def delete_container_task(container_vul, user_info, request_ip): """ 删除漏洞容器 :param container_vul: container vul :param user_info: user info :param request_ip: request ip :return: """ user_id = user_info.id task_id = create_delete_container_task(container_vul=container_vul, user_info=user_info) if user_info.is_superuser or user_id == container_vul.user_id: operation_args = ContainerVulSerializer(container_vul).data sys_log = SysLog(user_id=user_id, operation_type="容器", operation_name="删除", ip=request_ip, operation_value=operation_args["vul_name"], operation_args=json.dumps(operation_args)) sys_log.save() # 下发停止容器任务 delete_container.delay(task_id) else: task_info = TaskInfo.objects.filter(task_id=task_id).first() task_info.task_msg = json.dumps(R.build(msg="权限不足")) task_info.task_status = 3 task_info.update_date = timezone.now() task_info.save() return task_id
def delete_image(self, request, pk=None): """ 删除镜像 :param request: :param pk: :return: """ user = request.user if not user.is_superuser: return JsonResponse(R.build(msg="权限不足")) img_info = ImageInfo.objects.filter(image_id=pk).first() if not img_info: return JsonResponse(R.ok()) operation_args = ImageInfoSerializer(img_info).data request_ip = get_request_ip(request) sys_log = SysLog(user_id=user.id, operation_type="镜像", operation_name="删除", operation_value=operation_args["image_vul_name"], operation_args=json.dumps(operation_args), ip=request_ip) sys_log.save() image_id = img_info.image_id container_vul = ContainerVul.objects.filter(image_id=image_id) data_json = ContainerVulSerializer(container_vul, many=True) if container_vul.count() == 0: img_info.delete() return JsonResponse(R.ok()) else: return JsonResponse( R.build(msg="镜像正在使用,无法删除!", data=data_json.data))
def check_flag(self, request, pk=None): flag = request.GET.get('flag', None) container_vul = self.get_object() user_info = request.user user_id = user_info.id operation_args = ContainerVulSerializer(container_vul).data request_ip = get_request_ip(request) sys_log = SysLog(user_id=user_id, operation_type="容器", operation_name="提交Flag", operation_value=operation_args["vul_name"], operation_args={"flag": flag}, ip=request_ip) sys_log.save() if user_id != container_vul.user_id: return JsonResponse(R.build(msg="Flag 与用户不匹配")) if not flag: return JsonResponse(R.build(msg="Flag不能为空")) if flag != container_vul.container_flag: return JsonResponse(R.build(msg="flag错误")) else: if not container_vul.is_check: # 更新为通过 container_vul.is_check_date = timezone.now() container_vul.is_check = True container_vul.save() # 停止 Docker tasks.stop_container_task(container_vul=container_vul, user_info=user_info, request_ip=get_request_ip(request)) return JsonResponse(R.ok())
def status_container(self, request, pk=None): container_vul = self.get_object() user_id = request.user.id operation_args = ContainerVulSerializer(container_vul).data request_ip = get_request_ip(request) sys_log = SysLog(user_id=user_id, operation_type="镜像", operation_name="状态", operation_value=operation_args["vul_name"], operation_args=operation_args, ip=request_ip) sys_log.save() if container_vul.user_id != user_id: return JsonResponse({"code": "2003", "msg": "与用户不匹配"}) info = ContainerVulSerializer(container_vul) rs_data = info.data return JsonResponse(rs_data)
def check_flag(self, request, pk=None): flag = request.GET.get('flag', None) container_vul = self.get_object() user_id = request.user.id operation_args = ContainerVulSerializer(container_vul).data request_ip = get_request_ip(request) sys_log = SysLog(user_id=user_id, operation_type="镜像", operation_name="提交Flag", operation_value=operation_args["vul_name"], operation_args={"flag": flag}, ip=request_ip) sys_log.save() if user_id != container_vul.user_id: return JsonResponse({"code": "2003", "msg": "与用户不匹配"}) if not flag: return JsonResponse({"code": "2003", "msg": "Flag不能为空"}) try: if flag != container_vul.container_flag: return JsonResponse({"code": "2001", "msg": "flag错误"}) else: if not container_vul.is_check: # 更新为通过 container_vul.is_check_date = django.utils.timezone.now() container_vul.is_check = True try: docker_container_id = container_vul.docker_container_id docker_container = client.containers.get(container_id=docker_container_id) docker_container.stop() container_vul.container_status = 'stop' container_vul.save() except Exception as e: pass return JsonResponse({"code": "2000", "msg": "OK"}, status=201) except Exception as e: return JsonResponse({"code": "2002", "msg": str(e)})
