def run(self):
# create database structure
print("Start create database structure...")
try:
db.create_all()
except exc.SQLAlchemyError as e:
print("MySQL database error: {0}\nFAQ: {1}".format(e, 'http://cobra-docs.readthedocs.io/en/latest/FAQ/'))
sys.exit(0)
except Exception as e:
print(e)
sys.exit(0)
print("Create Structure Success.")
# table `auth`
print('Insert api key...')
auth = CobraAuth('manual', common.md5('CobraAuthKey'), 1)
db.session.add(auth)
# table `user`
print('Insert admin user...')
username = '******'
password = '******'
role = 1 # 1: super admin, 2: admin, 3: rules admin
a_user = CobraAdminUser(username, password, role)
db.session.add(a_user)
# commit
db.session.commit()
print('All Done.')
def run(self):
# create database structure
print("Start create database structure...")
try:
db.create_all()
except exc.SQLAlchemyError as e:
print("MySQL database error: {0}\nFAQ: {1}".format(
e, 'http://cobra-docs.readthedocs.io/en/latest/FAQ/'))
sys.exit(0)
except Exception as e:
print(e)
sys.exit(0)
print("Create Structure Success.")
# table `auth`
print('Insert api key...')
auth = CobraAuth('manual', common.md5('CobraAuthKey'), 1)
db.session.add(auth)
# table `user`
print('Insert admin user...')
username = '******'
password = '******'
role = 1 # 1: super admin, 2: admin, 3: rules admin
a_user = CobraAdminUser(username, password, role)
db.session.add(a_user)
# commit
db.session.commit()
print('All Done.')
def __init__(self):
domain = '{0}:{1}'.format(
config.Config('cobra', 'host').value,
config.Config('cobra', 'port').value)
self.api = 'http://' + domain + '/api/{0}'
self.headers = {"Content-Type": "application/json"}
self.key = common.md5('CobraAuthKey')
self.branch = 'master'
def get_guid():
url = 'https://www.so.com'
response = requests.get(url, headers=None)
response.encoding = 'utf8'
# guid = response.cookies.get_dict().get('QiHooGUID', '')
cookies = response.request.headers['Cookie']
if 'QiHooGUID' in cookies:
guid = re.findall(r'QiHooGUID=(.*?);', cookies)[0]
collection.insert_one({'_id': md5(guid), 'guid': guid})
print(f'insert_ok:{guid}')
else:
print(cookies)
def homepage():
tasks = CobraTaskInfo.query.order_by(CobraTaskInfo.id.desc()).limit(10).all()
recently_tasks = []
for task in tasks:
recently_tasks.append({
'id': task.id,
'target': task.target,
'branch': task.branch,
'scan_way': task.scan_way
})
data = {
'key': common.md5('CobraAuthKey'),
'extensions': config.Config('upload', 'extensions').value,
'recently_tasks': recently_tasks
}
return render_template('index.html', data=data)
def homepage():
tasks = CobraTaskInfo.query.order_by(CobraTaskInfo.id.desc()).limit(10).all()
recently_tasks = []
for task in tasks:
recently_tasks.append({
'id': task.id,
'target': task.target,
'branch': task.branch,
'scan_way': task.scan_way
})
data = {
'key': common.md5('CobraAuthKey'),
'extensions': config.Config('upload', 'extensions').value,
'recently_tasks': recently_tasks
}
return render_template('index.html', data=data)
class Test(unittest.TestCase):
domain = '{0}:{1}'.format(
config.Config('cobra', 'host').value,
config.Config('cobra', 'port').value)
api = 'http://' + domain + '/api/{0}'
headers = {"Content-Type": "application/json"}
key = common.md5('CobraAuthKey')
target = 'https://github.com/wufeifei/dict.git'
branch = 'master'
def test_api(self):
"""
Cobra API Test
:return:
"""
payload = json.dumps({
"key": self.key,
"target": self.target,
"branch": self.branch
})
try:
response = requests.post(self.api.format('add'),
data=payload,
headers=self.headers)
response_json = response.json()
code = response_json.get('code')
self.assertEqual(code, 1001)
result = response_json.get('result')
scan_id = result.get('scan_id')
print("API Add: {0}".format(result))
status_query = json.dumps({'key': self.key, 'scan_id': scan_id})
status_response = requests.post(self.api.format('status'),
data=status_query,
headers=self.headers)
status_response_json = status_response.json()
code = status_response_json.get('status')
result = status_response_json.get('result')
print("API Status: {0}".format(result))
self.assertEqual(code, 1001)
except (requests.ConnectionError, requests.HTTPError) as e:
self.fail("API Add failed: {0}".format(e))
def test_md5():
assert common.md5('Cobra') == 'd13eca1c700558f57d0310ef14277cc2'
def run(self):
# create database structure
print("Start create database structure...")
