コード例 #1
0
ファイル: VulsController.py プロジェクト: sun9git/cobra
def edit_vul(vul_id):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "name", "description", "repair")
        ret, msg = vc.check_args()

        if not ret:
            return jsonify(tag="danger", msg=msg)

        v = CobraVuls.query.filter_by(id=vul_id).first()
        v.name = vc.args.name
        v.description = vc.args.description
        v.repair = vc.args.repair

        try:
            db.session.add(v)
            db.session.commit()
            return jsonify(tag='success', msg='save success.')
        except:
            return jsonify(tag='danger', msg='save failed. Try again later?')
    else:
        v = CobraVuls.query.filter_by(id=vul_id).first()
        return render_template('backend/vul/edit_vul.html', data={
            'vul': v,
        })
コード例 #2
0
ファイル: RulesController.py プロジェクト: 0x24bin/cobra
def add_new_rule():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':
        vc = ValidateClass(request, 'vul_type', 'language', 'regex', 'regex_confirm',
                           'description', 'repair', 'level')
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        rule = CobraRules(vc.vars.vul_type, vc.vars.language, vc.vars.regex, vc.vars.regex_confirm,
                          vc.vars.description, vc.vars.repair, 1, vc.vars.level, current_time, current_time)
        try:
            db.session.add(rule)
            db.session.commit()
            return jsonify(tag='success', msg='add success.')
        except:
            return jsonify(tag='danger', msg='add failed, try again later?')
    else:
        vul_type = CobraVuls.query.all()
        languages = CobraLanguages.query.all()
        data = {
            'vul_type': vul_type,
            'languages': languages
        }
        return render_template('backend/rule/add_new_rule.html', data=data)
コード例 #3
0
ファイル: BackendAPIController.py プロジェクト: 0x24bin/cobra
def all_languages_count():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    languages_count = CobraLanguages.query.count()
    return str(languages_count)
コード例 #4
0
def edit_project(project_id):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == "POST":

        vc = ValidateClass(request, "project_id", "name", "repository",
                           "author", "remark")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        project = CobraProjects.query.filter_by(id=project_id).first()
        if not project:
            return jsonify(tag='danger', msg='wrong project id.')

        # update project data
        project.name = vc.vars.name
        project.author = vc.vars.author
        project.remark = vc.vars.remark
        project.repository = vc.vars.repository
        project.updated_at = current_time
        try:
            db.session.add(project)
            db.session.commit()
            return jsonify(tag='success', msg='save success.')
        except:
            return jsonify(tag='danger', msg='Unknown error.')
    else:
        project = CobraProjects.query.filter_by(id=project_id).first()
        return render_template('backend/project/edit_project.html',
                               data={'project': project})
コード例 #5
0
ファイル: BackendAPIController.py プロジェクト: 0x24bin/cobra
def all_rules_count():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    rules_count = CobraRules.query.count()
    return str(rules_count)
コード例 #6
0
ファイル: BackendAPIController.py プロジェクト: 0x24bin/cobra
def all_vuls_count():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    vuls_count = CobraVuls.query.count()
    return str(vuls_count)
コード例 #7
0
ファイル: RulesController.py プロジェクト: sun9git/cobra
def add_new_rule():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':
        vc = ValidateClass(request, 'vul_type', 'language', 'regex',
                           'regex_confirm', 'description', 'repair', 'level')
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        block_repair = 1
        rule = CobraRules(vc.vars.vul_type, vc.vars.language, vc.vars.regex,
                          vc.vars.regex_confirm, block_repair,
                          vc.vars.description, vc.vars.repair, 1,
                          vc.vars.level, current_time, current_time)
        try:
            db.session.add(rule)
            db.session.commit()
            return jsonify(tag='success', msg='add success.')
        except:
            return jsonify(tag='danger', msg='add failed, try again later?')
    else:
        vul_type = CobraVuls.query.all()
        languages = CobraLanguages.query.all()
        data = {'vul_type': vul_type, 'languages': languages}
        return render_template('backend/rule/add_new_rule.html', data=data)
コード例 #8
0
ファイル: ProjectsController.py プロジェクト: 0x24bin/cobra
def edit_project(project_id):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == "POST":

        vc = ValidateClass(request, "project_id", "name", "repository", "author", "remark")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        project = CobraProjects.query.filter_by(id=project_id).first()
        if not project:
            return jsonify(tag='danger', msg='wrong project id.')

        # update project data
        project.name = vc.vars.name
        project.author = vc.vars.author
        project.remark = vc.vars.remark
        project.repository = vc.vars.repository
        project.updated_at = current_time
        try:
            db.session.add(project)
            db.session.commit()
            return jsonify(tag='success', msg='save success.')
        except:
            return jsonify(tag='danger', msg='Unknown error.')
    else:
        project = CobraProjects.query.filter_by(id=project_id).first()
        return render_template('backend/project/edit_project.html', data={
            'project': project
        })
コード例 #9
0
ファイル: BackendAPIController.py プロジェクト: 0x24bin/cobra
def all_projects_count():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    projects_count = CobraProjects.query.count()
    return str(projects_count)
コード例 #10
0
ファイル: WhiteListsController.py プロジェクト: 0x24bin/cobra
def add_whitelist():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "project_id", "rule_id", "path", "reason")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        if vc.vars.path[0] != '/':
            vc.vars.path = '/' + vc.vars.path
        whitelist = CobraWhiteList(vc.vars.project_id, vc.vars.rule_id, vc.vars.path, vc.vars.reason,
                                   1, current_time, current_time)
        try:
            db.session.add(whitelist)
            db.session.commit()
            return jsonify(tag='success', msg='add success.')
        except:
            return jsonify(tag='danger', msg='unknown error. Try again later?')
    else:
        rules = CobraRules.query.all()
        projects = CobraProjects.query.all()
        data = {
            'rules': rules,
            'projects': projects,
        }
        return render_template('backend/whitelist/add_new_whitelist.html', data=data)
コード例 #11
0
ファイル: BackendAPIController.py プロジェクト: 0x24bin/cobra
def all_whitelists_count():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    whitelists_count = CobraWhiteList.query.count()
    return str(whitelists_count)
コード例 #12
0
ファイル: BackendAPIController.py プロジェクト: 0x24bin/cobra
def all_tasks_count():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    tasks_count = CobraTaskInfo.query.count()
    return str(tasks_count)
コード例 #13
0
ファイル: DashboardController.py プロジェクト: 0x24bin/cobra
def get_scan_information():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == "POST":
        start_time_stamp = request.form.get("start_time_stamp")[0:10]
        end_time_stamp = request.form.get("end_time_stamp")[0:10]
        start_time_array = datetime.datetime.fromtimestamp(int(start_time_stamp))
        end_time_array = datetime.datetime.fromtimestamp(int(end_time_stamp))

