def language_create():
if request.method == 'POST':
vc = ValidateClass(request, "language", "extensions")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
exist = CobraLanguages.query.filter(
CobraLanguages.language == vc.vars.language).first()
if exist is not None:
return jsonify(code=4001, message='The language exist')
l = CobraLanguages(vc.vars.language, vc.vars.extensions)
try:
db.session.add(l)
db.session.commit()
return jsonify(code=1001, message='add success.')
except:
return jsonify(code=4001,
message='unknown error. Try again later?')
else:
data = {
'title': 'Create language',
'type': 'create',
'language': dict()
}
return render_template('backend/language/edit.html', data=data)
def create_framework_rule(fid):
if request.method == 'POST':
vc = ValidateClass(request, 'status', 'path', 'content')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
item = CobraWebFrameRules(frame_id=fid,
path_rule=vc.vars.path,
content_rule=vc.vars.content,
status=vc.vars.status)
try:
db.session.add(item)
db.session.commit()
return jsonify(code=1001, message='add success.')
except:
return jsonify(code=4001,
message='unknown error. Try again later?')
else:
data = {
'title': 'Create framework rule',
'type': 'create',
'framework_rule': dict(),
'fid': fid
}
return render_template('backend/framework/edit_rule.html', data=data)
def del_rule():
vc = ValidateClass(request, "id")
vc.check_args()
rule_id = vc.vars.id
if rule_id:
# 检查该条rule是否存在result和task的依赖
result = db.session.query(
CobraResults.task_id
).filter(CobraResults.rule_id == rule_id).group_by(CobraResults.task_id).all()
if len(result):
# 存在依赖
task_rely = ""
for res in result:
task_rely += str(res.task_id) + ","
task_rely = task_rely.strip(",")
message = "Delete failed. Please check and delete the task rely on this rule first.<br />"
message += "<strong>Rely Tasks: </strong>" + task_rely
return jsonify(code=1004, message=message)
r = CobraRules.query.filter_by(id=rule_id).first()
try:
db.session.delete(r)
db.session.commit()
return jsonify(code=1001, message='delete success.')
except SQLAlchemyError:
return jsonify(code=1004, message='delete failed. Try again later?')
else:
return jsonify(code=1004, message='wrong id')
def framework_edit(id):
if request.method == 'POST':
vc = ValidateClass(request, "name", "description")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
item = CobraWebFrame.query.filter_by(id=id).first()
if not item:
return jsonify(code=4001, message='wrong white-list')
item.frame_name = vc.vars.name
item.description = vc.vars.description
try:
db.session.add(item)
db.session.commit()
return jsonify(code=1001, message='update success.')
except:
return jsonify(code=4001, message='unknown error.')
else:
framework = CobraWebFrame.query.filter_by(id=id).first()
data = {
'title': 'Edit framework',
'type': 'edit',
'framework': framework,
'id': id
}
return render_template('backend/framework/edit.html', data=data)
def edit_framework_rule(fid, id):
if request.method == 'POST':
vc = ValidateClass(request, 'path', 'content', 'status')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
item = CobraWebFrameRules.query.filter_by(id=id, frame_id=fid).first()
if not item:
return jsonify(code=4001, message='wrong white-list')
item.path_rule = vc.vars.path
item.content_rule = vc.vars.content
item.status = vc.vars.status
try:
db.session.add(item)
db.session.commit()
return jsonify(code=1001, message='update success.')
except:
return jsonify(code=4001, message='unknown error.')
else:
framework_rule = CobraWebFrameRules.query.filter_by(id=id, frame_id=fid).first()
data = {
'title': 'Edit framework rule',
'type': 'edit',
'framework_rule': framework_rule,
'id': id,
'fid': fid
}
return render_template('backend/framework/edit_rule.html', data=data)
def add_white_list():
if request.method == 'POST':
vc = ValidateClass(request, "project", "rule", "path", "reason", 'status')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
if vc.vars.path[0] != '/':
vc.vars.path = '/' + vc.vars.path
whitelist = CobraWhiteList(vc.vars.project, vc.vars.rule, vc.vars.path, vc.vars.reason, vc.vars.status, current_time, current_time)
try:
db.session.add(whitelist)
db.session.commit()
return jsonify(code=1001, message='add success.')
except:
return jsonify(code=4001, message='unknown error. Try again later?')
else:
rules = CobraRules.query.all()
projects = CobraProjects.query.all()
data = {
'title': 'Create white-list',
'type': 'create',
'rules': rules,
'projects': projects,
'whitelist': dict()
}
return render_template('backend/white-list/edit.html', data=data)
def framework_edit(id):
if request.method == 'POST':
vc = ValidateClass(request, "name", "description")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
item = CobraWebFrame.query.filter_by(id=id).first()
if not item:
return jsonify(code=4001, message='wrong white-list')
item.frame_name = vc.vars.name
item.description = vc.vars.description
try:
db.session.add(item)
db.session.commit()
return jsonify(code=1001, message='update success.')
except:
return jsonify(code=4001, message='unknown error.')
else:
framework = CobraWebFrame.query.filter_by(id=id).first()
data = {
'title': 'Edit framework',
'type': 'edit',
'framework': framework,
'id': id
}
return render_template('backend/framework/edit.html', data=data)
def index():
if ValidateClass.check_login():
return redirect(ADMIN_URL + '/overview')
if request.method == "POST":
vc = ValidateClass(request, 'username', 'password')
ret, msg = vc.check_args()
if not ret:
return msg
au = CobraAdminUser.query.filter_by(username=vc.vars.username).first()
if not au or not au.verify_password(vc.vars.password):
# login failed.
return "Wrong username or password."
