Exemplo n.º 1
0
def edit_language(language_id):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    if request.method == "POST":

        vc = ValidateClass(request, "language", "extensions")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        l = CobraLanguages.query.filter_by(id=language_id).first()
        try:
            l.language = vc.vars.language
            l.extensions = vc.vars.extensions
            db.session.add(l)
            db.session.commit()
            return jsonify(tag="success", msg="update success.")
        except:
            return jsonify(tag="danger", msg="try again later?")

    else:
        l = CobraLanguages.query.filter_by(id=language_id).first()
        data = {
            'language': l,
        }
        return render_template("backend/language/edit_language.html", data=data)
Exemplo n.º 2
0
def add_new_rule():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':
        vc = ValidateClass(request, 'vul_type', 'language', 'regex', 'regex_confirm',
                           'description', 'repair', 'level')
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        rule = CobraRules(vc.vars.vul_type, vc.vars.language, vc.vars.regex, vc.vars.regex_confirm,
                          vc.vars.description, vc.vars.repair, 1, vc.vars.level, current_time, current_time)
        try:
            db.session.add(rule)
            db.session.commit()
            return jsonify(tag='success', msg='add success.')
        except:
            return jsonify(tag='danger', msg='add failed, try again later?')
    else:
        vul_type = CobraVuls.query.all()
        languages = CobraLanguages.query.all()
        data = {
            'vul_type': vul_type,
            'languages': languages
        }
        return render_template('backend/rule/add_new_rule.html', data=data)
Exemplo n.º 3
0
def edit_project(project_id):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == "POST":

        vc = ValidateClass(request, "project_id", "name", "repository", "author", "remark")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        project = CobraProjects.query.filter_by(id=project_id).first()
        if not project:
            return jsonify(tag='danger', msg='wrong project id.')

        # update project data
        project.name = vc.vars.name
        project.author = vc.vars.author
        project.remark = vc.vars.remark
        project.repository = vc.vars.repository
        project.updated_at = current_time
        try:
            db.session.add(project)
            db.session.commit()
            return jsonify(tag='success', msg='save success.')
        except:
            return jsonify(tag='danger', msg='Unknown error.')
    else:
        project = CobraProjects.query.filter_by(id=project_id).first()
        return render_template('backend/project/edit_project.html', data={
            'project': project
        })
Exemplo n.º 4
0
def add_new_rule():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':
        vc = ValidateClass(request, 'vul_type', 'language', 'regex',
                           'regex_confirm', 'description', 'repair', 'level')
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        block_repair = 1
        rule = CobraRules(vc.vars.vul_type, vc.vars.language, vc.vars.regex,
                          vc.vars.regex_confirm, block_repair,
                          vc.vars.description, vc.vars.repair, 1,
                          vc.vars.level, current_time, current_time)
        try:
            db.session.add(rule)
            db.session.commit()
            return jsonify(tag='success', msg='add success.')
        except:
            return jsonify(tag='danger', msg='add failed, try again later?')
    else:
        vul_type = CobraVuls.query.all()
        languages = CobraLanguages.query.all()
        data = {'vul_type': vul_type, 'languages': languages}
        return render_template('backend/rule/add_new_rule.html', data=data)
Exemplo n.º 5
0
def edit_language(language_id):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    if request.method == "POST":

        vc = ValidateClass(request, "language", "extensions")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        l = CobraLanguages.query.filter_by(id=language_id).first()
        try:
            l.language = vc.vars.language
            l.extensions = vc.vars.extensions
            db.session.add(l)
            db.session.commit()
            return jsonify(tag="success", msg="update success.")
        except:
            return jsonify(tag="danger", msg="try again later?")

