def post(self, id): weblog.info("%s.", self._request_summary()) Projectname = self.get_argument("Projectname", None) passowrd = self.get_argument("passowrd", None) Projectemail = self.get_argument("Projectemail", None) Projectrole = self.get_argument("Projectrole") msg = [] if Projectname is None or Projectname == "": msg.append(msg_define.ProjectNAME_IS_EMPTY) if passowrd is None or check_passord(passowrd) is None: msg.append(msg_define.ProjectPASSWORD_INVALID) if Projectemail is None or Projectemail == "": msg.append(msg_define.ProjectEMAIL_IS_EMPTY) elif check_email(Projectemail) is None: msg.append(msg_define.ProjectEMAIL_INVALID) if msg: return self.render('admin/Projectedit.html', message=msg) else: try: old_Project = get_project_by_id(self, id) old_Project.Projectname = Projectname old_Project.password = passowrd old_Project.email = Projectemail old_Project.Projectrole = Projectrole self.mysqldb().commit() return self.redirect('/Project/list') except: weblog.exception("Edit Project error!") self.mysqldb().rollback() return self.render('admin/Projectedit.html', message=msg)
def get(self): parsed = urlparse(self.request.uri) params = parse_qs(parsed.query) uuid = params.get('uuid') if uuid is None: self.write("give me your uuid man... :/") return cookie = self.get_secure_cookie(COOKIE_KEY) if not cookie: self.write("your cookie missing or maybe you don't know what HMAC" " means :(") return try: cookie = cookie.decode() except Exception as e: access_log.exception("An exception occurred...") self.write("why did you change your cookie...") return expected_cookie = '{}[{}]'.format(uuid[0], self.request.remote_ip) if cookie != expected_cookie: self.write("you're almost done... i got a uuid and a cookie... " "but they don't match.") return self.write("here is your reward my dear: {}".format(self.flag))
def post(self): weblog.info("%s.", self._request_summary()) cur_login_name = self.get_secure_cookie('user_account') # 用户是否存在 cur_user_id = self.mysqldb().query( TblAccount.id, TblAccount.userstate).filter( TblAccount.username == cur_login_name).first() project_name = self.get_argument("project_name", None) top_project_id = self.get_argument("top_project_id", 0) project_describe = self.get_argument("project_describe", None) peers = self.get_arguments("peer") msg = '' try: new_project = TblProject() new_project.project_name = project_name new_project.progress = 0 new_project.describe = project_describe new_project.status = msg_define.USER_NORMAL new_project.top_project_id = top_project_id new_project.created_by = cur_user_id.id self.mysqldb().add(new_project) self.mysqldb().commit() # 添加项目关联人员 self.relation_project_user(project_name, peers) # return self.render('project/projectlist.html', projects=get_project_list(self), # project_map=get_project_map(self)) return self.redirect('/project/list') except: weblog.exception("Add new Project error!") self.mysqldb().rollback() return self.render('project/projectadd.html', message="", users=get_user_list(self), projects=get_project_list(self))
def post(self, id): weblog.info("%s.", self._request_summary()) username = self.get_argument("username", None) passowrd = self.get_argument("passowrd", None) useremail = self.get_argument("useremail", None) userrole = self.get_argument("userrole") msg = [] if username is None or username == "": msg.append(msg_define.USERNAME_IS_EMPTY) if passowrd is None or check_passord(passowrd) is None: msg.append(msg_define.USERPASSWORD_INVALID) if useremail is None or useremail == "": msg.append(msg_define.USEREMAIL_IS_EMPTY) elif check_email(useremail) is None: msg.append(msg_define.USEREMAIL_INVALID) if msg: return self.render('admin/useredit.html', message=msg) else: try: old_user = get_user_by_id(self, id) old_user.username = username old_user.password = passowrd old_user.email = useremail old_user.userrole = userrole self.mysqldb().commit() return self.redirect('/user/list') except: weblog.exception("Edit user error!") self.mysqldb().rollback() return self.render('admin/useredit.html', message=msg)