else:
# login success.
session['role'] = au.role
session['username'] = escape(au.username)
session['is_login'] = True
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
au.last_login_time = current_time
au.last_login_ip = request.remote_addr
db.session.add(au)
db.session.commit()
return "Login success, jumping...<br /><script>window.setTimeout(\"location='overview'\", 1000);</script>"
else:
return render_template("backend/index/index.html")
def edit_vul(vul_id):
if request.method == 'POST':
vc = ValidateClass(request, "name", "description", "repair", "third_v_id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
v = CobraVuls.query.filter_by(id=vul_id).first()
v.name = vc.vars.name
v.description = vc.vars.description
v.repair = vc.vars.repair
v.third_v_id = vc.vars.third_v_id
try:
db.session.add(v)
db.session.commit()
return jsonify(tag='success', msg='save success.')
except:
return jsonify(tag='danger', msg='save failed. Try again later?')
else:
v = CobraVuls.query.filter_by(id=vul_id).first()
return render_template('backend/vul/edit_vul.html', data={
'vul': v,
})
def index():
if ValidateClass.check_login():
return redirect(ADMIN_URL + '/overview')
if request.method == "POST":
vc = ValidateClass(request, 'username', 'password')
ret, msg = vc.check_args()
if not ret:
return msg
au = CobraAdminUser.query.filter_by(username=vc.vars.username).first()
if not au or not au.verify_password(vc.vars.password):
# login failed.
return "Wrong username or password."
else:
# login success.
session['role'] = au.role
session['username'] = escape(au.username)
session['is_login'] = True
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
au.last_login_time = current_time
au.last_login_ip = request.remote_addr
db.session.add(au)
db.session.commit()
return "Login success, jumping...<br /><script>window.setTimeout(\"location='overview'\", 1000);</script>"
else:
return render_template("backend/index/index.html")
def test_rule():
vc = ValidateClass(request, 'rid', 'pid')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4004, message=msg)
# all projects
if int(vc.vars.pid) == 0:
project_directory = os.path.join(config.Config('upload', 'directory').value, 'versions')
else:
project = CobraProjects.query.filter(CobraProjects.id == vc.vars.pid).first()
if 'gitlab' in project.repository or 'github' in project.repository:
username = config.Config('git', 'username').value
password = config.Config('git', 'password').value
gg = git.Git(project.repository, branch='master', username=username, password=password)
try:
clone_ret, clone_err = gg.clone()
if clone_ret is False:
return jsonify(code=4001, message='Clone Failed ({0})'.format(clone_err))
except GitError:
return jsonify(code=4001, message='Exception')
project_directory = gg.repo_directory
else:
project_directory = project.repository
data = static.Static(project_directory, project_id=vc.vars.pid, rule_id=vc.vars.rid).analyse(test=True)
data = '\r\n'.join(data)
return jsonify(code=1001, message=data)
def del_rule():
vc = ValidateClass(request, "id")
vc.check_args()
rule_id = vc.vars.id
if rule_id:
# 检查该条rule是否存在result和task的依赖
result = db.session.query(
CobraResults.task_id
).filter(CobraResults.rule_id == rule_id).group_by(CobraResults.task_id).all()
if len(result):
# 存在依赖
task_rely = ""
for res in result:
task_rely += str(res.task_id) + ","
task_rely = task_rely.strip(",")
message = "Delete failed. Please check and delete the task rely on this rule first.<br />"
message += "<strong>Rely Tasks: </strong>" + task_rely
return jsonify(code=1004, message=message)
r = CobraRules.query.filter_by(id=rule_id).first()
try:
db.session.delete(r)
db.session.commit()
return jsonify(code=1001, message='delete success.')
except SQLAlchemyError:
return jsonify(code=1004, message='delete failed. Try again later?')
else:
return jsonify(code=1004, message='wrong id')
def language_edit(id):
if request.method == 'POST':
vc = ValidateClass(request, "language", "extensions")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
item = CobraLanguages.query.filter_by(id=id).first()
if not item:
return jsonify(code=4001, message='wrong white-list')
item.language = vc.vars.language
item.extensions = vc.vars.extensions
try:
db.session.add(item)
db.session.commit()
return jsonify(code=1001, message='update success.')
except:
return jsonify(code=4001, message='unknown error.')
else:
language = CobraLanguages.query.filter_by(id=id).first()
data = {
'title': 'Edit language',
'type': 'edit',
'language': language,
'id': id
}
return render_template('backend/language/edit.html', data=data)
def vulnerability_create():
if request.method == 'POST':
vc = ValidateClass(request, "name", "description", "repair",
"third_v_id")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
vul = CobraVuls(vc.vars.name, vc.vars.description, vc.vars.repair,
vc.vars.third_v_id, current_time, current_time)
try:
db.session.add(vul)
db.session.commit()
return jsonify(code=1001, message='add success.')
except:
return jsonify(code=4001,
message='unknown error. Try again later?')
else:
data = {
'title': 'Create vulnerability',
'type': 'create',
'vulnerability': dict()
}
return render_template('backend/vulnerability/edit.html', data=data)
def vulnerability_edit(vid):
if request.method == 'POST':
vc = ValidateClass(request, "name", "description", "repair",
"third_v_id")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
v = CobraVuls.query.filter_by(id=vid).first()
if not v:
return jsonify(code=4001, message='wrong white-list')
v.name = vc.vars.name
v.description = vc.vars.description
v.repair = vc.vars.repair
v.third_v_id = vc.vars.third_v_id
try:
db.session.add(v)
db.session.commit()
return jsonify(code=1001, message='update success.')
except:
return jsonify(code=4001, message='unknown error.')
else:
vulnerability = CobraVuls.query.filter_by(id=vid).first()
data = {
'title': 'Edit vulnerability',
'type': 'edit',
'vulnerability': vulnerability,
'id': vid
}
return render_template('backend/vulnerability/edit.html', data=data)
def add_white_list():
if request.method == 'POST':
vc = ValidateClass(request, "project", "rule", "path", "reason", 'status')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
if vc.vars.path[0] != '/':
vc.vars.path = '/' + vc.vars.path
whitelist = CobraWhiteList(vc.vars.project, vc.vars.rule, vc.vars.path, vc.vars.reason, vc.vars.status, current_time, current_time)
try:
db.session.add(whitelist)
db.session.commit()
return jsonify(code=1001, message='add success.')
