def run(self): # create database structure print("Start create database structure...") try: db.create_all() except exc.SQLAlchemyError as e: print("MySQL database error: {0}\nFAQ: {1}".format(e, 'http://cobra-docs.readthedocs.io/en/latest/FAQ/')) sys.exit(0) except Exception as e: print(e) sys.exit(0) print("Create Structure Success.") # table `auth` print('Insert api key...') auth = CobraAuth('manual', common.md5('CobraAuthKey'), 1) db.session.add(auth) # table `user` print('Insert admin user...') username = '******' password = '******' role = 1 # 1: super admin, 2: admin, 3: rules admin a_user = CobraAdminUser(username, password, role) db.session.add(a_user) # commit db.session.commit() print('All Done.')
def run(self): # create database structure print("Start create database structure...") try: db.create_all() except exc.SQLAlchemyError as e: print("MySQL database error: {0}\nFAQ: {1}".format( e, 'http://cobra-docs.readthedocs.io/en/latest/FAQ/')) sys.exit(0) except Exception as e: print(e) sys.exit(0) print("Create Structure Success.") # table `auth` print('Insert api key...') auth = CobraAuth('manual', common.md5('CobraAuthKey'), 1) db.session.add(auth) # table `user` print('Insert admin user...') username = '******' password = '******' role = 1 # 1: super admin, 2: admin, 3: rules admin a_user = CobraAdminUser(username, password, role) db.session.add(a_user) # commit db.session.commit() print('All Done.')
def __init__(self): domain = '{0}:{1}'.format( config.Config('cobra', 'host').value, config.Config('cobra', 'port').value) self.api = 'http://' + domain + '/api/{0}' self.headers = {"Content-Type": "application/json"} self.key = common.md5('CobraAuthKey') self.branch = 'master'
def get_guid(): url = 'https://www.so.com' response = requests.get(url, headers=None) response.encoding = 'utf8' # guid = response.cookies.get_dict().get('QiHooGUID', '') cookies = response.request.headers['Cookie'] if 'QiHooGUID' in cookies: guid = re.findall(r'QiHooGUID=(.*?);', cookies)[0] collection.insert_one({'_id': md5(guid), 'guid': guid}) print(f'insert_ok:{guid}') else: print(cookies)
def homepage(): tasks = CobraTaskInfo.query.order_by(CobraTaskInfo.id.desc()).limit(10).all() recently_tasks = [] for task in tasks: recently_tasks.append({ 'id': task.id, 'target': task.target, 'branch': task.branch, 'scan_way': task.scan_way }) data = { 'key': common.md5('CobraAuthKey'), 'extensions': config.Config('upload', 'extensions').value, 'recently_tasks': recently_tasks } return render_template('index.html', data=data)
def homepage(): tasks = CobraTaskInfo.query.order_by(CobraTaskInfo.id.desc()).limit(10).all() recently_tasks = [] for task in tasks: recently_tasks.append({ 'id': task.id, 'target': task.target, 'branch': task.branch, 'scan_way': task.scan_way }) data = { 'key': common.md5('CobraAuthKey'), 'extensions': config.Config('upload', 'extensions').value, 'recently_tasks': recently_tasks } return render_template('index.html', data=data)