def handle_request(self, request_data): try: proxy_request = yield self._make_proxy_request(request_data) if not proxy_request: raise gen.Return() yield self._fetch_proxy_request(proxy_request) except RequestParamsError as err: self.set_status(400, str(err)) except Exception as err: logger.exception(err) raise gen.Return()
def post(self): data = self.request.body # VULN: do not truncate input size try: client_ip = self.request.headers.get("X-Real-IP") or self.request.remote_ip if client_ip: ipaddress.ip_address(client_ip) output = run(['./docker_wrapper.sh', client_ip], input=data, stdout=PIPE).stdout except Exception as e: access_log.exception("An exception occurred...") output = b"Exception raised." self.write(output) self.finish()
def post(self): fg_color = random.randint(0, 255), random.randint(0, 255), random.randint( 0, 255) try: mstream, strs = generate_verify_image(save_img=False, fg_color=fg_color, font_type="method/Arial.ttf") # self.write(simplejson.dumps({'code': 0, 'img': stream.getvalue().encode('base64')})) # self.set_cookie("code", strs) self.set_secure_cookie("code", strs) weblog.info("%s , imgage code:%s", self._request_summary(), strs) # img = mstream.getvalue().encode('base64') img = base64.b64encode(mstream.getvalue()).decode() return self.write(json_dumps({'code': strs, 'img': img})) except: weblog.exception("verify image code error") return
def __exit__(self, exc_type, exc_val, exc_tb): if exc_type == toro.Timeout: access_log.debug("[uid: %s] connection timeout" % self.client_uid) elif exc_type == StreamClosedError: access_log.warning("[uid: %s] stream closed unexpectedly" % self.client_uid) elif exc_type == ConnectError: self.stream.close() access_log.info("[uid: %s] connection refused: %s" % (self.client_uid, exc_val.message)) elif exc_type == Exception: access_log.exception("[uid: %s] error handling stream" % self.client_uid, exc_info=True) if exc_val is not None: if self.client is not None: self.client.disconnect() return True # suppress the raised exception
def browsing_history(self): login_name = self.get_current_user() if login_name is None: return if type(login_name) == bytes: login_name = bytes.decode(login_name) try: self.mysqldb().execute( "INSERT INTO tbl_browsing_history (user_ip,user_account,request_method," "uri,status,browsing_date,browsing_time,user_agent) " "VALUES(\'%s\',\'%s\',\'%s\',\'%s\',\'%s\',\'%s\',\'%s\',\'%s\');" %(self.request.remote_ip, login_name, self.request.uri,self.request.method, self.get_status(),datetime.datetime.now().strftime('%Y%m%d'), datetime.datetime.now().strftime('%H%M%S'), self.request.headers.get("User-Agent")) ) self.mysqldb().commit() except: weblog.exception("BaseHandler:visit_history error") self.mysqldb().rollback()
def post(self, id): weblog.info("%s.", self._request_summary()) bug_name = self.get_argument("bug_name", None) bug_describe = self.get_argument("bug_describe", None) bug_solution = self.get_argument("bug_solution", None) bug_date_plan = self.get_argument("bug_date_plan",None) bug_date_done = self.get_argument("bug_date_done",None) bug_status = self.get_argument("bug_status", None) # print(bug_name, bug_describe, bug_status) msg = [] if bug_name is None: msg.append(u"bug名称不能为空") if bug_describe is None or bug_solution is None: msg.append(u"bug描述或解决方案不能空") if bug_date_plan is None or bug_date_done is None: msg.append(u"bug计划解决日期或解决日期不能为空") if bug_status is None: msg.append(u"bug状态不能为空") else: bug_status = int(bug_status) old_bug = self.mysqldb().query(TblBugList).filter_by(bug_id=id).first() if old_bug is None: msg.append(u"根据bug id获取bug信息失败") if msg: return self.render('bug/bugedit.html', message=msg, bug=get_bug_by_id(self, id)) else: try: # edit_bug = get_bug_by_id(self,id) old_bug.bug_name = bug_name old_bug.bug_describe = bug_describe old_bug.bug_solution = bug_solution old_bug.bug_date_plan = bug_date_plan old_bug.bug_date_done = bug_date_done old_bug.bug_status = bug_status # print(bug_status, bug_describe) self.mysqldb().commit() return self.redirect('/bug/list') except Exception as e: weblog.exception("Edit Bug error!", e) self.mysqldb().rollback() msg.append(e) return self.render('bug/bugedit.html', message=msg)