        if start_time_stamp >= end_time_stamp:
            return jsonify(tag="danger", msg="wrong date select.", code=1002)

        task_count = CobraTaskInfo.query.filter(
            and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp)
        ).count()
        vulns_count = CobraResults.query.filter(
            and_(CobraResults.created_at >= start_time_array, CobraResults.created_at <= end_time_array)
        ).count()
        projects_count = CobraProjects.query.filter(
            and_(CobraProjects.last_scan >= start_time_array, CobraProjects.last_scan <= end_time_array)
        ).count()
        files_count = db.session.query(func.sum(CobraTaskInfo.file_count).label('files')).filter(
            and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp)
        ).first()[0]
        code_number = db.session.query(func.sum(CobraTaskInfo.code_number).label('codes')).filter(
            and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp)
        ).first()[0]

        return jsonify(code=1001, task_count=task_count, vulns_count=vulns_count, projects_count=projects_count,
                       files_count=int(files_count), code_number=int(code_number))
コード例 #14
0
def edit_language(language_id):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    if request.method == "POST":

        vc = ValidateClass(request, "language", "extensions")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        l = CobraLanguages.query.filter_by(id=language_id).first()
        try:
            l.language = vc.vars.language
            l.extensions = vc.vars.extensions
            db.session.add(l)
            db.session.commit()
            return jsonify(tag="success", msg="update success.")
        except:
            return jsonify(tag="danger", msg="try again later?")

    else:
        l = CobraLanguages.query.filter_by(id=language_id).first()
        data = {
            'language': l,
        }
        return render_template("backend/language/edit_language.html",
                               data=data)
コード例 #15
0
ファイル: IndexController.py プロジェクト: 0x24bin/cobra
def index():

    if ValidateClass.check_login():
        return redirect(ADMIN_URL + '/main')

    if request.method == "POST":

        vc = ValidateClass(request, 'username', 'password')
        ret, msg = vc.check_args()

        if not ret:
            return msg

        au = CobraAdminUser.query.filter_by(username=vc.vars.username).first()
        if not au or not au.verify_password(vc.vars.password):
            # login failed.
            return "Wrong username or password."
        else:
            # login success.
            session['role'] = au.role
            session['username'] = escape(au.username)
            session['is_login'] = True

            current_time = time.strftime('%Y-%m-%d %X', time.localtime())
            au.last_login_time = current_time
            au.last_login_ip = request.remote_addr
            db.session.add(au)
            db.session.commit()

            return "Login success, jumping...<br /><script>window.setTimeout(\"location='main'\", 1000);</script>"
    else:
        return render_template("backend/index/index.html")
コード例 #16
0
ファイル: VulsController.py プロジェクト: ReturnHere/cobra
def edit_vul(vul_id):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    if request.method == "POST":

        vc = ValidateClass(request, "name", "description", "repair")
        ret, msg = vc.check_args()

        if not ret:
            return jsonify(tag="danger", msg=msg)

        v = CobraVuls.query.filter_by(id=vul_id).first()
        v.name = vc.args.name
        v.description = vc.args.description
        v.repair = vc.args.repair

        try:
            db.session.add(v)
            db.session.commit()
            return jsonify(tag="success", msg="save success.")
        except:
            return jsonify(tag="danger", msg="save failed. Try again later?")
    else:
        v = CobraVuls.query.filter_by(id=vul_id).first()
        return render_template("backend/vul/edit_vul.html", data={"vul": v})
コード例 #17
0
ファイル: LanguagesController.py プロジェクト: 0x24bin/cobra
def edit_language(language_id):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    if request.method == "POST":

        vc = ValidateClass(request, "language", "extensions")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        l = CobraLanguages.query.filter_by(id=language_id).first()
        try:
            l.language = vc.vars.language
            l.extensions = vc.vars.extensions
            db.session.add(l)
            db.session.commit()
            return jsonify(tag="success", msg="update success.")
        except:
            return jsonify(tag="danger", msg="try again later?")