class Test(unittest.TestCase): domain = '{0}:{1}'.format( config.Config('cobra', 'host').value, config.Config('cobra', 'port').value) api = 'http://' + domain + '/api/{0}' headers = {"Content-Type": "application/json"} key = common.md5('CobraAuthKey') target = 'https://github.com/wufeifei/dict.git' branch = 'master' def test_api(self): """ Cobra API Test :return: """ payload = json.dumps({ "key": self.key, "target": self.target, "branch": self.branch }) try: response = requests.post(self.api.format('add'), data=payload, headers=self.headers) response_json = response.json() code = response_json.get('code') self.assertEqual(code, 1001) result = response_json.get('result') scan_id = result.get('scan_id') print("API Add: {0}".format(result)) status_query = json.dumps({'key': self.key, 'scan_id': scan_id}) status_response = requests.post(self.api.format('status'), data=status_query, headers=self.headers) status_response_json = status_response.json() code = status_response_json.get('status') result = status_response_json.get('result') print("API Status: {0}".format(result)) self.assertEqual(code, 1001) except (requests.ConnectionError, requests.HTTPError) as e: self.fail("API Add failed: {0}".format(e))
def test_md5(): assert common.md5('Cobra') == 'd13eca1c700558f57d0310ef14277cc2'
def run(self): # create database structure print("Start create database structure...") try: db.create_all() except exc.SQLAlchemyError as e: print("MySQL database error: {0}\nFAQ: {1}".format(e, 'http://cobra-docs.readthedocs.io/en/latest/FAQ/')) sys.exit(0) except Exception as e: print(e) sys.exit(0) print("Create Structure Success.") # insert base data from app.models import CobraAuth, CobraLanguages, CobraAdminUser, CobraVuls # table `auth` print('Insert api key...') auth = CobraAuth('manual', common.md5('CobraAuthKey'), 1) db.session.add(auth) # table `languages` print('Insert language...') languages = { "php": ".php|.php3|.php4|.php5", "jsp": ".jsp", "java": ".java", "html": ".html|.htm|.phps|.phtml", "js": ".js", "backup": ".zip|.bak|.tar|.tar.gz|.rar", "xml": ".xml", "image": ".jpg|.png|.bmp|.gif|.ico|.cur", "font": ".eot|.otf|.svg|.ttf|.woff", "css": ".css|.less|.scss|.styl", "exe": ".exe", "shell": ".sh", "log": ".log", "text": ".txt|.text", "flash": ".swf", "yml": ".yml", "cert": ".p12|.crt|.key|.pfx|.csr", "psd": ".psd", "iml": ".iml", "spf": ".spf", "markdown": ".md", "office": ".doc|.docx|.wps|.rtf|.csv|.xls|.ppt", "bat": ".bat", "PSD": ".psd", "Thumb": ".db", } for language, extensions in languages.items(): a_language = CobraLanguages(language, extensions) db.session.add(a_language) # table `user` print('Insert admin user...') username = '******' password = '******' role = 1 # 1: super admin, 2: admin, 3: rules admin a_user = CobraAdminUser(username, password, role) db.session.add(a_user) # table `vuls` print('Insert vuls...') vuls = [ 'SQL Injection', 'LFI/RFI', 'Header Injection', 'XSS', 'CSRF', 'Logic Bug', 'Command Execute', 'Code Execute', 'Information Disclosure', 'Data Exposure', 'Xpath Injection', 'LDAP Injection', 'XML/XXE Injection', 'Unserialize', 'Variables Override', 'URL Redirect', 'Weak Function', 'Buffer Overflow', 'Deprecated Function', 'Stack Trace', 'Resource Executable', 'SSRF', 'Misconfiguration', 'Components' ] for vul in vuls: a_vul = CobraVuls(vul, 'Vul Description', 'Vul Repair', 0) db.session.add(a_vul) # commit db.session.commit() print('All Done.')