try:
db.create_all()
except exc.SQLAlchemyError as e:
print("MySQL database error: {0}\nFAQ: {1}".format(e, 'http://cobra-docs.readthedocs.io/en/latest/FAQ/'))
sys.exit(0)
except Exception as e:
print(e)
sys.exit(0)
print("Create Structure Success.")
# insert base data
from app.models import CobraAuth, CobraLanguages, CobraAdminUser, CobraVuls
# table `auth`
print('Insert api key...')
auth = CobraAuth('manual', common.md5('CobraAuthKey'), 1)
db.session.add(auth)
# table `languages`
print('Insert language...')
languages = {
"php": ".php|.php3|.php4|.php5",
"jsp": ".jsp",
"java": ".java",
"html": ".html|.htm|.phps|.phtml",
"js": ".js",
"backup": ".zip|.bak|.tar|.tar.gz|.rar",
"xml": ".xml",
"image": ".jpg|.png|.bmp|.gif|.ico|.cur",
"font": ".eot|.otf|.svg|.ttf|.woff",
"css": ".css|.less|.scss|.styl",
"exe": ".exe",
"shell": ".sh",
"log": ".log",
"text": ".txt|.text",
"flash": ".swf",
"yml": ".yml",
"cert": ".p12|.crt|.key|.pfx|.csr",
"psd": ".psd",
"iml": ".iml",
"spf": ".spf",
"markdown": ".md",
"office": ".doc|.docx|.wps|.rtf|.csv|.xls|.ppt",
"bat": ".bat",
"PSD": ".psd",
"Thumb": ".db",
}
for language, extensions in languages.items():
a_language = CobraLanguages(language, extensions)
db.session.add(a_language)
# table `user`
print('Insert admin user...')
username = '******'
password = '******'
role = 1 # 1: super admin, 2: admin, 3: rules admin
a_user = CobraAdminUser(username, password, role)
db.session.add(a_user)
# table `vuls`
print('Insert vuls...')
vuls = [
'SQL Injection',
'LFI/RFI',
'Header Injection',
'XSS',
'CSRF',
'Logic Bug',
'Command Execute',
'Code Execute',
'Information Disclosure',
'Data Exposure',
'Xpath Injection',
'LDAP Injection',
'XML/XXE Injection',
'Unserialize',
'Variables Override',
'URL Redirect',
'Weak Function',
'Buffer Overflow',
'Deprecated Function',
'Stack Trace',
'Resource Executable',
'SSRF',
'Misconfiguration',
'Components'
]
for vul in vuls:
a_vul = CobraVuls(vul, 'Vul Description', 'Vul Repair', 0)
db.session.add(a_vul)
# commit
db.session.commit()
print('All Done.')