async def get(self, *args, **kwargs): try: method_info = self.methods.get('get') if method_info is None: self.send_error(status_code=404, reason="not found") return call_func = method_info['func'] filter_funcs = method_info['filters'] request_obj = MetaRequest(self) for each_filter in filter_funcs: view_obj = each_filter(request_obj) if not isinstance(view_obj, BasicView): self.send_error(status_code=500, reason="internal error") return if isinstance(view_obj, ChainView): continue view_obj.render(request=self) return try: view_obj = await call_func(request_obj, *args, **kwargs) except CoreError as e: logger.error('%s:%s' % (e.__class__.__name__, e.message)) if getattr(e, "can_out_put", None): msg = e.message else: msg = "" view_obj = JsonView({'code': 'ERROR', 'msg': msg, 'data': {}}) view_obj.render(request=self) return if not isinstance(view_obj, BasicView): self.send_error(status_code=500, reason="internal error") return view_obj.render(request=self) except Exception as e: logger.exception(e) self.send_error(status_code=500, reason='internal error')
def post(self): weblog.info("%s.", self._request_summary()) cur_login_name = self.get_secure_cookie('user_account') # 用户是否存在 bug_name = self.get_argument("bug_name",None) project_id = self.get_argument("project_name", None) bug_find_by = self.get_argument("bug_find_by", None) bug_user_done = self.get_argument("bug_user_done", None) bug_describe = self.get_argument("bug_describe", None) bug_solution = self.get_argument("bug_solution", None) bug_date_plan = self.get_argument("bug_date_plan", None) bug_date_done = self.get_argument("bug_date_done", None) msg = [] if bug_name is None: msg.append(u"bug名称不能为空") if bug_solution is None or bug_describe is None: msg.append(u"bug描述或解决方案为空") if bug_date_plan is None or bug_date_done is None: msg.append(u"bug计划日期或解决日期为空") if msg: return self.render('bug/bugadd.html', message=msg, users=get_user_list(self), projects=get_project_list(self)) try: new_bug = TblBugList() new_bug.bug_name = bug_name new_bug.bug_find_by = bug_find_by new_bug.bug_user_done = bug_user_done new_bug.bug_describe = bug_describe new_bug.bug_solution = bug_solution new_bug.bug_date_plan = bug_date_plan new_bug.bug_date_done = bug_date_done new_bug.bug_project_id = project_id self.mysqldb().add(new_bug) self.mysqldb().commit() return self.render('bug/buglist.html', bugs=get_bug_list(self)) except: weblog.exception("Add new bug error!") self.mysqldb().rollback() return self.render('bug/bugadd.html', message=msg, users=get_user_list(self), projects=get_project_list(self))
def post(self): weblog.info("%s.", self._request_summary()) username = self.get_argument("username", None) passowrd = self.get_argument("passowrd", None) useremail = self.get_argument("useremail", None) userrole = self.get_argument("userrole") msg = [] if get_user_by_name(self, username) is not None: msg.append(msg_define.USER_IS_EXIST) if username is None or username == "": msg.append(msg_define.USERNAME_IS_EMPTY) if passowrd is None or check_passord(passowrd) is None: msg.append(msg_define.USERPASSWORD_INVALID) if useremail is None or useremail == "": msg.append(msg_define.USEREMAIL_IS_EMPTY) elif check_email(useremail) is None: msg.append(msg_define.USEREMAIL_INVALID) if msg: return