class Test(unittest.TestCase): domain = '{0}:{1}'.format( config.Config('cobra', 'host').value, config.Config('cobra', 'port').value) api = 'http://' + domain + '/api/{0}' headers = {"Content-Type": "application/json"} key = common.md5('CobraAuthKey') target = 'https://github.com/wufeifei/dict.git' branch = 'master' def test_api(self): """ Cobra API Test :return: """ payload = json.dumps({ "key": self.key, "target": self.target, "branch": self.branch }) try: response = requests.post(self.api.format('add'), data=payload, headers=self.headers) response_json = response.json() if 'result' in response_json: if 'project_id' in response_json['result']: return response_json['result']['project_id'] print(self.target, response_json) return 0 except (requests.ConnectionError, requests.HTTPError) as e: self.fail("API Add failed: {0}".format(e)) return 0 def test_all_projects(self): with open('/Volumes/Statics/Downloads/all_git') as f: for index, line in enumerate(f): self.target = line.strip() project_id = self.test_api() print(index, self.target, project_id) def test_get_all_git_projects(self): project_id = 1749 checked_id = [] from app.models import db, CobraResults results = CobraResults.query.filter( CobraResults.project_id == project_id).order_by( CobraResults.id.asc()).all() for index, result in enumerate(results): if index == 0: checked_id.append(result.id) del_count = CobraResults.query.filter( CobraResults.project_id == project_id, CobraResults.rule_id == result.rule_id, CobraResults.file == result.file, CobraResults.line == result.line, CobraResults.status == result.status, CobraResults.id.notin_(checked_id)).delete( synchronize_session=False) if del_count > 0: checked_id.append(result.id) db.session.commit() def test_hard_coded_password(self): import os from app.models import CobraProjects, CobraResults from pickup.git import Git from utils import config, common projects = CobraProjects.query.order_by(CobraProjects.id.asc()).all() rank = [] offline = [] for project in projects: hard_coded_password_rule_ids = [ 137, 135, 134, 133, 132, 130, 129, 124, 123, 122 ] count_total = CobraResults.query.filter( CobraResults.project_id == project.id, CobraResults.rule_id.in_( hard_coded_password_rule_ids)).count() # detect project Cobra configuration file if project.repository[0] == '/': project_directory = project.repository else: project_directory = Git(project.repository).repo_directory cobra_properties = config.properties( os.path.join(project_directory, 'cobra')) need_scan = True if 'scan' in cobra_properties: need_scan = common.to_bool(cobra_properties['scan']) if need_scan: count_fixed = CobraResults.query.filter( CobraResults.project_id == project.id, CobraResults.rule_id.in_(hard_coded_password_rule_ids), CobraResults.status == 2).count() count_not_fixed = count_total - count_fixed remark = '' else: count_fixed = 0 count_not_fixed = 0 remark = 'offline' if count_total != 0: s = { 'name': project.name, 'id': project.id, 'not_fixed': count_not_fixed, 'fixed': count_fixed, 'total': count_total, 'remark': remark, 'author': project.author } if s['remark'] == 'offline': offline.append(s) else: rank.append(s) rank = sorted(rank, key=lambda x: x['not_fixed'], reverse=True) for r in rank: print( "| [{0}](http://cobra.meili-inc.com/report/{1}) | {6} | {2} | {3} | {4} | {5} |" .format(r['name'], r['id'], r['not_fixed'], r['fixed'], r['total'], r['remark'], r['author'])) for r in offline: print( "| [{0}](http://cobra.meili-inc.com/report/{1}) | {6} | {2} | {3} | {4} | {5} |" .format(r['name'], r['id'], r['not_fixed'], r['fixed'], r['total'], r['remark'], r['author'])) def test_push(self): from daemon import push_vulnerabilities, error_handler from utils.third_party import