    else:
        l = CobraLanguages.query.filter_by(id=language_id).first()
        data = {
            'language': l,
        }
        return render_template("backend/language/edit_language.html", data=data)
コード例 #18
0
def index():

    if ValidateClass.check_login():
        return redirect(ADMIN_URL + '/main')

    if request.method == "POST":

        vc = ValidateClass(request, 'username', 'password')
        ret, msg = vc.check_args()

        if not ret:
            return msg

        au = CobraAdminUser.query.filter_by(username=vc.vars.username).first()
        if not au or not au.verify_password(vc.vars.password):
            # login failed.
            return "Wrong username or password."
        else:
            # login success.
            session['role'] = au.role
            session['username'] = escape(au.username)
            session['is_login'] = True

            current_time = time.strftime('%Y-%m-%d %X', time.localtime())
            au.last_login_time = current_time
            au.last_login_ip = request.remote_addr
            db.session.add(au)
            db.session.commit()

            return "Login success, jumping...<br /><script>window.setTimeout(\"location='main'\", 1000);</script>"
    else:
        return render_template("backend/index/index.html")
コード例 #19
0
ファイル: VulsController.py プロジェクト: ReturnHere/cobra
def vuls(page):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    per_page_vuls = 10
    all_vuls = CobraVuls.query.order_by("id desc").limit(per_page_vuls).offset((page - 1) * per_page_vuls).all()
    data = {"vuls": all_vuls}
    return render_template("backend/vul/vuls.html", data=data)
コード例 #20
0
def languages():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    languages = CobraLanguages.query.order_by(CobraLanguages.id.desc()).all()
    data = {
        'languages': languages,
    }
    return render_template("backend/language/languages.html", data=data)
コード例 #21
0
ファイル: LanguagesController.py プロジェクト: 0x24bin/cobra
def languages():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    languages = CobraLanguages.query.order_by('id desc').all()
    data = {
        'languages': languages,
    }
    return render_template("backend/language/languages.html", data=data)
コード例 #22
0
ファイル: ProjectsController.py プロジェクト: 0x24bin/cobra
def projects(page):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    per_page = 10
    project = CobraProjects.query.order_by('id desc').limit(per_page).offset((page - 1) * per_page).all()
    data = {
        'projects': project,
    }
    return render_template("backend/project/projects.html", data=data)
コード例 #23
0
ファイル: WhiteListsController.py プロジェクト: 0x24bin/cobra
def whitelists(page):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    per_page = 10
    whitelists = CobraWhiteList.query.order_by('id desc').limit(per_page).offset((page - 1) * per_page).all()
    data = {
        'whitelists': whitelists,
    }
    return render_template('backend/whitelist/whitelists.html', data=data)
コード例 #24
0
ファイル: VulsController.py プロジェクト: sun9git/cobra
def vuls(page):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    per_page_vuls = 10
    all_vuls = CobraVuls.query.order_by('id desc').limit(per_page_vuls).offset((page-1)*per_page_vuls).all()
    data = {
        'vuls': all_vuls
    }
    return render_template('backend/vul/vuls.html', data=data)
コード例 #25
0
def projects(page):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    per_page = 10
    project = CobraProjects.query.order_by('id desc').limit(per_page).offset(
        (page - 1) * per_page).all()
    data = {
        'projects': project,
    }
    return render_template("backend/project/projects.html", data=data)
コード例 #26
0
ファイル: SearchController.py プロジェクト: sun9git/cobra
def search_rules():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "language", "vul")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        rules = None

        if vc.vars.language == 'all' and vc.vars.vul == 'all':
            rules = CobraRules.query.all()
        elif vc.vars.language == 'all' and vc.vars.vul != 'all':
            rules = CobraRules.query.filter_by(vul_id=vc.vars.vul).all()
        elif vc.vars.language != 'all' and vc.vars.vul == 'all':
            rules = CobraRules.query.filter_by(language=vc.vars.language).all()
        elif vc.vars.language != 'all' and vc.vars.vul != 'all':
            rules = CobraRules.query.filter_by(language=vc.vars.language,
                                               vul_id=vc.vars.vul).all()
        else:
            return 'error!'

        cobra_vuls = CobraVuls.query.all()
        cobra_lang = CobraLanguages.query.all()
        all_vuls = {}
        all_language = {}
        for vul in cobra_vuls:
            all_vuls[vul.id] = vul.name
        for lang in cobra_lang:
            all_language[lang.id] = lang.language

        # replace id with real name
        for rule in rules:
            try:
                rule.vul_id = all_vuls[rule.vul_id]
            except KeyError:
                rule.vul_id = 'Unknown Type'
            try:
                rule.language = all_language[rule.language]
            except KeyError:
                rule.language = 'Unknown Language'

        data = {
            'rules': rules,
        }

        return render_template('backend/rule/rules.html', data=data)
コード例 #27
0
ファイル: SearchController.py プロジェクト: sun9git/cobra
def search_rules_bar():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    languages = CobraLanguages.query.all()
    vuls = CobraVuls.query.all()

    data = {
        'languages': languages,
        'vuls': vuls,
    }

    return render_template('backend/index/search_rules_bar.html', data=data)
コード例 #28
0
ファイル: SearchController.py プロジェクト: 0x24bin/cobra
def search_rules():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "language", "vul")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        rules = None

        if vc.vars.language == 'all' and vc.vars.vul == 'all':
            rules = CobraRules.query.all()
        elif vc.vars.language == 'all' and vc.vars.vul != 'all':
            rules = CobraRules.query.filter_by(vul_id=vc.vars.vul).all()
        elif vc.vars.language != 'all' and vc.vars.vul == 'all':
            rules = CobraRules.query.filter_by(language=vc.vars.language).all()
        elif vc.vars.language != 'all' and vc.vars.vul != 'all':
            rules = CobraRules.query.filter_by(language=vc.vars.language, vul_id=vc.vars.vul).all()
        else:
            return 'error!'

        cobra_vuls = CobraVuls.query.all()
        cobra_lang = CobraLanguages.query.all()
        all_vuls = {}
        all_language = {}
        for vul in cobra_vuls:
            all_vuls[vul.id] = vul.name
        for lang in cobra_lang:
            all_language[lang.id] = lang.language

