def show(request, task_id):
"""
:param request:
:param task_id:
:return:
"""
model = get_task_by_id(task_id=task_id)
config, history, time_consumed = {}, [], None
if model.config:
config = ast.literal_eval(model.config)
history = TaskHistory.objects.filter(task__id=model.id)
if model.end_time and model.start_time:
time_consumed = model.end_time - model.start_time
if settings.TIME_ZONE == 'Asia/Shanghai':
times = str(time_consumed).split(':')
time_consumed = times[0] + '时' + times[1] + '分' + str(
round(float(times[2]), 2)) + '秒'
return render(
request, 'scan/task/show.html', {
'nav': 'scan',
'model': model,
'config': config,
'history': history,
'time_consumed': time_consumed,
})
def get(self, request, task_id):
"""
:param request:
:param task_id:
:return:
"""
try:
data = None
task = get_task_by_id(task_id)
status_code, message = status.HTTP_404_NOT_FOUND, "失败"
if task:
status_code = status.HTTP_200_OK
message = "成功!"
data = {
'task_id': task.id,
'project_name': task.app.project.name,
'group_name': task.group.name,
'status': task.status,
'executor_ip': task.executor_ip,
}
return JsonResponse(data=data,
desc=message,
status=status_code,
code=status_code)
except Exception as ex:
import traceback
traceback.print_exc()
return JsonResponse(desc=str(ex),
code=status.HTTP_400_BAD_REQUEST,
status=status.HTTP_200_OK)
def post(self, request, task_id):
"""
:param request:
:param task_id:
:return:
"""
try:
if 'application/json' not in request.content_type:
raise Exception(
u'"Content-type" 格式必须为 json 格式, 当前格式: {0}'.format(
request.content_type))
task = get_task_by_id(task_id)
if not all((task, )):
raise SeeCodeMissingImportantParameters(
"Parameter 'task_id' content is invalid.")
size = request.data.get("size")
total = request.data.get("total")
language = request.data.get("language")
statistics = request.data.get("statistics")
code, message = -1, '更新失败'
is_ok = update_app_lang(app_id=task.app.id,
code_total=total,
size=size,
lang=language,
status=2)
if is_ok:
for s in statistics:
create_or_update(
app_obj=task.app,
language=s['language'],
files=s['files'],
blank=s['blank'],
comment=s['comment'],
code=s['code'],
)
code, message = 1, '更新成功'
return JsonResponse(data={
'task_id': task.id,
'app_id': task.app.id
},
desc=message,
status=status.HTTP_200_OK,
code=code)
except Exception as ex:
import traceback
traceback.print_exc()
return JsonResponse(desc=str(ex),
code=status.HTTP_400_BAD_REQUEST,
status=status.HTTP_200_OK)
def post(self, request, task_id):
"""
:param request:
:param task_id:
:return:
"""
try:
if 'application/json' not in request.content_type:
raise Exception(
u'"Content-type" 格式必须为 json 格式, 当前格式: {0}'.format(
request.content_type))
task = get_task_by_id(task_id)
issues = request.data.get("issues", None)
if not all((task, issues)):
raise SeeCodeMissingImportantParameters(
"Parameter 'task_id, issues' content is invalid.")
for i in issues:
tactic_obj = get_tactic_by_key(key=i['rule_key'])
if tactic_obj and tactic_obj.is_active:
issue_obj = create_or_update(
app_obj=task.app,
rule_key=i['rule_key'],
file_name=i['file'],
start_line=i['start_line'],
end_line=i['end_line'],
scanner_id=i['engine'],
title=i['title'],
report_detail_url=i['report'],
last_commit=i['hash'],
last_commit_author=i['author'],
last_commit_author_email=i['author_email'],
code_segment=i['code_example'],
evidence_content=i['evidence_content'],
is_false_positive=i['is_false_positive'],
whitelist_rule_id=i['whitelist_rule_id'],
)
return JsonResponse(data={
'task_id': task.id,
'app_id': task.app.id
},
desc='更新成功',
status=status.HTTP_200_OK,
code=1)
except Exception as ex:
import traceback
traceback.print_exc()
return JsonResponse(desc=str(ex),
code=status.HTTP_400_BAD_REQUEST,
status=status.HTTP_200_OK)
def post(self, request, task_id):
"""
:param request:
:param task_id:
:return:
"""
try:
if 'application/json' not in request.content_type:
raise Exception(
u'"Content-type" 格式必须为 json 格式, 当前格式: {0}'.format(
request.content_type))
task = get_task_by_id(task_id)
components = request.data.get("components", None)
if not all((task, components)):
raise SeeCodeMissingImportantParameters(
"Parameter 'task_id, components' content is invalid.")
