def delete(self):
if not session.get('status'):
return redirect(url_for('html_system_login'), 302)
args = self.parser.parse_args()
key_cus_name = args.cus_name
user_query = SrcCustomer.query.filter(
SrcCustomer.cus_name == key_cus_name).first()
if not user_query: # 删除的厂商不存在
addlog(session.get('username'), session.get('login_ip'),
f'删除厂商:[{key_cus_name}] 失败,原因:该厂商不存在')
return {'status_code': 500, 'msg': '删除厂商失败,无此厂商'}
DB.session.delete(user_query)
try:
DB.session.commit()
except:
DB.session.rollback()
return {'status_code': 500, 'msg': '删除厂商失败,SQL错误'}
addlog(session.get('username'), session.get('login_ip'),
f'删除厂商:[{key_cus_name}] 成功')
return {'status_code': 200, 'msg': '删除厂商成功'}
def delete(self):
if not session.get('status'):
return {'result': {'status_code': 401}}
args = self.parser.parse_args()
key_domain = escape(args.domain)
domain_query = SrcDomain.query.filter(
SrcDomain.domain == key_domain).first()
if not domain_query: # 删除的domain不存在
return {'result': {'status_code': 202}}
DB.session.delete(domain_query)
try:
DB.session.commit()
except Exception as e:
DB.session.rollback()
logger.log('ALERT', f'删除主任务失败,{e}')
return {'result': {'status_code': 500}}
addlog(session.get('username'), session.get('login_ip'),
f'删除主任务:[{key_domain}] 成功')
logger.log('INFOR', f'删除主任务成功,{key_domain}')
return {'result': {'status_code': 200}}
def post(self):
if not session.get('status'):
return {'result': {'status_code': 401}}
args = self.parser.parse_args()
key_time = args.url_time
url_query = SrcUrls.query.filter(SrcUrls.url_time == key_time).first()
if not url_query: # 添加的url不存在
return {'result': {'status_code': 202}}
url_query.flag = True
url_query.reptile = True
try:
DB.session.commit()
except Exception as e:
DB.session.rollback()
logger.log('ALERT', f'添加URL扫描任务失败,{e}')
return {'result': {'status_code': 500}}
addlog(session.get('username'), session.get('login_ip'),
f'添加URL扫描任务成功')
logger.log('INFOR', f'添加URL扫描任务成功')
return {'result': {'status_code': 200}}
def put(self):
'''发送测试邮件'''
if not session.get('status'):
return redirect(url_for('html_system_login'), 302)
mail_query = MailSetting.query.first()
if not mail_query:
return {'status_code': 201, 'msg': f'发送邮件失败,请完成上一步操作'}
args = self.parser.parse_args()
key_address_email = args.address_email
key_mail_title = args.mail_title
key_mail_txt = args.mail_txt
smail = SMail()
result, msg = smail.send_mail(key_address_email, key_mail_title,
key_mail_txt)
if result:
addlog(session.get('username'), session.get('login_ip'),
f'发送测试邮件成功:[{key_mail_title}]')
return {'status_code': 200, 'msg': '发送邮件成功'}
else:
return {'status_code': 201, 'msg': f'发送邮件失败:{msg}'}
def post(self):
if not session.get('status'):
return {'result': {'status_code': 401}}
args = self.parser.parse_args()
key_xingming = args.xingming
key_phone = args.phone
key_email = args.email
key_remark = args.remark
user_query = User.query.filter(
User.username == session.get('username')).first()
if not user_query:
addlog(session.get('username'), session.get('login_ip'),
'修改用户资料失败,原因:越权修改其他用户')
return {'result': {'status_code': 500}}
user_query.name = key_xingming
user_query.phone = key_phone
user_query.email = key_email
if key_remark:
user_query.remark = key_remark
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', f'用户修改资料接口SQL错误:{e}')
DB.session.rollback()
addlog(session.get('username'), session.get('login_ip'),
'修改用户资料失败,原因:SQL错误')
return {'result': {'status_code': 500}}
addlog(session.get('username'), session.get('login_ip'), '修改用户资料成功')