        # replace id with real name
        for rule in rules:
            try:
                rule.vul_id = all_vuls[rule.vul_id]
            except KeyError:
                rule.vul_id = 'Unknown Type'
            try:
                rule.language = all_language[rule.language]
            except KeyError:
                rule.language = 'Unknown Language'

        data = {
            'rules': rules,
        }

        return render_template('backend/rule/rules.html', data=data)
コード例 #29
0
ファイル: SearchController.py プロジェクト: 0x24bin/cobra
def search_rules_bar():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    languages = CobraLanguages.query.all()
    vuls = CobraVuls.query.all()

    data = {
        'languages': languages,
        'vuls': vuls,
    }

    return render_template('backend/index/search_rules_bar.html', data=data)
コード例 #30
0
ファイル: TasksController.py プロジェクト: sun9git/cobra
def tasks(page):
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    per_page = 10
    tasks = CobraTaskInfo.query.order_by('id desc').limit(per_page).offset((page - 1) * per_page).all()

    # replace data
    for task in tasks:
        task.scan_way = "Full Scan" if task.scan_way == 1 else "Diff Scan"
        task.report = 'http://' + config.Config('cobra', 'domain').value + '/report/' + str(task.id)
    data = {
        'tasks': tasks,
    }
    return render_template('backend/task/tasks.html', data=data)
コード例 #31
0
ファイル: TasksController.py プロジェクト: sun9git/cobra
def del_task():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    vc = ValidateClass(request, "id")
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(tag="danger", msg=msg)

    task = CobraTaskInfo.query.filter_by(id=vc.vars.task_id).first()
    try:
        db.session.delete(task)
        db.session.commit()
        return jsonify(tag='success', msg='delete success.')
    except:
        return jsonify(tag='danger', msg='unknown error.')
コード例 #32
0
ファイル: RulesController.py プロジェクト: 0x24bin/cobra
def del_rule():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    vc = ValidateClass(request, "rule_id")
    vc.check_args()
    vul_id = vc.vars.rule_id
    if vul_id:
        r = CobraRules.query.filter_by(id=vul_id).first()
        try:
            db.session.delete(r)
            db.session.commit()
            return jsonify(tag='success', msg='delete success.')
        except:
            return jsonify(tag='danger', msg='delete failed. Try again later?')
    else:
        return jsonify(tag='danger', msg='wrong id')
コード例 #33
0
ファイル: RulesController.py プロジェクト: sun9git/cobra
def rules(page):
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    per_page = 10
    cobra_rules = CobraRules.query.order_by('id desc').limit(per_page).offset(
        (page - 1) * per_page).all()
    cobra_vuls = CobraVuls.query.all()
    cobra_lang = CobraLanguages.query.all()
    all_vuls = {}
    all_language = {}
    all_level = {1: 'Low', 2: 'Medium', 3: 'High'}
    for vul in cobra_vuls:
        all_vuls[vul.id] = vul.name
    for lang in cobra_lang:
        all_language[lang.id] = lang.language

    # replace id with real name
    status_desc = {1: 'ON', 0: 'OFF'}
    for rule in cobra_rules:
        try:
            rule.vul_id = all_vuls[rule.vul_id]
        except KeyError:
            rule.vul_id = 'Unknown Type'

        try:
            rule.status = status_desc[rule.status]
        except KeyError:
            rule.status = 'Unknown'

        try:
            rule.language = all_language[rule.language]
        except KeyError:
            rule.language = 'Unknown Language'

        try:
            rule.level = all_level[rule.level]
        except KeyError:
            rule.level = 'Unknown Level'

    data = {
        # 'paginate': cobra_rules,
        'rules': cobra_rules,
    }

    return render_template('backend/rule/rules.html', data=data)
コード例 #34
0
def del_language():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    vc = ValidateClass(request, "id")
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(tag="danger", msg=msg)

    l = CobraLanguages.query.filter_by(id=vc.vars.id).first()
    try:
        db.session.delete(l)
        db.session.commit()
        return jsonify(tag="success", msg="delete success.")
    except:
        return jsonify(tag="danger", msg="delete failed.")
コード例 #35
0
ファイル: RulesController.py プロジェクト: sun9git/cobra
def del_rule():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    vc = ValidateClass(request, "rule_id")
    vc.check_args()
    vul_id = vc.vars.rule_id
    if vul_id:
        r = CobraRules.query.filter_by(id=vul_id).first()
        try:
            db.session.delete(r)
            db.session.commit()
            return jsonify(tag='success', msg='delete success.')
        except:
            return jsonify(tag='danger', msg='delete failed. Try again later?')
    else:
        return jsonify(tag='danger', msg='wrong id')
コード例 #36
0
ファイル: LanguagesController.py プロジェクト: 0x24bin/cobra
def del_language():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    vc = ValidateClass(request, "id")
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(tag="danger", msg=msg)

    l = CobraLanguages.query.filter_by(id=vc.vars.id).first()
    try:
        db.session.delete(l)
        db.session.commit()
        return jsonify(tag="success", msg="delete success.")
    except:
        return jsonify(tag="danger", msg="delete failed.")
コード例 #37
0
ファイル: TasksController.py プロジェクト: sun9git/cobra
def edit_task(task_id):
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        # vc = ValidateClass(request, "branch", "scan_way", "new_version", "old_version", "target")
        # ret, msg = vc.check_args()
        # if not ret:
        #     return jsonify(tag="danger", msg=msg)
        # TODO: check new_version and old_version when scan_way == 2
        branch = request.form.get('branch')
        scan_way = request.form.get('scan_way')
        new_version = request.form.get('new_version')
        old_version = request.form.get('old_version')
        target = request.form.get('target')

        if not branch or branch == "":
            return jsonify(tag='danger', msg='branch can not be empty')
        if not scan_way or scan_way == "":
            return jsonify(tag='danger', msg='scan way can not be empty')
        if (scan_way == 2) and ((not new_version or new_version == "") or (not old_version or old_version == "")):
            return jsonify(tag='danger', msg='In diff scan mode, new version and old version can not be empty')
        if not target or target == "":
            return jsonify(tag='danger', msg='Target can not be empty.')

