def scheduler_job():
if request.method == 'POST':
task_id = request.values.get('job_id')
action = request.values.get('operation')
i = timedelta(seconds=10)
run_time = datetime.now() + i
try:
task = db.session.query(Task).filter(Task.id == task_id).first()
task.web_scan_enable = 1
task.state = 2
task.start_time = run_time
db.session.add(task)
db.session.commit()
job = run_engine.apply_async(args=[task_id, action], countdown=10)
job_task_ref = ApJobsTaskRef(job.id, task_id, 'PENDING', run_time)
db.session.add(job_task_ref)
db.session.commit()
except Exception as e:
logger.exception(e)
return jsonify(dict(status=False, desc='重启扫描失败'))
else:
return jsonify(dict(status=True, desc='重启扫描成功'))
def add_task(task_id=None):
name = request.values.get('task_name')
scheme = request.values.get('task_scheme')
domain = request.values.get('task_domain')
source_ip = request.values.get('source_ip')
path = request.values.get('task_path')
cookie = request.values.get('task_cookie')
spider_type = request.values.get('spider_type')
task_policy = request.values.get('task_policy')
urls = request.values.get('urls')
target = request.values.get('target')
multiple_task = True if request.values.get('multiple_task') else False
run_now = True if request.values.get('run_now') else False
run_time = request.values.get('run_time')
rules = request.values.get('rules')
scan_key = request.values.get('scan_key')
try:
# 从接口提交的扫描任务,如果是全面扫描则扫描所有规则
if scan_key:
if not (name and urls and run_time and task_policy):
raise Exception
user_id = verify_scan_key(scan_key).id
if task_policy == '509':
rules = db.session.query(func.group_concat(WebVulFamily.id)).filter(WebVulFamily.parent_id != 0).first()[0]
spider_type = 2
else:
username = current_user.name
user_id = db.session.query(User).filter(User.name == username).first().id
except Exception, e:
logger.exception(e)
return jsonify(dict(status=False, desc='添加更新失败'))
def report_rebuild(job_id=None):
try:
#taskid = request.values.get('taskid')
# job_id = request.values.get('job_id')
job = db.session.query(ApJobsTaskRef).filter(
ApJobsTaskRef.job_id == job_id).first()
total = db.session.query(WebResult).filter(
WebResult.task_id == job.task_id).count()
message = 'web_result total is %s' % total
report = Report()
result = report.storage(job.task_id, job_id)
return jsonify({
'status': True,
'desc': '重新生成报告成功',
'reportid': int(result),
'message': message
})
except Exception, e:
logger.exception(e)
return jsonify({
'status': False,
'desc': '重新生成报告失败',
'reportid': 0,
'mesage': e.message
})
def create_rule_family(rule_family_id=None):
name = request.values.get('name')
describe = request.values.get('describe')
priority = request.values.get('priority')
if 'POST' == request.method:
try:
family = RuleFamily(name, describe, priority)
db.session.add(family)
db.session.commit()
except Exception as e:
logger.exception(e)
return jsonify(dict(status=False, desc='添加失败'))
else:
return jsonify(dict(status=True, desc='添加成功'))
else:
try:
family = db.session.query(RuleFamily).filter(RuleFamily.id == rule_family_id).first()
family.name = name
family.describe = describe
family.priority = priority
db.session.add(family)
db.session.commit()
except Exception as e:
logger.exception(e)
return jsonify(dict(status=False, desc='更新失败'))
else:
return jsonify(dict(status=True, desc='更新成功'))
def del_task_job(task_id):
job_task_ref = db.session.query(ApJobsTaskRef).filter(ApJobsTaskRef.task_id == task_id, ApJobsTaskRef.job_status==1,
ApJobsTaskRef.parent_id == None).first()
try:
if job_task_ref:
if job_task_ref.job_status != 1:
return jsonify(dict(status=False, desc='任务已执行,无法删除'))
res_del_db = None
res_revoke = revoke_job(job_task_ref.job_id)
if res_revoke:
res_del_db = del_job_db(job_task_ref.job_id)
if not res_del_db:
raise Exception
db.session.query(Task).filter(Task.id == task_id).delete()
db.session.query(TaskRuleFamilyRef).filter(TaskRuleFamilyRef.task_id == task_id).delete()
db.session.commit()
# 删除爬虫任务
del_spider_task(task_id)
except Exception as e:
logger.exception(e)