self.render('admin/useradd.html', message=msg) else: try: new_user = TblAccount() new_user.username = username new_user.password = MD5(passowrd) new_user.email = useremail new_user.userrole = userrole new_user.userstate = msg_define.USER_NORMAL self.mysqldb().add(new_user) self.mysqldb().commit() users, total_page = get_user_pagination(self, FIRST_PAGE) return self.render('admin/usermanage.html', users=users, total_page=total_page, current_page=FIRST_PAGE) except: weblog.exception("Add new user error!") self.mysqldb().rollback() return self.render('admin/useradd.html', message=msg)
def __exit__(self, exc_type, exc_val, exc_tb): if exc_type == toro.Timeout: access_log.debug("[uid: %s] connection timeout" % self.client_uid) elif exc_type == StreamClosedError: access_log.warning('[uid: %s] stream closed unexpectedly' % self.client_uid) elif exc_type == ConnectError: self.stream.close() access_log.info('[uid: %s] connection refused: %s' % (self.client_uid, exc_val.message)) elif exc_type == Exception: access_log.exception('[uid: %s] error handling stream' % self.client_uid, exc_info=True) if exc_val is not None: if self.client is not None: self.client.disconnect() return True # suppress the raised exception
async def __print(self): files = self.request.files['f'] if len(files) != 1: self.__reject("/print expects exactly one image file.") return img_data = files[0]['body'] try: result = print_img(img_data, self.__remote_ip()) except Exception as e: access_log.exception("An exception occurred...") self.__reject("[print_img:exception] service failed to process " "your image. Try with another one.\nIf the problem " "persists with other images, please contact an " "admin.") return if not result['status']: self.__reject(result['error']) return page_data = result['data'] secret = result['b64sn'] try: await self.__save_secret(secret) except Exception as e: access_log.exception("An exception occurred...") self.__reject("[__save_secret:exception] service failed to save " "the secret. Request timed-out.\nPlease contact an " "admin. Redis server might be down.") return self.__accept(page_data)
def wraps(*args, **kwg): try: return func(*args, **kwg) except Exception as err: logger.exception(err) raise
def post(self): key = self.request.body[:EO_SZ**3] try: output = check_output(['./emergency_override', 'check'], input=key) except Exception as e: access_log.exception("An exception occurred...") self.set_status(500) self.write("An exception occurred, feel free to contact an admin.") self.finish() return if b'OK' in output: msg = """ Well done! You've just prevented doomsday... Awesome! 888888ba dP dP dP dP .88888. dP dP 88 `8b 88 88 88 88 d8' `8b 8888888 a88aaaa8P' 88d888b. .d8888b. 88aaaaa88a 88aaa88 dP. .dP 88 88 88d888b. 88 88 88 88' `88 88' `88 88 88 88 `8bd8' 88 88 88' `88 8888888 88 88 88. .88 88 88 88 .d88b. Y8. .8P 88 dP dP dP dP `88888P' dP dP dP dP' `dP `8888P' dP Good job! You must have this flag : {} """.format(self.flag) else: msg = """ .ed''' '''$$$$be. -' ^''**$$$e. .' '$$$c / '4$$b d 3 $$$$ $ * .$$$$$$ .$ ^c $$$$$e$$$$$$$$. d$L 4. 4$$$$$$$$$$$$$$b $$$$b ^ceeeee. 4$$ECL.F*$$$$$$$ e$''=. $$$$P d$$$$F $ $$$$$$$$$- $$$$$$ z$$b. ^c 3$$$F '$$$$b $'$$$$$$$ $$$$*' .=''$c 4$$$$L $$P' '$$b .$ $$$$$...e$$ .= e$$$. ^*$$$$$c %.. *c .. $$ 3$$$$$$$$$$eF zP d$$$$$ '**$$$ec ' ece'' $$$ $$$$$$$$$$* .r' =$$$$P'' '*$b. 'c *$e. *** d$$$$$'L$$ .d' e$$***' ^*$$c ^$c $$$ 4J$$$$$% $$$ .e*'.eeP' '$$$$$$''$=e....$*$$**$cz$$' '..d$*' '*$$$ *=%4.$ L L$ P3$$$F $$$P' '$ 'e*ebJLzb$e$$$$$b $P' %.. 4$$$$$$$$$$ ' $$$e z$$$$$$$$$$% '*$c '$$$$$$$P' .'''*$$$$$$$$bc .-'' .$***$$$'''*e. .-' .e' '*$c ^*b. .=*'''' .e$*' '*bc '*$e.. .$' .z*' ^*$e. '*****e. $$ee$c .d' '*$. 3. ^*$E')$..$' * .ee==d% $.d$$$* * J$$$e* ''''' ''$$$' R.I.P. You failed to save the world !!! Try again ! """ self.write(msg.encode()) self.finish()