = %s"
                cursor.execute(sql, (key_value,))
                print(cursor.statement)

            # 删除学生记录
            query = ("delete from {} where " + self.col_names[0] + " = %s").format(self.table_name)
            cursor.execute(query, [key_value])
            print(cursor.statement)
            con.commit()

            cursor.close()

            result = {}
            result["Result"] = "OK"
            self.write(json.dumps(result))
def test_analyze_gmail():
    from util import get_md5
    analyze_gmail('temp.mbox')
    assert get_md5('email_addresses.txt') == '72f7ca8571da827f68a2114ad4d2fe9d'
    def execute(self):
        # Copiar datos de carpeta incoming a carpeta destino con integridad de datos

        # Para verificar la integridad se cogera cada fichero y se le calculara el md5. Cuando se copie al destino se calculara
        # tambien el md5 para verificar que la copia se ha realizado correctamente

        Comandos.log.info('Copy files')

        # Filtrar todos los ficheros que hay en incoming para quedarse solo con los que se necesitan copiar (estan en files)
        incomingFiles = os.listdir(self.incomingFolder)
        if self.files != None:
            incomingFilesFiltered = list(
                filter(lambda f: f in self.files, incomingFiles))
        else:
            incomingFilesFiltered = incomingFiles

        # Si no hay ficheros que copiar el proceso ha finalizado
        if len(incomingFilesFiltered) == 0:
            Comandos.log.info('No files to process')
            return

        # Crear carpeta destino si no existe
        util.create_folder_if_not_exist(self.destinationFolder)

        # Copiar solo los ficheros filtrados
        incomingFilesFullPath = list()
        for file in incomingFilesFiltered:
            incomingFile = self.incomingFolder + os.sep + file
            shutil.copy2(incomingFile, self.destinationFolder)
            Comandos.log.info('Copy file ' + incomingFile + ' to ' +
                              self.destinationFolder)
            incomingFilesFullPath.append(incomingFile)

        # Calcular el hash de cada fichero origen, de cada fichero destino y verificar que son el mismo para verificar integridad

        # Recuperar los nombres de fichero originales
        Comandos.log.info('Files: ' + str(incomingFilesFiltered))

        # Lista donde se guardaran todos los ficheros pertenecientes al caso, todos con los mismos atributos CASE, ID y ALIAS
        forensicCase = list()

        for incomingFile in incomingFilesFullPath:
            destinationFile = self.destinationFolder + os.sep + util.get_basename(
                incomingFile)

            md5IncomingFile = util.get_md5(incomingFile)
            md5DestinationFile = util.get_md5(destinationFile)

            if md5IncomingFile != md5DestinationFile:
                Comandos.log.error('Error: integrity error file ' +
                                   incomingFile)
                print('Error: integrity error file ' + incomingFile)
                return

            # Recuperar datos del fichero copiado
            dataFile = os.stat(destinationFile)

            fileCase = model.FileCase(
                caseName=self.caseName,
                idCase=self.idCase,
                alias=self.alias,
                size=util.get_bytes_in_megabytes(dataFile.st_size),
                fileName=util.get_basename(destinationFile),
                hashMd5=md5DestinationFile,
                # Fecha de creacion del fichero original
                creationTime=util.format_date_time(
                    time.ctime(os.stat(incomingFile).st_ctime)),
                # Fecha de creacion del fichero copiado
                copyTime=util.format_date_time(time.ctime(dataFile.st_ctime)),
                fileType=util.get_extension(destinationFile))

            forensicCase.append(fileCase)

        Comandos.log.debug('Copy files to destination finished')

        # TODO se podran eliminar los antiguos una vez copiados?

        Comandos.log.debug("Registers: " + pprint.pformat(forensicCase))

        # Conectar a bbdd, creando la tabla "filecase" si no existe, y guardar todos los casos
        Comandos.log.info('Inserting metadata in database: %s', forensicCase)

        try:
            model.db.connect()
            model.db.create_table(model.FileCase, safe=True)
            with model.db.transaction():
                [fileCase.save(force_insert=True) for fileCase in forensicCase]
        except:
            Comandos.log.error('Database error, aborting operation')
            return
        finally:
            model.db.close()

        Comandos.log.info('Metadata inserted in database')

        # Guardar los ficheros en un fichero de texto con campos separados por |
        Comandos.log.info('Creating CSV file')
        csv = [fileCase.get_text_format() for fileCase in forensicCase]