return jsonify(dict(status=False, desc='删除失败'))
else:
return jsonify(dict(status=True, desc='删除成功'))
def rep_vul_audit(id=None):
try:
db.session.query(WebResult).filter(WebResult.id == id).delete()
db.session.commit()
return jsonify(dict(status=True, desc='删除成功'))
except Exception, e:
logger.exception(e)
return jsonify(dict(status=False, desc='删除失败'))
def delete_rule(rule_id):
try:
db.session.query(Rule).filter(Rule.rule_id == rule_id).delete()
db.session.commit()
except Exception as e:
logger.exception(e)
return jsonify(dict(status=False, desc='删除失败'))
else:
return jsonify(dict(status=True, desc='删除成功'))
def del_vul_patch():
try:
res_str = request.values.get('vul_str')
task_id = request.values.get('task_id')
res_list = res_str.rstrip(',').split(',')
for res_id in res_list:
db.session.query(WebResult).filter(WebResult.id == res_id).delete()
db.session.commit()
return redirect('/report/processing/%s' % task_id)
except Exception, e:
logger.exception(e)
abort(404)
def api_job_progress2():
job_ids = request.values.get('job_id')
job_list = json.loads(job_ids).get('jobs')
resp = {}
for job_id in job_list:
task_pro = {}
try:
job = db.session.query(ApJobsTaskRef).filter(ApJobsTaskRef.job_id == job_id).first()
if not job:
task_pro['resp_status'] = False
task_pro['task_info'] = {'errorMsg': '查询失败,job为None'.decode('utf-8')}
else:
task = db.session.query(Task).filter(Task.id == job.task_id).first()
if job.job_status == 1:
response = {
'task_id': task.id,
'state': '未开始'.decode('utf-8'),
'current': 0,
'total': 100,
'status': 0
}
elif job.job_status == 3:
response = {
'task_id': task.id,
'state': '扫描完成'.decode('utf-8'),
'current': 100,
'total': 100,
'status': 3
}
else:
response = task_progress(job.task_id)
if job.run_time:
start_time = datetime.strftime(job.run_time, '%Y-%m-%d %H:%M:%S')
if job.end_time:
end_time = datetime.strftime(job.end_time, '%Y-%m-%d %H:%M:%S')
else:
end_time = '0000-00-00 00:00:00'
task_pro['resp_status'] = True
task_pro['task_info'] = {'task_id': job.task_id, 'task_name': task.name,
'policy': task.web_scan_policy, 'start_time': start_time, 'end_time': end_time,
'state': response.get('state'), 'current': response.get('current'),
'total': response.get('total'), 'status': response.get('status')}
resp[job_id] = task_pro
except Exception as e:
logger.exception(e)
task_pro['resp_status'] = False
task_pro['task_info'] = {'errorMsg': '查询失败'.decode('utf-8')}
resp[job_id] = task_pro
return jsonify(resp)
def storage(self, taskid, jobid=""):
logger.info("report storage %s, %s start" % (taskid, jobid))
try:
reportid = self.saveToDb(taskid, jobid)
# self.savePdf(reportid)
self.savePdf2(jobid)
return reportid
logger.info("report storage %s, %s end" % (taskid, jobid))
except Exception, e:
logger.exception(e)
logger.info("report storage %s, %s exception" % (taskid, jobid))
return 0
def run_report(self, task_id, job_id):
try:
logger.debug("扫描任务task_id:%s,job_id:%s执行报告生成任务 开始" %
(task_id, job_id))
rep = Report()
report_id = rep.storage(task_id, job_id)
if not report_id:
rep.checkPdfExists()
logger.debug("扫描任务task_id:%s,job_id:%s执行报告生成任务 结束" %
(task_id, job_id))
except Exception, e:
logger.exception(e)
logger.debug("扫描任务task_id:%s,job_id:%s执行报告生成任务 异常" %
(task_id, job_id))
def verify_scan_key(key):
try:
s = Serializer(SECRET_KEY, expires_in=SESSION_LIFETIME)
token = db.session.query(TokenMapping).filter(
TokenMapping.uuid == key).first().token
user_json = s.loads(token)
name = user_json['name']
user = db.session.query(User).filter(User.name == name,
User.status == 1).first()
if user:
return user
else:
return None
except Exception, e:
logger.exception(e)
return None
def report_list():
try:
scan_key = request.values.get('scan_key')
search_msg = request.values.get('search_msg', '')
if scan_key:
user_id = verify_scan_key(scan_key).id
else:
user_id = current_user.id
user = db.session.query(User).filter(User.id == user_id).first()
admin_id = db.session.query(Group).filter(Group.name == 'ADMIN').first().id
if str(admin_id) in user.groups.split(','):