logger.log('INFOR', f"[{session.get('username')}]修改用户资料成功")
return {'result': {'status_code': 200}}
def post(self):
if not session.get('status'):
return {'result': {'status_code': 401}}
args = self.parser.parse_args()
key_old_password = args.old_password
key_new_password = args.new_password
key_again_password = args.again_password
if key_new_password != key_again_password:
return {'result': {'status_code': 203}}
if key_old_password == key_new_password:
return {'result': {'status_code': 204}}
user_query = User.query.filter(
User.username == session.get('username')).first()
if not user_query:
addlog(session.get('username'), session.get('login_ip'),
'修改用户密码失败,原因:不存在此账户')
return {'result': {'status_code': 500}}
if not check_password_hash(user_query.password,
key_old_password): # 检测原密码
addlog(session.get('username'), session.get('login_ip'),
'修改用户密码失败,原因:原密码不正确')
return {'result': {'status_code': 201}}
user_query.password = generate_password_hash(key_new_password) # 更新密码
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', f'用户修改密码接口SQL错误:{e}')
DB.session.rollback()
return {'result': {'status_code': 500}}
addlog(session.get('username'), session.get('login_ip'), '修改用户密码成功')
logger.log('INFOR', f"[{session.get('username')}]修改用户密码成功")
return {'result': {'status_code': 200}}
def post(self):
if not session.get('status'):
return redirect(url_for('html_system_login'), 302)
args = self.parser.parse_args()
key_phone = args.phone
key_email = args.email
key_remark = args.remark
user_query = User.query.filter(
User.username == session.get('username')).first()
if not user_query:
addlog(session.get('username'), session.get('login_ip'),
'修改用户资料失败,原因:越权修改其他用户')
return {'status_code': 500, 'msg': '禁止越权修改用户信息'}
user_query.phone = key_phone
user_query.email = key_email
if key_remark:
user_query.remark = key_remark
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', f'用户修改资料接口SQL错误:{e}')
DB.session.rollback()
addlog(session.get('username'), session.get('login_ip'),
'修改用户资料失败,原因:SQL错误')
return {'status_code': 500, 'msg': '修改用户资料失败,SQL出错'}
addlog(session.get('username'), session.get('login_ip'), '修改用户资料成功')
logger.log('INFOR', f"[{session.get('username')}]修改用户资料成功")
return {'status_code': 200}
def post(self):
if not session.get('status'):
return redirect(url_for('html_system_login'), 302)
args = self.parser.parse_args()
key_old_password = args.old_password
key_new_password = args.new_password
key_again_password = args.again_password
if key_new_password != key_again_password:
return {'status_code': 201, 'msg': '两次输入的新密码不一致'}
if key_old_password == key_new_password:
return {'status_code': 201, 'msg': '新密码不能和旧密码一致'}
user_query = User.query.filter(
User.username == session.get('username')).first()
if not user_query:
addlog(session.get('username'), session.get('login_ip'),
'修改用户密码失败,原因:不存在此账户')
return {'status_code': 201, 'msg': '修改密码失败,session失效'}
if not check_password_hash(user_query.password,
key_old_password): # 检测原密码
addlog(session.get('username'), session.get('login_ip'),
'修改用户密码失败,原因:原密码不正确')
return {'status_code': 201, 'msg': '修改密码失败,旧密码不正确'}
user_query.password = generate_password_hash(key_new_password) # 更新密码
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', f'用户修改密码接口SQL错误:{e}')
DB.session.rollback()
return {'status_code': 201, 'msg': '修改密码失败,SQL错误'}
addlog(session.get('username'), session.get('login_ip'), '修改用户密码成功')
logger.log('INFOR', f"[{session.get('username')}]修改用户密码成功")
return {'status_code': 200, 'msg': '修改密码成功'}
def put(self):
'''添加厂商'''
if not session.get('status'):
