def push(self): try: # 为杜绝前面环节问题导致输出重复,所以推送前先检查是否已经推送过 exist_vuln = CobraResults.query.filter_by(id=self.vuln_id, status=2).count() if exist_vuln == 0: logging.info("已经推送过") return False vulns = {'info': json.dumps(self.vulnerabilities)} response = requests.post(self.api, data=vulns) if response.text == 'done': logging.info('推送漏洞到第三方漏洞管理平台成功') """ 更新漏洞状态 1. 漏洞状态是初始化(0) -> 更新(1) 2. 漏洞状态是已推送(1) -> 不更新 3. 漏洞状态是已修复(2) -> 不更新 """ if self.vuln_id is None: logging.warning("漏洞ID不能为空") else: vuln = CobraResults.query.filter_by( id=self.vuln_id).first() if vuln.status == 0: vuln.status = 1 db.session.add(vuln) db.session.commit() return True else: logging.critical('推送第三方漏洞管理平台失败 \r\n{0}'.format(response.text)) return False except (requests.ConnectionError, requests.HTTPError) as e: logging.warning("推送第三方漏洞管理平台出现异常: {0}".format(e)) return False
def push(self): try: # 为杜绝前面环节问题导致输出重复,所以推送前先检查是否已经推送过 exist_vuln = CobraResults.query.filter_by(id=self.vuln_id, status=2).count() if exist_vuln == 0: logging.info("已经推送过") return False vulns = {'info': json.dumps(self.vulnerabilities)} response = requests.post(self.api, data=vulns) if response.text == 'done': logging.info('推送漏洞到第三方漏洞管理平台成功') """ 更新漏洞状态 1. 漏洞状态是初始化(0) -> 更新(1) 2. 漏洞状态是已推送(1) -> 不更新 3. 漏洞状态是已修复(2) -> 不更新 """ if self.vuln_id is None: logging.warning("漏洞ID不能为空") else: vuln = CobraResults.query.filter_by(id=self.vuln_id).first() if vuln.status == 0: vuln.status = 1 db.session.add(vuln) db.session.commit() return True else: logging.critical('推送第三方漏洞管理平台失败 \r\n{0}'.format(response.text)) return False except (requests.ConnectionError, requests.HTTPError) as e: logging.warning("推送第三方漏洞管理平台出现异常: {0}".format(e)) return False
def type(self, *args, text=''): """输入,args为元素定位符,支持id,class name, xpath, text, msg""" logging.debug("元素: {} 输入: {}".format(args, text)) text = text.strip() if not text: logging.warning("type() text参数为空!") input = self.find_element(*args) input.clear() input.send_keys(text)
def log(self, level, message, test=True): if test: self.data.append('[{0}] {1}'.format(level.upper(), message)) if level == 'critical': logging.critical(message) elif level == 'warning': logging.warning(message) elif level == 'info': logging.info(message) elif level == 'debug': logging.debug(message) elif level == 'error': logging.error(message)
def log(self, level, message, test=True): if test: self.data.append('[{0}] {1}'.format(level.upper(), message)) if level == 'critical': logging.critical(message) elif level == 'warning': logging.warning(message) elif level == 'info': logging.info(message) elif level == 'debug': logging.debug(message) elif level == 'error': logging.error(message)
def run(self, is_all=None, pid=None): if bool(is_all) is True: message = '[START] Pull all projects code' print(message) logging.info(message) projects = CobraProjects.query.with_entities( CobraProjects.repository).filter( CobraProjects.status == CobraProjects.get_status( 'on')).all() for project in projects: if '.git' not in project.repository: continue code, msg, gg = scan.Scan(project.repository).pull_code() message = 'Pull code: {msg} {directory}'.format( msg=msg, directory=gg.repo_directory) if code == 1001: logging.info(message) else: logging.warning(message) print(message) message = '[END] Scan all projects' print(message) logging.info(message) elif pid is not None: project = CobraProjects.query.filter_by(id=pid).first() if project is None: message = 'Project not found' print(message) logging.critical(message) else: if '.git' not in project.repository: message = 'Not git repository' print(message) logging.info(message) code, msg, gg = scan.Scan(project.repository).pull_code() message = 'Pull code: {msg} {directory}'.format( msg=msg, directory=gg.repo_directory) if code == 1001: logging.info(message) else: logging.warning(message) print(message) else: message = 'Please set --target param' print(message) logging.critical(message) sys.exit()
def run(self, is_all=None, pid=None): if bool(is_all) is True: message = '[START] Pull all projects code' print(message) logging.info(message) projects = CobraProjects.query.with_entities(CobraProjects.repository).filter(CobraProjects.status == CobraProjects.get_status('on')).all() for project in projects: if '.git' not in project.repository: continue code, msg, gg = scan.Scan(project.repository).pull_code() message = 'Pull code: {msg} {directory}'.format(msg=msg, directory=gg.repo_directory) if code == 1001: logging.info(message) else: logging.warning(message) print(message) message = '[END] Scan all projects' print(message) logging.info(message) elif pid is not None: project = CobraProjects.query.filter_by(id=pid).first() if project is None: message = 'Project not found' print(message) logging.critical(message) else: if '.git' not in project.repository: message = 'Not git repository' print(message) logging.info(message) code, msg, gg = scan.Scan(project.repository).pull_code() message = 'Pull code: {msg} {directory}'.format(msg=msg, directory=gg.repo_directory) if code == 1001: logging.info(message) else: logging.warning(message) print(message) else: message = 'Please set --target param' print(message) logging.critical(message) sys.exit()