# FIXME 添加归档功能
for s in components:
d_create_or_update(
app_obj=task.app,
name=s['name'],
group_id=s['tag'],
artifact_id=s['name'],
version=s['version'],
new_version=s['new_version'],
file_name=s['origin'],
)
return JsonResponse(data={
'task_id': task.id,
'app_id': task.app.id
},
desc='更新成功',
status=status.HTTP_200_OK,
code=1)
except Exception as ex:
import traceback
traceback.print_exc()
return JsonResponse(desc=str(ex),
code=status.HTTP_400_BAD_REQUEST,
status=status.HTTP_200_OK)
def index(request, task_id=None):
"""
:param request:
:param task_id:
:return:
"""
app_id = strip(request.GET.get('app', ''))
e = strip(request.GET.get('e', ''))
cate = strip(request.GET.get('c', ''))
risk = strip(request.GET.get('r', ''))
done = strip(request.GET.get('d', ''))
keyword = request.GET.get('k', '')
a = request.GET.get('a', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
app_obj = None
if task_id:
task = get_task_by_id(task_id)
if task:
app_obj = get_app_by_id(task.app.id)
sql_where['app__id'] = task.app.id
if app_id:
app_obj = get_app_by_id(app_id)
sql_where['app__id'] = app_id
if e:
sql_where['tactic__engine__id'] = int(e)
if risk:
sql_where['tactic__risk'] = risk
if cate:
sql_where['tactic__type'] = int(cate)
if keyword:
keyword = keyword.strip()
sql_where['title__icontains'] = keyword
if a:
if a == '1':
sql_where['is_send_alarm'] = True
elif a == '2':
sql_where['scm_url__isnull'] = False
if done:
if done == '1':
sql_where['status__in'] = [2, 3, 4, 5]
elif done == '2':
sql_where['status'] = 1
elif done == '3':
sql_where['is_false_positive'] = True
items = IssueInfo.objects.filter(**sql_where).order_by("-updated_at")
paginator = Paginator(items, page_size, request=request, pre_name=u"问题")
page = paginator.page(page_num)
return render(
request, 'scan/issue/index.html', {
'nav': 'scan',
'page': page,
'e': e,
'c': cate,
'r': risk,
'd': done,
'alarm': a,
'app_obj': app_obj,
'keyword': keyword,
'issues_type': TACTIC_TYPE,
'risk_list': RISK_TYPE,
'engine_list': get_all_engine(),
'issues_status': ISSUE_STATUS,
})
def post(self, request, task_id):
"""
:param request:
:param task_id:
:return:
"""
try:
if 'application/json' not in request.content_type:
raise Exception(
u'"Content-type" 格式必须为 json 格式, 当前格式: {0}'.format(
request.content_type))
task = get_task_by_id(task_id)
task_status = request.data.get("status", None)
end_time = request.data.get("end_time", None)
start_time = request.data.get("start_time", None)
executor_ip = request.data.get("executor_ip")
if not all((task, task_status)):
raise SeeCodeMissingImportantParameters(
"Missing 'task_id, status' parameter.")