        task = CobraTaskInfo.query.filter_by(id=task_id).first()
        task.branch = branch
        task.scan_way = scan_way
        task.new_version = new_version
        task.old_version = old_version
        task.target = target
        task.updated_time = datetime.datetime.now()

        try:
            db.session.add(task)
            db.session.commit()
            return jsonify(tag='success', msg='save success.')
        except:
            return jsonify(tag='danger', msg='save failed. Try again later?')
    else:
        task = CobraTaskInfo.query.filter_by(id=task_id).first()
        return render_template('backend/task/edit_task.html', data={
            'task': task,
        })
コード例 #38
0
ファイル: RulesController.py プロジェクト: 0x24bin/cobra
def rules(page):
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    per_page = 10
    cobra_rules = CobraRules.query.order_by('id desc').limit(per_page).offset((page - 1) * per_page).all()
    cobra_vuls = CobraVuls.query.all()
    cobra_lang = CobraLanguages.query.all()
    all_vuls = {}
    all_language = {}
    all_level = {1: 'Low', 2: 'Medium', 3: 'High'}
    for vul in cobra_vuls:
        all_vuls[vul.id] = vul.name
    for lang in cobra_lang:
        all_language[lang.id] = lang.language

    # replace id with real name
    status_desc = {1: 'ON', 0: 'OFF'}
    for rule in cobra_rules:
        try:
            rule.vul_id = all_vuls[rule.vul_id]
        except KeyError:
            rule.vul_id = 'Unknown Type'

        try:
            rule.status = status_desc[rule.status]
        except KeyError:
            rule.status = 'Unknown'

        try:
            rule.language = all_language[rule.language]
        except KeyError:
            rule.language = 'Unknown Language'

        try:
            rule.level = all_level[rule.level]
        except KeyError:
            rule.level = 'Unknown Level'

    data = {
        # 'paginate': cobra_rules,
        'rules': cobra_rules,
    }

    return render_template('backend/rule/rules.html', data=data)
コード例 #39
0
def add_project():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')
    if request.method == "POST":
        vc = ValidateClass(request, "name", "repository", "url", "author", "pe", "remark")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        project = CobraProjects(vc.vars.repository, vc.vars.url, vc.vars.name, vc.vars.author, '', vc.vars.pe, vc.vars.remark, current_time)
        try:
            db.session.add(project)
            db.session.commit()
            return jsonify(tag='success', msg='save success.')
        except:
            return jsonify(tag='danger', msg='Unknown error.')
    else:
        return render_template('backend/project/add_project.html', data={})
コード例 #40
0
ファイル: DashboardController.py プロジェクト: z0x010/cobra
def graph_languages():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    show_all = request.form.get("show_all")

    return_value = dict()

    if show_all:
        hit_rules = db.session.query(
            func.count(CobraResults.rule_id).label("cnt"),
            CobraLanguages.language).outerjoin(
                CobraRules, CobraResults.rule_id == CobraRules.id).outerjoin(
                    CobraLanguages,
                    CobraRules.language == CobraLanguages.id).group_by(
                        CobraResults.rule_id).all()
    else:
        start_time_stamp = request.form.get("start_time_stamp")
        end_time_stamp = request.form.get("end_time_stamp")
        start_time = datetime.datetime.fromtimestamp(int(
            start_time_stamp[:10]))
        end_time = datetime.datetime.fromtimestamp(int(end_time_stamp[:10]))
        hit_rules = db.session.query(
            func.count(CobraResults.rule_id).label("cnt"),
            CobraLanguages.language).outerjoin(
                CobraRules, CobraResults.rule_id == CobraRules.id).outerjoin(
                    CobraLanguages,
                    CobraRules.language == CobraLanguages.id).filter(
                        and_(CobraResults.created_at >= start_time,
                             CobraResults.created_at <= end_time)).group_by(
                                 CobraResults.rule_id).all()

    for res in hit_rules:
        if return_value.get(res[1]):
            return_value[res[1]] += res[0]
        else:
            return_value[res[1]] = res[0]
    # 修改结果中的None为Unknown
    try:
        return_value.update(Unknown=return_value.pop(None))
    except KeyError:
        pass
    return jsonify(data=return_value)
コード例 #41
0
ファイル: VulsController.py プロジェクト: sun9git/cobra
def del_vul():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    vc = ValidateClass(request, "vul_id")
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(tag="danger", msg=msg)

    if vc.vars.vul_id:
        v = CobraVuls.query.filter_by(id=vc.vars.vul_id).first()
        try:
            db.session.delete(v)
            db.session.commit()
            return jsonify(tag='success', msg='delete success.')
        except:
            return jsonify(tag='danger', msg='delete failed. Try again later?')
    else:
        return jsonify(tag='danger', msg='wrong id')
コード例 #42
0
ファイル: VulsController.py プロジェクト: ReturnHere/cobra
def del_vul():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    vc = ValidateClass(request, "vul_id")
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(tag="danger", msg=msg)

    if vc.vars.vul_id:
        v = CobraVuls.query.filter_by(id=vc.vars.vul_id).first()
        try:
            db.session.delete(v)
            db.session.commit()
            return jsonify(tag="success", msg="delete success.")
        except:
            return jsonify(tag="danger", msg="delete failed. Try again later?")
    else:
        return jsonify(tag="danger", msg="wrong id")
コード例 #43
0
def add_new_language():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == "POST":

        vc = ValidateClass(request, "language", "extensions")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        l = CobraLanguages(vc.vars.language, vc.vars.extensions)
        try:
            db.session.add(l)
            db.session.commit()
            return jsonify(tag="success", msg="add success")
        except:
            return jsonify(tag="danger", msg="try again later?")
    else:
        return render_template("backend/language/add_new_language.html")
コード例 #44
0
ファイル: LanguagesController.py プロジェクト: 0x24bin/cobra
def add_new_language():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == "POST":