def __init__(self, filename, current_version=None, online_version=None): self.filename = filename self.current_version = current_version self.online_version = online_version self.username = config.Config('svn', 'username').value self.password = config.Config('svn', 'password').value # Test SVN cmd = self.svn + " info --no-auth-cache --non-interactive --username='******' --password='******' %s" % ( self.username, self.password, self.filename ) p = subprocess.Popen(cmd, shell=True, stderr=subprocess.PIPE, stdout=subprocess.PIPE) (diff_out, diff_err) = p.communicate() if len(diff_err) == 0: logging.debug("svn diff success") elif 'authorization failed' in diff_err: logging.warning("svn diff auth failed") sys.exit(1) elif 'Not a valid URL' in diff_err: logging.warning("svn diff url not a valid") sys.exit(1)
def __init__(self, filename, current_version=None, online_version=None): self.filename = filename self.current_version = current_version self.online_version = online_version self.username = config.Config('svn', 'username').value self.password = config.Config('svn', 'password').value # Test SVN cmd = self.svn + " info --no-auth-cache --non-interactive --username='******' --password='******' %s" % ( self.username, self.password, self.filename ) p = subprocess.Popen(cmd, shell=True, stderr=subprocess.PIPE, stdout=subprocess.PIPE) (diff_out, diff_err) = p.communicate() if len(diff_err) == 0: logging.debug("svn diff success") elif 'authorization failed' in diff_err: logging.warning("svn diff auth failed") sys.exit(1) elif 'Not a valid URL' in diff_err: logging.warning("svn diff url not a valid") sys.exit(1)
def is_controllable_param(self): """ 参数是否可控 :return: """ param_name = re.findall(self.rule, self.code) if len(param_name) == 1: param_name = param_name[0].strip() self.param_name = param_name logging.debug('参数: `{0}`'.format(param_name)) # 固定字符串判断 regex_string = self.regex[self.language]['string'] string = re.findall(regex_string, param_name) if len(string) >= 1 and string[0] != '': logging.debug("是否字符串: 是") logging.info("返回: 不可控 (字符串)") return False logging.debug("是否字符串: 否") # 变量判断 if param_name[:1] == '$': logging.debug("参数是否变量: 是") # 获取参数赋值代码块 param_block_code = self.block_code(0) if param_block_code is False: logging.debug("向上搜索参数区块代码: 未找到") logging.info("返回: 可控 (代码未找到)") return True logging.debug("向上搜索参数区块代码: {0}".format(param_block_code)) # 外部取参赋值 """ # Need match $url = $_GET['test']; $url = $_POST['test']; $url = $_REQUEST['test']; $url = $_SERVER['user_agent']; # Don't match $url = $_SERVER $url = $testsdf; """ regex_get_param = r'({0}\s*=\s*\$_[GET|POST|REQUEST|SERVER]+(?:\[))'.format( re.escape(param_name)) regex_get_param_result = re.findall(regex_get_param, param_block_code) if len(regex_get_param_result) >= 1: self.param_value = regex_get_param_result[0] logging.debug("参数是否直接取自外部: 是") logging.info("返回: 可控(取外部入参)") return True logging.debug("参数是否直接取自外部入参: 否") # 函数入参 regex_function_param = r'(function\s*\w+\s*\(.*{0})'.format( re.escape(param_name)) regex_function_param_result = re.findall( regex_function_param, param_block_code) if len(regex_function_param_result) >= 1: self.param_value = regex_function_param_result[0] logging.debug("参数是否函数入参: 是") logging.info("返回: 可控(函数入参)") return True logging.debug("参数是否直接函数入参: 否") # 常量赋值 uc_rule = r'{0}\s?=\s?([A-Z_]*)'.format(re.escape(param_name)) uc_rule_result = re.findall(uc_rule, param_block_code) if len(uc_rule_result) >= 1: logging.debug("参数变量是否直接赋值常量: 是 `{0} = {1}`".format( param_name, uc_rule_result[0])) logging.info("返回: 不可控") return False logging.debug("参数变量是否直接赋值常量: 否") # 固定字符串判断 regex_assign_string = self.regex[ self.language]['assign_string'].format( re.escape(param_name)) string = re.findall(regex_assign_string, param_block_code) if len(string) >= 1 and string[0] != '': logging.debug("是否赋值字符串: 是") logging.info("返回: 不可控 (字符串)") return False logging.debug("是否赋值字符串: 否") logging.info("返回: 可控(默认情况)") return True else: if self.language == 'java': # Java 变量就是没有$ param_block_code = self.block_code(0) if param_block_code is False: logging.debug("向上搜索参数区块代码: 未找到") logging.info("返回: 可控 (代码未找到)") return True logging.debug("向上搜索参数区块代码: {0}".format(param_block_code)) regex_assign_string = self.regex[ self.language]['assign_string'].format( re.escape(param_name)) string = re.findall(regex_assign_string, param_block_code) if len(string) >= 1 and string[0] != '': logging.debug("是否赋值字符串: 是") logging.info("返回: 不可控 (字符串)") return False logging.debug("是否赋值字符串: 否") # 是否取外部参数 regex_get_param = r'String\s{0}\s=\s\w+\.getParameter(.*)'.format( re.escape(param_name)) get_param = re.findall(regex_get_param, param_block_code) if len(get_param) >= 1 and get_param[0] != '': logging.debug("是否赋值外部取参: 是") logging.info("返回: 不可控 (外部取参)") return False logging.debug("是否赋值外部取参: 否") logging.info("返回: 可控 (变量赋值)") return True logging.debug("参数是否变量: 否 (没有包含$)") logging.info("返回: 不可控(参数不为变量)") return False else: logging.warning("未获取到参数名,请检查定位规则")