def run(self, is_all=None, target=None, tid=None, pid=None):
if bool(is_all) is True:
logging.info('[START] Scan all projects')
scan.Scan().all()
logging.info('[END] Scan all projects')
else:
if target is None:
logging.critical("Please set --target param")
sys.exit()
if tid is not None:
task_id = tid
# Start Time For Task
t = CobraTaskInfo.query.filter_by(id=tid).first()
if t is None:
logging.critical("Task id doesn't exists.")
sys.exit()
if t.status not in [0, 1]:
logging.critical("Task Already Scan.")
sys.exit()
t.status = 1
t.time_start = int(time.time())
t.updated_at = time.strftime('%Y-%m-%d %X', time.localtime())
try:
db.session.add(t)
db.session.commit()
except Exception as e:
logging.error("Set start time failed" + str(e.message))
else:
task_id = None
if os.path.isdir(target) is not True:
logging.critical('Target is not directory')
sys.exit()
from engine import static
static.Static(target, task_id=task_id, project_id=pid).analyse()
def run(self, target=None, tid=None, pid=None):
if target is None:
log.critical("Please set --target param")
sys.exit()
if tid is not None:
task_id = tid
# Start Time For Task
t = CobraTaskInfo.query.filter_by(id=tid).first()
if t is None:
log.critical("Task id doesn't exists.")
sys.exit()
if t.status not in [0, 1]:
log.critical("Task Already Scan.")
sys.exit()
t.status = 1
t.time_start = int(time.time())
t.updated_at = time.strftime('%Y-%m-%d %X', time.localtime())
try:
db.session.add(t)
db.session.commit()
except Exception as e:
log.error("Set start time failed" + str(e.message))
else:
task_id = None
target_type = self.parse_target(target)
if target_type is False:
log.error("""
Git Repository: must .git end
SVN Repository: can http:// or https://
Directory: must be local directory
File: must be single file or tar.gz/zip/rar compress file
""")
from engine import static
s = static.Static(target, task_id=task_id, project_id=pid)
if target_type is 'directory':
s.analyse()
elif target_type is 'compress':
from utils.decompress import Decompress
# load an compressed file. only tar.gz, rar, zip supported.
dc = Decompress(target)
# decompress it. And there will create a directory named "222_test.tar".
dc.decompress()
s.analyse()
elif target_type is 'file':
s.analyse()
elif target_type is 'git':
from pickup.GitTools import Git
g = Git(target, branch='master')
g.get_repo()
if g.clone() is True:
s.analyse()
else:
log.critical("Git clone failed")
elif target_type is 'svn':
log.warning("Not Support SVN Repository")
def vul(self, extensions, val_types):
target_files = self.files()
# Detection Developer Language
if ".php" in target_files and ".java" not in target_files:
language = 'php'
elif ".php" not in target_files and ".java" in target_files:
language = 'java'
elif ".php" in target_files and ".java" in target_files:
if target_files[".php"] > target_files['.java']:
language = 'php'
else:
language = 'java'
elif ".php" not in target_files and ".java" not in target_files:
print("Not support the language")
# s = static.Static(language)
static.Static(extensions).analyse()
for ext in extensions:
# {'file_count': 1, 'file_list': []}
target_files_ext = target_files[ext]
def test_rule():
vc = ValidateClass(request, 'rid', 'pid')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4004, message=msg)
# all projects
if int(vc.vars.pid) == 0:
project_directory = os.path.join(config.Config('upload', 'directory').value, 'versions')
else:
project = CobraProjects.query.filter(CobraProjects.id == vc.vars.pid).first()
if 'gitlab' in project.repository or 'github' in project.repository:
username = config.Config('git', 'username').value
password = config.Config('git', 'password').value
gg = git.Git(project.repository, branch='master', username=username, password=password)
clone_ret, clone_err = gg.clone()
if clone_ret is False:
return jsonify(code=4001, message='Clone Failed ({0})'.format(clone_err))
project_directory = gg.repo_directory
else:
project_directory = project.repository
data = static.Static(project_directory, project_id=vc.vars.pid, rule_id=vc.vars.rid).analyse(test=True)
data = '\r\n'.join(data)
return jsonify(code=1001, message=data)
def test_static_analyse(self):
s = static.Static('php', ['php'])
s.analyse()