except:
return jsonify(code=4001, message='unknown error. Try again later?')
else:
rules = CobraRules.query.all()
projects = CobraProjects.query.all()
data = {
'title': 'Create white-list',
'type': 'create',
'rules': rules,
'projects': projects,
'whitelist': dict()
}
return render_template('backend/white-list/edit.html', data=data)
def edit_language(language_id):
if not ValidateClass.check_login():
return redirect(ADMIN_URL + "/index")
if request.method == "POST":
vc = ValidateClass(request, "language", "extensions")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
l = CobraLanguages.query.filter_by(id=language_id).first()
try:
l.language = vc.vars.language
l.extensions = vc.vars.extensions
db.session.add(l)
db.session.commit()
return jsonify(tag="success", msg="update success.")
except:
return jsonify(tag="danger", msg="try again later?")
else:
l = CobraLanguages.query.filter_by(id=language_id).first()
data = {
'language': l,
}
return render_template("backend/language/edit_language.html",
data=data)
def vulnerability_edit(vid):
if request.method == 'POST':
vc = ValidateClass(request, "name", "description", "repair", "third_v_id")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
v = CobraVuls.query.filter_by(id=vid).first()
if not v:
return jsonify(code=4001, message='wrong white-list')
v.name = vc.vars.name
v.description = vc.vars.description
v.repair = vc.vars.repair
v.third_v_id = vc.vars.third_v_id
try:
db.session.add(v)
db.session.commit()
return jsonify(code=1001, message='update success.')
except:
return jsonify(code=4001, message='unknown error.')
else:
vulnerability = CobraVuls.query.filter_by(id=vid).first()
data = {
'title': 'Edit vulnerability',
'type': 'edit',
'vulnerability': vulnerability,
'id': vid
}
return render_template('backend/vulnerability/edit.html', data=data)
def edit_framework_rule(fid, id):
if request.method == 'POST':
vc = ValidateClass(request, 'path', 'content', 'status')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
item = CobraWebFrameRules.query.filter_by(id=id, frame_id=fid).first()
if not item:
return jsonify(code=4001, message='wrong white-list')
item.path_rule = vc.vars.path
item.content_rule = vc.vars.content
item.status = vc.vars.status
try:
db.session.add(item)
db.session.commit()
return jsonify(code=1001, message='update success.')
except:
return jsonify(code=4001, message='unknown error.')
else:
framework_rule = CobraWebFrameRules.query.filter_by(
id=id, frame_id=fid).first()
data = {
'title': 'Edit framework rule',
'type': 'edit',
'framework_rule': framework_rule,
'id': id,
'fid': fid
}
return render_template('backend/framework/edit_rule.html', data=data)
def delete_framework_rule(fid):
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
v = CobraWebFrameRules.query.filter_by(id=vc.vars.id, frame_id=fid).first()
try:
db.session.delete(v)
db.session.commit()
return jsonify(code=1001, message='delete success.')
except:
return jsonify(code=4002, message='unknown error.')
def delete_framework_rule(fid):
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
v = CobraWebFrameRules.query.filter_by(id=vc.vars.id, frame_id=fid).first()
try:
db.session.delete(v)
db.session.commit()
return jsonify(code=1001, message='delete success.')
except:
return jsonify(code=4002, message='unknown error.')
def vulnerability_delete():
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
v = CobraVuls.query.filter_by(id=vc.vars.id).first()
try:
db.session.delete(v)
db.session.commit()
return jsonify(code=1001, message='delete success.')
except:
return jsonify(code=4002, message='unknown error.')
def language_delete():
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
v = CobraLanguages.query.filter_by(id=vc.vars.id).first()
try:
db.session.delete(v)
db.session.commit()
return jsonify(code=1001, message='delete success.')
except:
return jsonify(code=4002, message='unknown error.')
def edit_rule(rule_id):
if request.method == 'POST':
vc = ValidateClass(request, "vul_type", "language", "regex_location",
"repair_block", "description", "rule_id", "repair",
'verify', "author", "status", "level")
ret, msg = vc.check_args()
regex_repair = request.form.get("regex_repair", "")
if not ret:
return jsonify(code=4004, message=msg)
r = CobraRules.query.filter_by(id=rule_id).first()
r.vul_id = vc.vars.vul_type
r.language = vc.vars.language
r.block_repair = vc.vars.repair_block
r.regex_location = vc.vars.regex_location
r.regex_repair = regex_repair
r.description = vc.vars.description
r.repair = vc.vars.repair
r.verify = vc.vars.verify
r.author = vc.vars.author
r.status = vc.vars.status
r.level = vc.vars.level
r.updated_at = datetime.datetime.now()
try:
db.session.add(r)
db.session.commit()
return jsonify(code=1001, message='success')
except SQLAlchemyError:
return jsonify(code=4004, message='save failed. Try again later?')
else:
r = CobraRules.query.filter_by(id=rule_id).first()
verify_data = rule.Rule(r.regex_location, r.regex_repair,
r.verify).verify()
vul_type = CobraVuls.query.all()
languages = CobraLanguages.query.all()
projects = CobraProjects.query.with_entities(
CobraProjects.id, CobraProjects.name,
CobraProjects.repository).all()
return render_template('backend/rule/edit.html',
data={
'type': 'edit',
'title': 'Edit rule',
'id': r.id,
'rule': r,
'verify': verify_data,
'all_vuls': vul_type,
'all_lang': languages,
'projects': projects
})
def delete_white_list():
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
whitelist = CobraWhiteList.query.filter_by(id=vc.vars.id).first()
try:
db.session.delete(whitelist)
db.session.commit()
return jsonify(code=1001, message='delete success.')
except:
return jsonify(code=4002, message='unknown error.')
def delete_white_list():
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
whitelist = CobraWhiteList.query.filter_by(id=vc.vars.id).first()
try:
db.session.delete(whitelist)
db.session.commit()
return jsonify(code=1001, message='delete success.')
