def POST(self):
web.header("Access-Control-Allow-Origin", "*")
data = web.data()
data = json.loads(data)
print(data)
action = data['action']
ids = data['ids']
if action == None or ids == None:
return self.JSON({'code': '1:lack of data'})
elif ids == -1:
con, cur = connect_db()
cur.execute("update EVENT set state=?", (action, ))
con.commit()
save_log('INFO', 'all data state change to' + action)
close_db(con, cur)
elif ids != []:
con, cur = connect_db()
for id in ids:
cur.execute("update EVENT set state=? where id=?", (
action,
id,
))
con.commit()
save_log(
'DEBUG',
'data state change to {} where id is{}'.format(action, id))
close_db(con, cur)
return self.JSON({'code': '0'})
def transformData(id):
save_log('DEBUG', 'transforming data whose id is {}'.format(id))
data = sql_select(id)
org_site = data[1]
detail = json.loads(data[2])
module_type = data[3]
state = data[4]
if module_type == 'weakness':
result = {}
result['vender_id'] = 2
result['org_site'] = org_site
result['url'] = detail['url']
result['display_name'] = detail['value'].get('name', None)
result['happen_time'] = detail['created_at']
result['poc'] = detail['value']
result['type'] = detail['value'].get('type', None)
result['vul_id'] = detail['value'].get('vul_id', None)
result['detail'] = detail['value'].get('detail', None)
if state != 'push':
data = json.dumps(result, indent=2)
return data
elif module_type == 'content':
result = {}
result['vender_id'] = 2
result['org_site'] = org_site
result['id'] = id
result['url'] = detail['url']
result['happen_time'] = detail['created_at']
result['poc'] = detail['value']
type = detail.get('type', None)
# TODO 4:身份证批量泄露 5:黑页 12:外链
type = 2 if type == 'black_links' or type == 'black_link' else type
type = 4 if type == 'email_address_disclosure' or type == 'email_address_disclosure_out' else type
type = 6 if type.lower() == 'webshell' else type
type = 7 if type == 'malscan' else type
type = 8 if type == 'cryjack' else type
type = 10 if type == 'keyword' else type
type = 11 if type == 'broken_links' or type == 'broken_link' else type
result['type'] = type
if state != 'push':
data = json.dumps(result, indent=2)
return data
else:
save_log(
'DEBUG',
'data with id={} has been pushed, do not push again'.format(
id))
pass
class RevScanData(BaseHandler):
'''
接受扫描结果并入库:event.db -> EVENT
'''
def POST(self):
data = webapi.rawinput('POST')
decode = None
try:
decode = json.loads(data.parameter)
except Exception, e:
print(e.message)
print(repr(data))
return u'{"code":0,"message":"decode fail"}'
if decode['total'] > 0:
if decode['module_type'] == 'weakness' or decode[
'module_type'] == 'content':
for i in decode['values']:
data_site = decode['site']
happen_time = i['created_at']
data_value = json.dumps(i, indent=2)
data_type = decode['module_type']
data_state = "unknown"
if data_value != None and len(data_value) > 3:
push_time = ''
save_time = datetime.datetime.now().strftime(
'%Y-%m-%d %H:%M:%S')
sql_insert(data_site, data_value, data_type,
data_state, save_time, push_time,
happen_time)
save_log('DEBUG',
data_site + 'insert into database successful')
return self.JSON({'code': 0, 'message': 'ok'})
def GET(self):
web.header("Access-Control-Allow-Origin", "*")
get_dict = web.input()
token = get_dict.get('token', None)
start_time = get_dict.get('start_time', '0')
end_time = get_dict.get(
'end_time',
datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S'))
con, cur = connect_db()
cur.execute('select token from token')
real_token = cur.fetchall()[0][0]
if token == real_token:
save_log('INFO', 'token success, prepare for data')
push_time = datetime.datetime.now().strftime('%Y-%m-%d %H:%M:%S')
ids = get_weakness_ids()
con, cur = connect_db()
value = []
for i in ids:
data = sql_select(i[0])
happen_time = data[7]
if check_time(start_time, end_time, happen_time):
data = transformData(i[0])
value.append(data)
cur.execute("update EVENT set state=? where id=?", (
'push',
int(i[0]),
))
cur.execute("update EVENT set push_time=? where id=?", (
push_time,
int(i[0]),
))
con.commit()
close_db(con, cur)
save_log('DEBUG', 'weakness database changed')
save_log('INFO', 'generate weakness data successful')
response = {"status": 200, "errMsg": 'success', "data": value}
save_log('INFO', 'send weakness data...')
return self.JSON(response)
else:
save_log('INFO', 'failed with invalide token')
web.header("status_code", "400")
response = {"status": 400, "errMsg": 'token is invalid'}
return self.JSON(response)
def POST(self):
web.header("Access-Control-Allow-Origin", "*")
rawdata = web.data()
rawdata = json.loads(rawdata)
state = rawdata.get('state', None)
action = rawdata.get('action', None)
if action == None or state == None:
return self.JSON({'code': '1:lack of data'})
else:
con, cur = connect_db()
cur.execute("update EVENT set state=? where state=?", (
action,
state,
))
con.commit()
save_log(
'DEBUG', 'all data where state is {} change to {}'.format(
state, action))
close_db(con, cur)
return self.JSON({'code': '0'})