        vc = ValidateClass(request, "language", "extensions")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        l = CobraLanguages(vc.vars.language, vc.vars.extensions)
        try:
            db.session.add(l)
            db.session.commit()
            return jsonify(tag="success", msg="add success")
        except:
            return jsonify(tag="danger", msg="try again later?")
    else:
        return render_template("backend/language/add_new_language.html")
コード例 #45
0
ファイル: RulesController.py プロジェクト: sun9git/cobra
def edit_rule(rule_id):
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "vul_type", "language", "regex",
                           "regex_confirm", "description", "rule_id", "repair",
                           "status", "level")
        ret, msg = vc.check_args()

        if not ret:
            return jsonify(tag="danger", msg=msg)

        r = CobraRules.query.filter_by(id=rule_id).first()
        r.vul_id = vc.vars.vul_type
        r.language = vc.vars.language
        r.regex = vc.vars.regex
        r.regex_confirm = vc.vars.regex_confirm
        r.description = vc.vars.description
        r.repair = vc.vars.repair
        r.status = vc.vars.status
        r.level = vc.vars.level
        r.updated_at = time.strftime('%Y-%m-%d %X', time.localtime())
        try:
            db.session.add(r)
            db.session.commit()
            return jsonify(tag='success', msg='save success.')
        except:
            return jsonify(tag='danger', msg='save failed. Try again later?')
    else:
        r = CobraRules.query.filter_by(id=rule_id).first()
        vul_type = CobraVuls.query.all()
        languages = CobraLanguages.query.all()
        return render_template('backend/rule/edit_rule.html',
                               data={
                                   'rule': r,
                                   'all_vuls': vul_type,
                                   'all_lang': languages,
                               })
コード例 #46
0
ファイル: WhiteListsController.py プロジェクト: 0x24bin/cobra
def edit_whitelist(whitelist_id):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "whitelist_id", "project", "rule", "path", "reason", "status")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        whitelist = CobraWhiteList.query.filter_by(id=whitelist_id).first()
        if not whitelist:
            return jsonify(tag='danger', msg='wrong whitelist')

        whitelist.project_id = vc.vars.project_id
        whitelist.rule_id = vc.vars.rule_id
        whitelist.path = vc.vars.path
        whitelist.reason = vc.vars.reason
        whitelist.status = vc.vars.status

        try:
            db.session.add(whitelist)
            db.session.commit()
            return jsonify(tag='success', msg='update success.')
        except:
            return jsonify(tag='danger', msg='unknown error.')
    else:
        rules = CobraRules.query.all()
        projects = CobraProjects.query.all()
        whitelist = CobraWhiteList.query.filter_by(id=whitelist_id).first()
        data = {
            'rules': rules,
            'projects': projects,
            'whitelist': whitelist,
        }

        return render_template('backend/whitelist/edit_whitelist.html', data=data)
コード例 #47
0
ファイル: VulsController.py プロジェクト: sun9git/cobra
def add_new_vul():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "name", "description", "repair")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        vul = CobraVuls(vc.vars.name, vc.vars.description, vc.vars.repair, current_time, current_time)
        try:
            db.session.add(vul)
            db.session.commit()
            return jsonify(tag='success', msg='Add Success.')
        except:
            return jsonify(tag='danger', msg='Add failed. Please try again later.')
    else:
        return render_template('backend/vul/add_new_vul.html')
コード例 #48
0
ファイル: VulsController.py プロジェクト: ReturnHere/cobra
def add_new_vul():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    if request.method == "POST":

        vc = ValidateClass(request, "name", "description", "repair")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime("%Y-%m-%d %X", time.localtime())
        vul = CobraVuls(vc.vars.name, vc.vars.description, vc.vars.repair, current_time, current_time)
        try:
            db.session.add(vul)
            db.session.commit()
            return jsonify(tag="success", msg="Add Success.")
        except:
            return jsonify(tag="danger", msg="Add failed. Please try again later.")
    else:
        return render_template("backend/vul/add_new_vul.html")
コード例 #49
0
ファイル: ProjectsController.py プロジェクト: 0x24bin/cobra
def del_project():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "id")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        project_id = vc.vars.id
        project = CobraProjects.query.filter_by(id=project_id).first()
        try:
            db.session.delete(project)
            db.session.commit()
            return jsonify(tag='success', msg='delete success.')
        except:
            return jsonify(tag='danger', msg='unknown error. please try later?')
    else:
        return 'Method error!'
コード例 #50
0
def get_scan_information():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == "POST":
        start_time_stamp = request.form.get("start_time_stamp")[0:10]
        end_time_stamp = request.form.get("end_time_stamp")[0:10]
        start_time_array = datetime.datetime.fromtimestamp(
            int(start_time_stamp))
        end_time_array = datetime.datetime.fromtimestamp(int(end_time_stamp))

        if start_time_stamp >= end_time_stamp:
            return jsonify(tag="danger", msg="wrong date select.", code=1002)

        task_count = CobraTaskInfo.query.filter(
            and_(CobraTaskInfo.time_start >= start_time_stamp,
                 CobraTaskInfo.time_start <= end_time_stamp)).count()
        vulns_count = CobraResults.query.filter(
            and_(CobraResults.created_at >= start_time_array,
                 CobraResults.created_at <= end_time_array)).count()
        projects_count = CobraProjects.query.filter(
            and_(CobraProjects.last_scan >= start_time_array,
                 CobraProjects.last_scan <= end_time_array)).count()
        files_count = db.session.query(
            func.sum(CobraTaskInfo.file_count).label('files')).filter(
                and_(CobraTaskInfo.time_start >= start_time_stamp,
                     CobraTaskInfo.time_start <= end_time_stamp)).first()[0]
        code_number = db.session.query(
            func.sum(CobraTaskInfo.code_number).label('codes')).filter(
                and_(CobraTaskInfo.time_start >= start_time_stamp,
                     CobraTaskInfo.time_start <= end_time_stamp)).first()[0]