except:
return jsonify(code=4002, message='unknown error.')
def del_task():
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
task = CobraTaskInfo.query.filter_by(id=vc.vars.id).first()
try:
db.session.delete(task)
db.session.commit()
return jsonify(code=1001, message='delete success.')
except SQLAlchemyError as e:
print(e)
return jsonify(code=4004, message='unknown error.')
def del_task():
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
task = CobraTaskInfo.query.filter_by(id=vc.vars.id).first()
try:
db.session.delete(task)
db.session.commit()
return jsonify(code=1001, message='delete success.')
except SQLAlchemyError as e:
print(e)
return jsonify(code=4004, message='unknown error.')
def get_scan_information():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == "POST":
start_time_stamp = request.form.get("start_time_stamp")[0:10]
end_time_stamp = request.form.get("end_time_stamp")[0:10]
start_time_array = datetime.datetime.fromtimestamp(int(start_time_stamp))
end_time_array = datetime.datetime.fromtimestamp(int(end_time_stamp))
if start_time_stamp >= end_time_stamp:
return jsonify(tag="danger", msg="wrong date select.", code=1002)
task_count = CobraTaskInfo.query.filter(
and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp)
).count()
vulns_count = CobraResults.query.filter(
and_(CobraResults.created_at >= start_time_array, CobraResults.created_at <= end_time_array)
).count()
projects_count = CobraProjects.query.filter(
and_(CobraProjects.last_scan >= start_time_array, CobraProjects.last_scan <= end_time_array)
).count()
files_count = db.session.query(func.sum(CobraTaskInfo.file_count).label('files')).filter(
and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp)
).first()[0]
code_number = db.session.query(func.sum(CobraTaskInfo.code_number).label('codes')).filter(
and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp)
).first()[0]
return jsonify(code=1001, task_count=task_count, vulns_count=vulns_count, projects_count=projects_count,
files_count=int(files_count), code_number=int(code_number))
def delete_vulnerability():
vc = ValidateClass(request, 'vid')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
from app.models import CobraResults
try:
vulnerability_ret = CobraResults.query.filter(CobraResults.id == vc.vars.vid).delete()
if vulnerability_ret is not None:
db.session.commit()
return jsonify(code=1001, message='Deleted success!')
else:
return jsonify(code=4001, message='Not exist this vulnerability')
except:
return jsonify(code=4002, message="delete failed")
def del_vul():
vc = ValidateClass(request, "vul_id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
if vc.vars.vul_id:
v = CobraVuls.query.filter_by(id=vc.vars.vul_id).first()
try:
db.session.delete(v)
db.session.commit()
return jsonify(tag='success', msg='delete success.')
except:
return jsonify(tag='danger', msg='delete failed. Try again later?')
else:
return jsonify(tag='danger', msg='wrong id')
def get_scan_information():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == "POST":
start_time_stamp = request.form.get("start_time_stamp")[0:10]
end_time_stamp = request.form.get("end_time_stamp")[0:10]
start_time_array = datetime.datetime.fromtimestamp(int(start_time_stamp))
end_time_array = datetime.datetime.fromtimestamp(int(end_time_stamp))
if start_time_stamp >= end_time_stamp:
return jsonify(tag="danger", msg="wrong date select.", code=1002)
task_count = CobraTaskInfo.query.filter(
and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp)
).count()
vulns_count = CobraResults.query.filter(
and_(CobraResults.created_at >= start_time_array, CobraResults.created_at <= end_time_array)
).count()
projects_count = CobraProjects.query.filter(
and_(CobraProjects.last_scan >= start_time_array, CobraProjects.last_scan <= end_time_array)
).count()
files_count = db.session.query(func.sum(CobraTaskInfo.file_count).label('files')).filter(
and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp)
).first()[0]
code_number = db.session.query(func.sum(CobraTaskInfo.code_number).label('codes')).filter(
and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp)
).first()[0]
return jsonify(code=1001, task_count=task_count, vulns_count=vulns_count, projects_count=projects_count,
files_count=int(files_count), code_number=int(code_number))
def delete_vulnerability():
vc = ValidateClass(request, 'vid')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
from app.models import CobraResults
try:
vulnerability_ret = CobraResults.query.filter(CobraResults.id == vc.vars.vid).delete()
if vulnerability_ret is not None:
db.session.commit()
return jsonify(code=1001, message='Deleted success!')
else:
return jsonify(code=4001, message='Not exist this vulnerability')
except:
return jsonify(code=4002, message="delete failed")
def edit_rule(rule_id):
if request.method == 'POST':
vc = ValidateClass(request, "vul_type", "language", "regex_location", "repair_block", "description",
"rule_id", "repair", 'verify', "author", "status", "level")
ret, msg = vc.check_args()
regex_repair = request.form.get("regex_repair", "")
if not ret:
return jsonify(code=4004, message=msg)
r = CobraRules.query.filter_by(id=rule_id).first()
r.vul_id = vc.vars.vul_type
r.language = vc.vars.language
r.block_repair = vc.vars.repair_block
r.regex_location = vc.vars.regex_location
r.regex_repair = regex_repair
r.description = vc.vars.description
r.repair = vc.vars.repair
r.verify = vc.vars.verify
r.author = vc.vars.author
r.status = vc.vars.status
r.level = vc.vars.level
r.updated_at = datetime.datetime.now()
try:
db.session.add(r)
db.session.commit()
return jsonify(code=1001, message='success')
except SQLAlchemyError:
return jsonify(code=4004, message='save failed. Try again later?')
else:
r = CobraRules.query.filter_by(id=rule_id).first()
verify_data = rule.Rule(r.regex_location, r.regex_repair, r.verify).verify()
vul_type = CobraVuls.query.all()
languages = CobraLanguages.query.all()
projects = CobraProjects.query.with_entities(CobraProjects.id, CobraProjects.name, CobraProjects.repository).all()
return render_template('backend/rule/edit.html', data={
'type': 'edit',
'title': 'Edit rule',
'id': r.id,
'rule': r,
'verify': verify_data,
'all_vuls': vul_type,
'all_lang': languages,
'projects': projects
})
def del_language():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + "/index")
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
l = CobraLanguages.query.filter_by(id=vc.vars.id).first()
try:
db.session.delete(l)
db.session.commit()
return jsonify(tag="success", msg="delete success.")