class Test(unittest.TestCase):
domain = '{0}:{1}'.format(
config.Config('cobra', 'host').value,
config.Config('cobra', 'port').value)
api = 'http://' + domain + '/api/{0}'
headers = {"Content-Type": "application/json"}
key = common.md5('CobraAuthKey')
target = 'https://github.com/wufeifei/dict.git'
branch = 'master'
def test_api(self):
"""
Cobra API Test
:return:
"""
payload = json.dumps({
"key": self.key,
"target": self.target,
"branch": self.branch
})
try:
response = requests.post(self.api.format('add'),
data=payload,
headers=self.headers)
response_json = response.json()
if 'result' in response_json:
if 'project_id' in response_json['result']:
return response_json['result']['project_id']
print(self.target, response_json)
return 0
except (requests.ConnectionError, requests.HTTPError) as e:
self.fail("API Add failed: {0}".format(e))
return 0
def test_all_projects(self):
with open('/Volumes/Statics/Downloads/all_git') as f:
for index, line in enumerate(f):
self.target = line.strip()
project_id = self.test_api()
print(index, self.target, project_id)
def test_get_all_git_projects(self):
project_id = 1749
checked_id = []
from app.models import db, CobraResults
results = CobraResults.query.filter(
CobraResults.project_id == project_id).order_by(
CobraResults.id.asc()).all()
for index, result in enumerate(results):
if index == 0:
checked_id.append(result.id)
del_count = CobraResults.query.filter(
CobraResults.project_id == project_id,
CobraResults.rule_id == result.rule_id,
CobraResults.file == result.file,
CobraResults.line == result.line,
CobraResults.status == result.status,
CobraResults.id.notin_(checked_id)).delete(
synchronize_session=False)
if del_count > 0:
checked_id.append(result.id)
db.session.commit()
def test_hard_coded_password(self):
import os
from app.models import CobraProjects, CobraResults
from pickup.git import Git
from utils import config, common
projects = CobraProjects.query.order_by(CobraProjects.id.asc()).all()
rank = []
offline = []
for project in projects:
hard_coded_password_rule_ids = [
137, 135, 134, 133, 132, 130, 129, 124, 123, 122
]
count_total = CobraResults.query.filter(
CobraResults.project_id == project.id,
CobraResults.rule_id.in_(
hard_coded_password_rule_ids)).count()
# detect project Cobra configuration file
if project.repository[0] == '/':
project_directory = project.repository
else:
project_directory = Git(project.repository).repo_directory
cobra_properties = config.properties(
os.path.join(project_directory, 'cobra'))
need_scan = True
if 'scan' in cobra_properties:
need_scan = common.to_bool(cobra_properties['scan'])
if need_scan:
count_fixed = CobraResults.query.filter(
CobraResults.project_id == project.id,
CobraResults.rule_id.in_(hard_coded_password_rule_ids),
CobraResults.status == 2).count()
count_not_fixed = count_total - count_fixed
remark = ''
else:
count_fixed = 0
count_not_fixed = 0
remark = 'offline'
if count_total != 0:
s = {
'name': project.name,
'id': project.id,
'not_fixed': count_not_fixed,
'fixed': count_fixed,
'total': count_total,
'remark': remark,
'author': project.author
}
if s['remark'] == 'offline':
offline.append(s)
else:
rank.append(s)
rank = sorted(rank, key=lambda x: x['not_fixed'], reverse=True)
for r in rank:
print(
"| [{0}](http://cobra.meili-inc.com/report/{1}) | {6} | {2} | {3} | {4} | {5} |"
.format(r['name'], r['id'], r['not_fixed'], r['fixed'],
r['total'], r['remark'], r['author']))
for r in offline:
print(
"| [{0}](http://cobra.meili-inc.com/report/{1}) | {6} | {2} | {3} | {4} | {5} |"
.format(r['name'], r['id'], r['not_fixed'], r['fixed'],
r['total'], r['remark'], r['author']))
def test_push(self):
from daemon import push_vulnerabilities, error_handler
from utils.third_party import Vulnerabilities
v = Vulnerabilities()
data = [{
"name": "Cobra发现(/path/to/mogujie)项目一处SSRF漏洞",
"time": "2016-09-12 17:01:40",
"vuln_type": "10000000",
"filepath": "/path/to/test.php",
"linenum": "123",
"code": "\r\n\r\n$str = $_GET['test'];\r\necho $str;",
"summitid": v.key,
"signid": '12',
'description': '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!'