        return jsonify(code=1001,
                       task_count=task_count,
                       vulns_count=vulns_count,
                       projects_count=projects_count,
                       files_count=int(files_count),
                       code_number=int(code_number))
コード例 #51
0
def del_project():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "id")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        project_id = vc.vars.id
        project = CobraProjects.query.filter_by(id=project_id).first()
        try:
            db.session.delete(project)
            db.session.commit()
            return jsonify(tag='success', msg='delete success.')
        except:
            return jsonify(tag='danger',
                           msg='unknown error. please try later?')
    else:
        return 'Method error!'
コード例 #52
0
def dashboard():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    cobra_rules = db.session.query(
        CobraRules.id,
        CobraRules.vul_id,
    ).all()
    cobra_vuls = db.session.query(CobraVuls.id, CobraVuls.name).all()

    # get today date time and timestamp
    today_time_array = datetime.date.today()
    today_time_stamp = int(time.mktime(today_time_array.timetuple()))
    tomorrow_time_stamp = today_time_stamp + 3600 * 24
    tomorrow_time_array = datetime.datetime.fromtimestamp(
        int(tomorrow_time_stamp))

    # total overview
    total_task_count = CobraTaskInfo.query.count()
    total_vulns_count = CobraResults.query.count()
    total_projects_count = CobraProjects.query.count()
    total_files_count = db.session.query(
        func.sum(CobraTaskInfo.file_count).label('files')).first()[0]
    total_code_number = db.session.query(
        func.sum(CobraTaskInfo.code_number).label('codes')).first()[0]

    # today overview
    today_task_count = CobraTaskInfo.query.filter(
        and_(CobraTaskInfo.time_start >= today_time_stamp,
             CobraTaskInfo.time_start <= tomorrow_time_stamp)).count()
    today_vulns_count = CobraResults.query.filter(
        and_(CobraResults.created_at >= today_time_array,
             CobraResults.created_at <= tomorrow_time_array)).count()
    today_projects_count = CobraProjects.query.filter(
        and_(CobraProjects.last_scan >= today_time_array,
             CobraProjects.last_scan <= tomorrow_time_array)).count()
    today_files_count = db.session.query(
        func.sum(CobraTaskInfo.file_count).label('files')).filter(
            and_(CobraTaskInfo.time_start >= today_time_stamp,
                 CobraTaskInfo.time_start <= tomorrow_time_stamp)).first()[0]
    today_code_number = db.session.query(
        func.sum(CobraTaskInfo.code_number).label('codes')).filter(
            and_(CobraTaskInfo.time_start >= today_time_stamp,
                 CobraTaskInfo.time_start <= tomorrow_time_stamp)).first()[0]

    # scanning time
    avg_scan_time = db.session.query(func.avg(
        CobraTaskInfo.time_consume)).first()[0]
    max_scan_time = db.session.query(func.max(
        CobraTaskInfo.time_consume)).first()[0]
    min_scan_time = db.session.query(func.min(
        CobraTaskInfo.time_consume)).first()[0]

    # total each vuls count
    all_vuls = db.session.query(CobraResults.rule_id,
                                func.count("*").label('counts')).group_by(
                                    CobraResults.rule_id).all()

    # today each vuls count
    all_vuls_today = db.session.query(
        CobraResults.rule_id,
        func.count("*").label('counts')).group_by(CobraResults.rule_id).filter(
            and_(CobraResults.created_at >= today_time_array,
                 CobraResults.created_at <= tomorrow_time_array)).all()

    all_rules = {}
    for x in cobra_rules:
        all_rules[x.id] = x.vul_id  # rule_id -> vul_id
    all_cobra_vuls = {}
    for x in cobra_vuls:
        all_cobra_vuls[x.id] = x.name  # vul_id -> vul_name

    total_vuls = []
    for x in all_vuls:  # all_vuls: results group by rule_id and count(*)
        t = {}
        # get vul name
        te = all_cobra_vuls[all_rules[x.rule_id]]
        # check if there is already a same vul name in different language
        flag = False
        for tv in total_vuls:
            if te == tv.get('vuls'):
                tv['counts'] += x.counts
                flag = True
                break
        if not flag:
            t['vuls'] = all_cobra_vuls[all_rules[x.rule_id]]
            t['counts'] = x.counts
        if t:
            total_vuls.append(t)
    today_vuls = []
    for x in all_vuls_today:
        t = {}
        # get vul name
        te = all_cobra_vuls[all_rules[x.rule_id]]
        # check if there is already a same vul name in different language
        flag = False
        for tv in today_vuls:
            if te == tv.get('vuls'):
                tv['counts'] += x.counts
                flag = True
                break
        if not flag:
            t['vuls'] = all_cobra_vuls[all_rules[x.rule_id]]
            t['counts'] = x.counts
        if t:
            today_vuls.append(t)

    data = {
        'total_task_count': total_task_count,
        'total_vulns_count': total_vulns_count,
        'total_projects_count': total_projects_count,
        'total_files_count': total_files_count,
        'today_task_count': today_task_count,
        'today_vulns_count': today_vulns_count,
        'today_projects_count': today_projects_count,
        'today_files_count': today_files_count,
        'max_scan_time': max_scan_time,
        'min_scan_time': min_scan_time,
        'avg_scan_time': avg_scan_time,
        'total_vuls': total_vuls,
        'today_vuls': today_vuls,
        'total_code_number': total_code_number,
        'today_code_number': today_code_number,
    }
    return render_template("backend/index/dashboard.html", data=data)
コード例 #53
0
def graph_lines():
    # everyday vulns count
    # everyday scan count
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')
    show_all = request.form.get("show_all")
    if show_all:
        days = 15 - 1
        vuls = list()
        scans = list()
        labels = list()
        # get vulns count
        end_date = datetime.datetime.today()
        start_date = datetime.date.today() - datetime.timedelta(days=days)
        start_date = datetime.datetime.combine(start_date,
                                               datetime.datetime.min.time())