except:
return jsonify(tag="danger", msg="delete failed.")
def add_new_vul():
if request.method == 'POST':
vc = ValidateClass(request, "name", "description", "repair", "third_v_id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
vul = CobraVuls(vc.vars.name, vc.vars.description, vc.vars.repair, current_time, current_time)
try:
db.session.add(vul)
db.session.commit()
return jsonify(tag='success', msg='Add Success.')
except:
return jsonify(tag='danger', msg='Add failed. Please try again later.')
else:
return render_template('backend/vul/add_new_vul.html')
def del_project():
if request.method == 'POST':
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
project_id = vc.vars.id
project = CobraProjects.query.filter_by(id=project_id).first()
try:
db.session.delete(project)
db.session.commit()
return jsonify(code=1001, message='delete success.')
except:
return jsonify(code=4004, message='unknown error. please try later?')
else:
return 'Method error!'
def del_project():
if request.method == 'POST':
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
project_id = vc.vars.id
project = CobraProjects.query.filter_by(id=project_id).first()
try:
db.session.delete(project)
db.session.commit()
return jsonify(code=1001, message='delete success.')
except:
return jsonify(code=4004,
message='unknown error. please try later?')
else:
return 'Method error!'
def add_new_rule():
if request.method == 'POST':
vc = ValidateClass(request, 'vul_type', 'language', 'regex_location', 'repair_block',
'description', 'repair', 'verify', 'author', 'level', 'status')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4004, message=msg)
current_time = datetime.datetime.now()
rule = CobraRules(
vul_id=vc.vars.vul_type,
language=vc.vars.language,
regex_location=vc.vars.regex_location,
regex_repair=request.form.get("regex_repair", ""),
block_repair=vc.vars.repair_block,
description=vc.vars.description,
repair=vc.vars.repair,
verify=vc.vars.verify,
author=vc.vars.author,
status=vc.vars.status,
level=vc.vars.level,
created_at=current_time,
updated_at=current_time
)
try:
db.session.add(rule)
db.session.commit()
return jsonify(code=1001, message='add success.')
except Exception as e:
return jsonify(code=1004, message='add failed, try again later?' + e.message)
else:
vul_type = CobraVuls.query.all()
languages = CobraLanguages.query.all()
data = {
'type': 'add',
'title': 'Create rule',
'all_vuls': vul_type,
'all_lang': languages,
'verify': {},
'rule': dict()
}
return render_template('backend/rule/edit.html', data=data)
def add_new_rule():
if request.method == 'POST':
vc = ValidateClass(request, 'vul_type', 'language', 'regex_location', 'repair_block',
'description', 'repair', 'verify', 'author', 'level', 'status')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4004, message=msg)
current_time = datetime.datetime.now()
rule = CobraRules(
vul_id=vc.vars.vul_type,
language=vc.vars.language,
regex_location=vc.vars.regex_location,
regex_repair=request.form.get("regex_repair", ""),
block_repair=vc.vars.repair_block,
description=vc.vars.description,
repair=vc.vars.repair,
verify=vc.vars.verify,
author=vc.vars.author,
status=vc.vars.status,
level=vc.vars.level,
created_at=current_time,
updated_at=current_time
)
try:
db.session.add(rule)
db.session.commit()
return jsonify(code=1001, message='add success.')
except Exception as e:
return jsonify(code=1004, message='add failed, try again later?' + e.message)
else:
vul_type = CobraVuls.query.all()
languages = CobraLanguages.query.all()
data = {
'type': 'add',
'title': 'Create rule',
'all_vuls': vul_type,
'all_lang': languages,
'verify': {},
'rule': dict()
}
return render_template('backend/rule/edit.html', data=data)
def add_new_language():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == "POST":
vc = ValidateClass(request, "language", "extensions")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
l = CobraLanguages(vc.vars.language, vc.vars.extensions)
try:
db.session.add(l)
db.session.commit()
return jsonify(tag="success", msg="add success")
except:
return jsonify(tag="danger", msg="try again later?")
else:
return render_template("backend/language/add_new_language.html")
def framework_create():
if request.method == 'POST':
vc = ValidateClass(request, "name", "description")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
item = CobraWebFrame(vc.vars.name, vc.vars.description)
try:
db.session.add(item)
db.session.commit()
return jsonify(code=1001, message='add success.')
except:
return jsonify(code=4001, message='unknown error. Try again later?')
else:
data = {
'title': 'Create framework',
'type': 'create',
'framework': dict()
}
return render_template('backend/framework/edit.html', data=data)
def create_framework_rule(fid):
if request.method == 'POST':
vc = ValidateClass(request, 'status', 'path', 'content')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
item = CobraWebFrameRules(frame_id=fid, path_rule=vc.vars.path, content_rule=vc.vars.content, status=vc.vars.status)
try:
db.session.add(item)
db.session.commit()
return jsonify(code=1001, message='add success.')
except:
return jsonify(code=4001, message='unknown error. Try again later?')
else:
data = {
'title': 'Create framework rule',
'type': 'create',
'framework_rule': dict(),
'fid': fid
}
return render_template('backend/framework/edit_rule.html', data=data)
def languages(page):
if not ValidateClass.check_login():
return redirect(ADMIN_URL + "/index")
per_page = 10
languages = CobraLanguages.query.order_by(
CobraLanguages.id.desc()).limit(per_page).offset(
(page - 1) * per_page).all()
data = {
'languages': languages,
}
return render_template("backend/language/languages.html", data=data)
def framework_create():
if request.method == 'POST':
vc = ValidateClass(request, "name", "description")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
item = CobraWebFrame(vc.vars.name, vc.vars.description)
try:
db.session.add(item)
db.session.commit()
return jsonify(code=1001, message='add success.')
