def push(self): v = Vulnerabilities() data = [{ "name": "{0}项目{1}漏洞({2})".format(self.project_name, self.vuln_name, self.vuln_id), "time": self.time, "vuln_type": self.vuln_type, "filepath": self.file_path, "linenum": self.line_number, "code": "\r\n\r\n{0}".format(self.code), "summitid": v.key, "signid": self.vuln_id, 'description': '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!' }] push_vulnerabilities.apply_async(data, link_error=error_handler.s(), serializer='json')
def push(self): status = Config('third_party_vulnerabilities', 'status').value if int(status): v = Vulnerabilities() data = [{ "name": "Cobra发现{0}项目一处{1}漏洞({2})".format(self.project_name, self.vuln_name, self.vuln_id), "time": self.time, "vuln_type": self.vuln_type, "filepath": self.file_path, "linenum": self.line_number, "code": "\r\n\r\n{0}".format(self.code), "summitid": v.key, "signid": self.vuln_id, 'description': '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!' }] push_vulnerabilities.apply_async(data, link_error=error_handler.s(), serializer='json') else: return True
def test_push(self): from daemon import push_vulnerabilities, error_handler from utils.third_party import Vulnerabilities v = Vulnerabilities() data = [{ "name": "Cobra发现(/path/to/mogujie)项目一处SSRF漏洞", "time": "2016-09-12 17:01:40", "vuln_type": "10000000", "filepath": "/path/to/test.php", "linenum": "123", "code": "\r\n\r\n$str = $_GET['test'];\r\necho $str;", "summitid": v.key, "signid": '12', 'description': '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!' }] push_vulnerabilities.apply_async(data, link_error=error_handler.s(), serializer='json')
def push_vulnerabilities(vulnerabilities_info): v = Vulnerabilities() v.add(vulnerabilities_info) return v.push()