}]
push_vulnerabilities.apply_async(data,
link_error=error_handler.s(),
serializer='json')
def test_config(self):
from utils.config import Config
status = Config('third_party_vulnerabilities', 'status').value
self.assertTrue(int(status))
def test_parse4java(self):
"""
测试解析规则(Java)
:return:
"""
import os
from engine.parse import Parse
regex_location = r'new\sURL\((.*)\)'
regex_repair = r'Security.filter\({{PARAM}}\)'
file_path = os.path.join(config.Config().project_directory,
'tests/parse/test_functions.java')
tests = [{
'line': 33,
'code': "URL obj = new URL(url);",
'result': False,
}, {
'line': 66,
'code': "URL obj = new URL(url);",
'result': False,
'repair': True
}]
for test in tests:
parse = Parse(regex_location, file_path, test['line'],
test['code'])
self.assertEqual(test['result'], parse.is_controllable_param())
if 'repair' in test:
self.assertEqual(test['repair'],
parse.is_repair(regex_repair, 0))
def test_parse4php(self):
"""
测试解析规则(PHP)
:return:
"""
import os
from engine.parse import Parse
regex_location = r'curl_setopt\s?\(.*,\s?CURLOPT_URL\s?,(.*)\)'
regex_repair = r'curl_setopt\s?\(.*,\s?CURLOPT_PROTOCOLS\s?,(.*)\)'
file_path = os.path.join(config.Config().project_directory,
'tests/parse/test_functions.php')
tests = [{
'line': 4,
'code':
"curl_setopt($curl, CURLOPT_URL, \"http://blog.feei.cn/ssrf\");",
'result': False,
}, {
'line': 10,
'code': 'curl_setopt($curl, CURLOPT_URL, URL);',
'result': False
}, {
'line': 16,
'code': 'curl_setopt($curl, CURLOPT_URL, $url);',
'result': False
}, {
'line': 22,
'code': 'curl_setopt($curl, CURLOPT_URL, $url);',
'result': True,
'repair': False
}, {
'line': 28,
'code': 'curl_setopt($curl, CURLOPT_URL, $url);',
'result': True,
'repair': True
}]
for test in tests:
parse = Parse(regex_location, file_path, test['line'],
test['code'])
self.assertEqual(test['result'], parse.is_controllable_param())
if 'repair' in test:
self.assertEqual(test['repair'],
parse.is_repair(regex_repair, 1))
file_path = os.path.join(config.Config().project_directory,
'tests/parse/test_single_file.php')
tests = [{
'line': 4,
'code': 'curl_setopt($curl, CURLOPT_URL, $url);',
'result': False
}, {
'line': 8,
'code': 'curl_setopt($curl, CURLOPT_URL, $url);',
'result': True
}, {
'line': 12,
'code': 'curl_setopt($curl, CURLOPT_URL, $url);',
'result': True,
'repair': True
}]
for test in tests:
parse = Parse(regex_location, file_path, test['line'],
test['code'])
self.assertEqual(test['result'], parse.is_controllable_param())
if 'repair' in test:
self.assertEqual(test['repair'],
parse.is_repair(regex_repair, 1))
class Test(unittest.TestCase):
domain = '{0}:{1}'.format(
config.Config('cobra', 'host').value,
config.Config('cobra', 'port').value)
api = 'http://' + domain + '/api/{0}'
headers = {"Content-Type": "application/json"}
key = common.md5('CobraAuthKey')
target = 'https://github.com/wufeifei/dict.git'
branch = 'master'
def test_api(self):
"""
Cobra API Test
:return:
"""
payload = json.dumps({
"key": self.key,
"target": self.target,
"branch": self.branch
})
try:
response = requests.post(self.api.format('add'),
data=payload,
headers=self.headers)
response_json = response.json()
if 'result' in response_json:
if 'project_id' in response_json['result']:
return response_json['result']['project_id']
print(response_json)
return 0
except (requests.ConnectionError, requests.HTTPError) as e:
self.fail("API Add failed: {0}".format(e))
return 0
def test_all_projects(self):
with open('/tmp/search.cobra') as f:
for index, line in enumerate(f):
self.target = line.strip()
project_id = self.test_api()
print(index, self.target, project_id)
def test_push(self):
from daemon import push_vulnerabilities, error_handler
from utils.third_party import Vulnerabilities
v = Vulnerabilities()
data = [{
"name": "Cobra发现(/path/to/mogujie)项目一处SSRF漏洞",
"time": "2016-09-12 17:01:40",
"vuln_type": "10000000",
"filepath": "/path/to/test.php",
"linenum": "123",
"code": "\r\n\r\n$str = $_GET['test'];\r\necho $str;",
"summitid": v.key,
"signid": '12',
'description': '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!'