query = db.session.query(Task).join(ApJobsTaskRef, ApJobsTaskRef.task_id == Task.id). \
filter(ApJobsTaskRef.job_status == 3, ApJobsTaskRef.parent_id == None).order_by(Task.id.desc())
else:
query = db.session.query(Task).join(ApJobsTaskRef, ApJobsTaskRef.task_id == Task.id). \
filter(ApJobsTaskRef.job_status == 3, ApJobsTaskRef.parent_id == None, Task.user_id == user_id).order_by(Task.id.desc())
if search_msg:
like_msg = '%%%s%%' % search_msg
query = query.filter(or_(Task.id.like(search_msg), Task.name.like(like_msg),
Task.target.like(like_msg)))
page, per_page, offset, search_msg = get_page_items()
tasks = query.limit(per_page).offset(offset).all()
total = query.count()
pagination = get_pagination(page=page,
per_page=per_page,
total=total,
# record_name="server",
format_total=True,
format_number=True
# search=True,
# search_msg=search_msg
)
taskids = [task.id for task in tasks]
reportList = db.session.query(ModelReport.job_id, ModelReport.task_id).filter(ModelReport.task_id.in_(taskids)).order_by(
ModelReport.id.desc()).all()
reports = {}
for report in reportList:
if not reports.has_key(report.task_id):
reports[report.task_id] = report
for task_id in taskids:
if not reports.has_key(task_id):
reports[task_id] = ('', task_id)
except Exception, e:
logger.exception(e)
return render_template('error-not-safe.html')
def add_task(task_id=None):
name = request.values.get('task_name')
name = escape(name.decode('utf-8'))
# scheme = request.values.get('task_scheme')
# domain = request.values.get('task_domain')
source_ip = request.values.get('source_ip')
if source_ip and not re.match('^(\d{1,3}\.){3}\d{1,3}$', source_ip):
return jsonify(dict(status=False, desc='添加失败, 源IP格式错误'))
patch_no = request.values.get('patch_no')
cookie = request.values.get('task_cookie')
spider_enable = request.values.get('spider_enable')
task_policy = request.values.get('task_policy')
rep_model_id = request.values.get('rep_model')
urls = request.values.get('urls')
target = request.values.get('target')
# multiple_task = True if request.values.get('multiple_task') else False
run_now = True if request.values.get('run_now') else False
run_time = request.values.get('run_time')
rules = request.values.get('rules')
scan_key = request.values.get('scan_key')
try:
if not rep_model_id:
rep_model_id = db.session.query(ReportModel).filter(or_(ReportModel.company == '上海云盾信息技术有限公司',
ReportModel.model_name == '盾眼默认模板')).first().model_id
# 从接口提交的扫描任务,如果是全面扫描则扫描所有规则
if scan_key:
if not (name and urls and task_policy):
raise Exception
user_id = verify_scan_key(scan_key).id
# if task_policy == '509':
# rules = db.session.query(func.group_concat(WebVulFamily.id)).filter(WebVulFamily.parent_id != 0).first()[0]
else:
username = current_user.name
user_id = db.session.query(User).filter(User.name == username).first().id
except Exception, e:
logger.exception(e)
return jsonify(dict(status=False, desc='添加更新失败'))
# if run_now:
# # 通过celery任务启动
# # run_time = datetime.now() + i
# job = run_engine.apply_async(args=[task_id, action], countdown=0)
#
# else:
# # 通过celery任务启动
# delay_seconds = (run_time - datetime.now()).seconds
# job = run_engine.apply_async(args=[task_id, action], countdown=delay_seconds)
#
# job_task_ref = ApJobsTaskRef(job.id, task_id, 'PENDING', run_time)
# db.session.add(job_task_ref)
# db.session.commit()
except Exception as e:
logger.exception(e)
return jsonify(dict(status=False, desc='添加失败'))
else:
return jsonify(dict(status=True, desc='添加成功', task_id=task_id))
else:
try:
task = db.session.query(Task).filter(Task.id == task_id).first()
task.name = name
task.target = target
task.web_scan_policy = task_policy
task.spider_type = spider_type
task.web_scan_enable = 1
task.state = 2
task.user_id = user_id
def create_rule(rule_id=None):
rule_name = request.values.get('rule_name')
rule_family = request.values.get('rule_family')
# rule_tag = request.values.get('rule_tag')
rule_tag = '' # tag标签在scan_site.py写入字典scan_cnf里面,此处停用。为不影响其他代码,暂时置空处理。
level = request.values.get('bug_level')
if_head = True if request.values.get('if_head') else False