Vulnerabilities v = Vulnerabilities() data = [{ "name": "Cobra发现(/path/to/mogujie)项目一处SSRF漏洞", "time": "2016-09-12 17:01:40", "vuln_type": "10000000", "filepath": "/path/to/test.php", "linenum": "123", "code": "\r\n\r\n$str = $_GET['test'];\r\necho $str;", "summitid": v.key, "signid": '12', 'description': '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!' }] push_vulnerabilities.apply_async(data, link_error=error_handler.s(), serializer='json') def test_config(self): from utils.config import Config status = Config('third_party_vulnerabilities', 'status').value self.assertTrue(int(status)) def test_parse4java(self): """ 测试解析规则(Java) :return: """ import os from engine.parse import Parse regex_location = r'new\sURL\((.*)\)' regex_repair = r'Security.filter\({{PARAM}}\)' file_path = os.path.join(config.Config().project_directory, 'tests/parse/test_functions.java') tests = [{ 'line': 33, 'code': "URL obj = new URL(url);", 'result': False, }, { 'line': 66, 'code': "URL obj = new URL(url);", 'result': False, 'repair': True }] for test in tests: parse = Parse(regex_location, file_path, test['line'], test['code']) self.assertEqual(test['result'], parse.is_controllable_param()) if 'repair' in test: self.assertEqual(test['repair'], parse.is_repair(regex_repair, 0)) def test_parse4php(self): """ 测试解析规则(PHP) :return: """ import os from engine.parse import Parse regex_location = r'curl_setopt\s?\(.*,\s?CURLOPT_URL\s?,(.*)\)' regex_repair = r'curl_setopt\s?\(.*,\s?CURLOPT_PROTOCOLS\s?,(.*)\)' file_path = os.path.join(config.Config().project_directory, 'tests/parse/test_functions.php') tests = [{ 'line': 4, 'code': "curl_setopt($curl, CURLOPT_URL, \"http://blog.feei.cn/ssrf\");", 'result': False, }, { 'line': 10, 'code': 'curl_setopt($curl, CURLOPT_URL, URL);', 'result': False }, { 'line': 16, 'code': 'curl_setopt($curl, CURLOPT_URL, $url);', 'result': False }, { 'line': 22, 'code': 'curl_setopt($curl, CURLOPT_URL, $url);', 'result': True, 'repair': False }, { 'line': 28, 'code': 'curl_setopt($curl, CURLOPT_URL, $url);', 'result': True, 'repair': True }] for test in tests: parse = Parse(regex_location, file_path, test['line'], test['code']) self.assertEqual(test['result'], parse.is_controllable_param()) if 'repair' in test: self.assertEqual(test['repair'], parse.is_repair(regex_repair, 1)) file_path = os.path.join(config.Config().project_directory, 'tests/parse/test_single_file.php') tests = [{ 'line': 4, 'code': 'curl_setopt($curl, CURLOPT_URL, $url);', 'result': False }, { 'line': 8, 'code': 'curl_setopt($curl, CURLOPT_URL, $url);', 'result': True }, { 'line': 12, 'code': 'curl_setopt($curl, CURLOPT_URL, $url);', 'result': True, 'repair': True }] for test in tests: parse = Parse(regex_location, file_path, test['line'], test['code']) self.assertEqual(test['result'], parse.is_controllable_param()) if 'repair' in test: self.assertEqual(test['repair'], parse.is_repair(regex_repair, 1))
class Test(unittest.TestCase): domain = '{0}:{1}'.format( config.Config('cobra', 'host').value, config.Config('cobra', 'port').value) api = 'http://' + domain + '/api/{0}' headers = {"Content-Type": "application/json"} key = common.md5('CobraAuthKey') target = 'https://github.com/wufeifei/dict.git' branch = 'master' def test_api(self): """ Cobra API Test :return: """ payload = json.dumps({ "key": self.key, "target": self.target, "branch": self.branch }) try: response = requests.post(self.api.format('add'), data=payload, headers=self.headers) response_json = response.json() if 'result' in response_json: if 'project_id' in response_json['result']: return response_json['result']['project_id'] print(response_json) return 0 except (requests.ConnectionError, requests.HTTPError) as e: self.fail("API Add failed: {0}".format(e)) return 0 def test_all_projects(self): with open('/tmp/search.cobra') as f: for index, line in enumerate(f): self.target = line.strip() project_id = self.test_api() print(index, self.target, project_id) def test_push(self): from daemon import push_vulnerabilities, error_handler from utils.third_party import Vulnerabilities v = Vulnerabilities() data = [{ "name": "Cobra发现(/path/to/mogujie)项目一处SSRF漏洞", "time": "2016-09-12 17:01:40", "vuln_type": "10000000", "filepath": "/path/to/test.php", "linenum": "123", "code": "\r\n\r\n$str = $_GET['test'];\r\necho $str;", "summitid": v.key, "signid": '12', 'description': '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!' }] push_vulnerabilities.apply_async(data, link_error=error_handler.s(), serializer='json') def test_config(self): from utils.config import Config status = Config('third_party_vulnerabilities', 'status').value self.assertTrue(int(status)) def test_parse4java(self): """ 测试解析规则(Java) :return: """ import os from engine.parse import Parse regex_location = r'new\sURL\((.*)\)' regex_repair = r'Security.filter\({{PARAM}}\)' file_path = os.path.join(config.Config().project_directory, 'tests/parse/test_functions.java') tests = [{ 'line': 33, 'code': "URL obj = new URL(url);", 'result': False, }, { 'line': 66, 'code': "URL obj = new URL(url);", 'result': False, 'repair': True }] for test in tests: parse = Parse(regex_location, file_path, test['line'], test['code']) self.assertEqual(test['result'], parse.is_controllable_param()) if 'repair' in test: self.assertEqual(test['repair'], parse.is_repair(regex_repair, 0)) def test_parse4php(self): """ 测试解析规则(PHP) :return: """ import os from engine.parse import Parse regex_location = r'curl_setopt\s?\(.*,\s?CURLOPT_URL\s?,(.*)\)' regex_repair = r'curl_setopt\s?\(.*,\s?CURLOPT_PROTOCOLS\s?,(.*)\)' file_path = os.path.join(config.Config().project_directory, 'tests/parse/test_functions.php') tests = [{ 'line': 4, 'code': "curl_setopt($curl, CURLOPT_URL, \"http://wufeifei.com/ssrf\");", 'result': False, }, { 'line': 10, 'code': 'curl_setopt($curl, CURLOPT_URL, URL);', 'result': False }, { 'line': 16, 'code': 'curl_setopt($curl, CURLOPT_URL, $url);', 'result': False }, { 'line': 22, 'code': 'curl_setopt($curl, CURLOPT_URL, $url);', 'result': True, 'repair': False }, { 'line': 28, 'code': 'curl_setopt($curl, CURLOPT_URL, $url);', 'result': True, 'repair': True }] for test in tests: parse = Parse(regex_location, file_path, test['line'], test['code']) self.assertEqual(test['result'], parse.is_controllable_param()) if 'repair' in test: self.assertEqual(test['repair'], parse.is_repair(regex_repair, 1)) file_path = os.path.join(config.Config().project_directory, 'tests/parse/test_single_file.php') tests = [{ 'line': 4, 'code': 'curl_setopt($curl, CURLOPT_URL, $url);', 'result': False }, { 'line': 8, 'code': 'curl_setopt($curl, CURLOPT_URL, $url);', 'result': True }, { 'line': 12, 'code': 'curl_setopt($curl, CURLOPT_URL, $url);', 'result': True, 'repair': True }] for test in tests: parse = Parse(regex_location, file_path, test['line'], test['code']) self.assertEqual(test['result'], parse.is_controllable_param()) if 'repair' in test: self.assertEqual(test['repair'], parse.is_repair(regex_repair, 1))
