def view_diff(request): if request.method == "GET": return render_to_response("diff_view.html", RequestContext(request,{'infos':get_show_infos(request)})) #处理单个diff elif request.POST.has_key('prase_diff'): id = request.POST['vuln_id'] vuln = vulnerability_info.objects.get(vuln_id = id) handle_diff_file(vuln) return render_to_response("diff_view.html",RequestContext(request, {'infos':get_show_infos(request)})) #清除所有diff elif request.POST.has_key("clear_all"): infos = vulnerability_info.objects.all() for info in infos: if info.vuln_func_source: if os.path.isfile(info.vuln_func_source): os.remove(info.vuln_func_source) info.vuln_func_source = "" if info.patched_func_source: if os.path.isfile(info.patched_func_source): os.remove(info.patched_func_source) info.patched_func_source = "" info.save() return render_to_response("diff_view.html",RequestContext(request,{'infos':get_show_infos(request)})) #生成所有diff elif request.POST.has_key("make_all"): infos = vulnerability_info.objects.all() for info in infos: if not info.vuln_func_source: handle_diff_file(info) return render_to_response("diff_view.html",RequestContext(request,{'infos':get_show_infos(request)})) #全部加入特征数据库 elif request.POST.has_key("all_in_db"): if is_db_on(): return HttpResponse("特征数据库已启动,请关闭后重试!关闭前请确认无任何使用情况") th = Thread(target=all_in_db) th.start() return HttpResponse("生成中,请等候") #全部删除特征数据库 elif request.POST.has_key("del_all"): if is_db_on(): return HttpResponse("特征数据库已启动,请关闭后重试!关闭前请确认无任何使用情况") del_all() return HttpResponse("清除完成!")
def cal_funcs_similarity(request): if request.method == "GET": rs = func_similarity_reports.objects.all() reports = [] for r in rs: reports.append(cal_reports(r)) return render_to_response( "ast_function_level.html", RequestContext(request, {'reports': reports})) else: if os.path.isdir( os.path.join(settings.NEO4J_DATABASE_PATH, "vuln_db", "index")): if is_db_on(): neo4jdb = JoernSteps() try: neo4jdb.setGraphDbURL('http://localhost:7474/db/data/') neo4jdb.connectToDatabase() except: return HttpResponse("连接特征数据库失败,请联系管理员查明原因!") th = Thread(target=vuln_patch_compare_all, args=(neo4jdb, )) th.start() return HttpResponse("启动线程计算中,请稍后查看!") else: return HttpResponse("特征数据库未启动,请先启动特征数据库") else: return HttpResponse("特征数据库不存在")
def func_pdg_comp_view(request): if request.method == "GET": funcs = funcs_sel() infos = pdg_vuln_patch_funcs_report.objects.all() return render_to_response("pdg_comp.html", RequestContext(request,{"funcs":funcs, "infos":infos})) else: vuln_id = request.POST.get("funcs_sel") try: vuln_info = vulnerability_info.objects.get(vuln_id=vuln_id) pdg_vuln_patch_funcs_report.objects.get(vuln_info=vuln_info) return HttpResponse(u"已经计算过该函数") except: if os.path.isdir(os.path.join(settings.NEO4J_DATABASE_PATH, "vuln_db", "index")): if is_db_on(): neo4jdb = JoernSteps() try: neo4jdb.setGraphDbURL('http://localhost:7474/db/data/') neo4jdb.connectToDatabase() except: return HttpResponse(u"连接特征数据库失败,请联系管理员查明原因!") th = Thread(target=func_pdg_similarity_proc, args=(vuln_id, neo4jdb)) th.start() return HttpResponse(u"已经启动线程进行计算") else: return HttpResponse(u"特征数据库未启动,请先启动特征数据库") else: return HttpResponse(u"特征数据库不存在")
def func_pdg_comp_view(request): if request.method == "GET": funcs = funcs_sel() infos = pdg_vuln_patch_funcs_report.objects.all() return render_to_response( "pdg_comp.html", RequestContext(request, { "funcs": funcs, "infos": infos })) else: vuln_id = request.POST.get("funcs_sel") try: vuln_info = vulnerability_info.objects.get(vuln_id=vuln_id) pdg_vuln_patch_funcs_report.objects.get(vuln_info=vuln_info) return HttpResponse(u"已经计算过该函数") except: if os.path.isdir( os.path.join(settings.NEO4J_DATABASE_PATH, "vuln_db", "index")): if is_db_on(): neo4jdb = JoernSteps() try: neo4jdb.setGraphDbURL('http://localhost:7474/db/data/') neo4jdb.connectToDatabase() except: return HttpResponse(u"连接特征数据库失败,请联系管理员查明原因!") th = Thread(target=func_pdg_similarity_proc, args=(vuln_id, neo4jdb)) th.start() return HttpResponse(u"已经启动线程进行计算") else: return HttpResponse(u"特征数据库未启动,请先启动特征数据库") else: return HttpResponse(u"特征数据库不存在")