        # Poner cada fichero del caso en una linea distinta y guardar en fichero
        # El nombre de fichero sera la composicion de caso, id y alias y con extension csv
        csvContent = util.join_list('\n', csv)
        csvName = self.caseName + '_' + str(
            self.idCase) + '_' + self.alias + '.csv'
        csvFile = open(csvName, 'w')
        csvFile.write(csvContent)
        csvFile.close()
        Comandos.log.info('CSV file created')
        Comandos.log.info('Copy finished')
Exemple #18
0
    def __init__(self, filename, raw=False, domd5=True) :
        """
            @param filename : specify the path of the file, or raw data
            @param raw : specify (boolean) if the filename is a path or raw data
        """
        self.filename = os.path.basename(filename)
        self.file_md5 = ""
        self.file_size = 0

        self.xml = {}
        self.package = ""
        self.androidversion = {}
        self.permissions = []
        self.validAPK = False

        if raw == True :
            self.__raw = filename
        else :
            fd = open( filename, "rb" )
            self.__raw = fd.read()
            fd.close()

        if domd5:
            self.file_md5 = util.get_md5(self.__raw)

        self.file_size = len(self.__raw)

        if ZIPMODULE == 0 :
            self.zip = ChilkatZip( self.__raw )
        else :
            self.zip = zipfile.ZipFile( StringIO.StringIO( self.__raw ) )

        # CHECK if there is only one embedded file
        #self._reload_apk()

        reCert = re.compile(r"meta-inf(/|\\).*\.(rsa|dsa)")
        reSF = re.compile(r"meta-inf(/|\\).*\.sf")

        for i in self.zip.namelist() :
            if i == "AndroidManifest.xml" :
                decoded = AXMLPrinter( self.zip.read( i ) ).getBuff()
                self.xml[i] = minidom.parseString(decoded  )

                self.package = self.xml[i].documentElement.getAttribute( "package" )
                self.androidversion["Code"] = self.xml[i].documentElement.getAttribute( "android:versionCode" )
                self.androidversion["Name"] = self.xml[i].documentElement.getAttribute( "android:versionName")

                for item in self.xml[i].getElementsByTagName('uses-permission') :
                    try:
                        self.permissions.append( str( item.getAttribute("android:name") ) )
                    except UnicodeError:
                        pass

                self.validAPK = True

            if reCert.match(i.lower()):
                self.parse_cert (i)

            if reSF.match(i.lower()):
                self.sf_md5 = util.get_md5( self.zip.read(i) )

            if fnmatch.fnmatch(i.lower(), "meta-inf/manifest.mf"):
                self.parse_mf ( self.zip.read(i) )
Exemple #19
0
    def post(self, action=None):
        if action == "get_captcha":
            image = ImageCaptcha()
            data = image.generate("1234")
            captcha = random.randint(1000, 9999)
            ts = time.time()
            image.write(
                str(captcha),
                os.path.join(os.path.dirname(__file__), "static/captcha/{}.png".format(ts)),
            )
            self.write(
                json.dumps(
                    {
                        "status": "success",
                        "src": util.base_url + "/static/captcha/{}.png".format(ts),
                        "value": captcha,
                    }
                )
            )
            return

        username = self.get_argument("username")
        passwd = self.get_argument("passwd")
        next = self.get_argument("next")
        print(next)

        cursor = util.con.cursor()
        query = "select passwd, user_type, userid from passwd where username = %s"
        cursor.execute(query, (username,))
        info = list(cursor)
        print(cursor.lastrowid, cursor.statement)
        cursor.close()
        if len(info) != 1:
            print("user dont exist")
            self.write(
                json.dumps({"status": "fail", "message": "用户名不正确,请重新尝试"}, ensure_ascii=False)
            )
            return
        info = info[0]
        print(info)

        passwd = get_md5(passwd)
        print(info[0], passwd)
        if info[0] != passwd:
            print("passwd not match, relogin")
            self.write(
                json.dumps({"status": "fail", "message": "用户名或密码错误,请重新尝试"}, ensure_ascii=False)
            )
            return

        print("matched")
        if info[1] == 0:
            role = "admin"
        elif info[1] == 1:
            role = "teacher"
        elif info[1] == 2:
            role = "student"
        else:
            self.write_error(666, "role {} is not a valid role".format(info[1]))
        print("login info ", info)
        self.set_secure_cookie("userid", str(info[2]))
        self.set_secure_cookie("role", role)

        if next == "/login":
            next = "/"
        self.write(json.dumps({"status": "success", "next": next}, ensure_ascii=False))
Exemple #20
0
def test_get_md5():
    assert_equal('c4ca4238a0b923820dcc509a6f75849b', get_md5('1'))
def test_exversion():
    exversion()
    assert get_md5('temp.csv') == '3ace7624530bc31421e4090044a63cc5'
Exemple #22
0
 def check_diff(self, local, size, md5):
     if not os.path.exists(local):
         return True
     if os.path.getsize(local) != size:
         return True
     return util.get_md5(local) != md5