run_mode = request.values.get('run_mode')
inj_area = request.values.get('inj_area')
inj_way = request.values.get('inj_way')
inj_point = request.values.get('inj_point')
inj_value_str = request.values.get('inj_value')
code_mode = request.values.get('code_mode')
judge_code1 = request.values.get('judge_code1')
judge_code2 = request.values.get('judge_code2')
judge_keyword = request.values.get('judge_keyword')
content_mode = request.values.get('content_mode')
judge_content = request.values.get('judge_content')
similar_mode = request.values.get('similar_mode')
similar = request.values.get('similar')
describe = request.values.get('describe')
solution = request.values.get('solution')
judge_str = request.values.get('judge')
# 规范传入参数,防止XSS
rule_name = escape(rule_name.decode('utf-8'))
describe = escape(describe.decode('utf-8'))
solution = escape(solution.decode('utf-8'))
judge = {}
if code_mode:
code_dict = {'mode': code_mode}
code_value = []
if judge_code1:
code_value.append(judge_code1)
else:
code_value.append('0')
if judge_code2:
code_value.append(judge_code2)
else:
code_value.append('999')
code_dict['value'] = code_value
judge["http_code"] = code_dict
if judge_keyword:
judge["keyword"] = judge_keyword
if content_mode:
content_dict = {'mode': content_mode, 'value': judge_content}
judge["content"] = content_dict
if similar_mode:
similar_dict = {'mode': similar_mode, 'value': float(similar)/100}
judge["similar"] = similar_dict
if 'POST' == request.method:
try:
inj_values = inj_value_str.split('\r\n')
if '' in inj_values:
inj_values.remove('')
# vul_id = rule_name.split('-')[0]
# rule_exists = db.session.query(Rule).filter(Rule.vul_id == vul_id).first()
# if rule_exists:
# return jsonify(dict(status=False, desc='ID为'+vul_id+'的漏洞已经存在'))
family = db.session.query(WebVulFamily).filter(WebVulFamily.desc == rule_family).first()
module = db.session.query(WebVulFamily).filter(WebVulFamily.id == family.parent_id).first()
vul_script = WebVulList(0, rule_name, 1, family.desc, module.desc, 3, None, level,
describe, solution, None, 750, rule_tag, family.id, module.id)
db.session.add(vul_script)
db.session.flush()
vul_id = vul_script.id
vul_script.vul_id = vul_id
db.session.add(vul_script)
db.session.commit()
ref = WebVulFamilyRef(family.parent_id, family.id, vul_id)
db.session.add(ref)
db.session.commit()
# for inj_value in inj_values:
rule_json = {"area": inj_area, "inj_way": inj_way, "inj_point": inj_point, "inj_value": inj_values, "judge": judge}
rule = Rule(family.id, rule_name, json.dumps(rule_json), inj_area, inj_way, inj_point, json.dumps(inj_values),
json.dumps(judge), describe, run_mode, rule_tag, if_head, vul_id)
db.session.add(rule)
db.session.commit()
# 规则从web_vul_list_copy 导入 web_vul_list ,并删除copy中的记录
# web_vul_copy = db.session.query(WebVulListCopy).filter(WebVulListCopy.vul_id == vul_id).first()
# result = add_policy_script(web_vul_copy.vul_name, 3, '', web_vul_copy.level, web_vul_copy.desc,
# web_vul_copy.solu, web_vul_copy.priority, family.id, vul_id=vul_id, tag=rule_tag)
# if not result:
# raise Exception
# db.session.query(WebVulListCopy).filter(WebVulListCopy.vul_id == vul_id).delete()
# db.session.commit()
except Exception as e:
logger.exception(e)
return jsonify(dict(status=False, desc='添加失败'))
else:
return jsonify(dict(status=True, desc='添加成功'))
else:
try:
value_list = json.loads(inj_value_str)
rule_json = {"area": inj_area, "inj_way": inj_way, "inj_point": inj_point, "inj_value": value_list,
"judge": json.loads(judge_str)}
rule = db.session.query(Rule).filter(Rule.rule_id == rule_id).first()
rule.rule_name = rule_name
rule.rule_family = rule_family
rule.rule_json = json.dumps(rule_json)
rule.area = inj_area
rule.inj_way = inj_way
rule.inj_point = inj_point
rule.inj_value = inj_value_str
rule.judge = judge_str
rule.describe = describe
rule.run_mode = run_mode
rule.if_head = if_head
db.session.add(rule)
db.session.commit()
except Exception as e:
logger.exception(e)
return jsonify(dict(status=False, desc='更新失败'))
else:
return jsonify(dict(status=True, desc='更新成功'))