except:
return jsonify(code=4001,
message='unknown error. Try again later?')
else:
data = {
'title': 'Create framework',
'type': 'create',
'framework': dict()
}
return render_template('backend/framework/edit.html', data=data)
def vulnerability_create():
if request.method == 'POST':
vc = ValidateClass(request, "name", "description", "repair", "third_v_id")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
vul = CobraVuls(vc.vars.name, vc.vars.description, vc.vars.repair, vc.vars.third_v_id, current_time, current_time)
try:
db.session.add(vul)
db.session.commit()
return jsonify(code=1001, message='add success.')
except:
return jsonify(code=4001, message='unknown error. Try again later?')
else:
data = {
'title': 'Create vulnerability',
'type': 'create',
'vulnerability': dict()
}
return render_template('backend/vulnerability/edit.html', data=data)
def edit_project(project_id):
if request.method == "POST":
vc = ValidateClass(request, "id", "name", "repository", "url",
"author", "pe", "remark", 'status')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4004, message=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
project = CobraProjects.query.filter_by(id=project_id).first()
if not project:
return jsonify(code=4004, message='wrong project id.')
# update project data
project.name = vc.vars.name
project.author = vc.vars.author
project.pe = vc.vars.pe
project.remark = vc.vars.remark
project.status = vc.vars.status
project.url = vc.vars.url
project.repository = vc.vars.repository
project.updated_at = current_time
try:
db.session.add(project)
db.session.commit()
return jsonify(code=1001, message='save success.')
except:
return jsonify(code=4004, message='Unknown error.')
else:
project = CobraProjects.query.filter_by(id=project_id).first()
return render_template('backend/project/edit.html',
data={
'title': 'Edit project',
'type': 'edit',
'project': project,
'id': project_id
})
def language_create():
if request.method == 'POST':
vc = ValidateClass(request, "language", "extensions")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
exist = CobraLanguages.query.filter(CobraLanguages.language == vc.vars.language).first()
if exist is not None:
return jsonify(code=4001, message='The language exist')
l = CobraLanguages(vc.vars.language, vc.vars.extensions)
try:
db.session.add(l)
db.session.commit()
return jsonify(code=1001, message='add success.')
except:
return jsonify(code=4001, message='unknown error. Try again later?')
else:
data = {
'title': 'Create language',
'type': 'create',
'language': dict()
}
return render_template('backend/language/edit.html', data=data)
def add_project():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == "POST":
vc = ValidateClass(request, "name", "repository", "url", "author",
"pe", "remark", 'status')
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
project = CobraProjects(vc.vars.repository, vc.vars.url, vc.vars.name,
vc.vars.author, '', vc.vars.pe, vc.vars.remark,
vc.vars.status, current_time)
try:
db.session.add(project)
db.session.commit()
return jsonify(tag='success', msg='save success.')
except:
return jsonify(tag='danger', msg='Unknown error.')
else:
data = {'title': 'Create project', 'type': 'add', 'project': dict()}
return render_template('backend/project/edit.html', data=data)
def edit_white_list(wid):
if request.method == 'POST':
vc = ValidateClass(request, "project", "rule", "path", "reason", "status")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
white_list = CobraWhiteList.query.filter_by(id=wid).first()
if not white_list:
return jsonify(code=4001, message='wrong white-list')
white_list.project_id = vc.vars.project
white_list.rule_id = vc.vars.rule
white_list.path = vc.vars.path
white_list.reason = vc.vars.reason
white_list.status = vc.vars.status
white_list.updated_at = datetime.datetime.now()
try:
db.session.add(white_list)
db.session.commit()
return jsonify(code=1001, message='update success.')
except:
return jsonify(code=4001, message='unknown error.')
else:
rules = CobraRules.query.all()
projects = CobraProjects.query.all()
white_list = CobraWhiteList.query.filter_by(id=wid).first()
data = {
'title': 'Edit white-list',
'type': 'edit',
'rules': rules,
'projects': projects,
'whitelist': white_list,
'id': wid
}
return render_template('backend/white-list/edit.html', data=data)
def edit_white_list(wid):
if request.method == 'POST':
vc = ValidateClass(request, "project", "rule", "path", "reason", "status")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
white_list = CobraWhiteList.query.filter_by(id=wid).first()
if not white_list:
return jsonify(code=4001, message='wrong white-list')
white_list.project_id = vc.vars.project
white_list.rule_id = vc.vars.rule
white_list.path = vc.vars.path
white_list.reason = vc.vars.reason
white_list.status = vc.vars.status
white_list.updated_at = datetime.datetime.now()
try:
db.session.add(white_list)
db.session.commit()
return jsonify(code=1001, message='update success.')
except:
return jsonify(code=4001, message='unknown error.')
else:
rules = CobraRules.query.all()
projects = CobraProjects.query.all()
white_list = CobraWhiteList.query.filter_by(id=wid).first()
data = {
'title': 'Edit white-list',
'type': 'edit',
'rules': rules,
'projects': projects,
'whitelist': white_list,
'id': wid
}
return render_template('backend/white-list/edit.html', data=data)
def edit_project(project_id):
if request.method == "POST":
vc = ValidateClass(request, "id", "name", "repository", "url", "author", "pe", "remark", 'status')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4004, message=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
project = CobraProjects.query.filter_by(id=project_id).first()
if not project:
return jsonify(code=4004, message='wrong project id.')