if end_time:
end_time = utc2local(end_time)
else:
end_time = datetime.datetime.now()
if start_time:
start_time = utc2local(start_time)
else:
end_time = datetime.datetime.now()
task_status = parse_int(task_status)
code, message = -1, '更新失败'
if task_status == 1: # failed
msg = request.data.get("msg", '')
is_ok = update_task_failed(task_id=task.id,
title='扫描任务失败',
reason=msg,
end_time=end_time)
if is_ok:
code, message = 1, '更新成功'
elif task_status == 3: # init
log_path = request.data.get("log_path", '')
scan_template = request.data.get("scan_template", '')
scan_template_version = request.data.get(
"scan_template_version", '')
is_ok = update_task_scan_init(
task_id=task.id,
executor_ip=executor_ip,
scan_template=scan_template,
scan_template_version=scan_template_version,
start_time=start_time,
title='开始初始化扫描任务',
reason='',
log_path=log_path,
)
if is_ok:
code, message = 1, '更新成功'
elif task_status == 4: # component
commit_hash = request.data.get("commit_hash")
title = request.data.get("title", '开始同步项目代码')
is_ok = update_task_scan_component(
task_id=task.id,
executor_ip=executor_ip,
commit_hash=commit_hash,
title=title,
reason='',
)
if is_ok:
code, message = 1, '更新成功'
elif task_status == 5: # start
is_ok = update_task_start(
task_id=task.id,
executor_ip=executor_ip,
title='开始扫描代码',
reason='',
)
if is_ok:
code, message = 1, '更新成功'
elif task_status == 6: # success
statistics = request.data.get("statistics", None)
msg = request.data.get("msg")
is_ok = update_task_success(
task_id=task.id,
executor_ip=executor_ip,
end_time=end_time,
title=msg,
)
try:
if statistics:
critical = statistics['critical'] or 0
high = statistics['high'] or 0
medium = statistics['medium'] or 0
low = statistics['low'] or 0
info = statistics['info'] or 0
scope = statistics['scope'] or 0
update_task_statistics(
task_id=task_id,
critical=critical,
high=high,
medium=medium,
low=low,
info=info,
scope=scope,
)
except Exception as ex:
pass
if is_ok:
code, message = 1, '更新成功'
elif task_status == 7: # message
title = request.data.get("title", '')
reason = request.data.get("reason", '')
level = request.data.get("level", '')
is_ok = update_task_title(
task_id=task.id,
title=title,
reason=reason,
level=level,
)
if is_ok:
code, message = 1, '更新成功'
else:
raise Exception("Parameter 'status' is out of range.")
return JsonResponse(data={'task_id': task.id},
desc=message,
status=status.HTTP_200_OK,
code=code)
except Exception as ex:
import traceback
traceback.print_exc()
return JsonResponse(desc=str(ex),
code=status.HTTP_400_BAD_REQUEST,
status=status.HTTP_200_OK)
def __init__(self, task_id):
"""
:param task_id:
"""
self.task = get_task_by_id(task_id=task_id)
if not self.task:
raise TaskConfCreateException(
'Task not found, id:{0}.'.format(task_id))
self.sys_conf = get_config()
self.app = self.task.app
self.project = self.app.project
self.group = self.project.group
self.repo = self.app.repo
self.profile = self.task.group.profile
log_level = 'info'
if self.sys_conf['option']['seecode_sys_level'] == 1:
log_level = 'error'
elif self.sys_conf['option']['seecode_sys_level'] == 2:
log_level = 'error'
elif self.sys_conf['option']['seecode_sys_level'] == 3:
log_level = 'warning'
elif self.sys_conf['option']['seecode_sys_level'] == 4:
log_level = 'info'
elif self.sys_conf['option']['seecode_sys_level'] == 5:
log_level = 'debug'
storage_type = 'local'
s_t = self.sys_conf['project']['upload_type']
if s_t == 1:
storage_type = 'local'
elif s_t == 2:
storage_type = 'ftp'
self._task_conf = {
'task_id': self.task.id,
'template': self.profile.name,
'log_level': log_level,
'work_dir': self.sys_conf['option']['seecode_workdir'],
'project_name': self.project.name or '',
'project_branch': self.repo.name or '',
'project_ssh': self.project.ssh_url_to_repo or self.project.path,
'project_web': self.project.web_url or '',
'project_file_origin_name': self.project.file_origin_name or '',
'project_file_hash': self.project.file_hash or '',
'group_name': self.group.name or '',
'group_key': self.group.path or '',
'project_type': 'online' if self.project.type == 1 else 'offline',
'project_storage_type': storage_type,
'evidence_start_line_offset': -1,
'evidence_count': 5,
'result_file': '{0}.json'.format(self.task.id),
'sync_vuln_to_server': True,
'force_sync_code': self.task.is_force_scan,
}
update_task_config(
task_id=self.task.id,
config=str(self._task_conf),
)