def __translate_unscanned(self, value=None):
"""
Add subquerie as filter to keep only services that have not been
scanned yet (i.e. with no checks already run)
"""
session = Session()
return not_(
session.query(Result) \
.filter(Service.id == Result.service_id) \
.exists()
)
def __init__(self):
try:
print(BANNER)
# Parse settings files
settings = Settings()
# Parse command-line arguments
arguments = ArgumentsParser(settings)
# Create db if needed and initialize sqlalchemy session
Base.metadata.create_all(engine)
session = Session()
# Create "default" mission if necessary
mission = session.query(Mission).filter(
Mission.name == 'default').first()
if not mission:
mission = Mission(name='default', comment='Default scope')
session.add(mission)
session.commit()
# Controller
controller = MainController(arguments, settings, session)
controller.run()
except KeyboardInterrupt:
print()
if Output.prompt_confirm('Are you sure you want to exit ?',
default=False):
logger.error('User aborted')
sys.exit(0)
except (SettingsException, AttackException) as e:
logger.error(e)
sys.exit(1)
except (ValueError, ArgumentsException):
print
sys.exit(1)
except Exception as e:
print
logger.error('Unexpected error occured: {0}'.format(str(e)))
traceback.print_exc()
sys.exit(1)
def addApp():
"添加应用"
if request.method == "GET":
g.add = True
g.obj = {}
sql = "select * from paas_account where status != 3"
dao = db.execute(sql)
g.users = map(objToDict, dao.fetchall())
dao.close()
return render_template("admin/addApp.html")
else:
uid = request.form.get("uid", None)
title = request.form.get("title", None)
description = request.form.get("description", None)
language = request.form.get("language", None)
host = request.form.get("host", None)
gitUrl = request.form.get("gitUrl", None)
#处理git地址,防止注入恶意代码
gitUrl = gitUrl.replace(" ", "")
#添加应用信息
session = Session()
obj = AppModel(title, description, uid, language, host, gitUrl, -1)
session.add(obj)
session.commit()
#记录应用路径,用户,用户组
appUser, appGroup, appPath = client.getAppMessage(
obj.id, sqlDeal(language))
sql = "update paas_app set appAccount = '%s' , appGroup = '%s',appPath = '%s' where id = %d" % (
appUser, appGroup, appPath, obj.id)
dao = db.execute(sql)
dao.close()
#为应用创建一个数据库,但是静态环境不需要数据库
if language != "static":
dbName = hashlib.md5(str(time.time())).hexdigest()
username = hashlib.md5(uid + str(time.time())).hexdigest()[8:-8]
password = hashlib.md5(title.encode("UTF-8") +
str(time.time())).hexdigest()
#建立数据库
buildDb(dbName, username, password)
sql = "insert into paas_db(uid,aid,dbName,username,password,host,port) values('%s','%s','%s','%s','%s','%s','%s')" % (
sqlDeal(uid), str(obj.id), dbName, username, password,
config.MYSQL_HOST, config.MYSQL_PORT)
dao = db.execute(sql)
dao.close()
#初始化应用
client.buildApp(obj.id, sqlDeal(host), sqlDeal(language))
#生成apiKey和secretKey
apiKey = hashlib.md5("apiKey_" + str(time.time())).hexdigest()
secretKey = hashlib.md5("secretKey_" + str(time.time())).hexdigest()
sql = "insert into paas_app_token(aid,apiKey,secretKey) values('%s','%s','%s')" % (
str(obj.id), apiKey, secretKey)
dao = db.execute(sql)
dao.close()
return redirect("/admin/appManager")