return redirect(url_for('html_system_login'), 302)
args = self.parser.parse_args()
key_cus_name = args.cus_name
key_cus_home = args.cus_home
src_customer_query = SrcCustomer.query.filter(SrcCustomer.cus_name == key_cus_name).first()
if src_customer_query:
return {'status_code': 201, 'msg': f'已存在[{key_cus_name}]厂商名'}
src_customer_query = SrcCustomer(key_cus_name, key_cus_home)
DB.session.add(src_customer_query)
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', '厂商添加接口SQL错误:%s' % e)
DB.session.rollback()
return {'status_code': 500, 'msg': '添加厂商失败,原因:SQL错误'}
addlog(session.get('username'), session.get('login_ip'), f'[{key_cus_name}]厂商添加成功')
logger.log('INFOR', f'[{key_cus_name}]厂商添加成功')
return {'status_code': 200, 'msg': '添加厂商成功'}
def post(self):
'''更新SMTP配置'''
if not session.get('status'):
return redirect(url_for('html_system_login'), 302)
args = self.parser.parse_args()
key_smtp_ip = args.smtp_ip
key_smtp_port = args.smtp_port
key_smtp_username = args.smtp_username
key_smtp_password = args.smtp_password
key_smtp_ssl = args.smtp_ssl
APP.config.update(MAIL_SERVER=key_smtp_ip,
MAIL_PORT=key_smtp_port,
MAIL_USERNAME=key_smtp_username,
MAIL_PASSWORD=key_smtp_password,
MAIL_DEFAULT_SENDER=(key_smtp_username,
key_smtp_username),
MAIL_USE_TLS=key_smtp_ssl)
mail_query = MailSetting.query.first()
if mail_query:
mail_query.smtp_ip = key_smtp_ip
mail_query.smtp_port = key_smtp_port
mail_query.smtp_username = key_smtp_username
mail_query.smtp_password = key_smtp_password
mail_query.smtp_ssl = key_smtp_ssl
else:
mail_query = MailSetting(key_smtp_ip, key_smtp_port,
key_smtp_username, key_smtp_password,
key_smtp_ssl)
DB.session.add(mail_query)
try:
DB.session.commit()
except Exception as e:
logger.log('ALERT', f'更新SMTP配置失败,原因:{e}')
DB.session.rollback()
return {'status_code': 500, 'msg': '更新SMTP配置失败,SQL错误'}
addlog(session.get('username'), session.get('login_ip'), '更新SMTP配置成功')
logger.log('INFOR', f'更新SMTP配置成功[{key_smtp_ip}]')
return {'status_code': 200, 'msg': '更新SMTP配置成功'}
def put(self):
if not session.get('status'):
return {'result': {'status_code': 401}}
args = self.parser.parse_args()
key_scan_dict = args.scan.replace("'", '"')
try:
key_scan_dict = json.loads(key_scan_dict)
except:
return {'result': {'status_code': 500}}
for key, value in key_scan_dict.items():
url_query = SrcVulnerabilitie.query.filter(SrcVulnerabilitie.time == key_scan_dict[key]['time']).first()
if not url_query:
continue
else:
DB.session.delete(url_query)
try:
DB.session.commit()
except Exception as e:
DB.session.rollback()
logger.log('ALERT', f'批量删除漏洞任务失败,{e}')
return {'result': {'status_code': 500}}
addlog(session.get('username'), session.get('login_ip'), f'批量删除漏洞任务成功')
logger.log('INFOR', f'批量删除漏洞任务成功')
return {'result': {'status_code': 200}}
def delete(self):
if not session.get('status'):
return redirect(url_for('html_system_login'), 302)
args = self.parser.parse_args()
key_scan_dict = args.vlus.replace("'", '"')
try:
key_scan_dict = json.loads(key_scan_dict)
except:
return {'status_code': 500, 'msg': '删除漏洞失败'}
for key, value in key_scan_dict.items():
url_query = SrcVul.query.filter(SrcVul.vul_time == key_scan_dict[key]['time']).first()
if not url_query:
continue
else:
DB.session.delete(url_query)
try:
DB.session.commit()
except Exception as e:
DB.session.rollback()
logger.log('ALERT', f'批量删除漏洞任务失败,{e}')
return {'status_code': 500, 'msg': '删除漏洞失败'}
addlog(session.get('username'), session.get('login_ip'), f'批量删除漏洞成功')
logger.log('INFOR', f'批量删除漏洞成功')
return {'status_code': 200, 'msg': '删除漏洞成功'}