        d = start_date
        while d < end_date:
            all_vuls = db.session.query(
                func.count("*").label('counts')).filter(
                    and_(CobraResults.created_at >= d, CobraResults.created_at
                         <= d + datetime.timedelta(1))).all()
            vuls.append(all_vuls[0][0])
            labels.append(d.strftime("%Y%m%d"))
            d += datetime.timedelta(1)

        # get scan count
        d = start_date
        while d < end_date:
            t = int(time.mktime(d.timetuple()))
            all_scans = db.session.query(
                func.count("*").label("counts")).filter(
                    and_(CobraTaskInfo.time_start >= t,
                         CobraTaskInfo.time_start <= t + 3600 * 24)).all()
            scans.append(all_scans[0][0])
            d += datetime.timedelta(1)

        return jsonify(labels=labels, vuls=vuls, scans=scans)

    else:
        start_time_stamp = request.form.get("start_time_stamp")[:10]
        end_time_stamp = request.form.get("end_time_stamp")[:10]

        labels = list()
        vuls = list()
        scans = list()

        start_date = datetime.datetime.fromtimestamp(int(
            start_time_stamp[:10]))
        end_date = datetime.datetime.fromtimestamp(int(end_time_stamp[:10]))

        # get vulns count
        d = start_date
        while d < end_date:
            t = end_date if d + datetime.timedelta(
                1) > end_date else d + datetime.timedelta(1)

            all_vuls = db.session.query(
                func.count("*").label('counts')).filter(
                    and_(CobraResults.created_at >= d,
                         CobraResults.created_at <= t)).all()

            labels.append(d.strftime("%Y%m%d"))
            vuls.append(all_vuls[0][0])
            d += datetime.timedelta(1)

        # get scans count
        d = start_date
        while d < end_date:
            t_end_date = end_date if d + datetime.timedelta(
                1) > end_date else d + datetime.timedelta(1)
            t_start_date = time.mktime(d.timetuple())
            t_end_date = time.mktime(t_end_date.timetuple())

            all_scans = db.session.query(
                func.count("*").label("counts")).filter(
                    and_(CobraTaskInfo.time_start >= t_start_date,
                         CobraTaskInfo.time_start <= t_end_date)).all()
            scans.append(all_scans[0][0])
            d += datetime.timedelta(1)

        return jsonify(labels=labels, vuls=vuls, scans=scans)
コード例 #54
0
def graph_vulns():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == "POST":
        show_all = request.form.get("show_all")

        cobra_rules = db.session.query(
            CobraRules.id,
            CobraRules.vul_id,
        ).all()
        cobra_vuls = db.session.query(CobraVuls.id, CobraVuls.name).all()

        all_rules = {}
        for x in cobra_rules:
            all_rules[x.id] = x.vul_id  # rule_id -> vul_id
        all_cobra_vuls = {}
        for x in cobra_vuls:
            all_cobra_vuls[x.id] = x.name  # vul_id -> vul_name

        if show_all:
            # show all vulns
            all_vuls = db.session.query(
                CobraResults.rule_id,
                func.count("*").label('counts')).group_by(
                    CobraResults.rule_id).all()

            total_vuls = []
            for x in all_vuls:  # all_vuls: results group by rule_id and count(*)
                t = {}
                # get vul name
                te = all_cobra_vuls[all_rules[x.rule_id]]
                # check if there is already a same vul name in different language
                flag = False
                for tv in total_vuls:
                    if te == tv['vuls']:
                        tv['counts'] += x.counts
                        flag = True
                        break
                if not flag:
                    t['vuls'] = all_cobra_vuls[all_rules[x.rule_id]]
                    t['counts'] = x.counts
                if t:
                    total_vuls.append(t)

            return jsonify(data=total_vuls)
        else:
            # show part of vulns
            start_time_stamp = request.form.get("start_time_stamp")[:10]
            end_time_stamp = request.form.get("end_time_stamp")[:10]
            if start_time_stamp >= end_time_stamp:
                return jsonify(code=1002, tag="danger", msg="wrong datetime.")

            start_time = datetime.datetime.fromtimestamp(int(start_time_stamp))
            end_time = datetime.datetime.fromtimestamp(int(end_time_stamp))
            # TODO: improve this
            all_vuls = db.session.query(
                CobraResults.rule_id,
                func.count("*").label('counts')).filter(
                    and_(CobraResults.created_at >= start_time,
                         CobraResults.created_at <= end_time)).group_by(
                             CobraResults.rule_id).all()

            total_vuls = []
            for x in all_vuls:  # all_vuls: results group by rule_id and count(*)
                t = {}
                # get vul name
                te = all_cobra_vuls[all_rules[x.rule_id]]
                # check if there is already a same vul name in different language
                flag = False
                for tv in total_vuls:
                    if te == tv['vuls']:
                        tv['counts'] += x.counts
                        flag = True
                        break
                if not flag:
                    t['vuls'] = all_cobra_vuls[all_rules[x.rule_id]]
                    t['counts'] = x.counts
                if t:
                    total_vuls.append(t)

            return jsonify(data=total_vuls)
コード例 #55
0
ファイル: IndexController.py プロジェクト: sun9git/cobra
def main():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")
    else:
        return render_template("backend/index/main.html")