}]
push_vulnerabilities.apply_async(data,
link_error=error_handler.s(),
serializer='json')
def test_config(self):
from utils.config import Config
status = Config('third_party_vulnerabilities', 'status').value
self.assertTrue(int(status))
def test_parse4java(self):
"""
测试解析规则(Java)
:return:
"""
import os
from engine.parse import Parse
regex_location = r'new\sURL\((.*)\)'
regex_repair = r'Security.filter\({{PARAM}}\)'
file_path = os.path.join(config.Config().project_directory,
'tests/parse/test_functions.java')
tests = [{
'line': 33,
'code': "URL obj = new URL(url);",
'result': False,
}, {
'line': 66,
'code': "URL obj = new URL(url);",
'result': False,
'repair': True
}]
for test in tests:
parse = Parse(regex_location, file_path, test['line'],
test['code'])
self.assertEqual(test['result'], parse.is_controllable_param())
if 'repair' in test:
self.assertEqual(test['repair'],
parse.is_repair(regex_repair, 0))
def test_parse4php(self):
"""
测试解析规则(PHP)
:return:
"""
import os
from engine.parse import Parse
regex_location = r'curl_setopt\s?\(.*,\s?CURLOPT_URL\s?,(.*)\)'
regex_repair = r'curl_setopt\s?\(.*,\s?CURLOPT_PROTOCOLS\s?,(.*)\)'
file_path = os.path.join(config.Config().project_directory,
'tests/parse/test_functions.php')
tests = [{
'line': 4,
'code':
"curl_setopt($curl, CURLOPT_URL, \"http://wufeifei.com/ssrf\");",
'result': False,
}, {
'line': 10,
'code': 'curl_setopt($curl, CURLOPT_URL, URL);',
'result': False
}, {
'line': 16,
'code': 'curl_setopt($curl, CURLOPT_URL, $url);',
'result': False
}, {
'line': 22,
'code': 'curl_setopt($curl, CURLOPT_URL, $url);',
'result': True,
'repair': False
}, {
'line': 28,
'code': 'curl_setopt($curl, CURLOPT_URL, $url);',
'result': True,
'repair': True
}]
for test in tests:
parse = Parse(regex_location, file_path, test['line'],
test['code'])
self.assertEqual(test['result'], parse.is_controllable_param())
if 'repair' in test:
self.assertEqual(test['repair'],
parse.is_repair(regex_repair, 1))
file_path = os.path.join(config.Config().project_directory,
'tests/parse/test_single_file.php')
tests = [{
'line': 4,
'code': 'curl_setopt($curl, CURLOPT_URL, $url);',
'result': False
}, {
'line': 8,
'code': 'curl_setopt($curl, CURLOPT_URL, $url);',
'result': True
}, {
'line': 12,
'code': 'curl_setopt($curl, CURLOPT_URL, $url);',
'result': True,
'repair': True
}]
for test in tests:
parse = Parse(regex_location, file_path, test['line'],
test['code'])
self.assertEqual(test['result'], parse.is_controllable_param())
if 'repair' in test:
self.assertEqual(test['repair'],
parse.is_repair(regex_repair, 1))
class Test(unittest.TestCase):
domain = '{0}:{1}'.format(
config.Config('cobra', 'host').value,
config.Config('cobra', 'port').value)
api = 'http://' + domain + '/api/{0}'
api = 'http://cobra.meili-inc.com/api/{0}'
headers = {"Content-Type": "application/json"}
key = common.md5('CobraAuthKey')
target = 'https://github.com/wufeifei/dict.git'
branch = 'master'
def test_api(self):
"""
Cobra API Test
:return:
"""
payload = json.dumps({
"key": self.key,
"target": self.target,
"branch": self.branch
})
try:
response = requests.post(self.api.format('add'),
data=payload,
headers=self.headers)
response_json = response.json()
code = response_json.get('code')
print(code)
# self.assertEqual(code, 1001)
except (requests.ConnectionError, requests.HTTPError) as e:
self.fail("API Add failed: {0}".format(e))
def test_all_projects(self):
with open('/Volumes/Statics/Downloads/all-projects.txt') as f:
for index, line in enumerate(f):
self.target = line.strip()
print(index, self.target)
self.test_api()
def test_push(self):
from daemon import push_vulnerabilities, error_handler
from utils.third_party import Vulnerabilities
v = Vulnerabilities()
data = [{
"name": "Cobra发现(/path/to/mogujie)项目一处SSRF漏洞",
"time": "2016-09-12 17:01:40",
"vuln_type": "10000000",
"filepath": "/path/to/test.php",
"linenum": "123",
"code": "\r\n\r\n$str = $_GET['test'];\r\necho $str;",
"summitid": v.key,
"signid": '12',
'description': '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!'