# update project data
project.name = vc.vars.name
project.author = vc.vars.author
project.pe = vc.vars.pe
project.remark = vc.vars.remark
project.status = vc.vars.status
project.url = vc.vars.url
project.repository = vc.vars.repository
project.updated_at = current_time
try:
db.session.add(project)
db.session.commit()
return jsonify(code=1001, message='save success.')
except:
return jsonify(code=4004, message='Unknown error.')
else:
project = CobraProjects.query.filter_by(id=project_id).first()
return render_template('backend/project/edit.html', data={
'title': 'Edit project',
'type': 'edit',
'project': project,
'id': project_id
})
def add_project():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == "POST":
vc = ValidateClass(request, "name", "repository", "url", "author", "pe", "remark", 'status')
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
project = CobraProjects(vc.vars.repository, vc.vars.url, vc.vars.name, vc.vars.author, '', vc.vars.pe, vc.vars.remark, vc.vars.status, current_time)
try:
db.session.add(project)
db.session.commit()
return jsonify(tag='success', msg='save success.')
except:
return jsonify(tag='danger', msg='Unknown error.')
else:
data = {
'title': 'Create project',
'type': 'add',
'project': dict()
}
return render_template('backend/project/edit.html', data=data)
def graph_languages():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
show_all = request.form.get("show_all")
return_value = dict()
if show_all:
hit_rules = db.session.query(
func.count(CobraResults.rule_id).label("cnt"), CobraLanguages.language
).outerjoin(
CobraRules, CobraResults.rule_id == CobraRules.id
).outerjoin(
CobraLanguages, CobraRules.language == CobraLanguages.id
).group_by(CobraResults.rule_id).all()
else:
start_time_stamp = request.form.get("start_time_stamp")
end_time_stamp = request.form.get("end_time_stamp")
start_time = datetime.datetime.fromtimestamp(int(start_time_stamp[:10]))
end_time = datetime.datetime.fromtimestamp(int(end_time_stamp[:10]))
hit_rules = db.session.query(
func.count(CobraResults.rule_id).label("cnt"), CobraLanguages.language
).outerjoin(
CobraRules, CobraResults.rule_id == CobraRules.id
).outerjoin(
CobraLanguages, CobraRules.language == CobraLanguages.id
).filter(
and_(CobraResults.created_at >= start_time, CobraResults.created_at <= end_time)
).group_by(CobraResults.rule_id).all()
for res in hit_rules:
if return_value.get(res[1]):
return_value[res[1]] += res[0]
else:
return_value[res[1]] = res[0]
# 修改结果中的None为Unknown
try:
return_value.update(Unknown=return_value.pop(None))
except KeyError:
pass
return jsonify(data=return_value)
def graph_vulns():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == "POST":
show_all = request.form.get("show_all")
cobra_rules = db.session.query(CobraRules.id, CobraRules.vul_id, ).all()
cobra_vuls = db.session.query(CobraVuls.id, CobraVuls.name).all()
all_rules = {}
for x in cobra_rules:
all_rules[x.id] = x.vul_id # rule_id -> vul_id
all_cobra_vuls = {}
for x in cobra_vuls:
all_cobra_vuls[x.id] = x.name # vul_id -> vul_name
if show_all:
# show all vulns
all_vuls = db.session.query(
CobraResults.rule_id, func.count("*").label('counts')
).group_by(CobraResults.rule_id).all()
total_vuls = []
for x in all_vuls: # all_vuls: results group by rule_id and count(*)
t = {}
# get vulnerability name
if x.rule_id not in all_rules:
continue
te = all_cobra_vuls[all_rules[x.rule_id]]
# check if there is already a same vulnerability name in different language
flag = False
for tv in total_vuls:
if te == tv['vuls']:
tv['counts'] += x.counts
flag = True
break
if not flag:
t['vuls'] = all_cobra_vuls[all_rules[x.rule_id]]
t['counts'] = x.counts
if t:
total_vuls.append(t)
return jsonify(data=total_vuls)
else:
# show part of vulns
start_time_stamp = request.form.get("start_time_stamp")[:10]
end_time_stamp = request.form.get("end_time_stamp")[:10]
if start_time_stamp >= end_time_stamp:
return jsonify(code=1002, tag="danger", msg="wrong datetime.")
start_time = datetime.datetime.fromtimestamp(int(start_time_stamp))
end_time = datetime.datetime.fromtimestamp(int(end_time_stamp))
# TODO: improve this
all_vuls = db.session.query(
CobraResults.rule_id, func.count("*").label('counts')
).filter(
and_(CobraResults.created_at >= start_time, CobraResults.created_at <= end_time)
).group_by(CobraResults.rule_id).all()
total_vuls = []
for x in all_vuls: # all_vuls: results group by rule_id and count(*)
t = {}
# get vulnerability name
te = all_cobra_vuls[all_rules[x.rule_id]]
# check if there is already a same vulnerability name in different language
flag = False
for tv in total_vuls:
if te == tv['vuls']:
tv['counts'] += x.counts
flag = True
break
if not flag:
t['vuls'] = all_cobra_vuls[all_rules[x.rule_id]]
t['counts'] = x.counts
if t:
total_vuls.append(t)
return jsonify(data=total_vuls)
def dashboard():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
cobra_rules = db.session.query(CobraRules.id, CobraRules.vul_id, ).all()
cobra_vuls = db.session.query(CobraVuls.id, CobraVuls.name).all()
# get today date time and timestamp
today_time_array = datetime.date.today()
today_time_stamp = int(time.mktime(today_time_array.timetuple()))
tomorrow_time_stamp = today_time_stamp + 3600 * 24
tomorrow_time_array = datetime.datetime.fromtimestamp(int(tomorrow_time_stamp))
# total overview
total_task_count = CobraTaskInfo.query.count()
total_vulns_count = CobraResults.query.count()
total_projects_count = CobraProjects.query.count()
total_files_count = db.session.query(func.sum(CobraTaskInfo.file_count).label('files')).first()[0]
total_code_number = db.session.query(func.sum(CobraTaskInfo.code_number).label('codes')).first()[0]