def delete_container(self, request, pk=None): user_info = request.user container_vul = self.get_object() user_id = user_info.id operation_args = ContainerVulSerializer(container_vul).data request_ip = get_request_ip(request) sys_log = SysLog(user_id=user_id, operation_type="镜像", operation_name="删除", operation_value=operation_args["vul_name"], operation_args=operation_args, ip=request_ip) sys_log.save() if user_info.is_superuser or user_id == container_vul.user_id: # docker 连接容器ID docker_container_id = container_vul.docker_container_id try: # 连接Docker容器 docker_container = client.containers.get(docker_container_id) # 停止容器运行 docker_container.stop() # 删除容器 docker_container.remove() except Exception as e: print(e) # 删除对象 container_vul.delete() return JsonResponse({"msg": "删除成功", "code": "201"}, status=201) else: return JsonResponse({"msg": "权限不足", "code": "202"})
def stop_container(self, request, pk=None): """ 停止容器运行 :param request: :param pk: :return: """ user_info = request.user container_vul = self.get_object() user_id = user_info.id operation_args = ContainerVulSerializer(container_vul).data request_ip = get_request_ip(request) sys_log = SysLog(user_id=user_id, operation_type="镜像", operation_name="停止", operation_value=operation_args["vul_name"], operation_args=operation_args, ip=request_ip) sys_log.save() if user_info.is_superuser or user_id == container_vul.user_id: try: # docker 连接容器ID docker_container_id = container_vul.docker_container_id # 连接 Docker 容器 docker_container = client.containers.get(docker_container_id) docker_container.stop() container_vul.container_status = 'stop' container_vul.save() return JsonResponse({"msg": "停止成功", "code": "202"}, status=201) except NotFound as not_found: container_vul.delete() return JsonResponse({"msg": "停止成功", "code": "202"}, status=201) except Exception as e: return JsonResponse({"msg": "停止失败,服务器内部错误", "code": "500"}, status=500) else: return JsonResponse({"msg": "权限不足", "code": "202"})
def check_flag(self, request, pk=None): """ 验证Flag是否正确 :param request: :param pk: :return: """ request = self.request flag = request.GET.get('flag', "") container_vul = self.get_object() user_info = request.user user_id = user_info.id operation_args = ContainerVulSerializer(container_vul).data request_ip = get_request_ip(request) sys_log = SysLog(user_id=user_id, operation_type="容器", operation_name="提交Flag", operation_value=operation_args["vul_name"], operation_args={"flag": flag}, ip=request_ip) sys_log.save() if user_id != container_vul.user_id: return JsonResponse(R.build(msg="Flag 与用户不匹配")) if not flag: return JsonResponse(R.build(msg="Flag不能为空")) if flag != container_vul.container_flag: return JsonResponse(R.build(msg="flag错误")) else: if not container_vul.is_check: # 更新为通过 container_vul.is_check_date = timezone.now() container_vul.is_check = True container_vul.save() # 检测是否在时间模式中 now_time = datetime.datetime.now().timestamp() time_moudel_data = TimeMoudel.objects.filter( user_id=user_id, end_time__gte=now_time).first() if time_moudel_data: rank = 0 time_model_id = time_moudel_data.time_id successful = ContainerVul.objects.filter( is_check=True, user_id=user_id, time_model_id=time_model_id) rd = TimeRank.objects.filter( time_temp_id=time_moudel_data.temp_time_id_id, user_id=user_id).first() for i in successful: rank += i.image_id.rank if rank >= rd.rank: rd.rank = rank rd.save() # 停止 Docker tasks.stop_container_task(container_vul=container_vul, user_info=user_info, request_ip=get_request_ip(request)) return JsonResponse(R.ok())