}]
push_vulnerabilities.apply_async(data,
link_error=error_handler.s(),
serializer='json')
def test_config(self):
from utils.config import Config
status = Config('third_party_vulnerabilities', 'status').value
self.assertTrue(int(status))
def __init__(self):
domain = '{0}:{1}'.format(config.Config('cobra', 'host').value, config.Config('cobra', 'port').value)
self.api = 'http://' + domain + '/api/{0}'
self.headers = {"Content-Type": "application/json"}
self.key = common.md5('CobraAuthKey')
self.branch = 'master'
def run(self):
# create database structure
log.debug("Start create database structure...")
try:
db.create_all()
except exc.SQLAlchemyError as e:
log.critical("MySQL database error: {0}\nFAQ: {1}".format(e, 'https://github.com/wufeifei/cobra/wiki/Error#mysql'))
sys.exit(0)
log.debug("Create Structure Success.")
# insert base data
from app.models import CobraAuth, CobraLanguages, CobraAdminUser, CobraVuls
# table `auth`
log.debug('Insert api key...')
auth = CobraAuth('manual', common.md5('CobraAuthKey'), 1)
db.session.add(auth)
# table `languages`
log.debug('Insert language...')
languages = {
"php": ".php|.php3|.php4|.php5",
"jsp": ".jsp",
"java": ".java",
"html": ".html|.htm|.phps|.phtml",
"js": ".js",
"backup": ".zip|.bak|.tar|.tar.gz|.rar",
"xml": ".xml",
"image": ".jpg|.png|.bmp|.gif|.ico|.cur",
"font": ".eot|.otf|.svg|.ttf|.woff",
"css": ".css|.less|.scss|.styl",
"exe": ".exe",
"shell": ".sh",
"log": ".log",
"text": ".txt|.text",
"flash": ".swf",
"yml": ".yml",
"cert": ".p12|.crt|.key|.pfx|.csr",
"psd": ".psd",
"iml": ".iml",
"spf": ".spf",
"markdown": ".md",
"office": ".doc|.docx|.wps|.rtf|.csv|.xls|.ppt",
"bat": ".bat",
"PSD": ".psd",
"Thumb": ".db",
}
for language, extensions in languages.iteritems():
a_language = CobraLanguages(language, extensions)
db.session.add(a_language)
# table `user`
log.debug('Insert admin user...')
username = '******'
password = '******'
role = 1 # 1: super admin, 2: admin, 3: rules admin
a_user = CobraAdminUser(username, password, role)
db.session.add(a_user)
# table `vuls`
log.debug('Insert vuls...')
vuls = [
'SQL Injection',
'LFI/RFI',
'Header Injection',
'XSS',
'CSRF',
'Logic Bug',
'Command Execute',
'Code Execute',
'Information Disclosure',
'Data Exposure',
'Xpath Injection',
'LDAP Injection',
'XML/XXE Injection',
'Unserialize',
'Variables Override',
'URL Redirect',
'Weak Function',
'Buffer Overflow',
'Deprecated Function',
'Stack Trace',
'Resource Executable',
'SSRF',
'Misconfiguration',
'Components'
]
for vul in vuls:
a_vul = CobraVuls(vul, 'Vul Description', 'Vul Repair')
db.session.add(a_vul)
# commit
db.session.commit()
log.debug('All Done.')
def homepage():
data = {
'key': common.md5('CobraAuthKey')
}
return render_template('index.html', data=data)
