def vulnerability_create():
if request.method == 'POST':
vc = ValidateClass(request, "name", "description", "repair",
"third_v_id")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
vul = CobraVuls(vc.vars.name, vc.vars.description, vc.vars.repair,
vc.vars.third_v_id, current_time, current_time)
try:
db.session.add(vul)
db.session.commit()
return jsonify(code=1001, message='add success.')
except:
return jsonify(code=4001,
message='unknown error. Try again later?')
else:
data = {
'title': 'Create vulnerability',
'type': 'create',
'vulnerability': dict()
}
return render_template('backend/vulnerability/edit.html', data=data)
def add_new_vul():
if request.method == 'POST':
vc = ValidateClass(request, "name", "description", "repair", "third_v_id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
vul = CobraVuls(vc.vars.name, vc.vars.description, vc.vars.repair, current_time, current_time)
try:
db.session.add(vul)
db.session.commit()
return jsonify(tag='success', msg='Add Success.')
except:
return jsonify(tag='danger', msg='Add failed. Please try again later.')
else:
return render_template('backend/vul/add_new_vul.html')
def run(self):
# create database structure
print("Start create database structure...")
try:
db.create_all()
except exc.SQLAlchemyError as e:
print("MySQL database error: {0}\nFAQ: {1}".format(e, 'http://cobra-docs.readthedocs.io/en/latest/FAQ/'))
sys.exit(0)
except Exception as e:
print(e)
sys.exit(0)
print("Create Structure Success.")
# insert base data
from app.models import CobraAuth, CobraLanguages, CobraAdminUser, CobraVuls
# table `auth`
print('Insert api key...')
auth = CobraAuth('manual', common.md5('CobraAuthKey'), 1)
db.session.add(auth)
# table `languages`
print('Insert language...')
languages = {
"php": ".php|.php3|.php4|.php5",
"jsp": ".jsp",
"java": ".java",
"html": ".html|.htm|.phps|.phtml",
"js": ".js",
"backup": ".zip|.bak|.tar|.tar.gz|.rar",
"xml": ".xml",
"image": ".jpg|.png|.bmp|.gif|.ico|.cur",
"font": ".eot|.otf|.svg|.ttf|.woff",
"css": ".css|.less|.scss|.styl",
"exe": ".exe",
"shell": ".sh",
"log": ".log",
"text": ".txt|.text",
"flash": ".swf",
"yml": ".yml",
"cert": ".p12|.crt|.key|.pfx|.csr",
"psd": ".psd",
"iml": ".iml",
"spf": ".spf",
"markdown": ".md",
"office": ".doc|.docx|.wps|.rtf|.csv|.xls|.ppt",
"bat": ".bat",
"PSD": ".psd",
"Thumb": ".db",
}
for language, extensions in languages.items():
a_language = CobraLanguages(language, extensions)
db.session.add(a_language)
# table `user`
print('Insert admin user...')
username = '******'
password = '******'
role = 1 # 1: super admin, 2: admin, 3: rules admin
a_user = CobraAdminUser(username, password, role)
db.session.add(a_user)
# table `vuls`
print('Insert vuls...')
vuls = [
'SQL Injection',
'LFI/RFI',
'Header Injection',
'XSS',
'CSRF',
'Logic Bug',
'Command Execute',
'Code Execute',
'Information Disclosure',
'Data Exposure',
'Xpath Injection',
'LDAP Injection',
'XML/XXE Injection',
'Unserialize',
'Variables Override',
'URL Redirect',
'Weak Function',
'Buffer Overflow',
'Deprecated Function',
'Stack Trace',
'Resource Executable',
'SSRF',
'Misconfiguration',
'Components'
]
for vul in vuls:
a_vul = CobraVuls(vul, 'Vul Description', 'Vul Repair', 0)
db.session.add(a_vul)
# commit
db.session.commit()
print('All Done.')