# today overview
today_task_count = CobraTaskInfo.query.filter(
and_(CobraTaskInfo.time_start >= today_time_stamp, CobraTaskInfo.time_start <= tomorrow_time_stamp)
).count()
today_vulns_count = CobraResults.query.filter(
and_(CobraResults.created_at >= today_time_array, CobraResults.created_at <= tomorrow_time_array)
).count()
today_projects_count = CobraProjects.query.filter(
and_(CobraProjects.last_scan >= today_time_array, CobraProjects.last_scan <= tomorrow_time_array)
).count()
today_files_count = db.session.query(func.sum(CobraTaskInfo.file_count).label('files')).filter(
and_(CobraTaskInfo.time_start >= today_time_stamp, CobraTaskInfo.time_start <= tomorrow_time_stamp)
).first()[0]
today_code_number = db.session.query(func.sum(CobraTaskInfo.code_number).label('codes')).filter(
and_(CobraTaskInfo.time_start >= today_time_stamp, CobraTaskInfo.time_start <= tomorrow_time_stamp)
).first()[0]
# scanning time
avg_scan_time = db.session.query(func.avg(CobraTaskInfo.time_consume)).first()[0]
max_scan_time = db.session.query(func.max(CobraTaskInfo.time_consume)).first()[0]
min_scan_time = db.session.query(func.min(CobraTaskInfo.time_consume)).first()[0]
# total each vuls count
all_vuls = db.session.query(
CobraResults.rule_id, func.count("*").label('counts')
).group_by(CobraResults.rule_id).all()
# today each vuls count
all_vuls_today = db.session.query(
CobraResults.rule_id, func.count("*").label('counts')
).group_by(CobraResults.rule_id).filter(
and_(CobraResults.created_at >= today_time_array, CobraResults.created_at <= tomorrow_time_array)
).all()
all_rules = {}
for x in cobra_rules:
all_rules[x.id] = x.vul_id # rule_id -> vul_id
all_cobra_vuls = {}
for x in cobra_vuls:
all_cobra_vuls[x.id] = x.name # vul_id -> vul_name
total_vuls = []
for x in all_vuls: # all_vuls: results group by rule_id and count(*)
t = {}
# get vulnerability name
if x.rule_id not in all_rules:
continue
te = all_cobra_vuls[all_rules[x.rule_id]]
# check if there is already a same vulnerability name in different language
flag = False
for tv in total_vuls:
if te == tv.get('vuls'):
tv['counts'] += x.counts
flag = True
break
if not flag:
t['vuls'] = all_cobra_vuls[all_rules[x.rule_id]]
t['counts'] = x.counts
if t:
total_vuls.append(t)
today_vuls = []
for x in all_vuls_today:
t = {}
# get vulnerability name
te = all_cobra_vuls[all_rules[x.rule_id]]
# check if there is already a same vulnerability name in different language
flag = False
for tv in today_vuls:
if te == tv.get('vuls'):
tv['counts'] += x.counts
flag = True
break
if not flag:
t['vuls'] = all_cobra_vuls[all_rules[x.rule_id]]
t['counts'] = x.counts
if t:
today_vuls.append(t)
data = {
'total_task_count': total_task_count,
'total_vulns_count': total_vulns_count,
'total_projects_count': total_projects_count,
'total_files_count': total_files_count,
'today_task_count': today_task_count,
'today_vulns_count': today_vulns_count,
'today_projects_count': today_projects_count,
'today_files_count': today_files_count,
'max_scan_time': max_scan_time,
'min_scan_time': min_scan_time,
'avg_scan_time': avg_scan_time,
'total_vuls': total_vuls,
'today_vuls': today_vuls,
'total_code_number': total_code_number,
'today_code_number': today_code_number,
}
return render_template("backend/index/dashboard.html", data=data)
def graph_lines():
# everyday vulns count
# everyday scan count
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
show_all = request.form.get("show_all")
if show_all:
days = 15 - 1
vuls = list()
scans = list()
labels = list()
# get vulns count
end_date = datetime.datetime.today()
start_date = datetime.date.today() - datetime.timedelta(days=days)
start_date = datetime.datetime.combine(start_date, datetime.datetime.min.time())
d = start_date
while d < end_date:
all_vuls = db.session.query(
func.count("*").label('counts')
).filter(
and_(CobraResults.created_at >= d, CobraResults.created_at <= d + datetime.timedelta(1))
).all()
vuls.append(all_vuls[0][0])
labels.append(d.strftime("%Y%m%d"))
d += datetime.timedelta(1)
# get scan count
d = start_date
while d < end_date:
t = int(time.mktime(d.timetuple()))
all_scans = db.session.query(
func.count("*").label("counts")
).filter(
and_(CobraTaskInfo.time_start >= t, CobraTaskInfo.time_start <= t + 3600 * 24)
).all()
scans.append(all_scans[0][0])
d += datetime.timedelta(1)
return jsonify(labels=labels, vuls=vuls, scans=scans)
else:
start_time_stamp = request.form.get("start_time_stamp")[:10]
end_time_stamp = request.form.get("end_time_stamp")[:10]
labels = list()
vuls = list()
scans = list()
start_date = datetime.datetime.fromtimestamp(int(start_time_stamp[:10]))
end_date = datetime.datetime.fromtimestamp(int(end_time_stamp[:10]))
# get vulns count
d = start_date
while d < end_date:
t = end_date if d + datetime.timedelta(1) > end_date else d + datetime.timedelta(1)
all_vuls = db.session.query(
func.count("*").label('counts')
).filter(
and_(CobraResults.created_at >= d, CobraResults.created_at <= t)
).all()
labels.append(d.strftime("%Y%m%d"))
vuls.append(all_vuls[0][0])
d += datetime.timedelta(1)
# get scans count
d = start_date
while d < end_date:
t_end_date = end_date if d + datetime.timedelta(1) > end_date else d + datetime.timedelta(1)
t_start_date = time.mktime(d.timetuple())
t_end_date = time.mktime(t_end_date.timetuple())
all_scans = db.session.query(
func.count("*").label("counts")
).filter(
and_(CobraTaskInfo.time_start >= t_start_date, CobraTaskInfo.time_start <= t_end_date)
).all()
scans.append(all_scans[0][0])
d += datetime.timedelta(1)
return jsonify(labels=labels, vuls=vuls, scans=scans)