class Test(unittest.TestCase): domain = '{0}:{1}'.format( config.Config('cobra', 'host').value, config.Config('cobra', 'port').value) api = 'http://' + domain + '/api/{0}' api = 'http://cobra.meili-inc.com/api/{0}' headers = {"Content-Type": "application/json"} key = common.md5('CobraAuthKey') target = 'https://github.com/wufeifei/dict.git' branch = 'master' def test_api(self): """ Cobra API Test :return: """ payload = json.dumps({ "key": self.key, "target": self.target, "branch": self.branch }) try: response = requests.post(self.api.format('add'), data=payload, headers=self.headers) response_json = response.json() code = response_json.get('code') print(code) # self.assertEqual(code, 1001) except (requests.ConnectionError, requests.HTTPError) as e: self.fail("API Add failed: {0}".format(e)) def test_all_projects(self): with open('/Volumes/Statics/Downloads/all-projects.txt') as f: for index, line in enumerate(f): self.target = line.strip() print(index, self.target) self.test_api() def test_push(self): from daemon import push_vulnerabilities, error_handler from utils.third_party import Vulnerabilities v = Vulnerabilities() data = [{ "name": "Cobra发现(/path/to/mogujie)项目一处SSRF漏洞", "time": "2016-09-12 17:01:40", "vuln_type": "10000000", "filepath": "/path/to/test.php", "linenum": "123", "code": "\r\n\r\n$str = $_GET['test'];\r\necho $str;", "summitid": v.key, "signid": '12', 'description': '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!' }] push_vulnerabilities.apply_async(data, link_error=error_handler.s(), serializer='json') def test_config(self): from utils.config import Config status = Config('third_party_vulnerabilities', 'status').value self.assertTrue(int(status))
def __init__(self): domain = '{0}:{1}'.format(config.Config('cobra', 'host').value, config.Config('cobra', 'port').value) self.api = 'http://' + domain + '/api/{0}' self.headers = {"Content-Type": "application/json"} self.key = common.md5('CobraAuthKey') self.branch = 'master'
def run(self): # create database structure log.debug("Start create database structure...") try: db.create_all() except exc.SQLAlchemyError as e: log.critical("MySQL database error: {0}\nFAQ: {1}".format(e, 'https://github.com/wufeifei/cobra/wiki/Error#mysql')) sys.exit(0) log.debug("Create Structure Success.") # insert base data from app.models import CobraAuth, CobraLanguages, CobraAdminUser, CobraVuls # table `auth` log.debug('Insert api key...') auth = CobraAuth('manual', common.md5('CobraAuthKey'), 1) db.session.add(auth) # table `languages` log.debug('Insert language...') languages = { "php": ".php|.php3|.php4|.php5", "jsp": ".jsp", "java": ".java", "html": ".html|.htm|.phps|.phtml", "js": ".js", "backup": ".zip|.bak|.tar|.tar.gz|.rar", "xml": ".xml", "image": ".jpg|.png|.bmp|.gif|.ico|.cur", "font": ".eot|.otf|.svg|.ttf|.woff", "css": ".css|.less|.scss|.styl", "exe": ".exe", "shell": ".sh", "log": ".log", "text": ".txt|.text", "flash": ".swf", "yml": ".yml", "cert": ".p12|.crt|.key|.pfx|.csr", "psd": ".psd", "iml": ".iml", "spf": ".spf", "markdown": ".md", "office": ".doc|.docx|.wps|.rtf|.csv|.xls|.ppt", "bat": ".bat", "PSD": ".psd", "Thumb": ".db", } for language, extensions in languages.iteritems(): a_language = CobraLanguages(language, extensions) db.session.add(a_language) # table `user` log.debug('Insert admin user...') username = '******' password = '******' role = 1 # 1: super admin, 2: admin, 3: rules admin a_user = CobraAdminUser(username, password, role) db.session.add(a_user) # table `vuls` log.debug('Insert vuls...') vuls = [ 'SQL Injection', 'LFI/RFI', 'Header Injection', 'XSS', 'CSRF', 'Logic Bug', 'Command Execute', 'Code Execute', 'Information Disclosure', 'Data Exposure', 'Xpath Injection', 'LDAP Injection', 'XML/XXE Injection', 'Unserialize', 'Variables Override', 'URL Redirect', 'Weak Function', 'Buffer Overflow', 'Deprecated Function', 'Stack Trace', 'Resource Executable', 'SSRF', 'Misconfiguration', 'Components' ] for vul in vuls: a_vul = CobraVuls(vul, 'Vul Description', 'Vul Repair') db.session.add(a_vul) # commit db.session.commit() log.debug('All Done.')
def homepage(): data = { 'key': common.md5('CobraAuthKey') } return render_template('index.html', data=data)