def graph_manager(request): if request.method == "GET": #检测各数据的真实状态,因为如果服务器崩溃,数据库里的状态与真实状态不一致 infos = graph_dbs.objects.all() for info in infos: if info.status == "started" and not is_db_on(info.port): info.status = "stoped" info.port = 0 info.save() status = "" obs = vulnerability_info.objects.filter(is_in_db=True) if len(obs) > 0: if is_db_on(): status = "ON" else: status = "OFF" else: status = "NO_DB" return render_to_response("graph_status.html", RequestContext(request, {'infos':graph_dbs.objects.all(),'status':status})) else: if request.POST.has_key('start_db'): soft_id = int(request.POST['start']) #th = Thread(target=start_neo4j_db, args=(soft_id, 7474+soft_id)) #th.start() #端口号为7475-7485 ports = range(7475,7485) inuse_ports = set() for port in graph_dbs.objects.values("port"): inuse_ports.add(port['port']) port = filter(lambda x: not(x in inuse_ports), ports) if port is None: return HttpResponse(u"端口已全部被占用!") start_neo4j_db(soft_id, port[0]) infos = graph_dbs.objects.all() status = "" obs = vulnerability_info.objects.filter(is_in_db=True) if len(obs) > 0: if is_db_on(): status = "ON" else: status = "OFF" else: status = "NO_DB" return render_to_response("graph_status.html", RequestContext(request, {'infos':infos,"status":status})) elif request.POST.has_key('stop_db'): soft_id = int(request.POST['stop']) stop_neo4j_db(soft_id) infos = graph_dbs.objects.all() status = "" obs = vulnerability_info.objects.filter(is_in_db=True) if len(obs) > 0: if is_db_on(): status = "ON" else: status = "OFF" else: status = "NO_DB" return render_to_response("graph_status.html", RequestContext(request, {'infos':infos,"status":status})) elif request.POST.has_key("start"): start_character_db() infos = graph_dbs.objects.all() status = "" obs = vulnerability_info.objects.filter(is_in_db=True) if len(obs) > 0: if is_db_on(): status = "ON" else: status = "OFF" else: status = "NO_DB" return render_to_response("graph_status.html", RequestContext(request, {'infos':infos,"status":status})) elif request.POST.has_key("shut_down"): stop_character_db() infos = graph_dbs.objects.all() status = "" obs = vulnerability_info.objects.filter(is_in_db=True) if len(obs) > 0: if is_db_on(): status = "ON" else: status = "OFF" else: status = "NO_DB" return render_to_response("graph_status.html", RequestContext(request, {'infos':infos,"status":status}))
def bug_finder(request): if request.method == "GET": software_sel = software_sel_form() return render_to_response( "bug_finder.html", RequestContext(request, {"software_sel": software_sel})) else: if request.POST.has_key("sel_vuln"): soft_id = int(request.POST.get("software")) soft_name = softwares.objects.get( software_id=soft_id).software_name #查询当前软件(不含版本)所涉及的所有漏洞函数 softs = softwares.objects.filter(software_name=soft_name) #先查到涉及的所有cve cves = [] for soft in softs: cves.extend(soft.cve_infos_set.all()) #查到涉及的所有漏洞 sel_vuln = vulnerability_info.objects.filter(cve_info__in=cves, is_in_db=True) software_sel = software_sel_form(request.POST) return render_to_response( "bug_finder.html", RequestContext(request, { "sel_vuln": sel_vuln, "software_sel": software_sel })) elif request.POST.has_key("find"): if not is_db_on(): return HttpResponse(u"特征数据库未启动,请先启动特征数据库") soft = softwares.objects.get( software_id=int(request.POST.get("software"))) try: db = graph_dbs.objects.get(soft=soft) #检测软件数据库是否启动 if not is_db_on(db.port): return HttpResponse("软件图形数据库未启动") #连接软件数据库 soft_db = JoernSteps() try: soft_db.setGraphDbURL("http://localhost:%d/db/data/" % db.port) soft_db.connectToDatabase() except: return HttpResponse("连接软件数据库失败! port:%d" % db.port) #连接特征数据库 character_db = JoernSteps() try: character_db.setGraphDbURL( "http://localhost:7474/db/data/") character_db.connectToDatabase() except: return HttpResponse("连接特征数据库失败!") #根据选择使用不同的算法 alg = request.POST.get("algorithm") if alg == "CFG": th = Thread(target=func_similarity_cfgLevel_proc, args=(soft, soft_db, character_db, request.POST.getlist("vuln_infos"))) th.start() elif alg == "PDG": th = Thread(target=func_similarity_pdgLevel_proc, args=(soft, soft_db, character_db, request.POST.getlist("vuln_infos"))) th.start() return HttpResponse("已启动线程进行计算,请等候!") except graph_dbs.DoesNotExist: return HttpResponse("软件图形数据库未生成")
def bug_finder(request): if request.method == "GET": software_sel = software_sel_form() return render_to_response("bug_finder.html", RequestContext(request, {"software_sel":software_sel})) else: if request.POST.has_key("sel_vuln"): soft_id = int(request.POST.get("software")) soft_name = softwares.objects.get(software_id=soft_id).software_name #查询当前软件(不含版本)所涉及的所有漏洞函数 softs = softwares.objects.filter(software_name = soft_name) #先查到涉及的所有cve cves = [] for soft in softs: cves.extend(soft.cve_infos_set.all()) #查到涉及的所有漏洞 sel_vuln = vulnerability_info.objects.filter(cve_info__in = cves, is_in_db=True) software_sel = software_sel_form(request.POST) return render_to_response("bug_finder.html", RequestContext(request, {"sel_vuln":sel_vuln,"software_sel":software_sel})) elif request.POST.has_key("find"): if not is_db_on(): return HttpResponse(u"特征数据库未启动,请先启动特征数据库") soft = softwares.objects.get(software_id=int(request.POST.get("software"))) try: db = graph_dbs.objects.get(soft=soft) #检测软件数据库是否启动 if not is_db_on(db.port): return HttpResponse("软件图形数据库未启动") #连接软件数据库 soft_db = JoernSteps() try: soft_db.setGraphDbURL("http://localhost:%d/db/data/" % db.port) soft_db.connectToDatabase() except: return HttpResponse("连接软件数据库失败! port:%d" % db.port) #连接特征数据库 character_db = JoernSteps() try: character_db.setGraphDbURL("http://localhost:7474/db/data/") character_db.connectToDatabase() except: return HttpResponse("连接特征数据库失败!") #根据选择使用不同的算法 alg = request.POST.get("algorithm") if alg == "CFG": th = Thread(target=func_similarity_cfgLevel_proc, args=(soft, soft_db, character_db, request.POST.getlist("vuln_infos"))) th.start() elif alg == "PDG": th = Thread(target=func_similarity_pdgLevel_proc, args=(soft, soft_db, character_db, request.POST.getlist("vuln_infos"))) th.start() return HttpResponse("已启动线程进行计算,请等候!") except graph_dbs.DoesNotExist: return HttpResponse("软件图形数据库未生成")
def graph_manager(request): if request.method == "GET": #检测各数据的真实状态,因为如果服务器崩溃,数据库里的状态与真实状态不一致 infos = graph_dbs.objects.all() for info in infos: if info.status == "started" and not is_db_on(info.port): info.status = "stoped" info.port = 0 info.save() status = "" obs = vulnerability_info.objects.filter(is_in_db=True) if len(obs) > 0: if is_db_on(): status = "ON" else: status = "OFF" else: status = "NO_DB" return render_to_response( "graph_status.html", RequestContext(request, { 'infos': graph_dbs.objects.all(), 'status': status })) else: if request.POST.has_key('start_db'): soft_id = int(request.POST['start']) #th = Thread(target=start_neo4j_db, args=(soft_id, 7474+soft_id)) #th.start() #端口号为7475-7485 ports = range(7475, 7485) inuse_ports = set() for port in graph_dbs.objects.values("port"): inuse_ports.add(port['port']) port = filter(lambda x: not (x in inuse_ports), ports) if port is None: return HttpResponse(u"端口已全部被占用!") start_neo4j_db(soft_id, port[0]) infos = graph_dbs.objects.all() status = "" obs = vulnerability_info.objects.filter(is_in_db=True) if len(obs) > 0: if is_db_on(): status = "ON" else: status = "OFF" else: status = "NO_DB" return render_to_response( "graph_status.html", RequestContext(request, { 'infos': infos, "status": status })) elif request.POST.has_key('stop_db'): soft_id = int(request.POST['stop']) stop_neo4j_db(soft_id) infos = graph_dbs.objects.all() status = "" obs = vulnerability_info.objects.filter(is_in_db=True) if len(obs) > 0: if is_db_on(): status = "ON" else: status = "OFF" else: status = "NO_DB" return render_to_response( "graph_status.html", RequestContext(request, { 'infos': infos, "status": status })) elif request.POST.has_key("start"): start_character_db() infos = graph_dbs.objects.all() status = "" obs = vulnerability_info.objects.filter(is_in_db=True) if len(obs) > 0: if is_db_on(): status = "ON" else: status = "OFF" else: status = "NO_DB" return render_to_response( "graph_status.html", RequestContext(request, { 'infos': infos, "status": status })) elif request.POST.has_key("shut_down"): stop_character_db() infos = graph_dbs.objects.all() status = "" obs = vulnerability_info.objects.filter(is_in_db=True) if len(obs) > 0: if is_db_on(): status = "ON" else: status = "OFF" else: status = "NO_DB" return render_to_response( "graph_status.html", RequestContext(request, { 'infos': infos, "status": status }))