    else:
        l = CobraLanguages.query.filter_by(id=language_id).first()
        data = {
            'language': l,
        }
        return render_template("backend/language/edit_language.html",
                               data=data)
Exemplo n.º 6
0
def add_whitelist():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "project_id", "rule_id", "path", "reason")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        if vc.vars.path[0] != '/':
            vc.vars.path = '/' + vc.vars.path
        whitelist = CobraWhiteList(vc.vars.project_id, vc.vars.rule_id, vc.vars.path, vc.vars.reason,
                                   1, current_time, current_time)
        try:
            db.session.add(whitelist)
            db.session.commit()
            return jsonify(tag='success', msg='add success.')
        except:
            return jsonify(tag='danger', msg='unknown error. Try again later?')
    else:
        rules = CobraRules.query.all()
        projects = CobraProjects.query.all()
        data = {
            'rules': rules,
            'projects': projects,
        }
        return render_template('backend/whitelist/add_new_whitelist.html', data=data)
Exemplo n.º 7
0
def edit_project(project_id):

    if request.method == "POST":

        vc = ValidateClass(request, "project_id", "name", "repository", "author", "remark")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        project = CobraProjects.query.filter_by(id=project_id).first()
        if not project:
            return jsonify(tag='danger', msg='wrong project id.')

        # update project data
        project.name = vc.vars.name
        project.author = vc.vars.author
        project.remark = vc.vars.remark
        project.repository = vc.vars.repository
        project.updated_at = current_time
        try:
            db.session.add(project)
            db.session.commit()
            return jsonify(tag='success', msg='save success.')
        except:
            return jsonify(tag='danger', msg='Unknown error.')
    else:
        project = CobraProjects.query.filter_by(id=project_id).first()
        return render_template('backend/project/edit_project.html', data={
            'project': project
        })
Exemplo n.º 8
0
def index():

    if ValidateClass.check_login():
        return redirect(ADMIN_URL + '/main')

    if request.method == "POST":

        vc = ValidateClass(request, 'username', 'password')
        ret, msg = vc.check_args()

        if not ret:
            return msg

        au = CobraAdminUser.query.filter_by(username=vc.vars.username).first()
        if not au or not au.verify_password(vc.vars.password):
            # login failed.
            return "Wrong username or password."
        else:
            # login success.
            session['role'] = au.role
            session['username'] = escape(au.username)
            session['is_login'] = True

            current_time = time.strftime('%Y-%m-%d %X', time.localtime())
            au.last_login_time = current_time
            au.last_login_ip = request.remote_addr
            db.session.add(au)
            db.session.commit()

            return "Login success, jumping...<br /><script>window.setTimeout(\"location='main'\", 1000);</script>"
    else:
        return render_template("backend/index/index.html")
Exemplo n.º 9
0
def del_rule():
    vc = ValidateClass(request, "rule_id")
    vc.check_args()
    rule_id = vc.vars.rule_id
    if rule_id:

        # 检查该条rule是否存在result和task的依赖
        result = db.session.query(CobraResults.task_id).filter(
            CobraResults.rule_id == rule_id).group_by(
                CobraResults.task_id).all()
        if len(result):
            # 存在依赖
            task_rely = ""
            for res in result:
                task_rely += str(res.task_id) + ","
            task_rely = task_rely.strip(",")
            message = "Delete failed. Please check and delete the task rely on this rule first.<br />"
            message += "<strong>Rely Tasks: </strong>" + task_rely

            return jsonify(code=1004, tag="danger", msg=message)

        r = CobraRules.query.filter_by(id=rule_id).first()
        try:
            db.session.delete(r)
            db.session.commit()
            return jsonify(code=1001, tag='success', msg='delete success.')
        except SQLAlchemyError:
            return jsonify(code=1004,
                           tag='danger',
                           msg='delete failed. Try again later?')
    else:
        return jsonify(code=1004, tag='danger', msg='wrong id')
Exemplo n.º 10
0
def edit_vul(vul_id):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "name", "description", "repair")
        ret, msg = vc.check_args()

        if not ret:
            return jsonify(tag="danger", msg=msg)

        v = CobraVuls.query.filter_by(id=vul_id).first()
        v.name = vc.args.name
        v.description = vc.args.description
        v.repair = vc.args.repair

        try:
            db.session.add(v)
            db.session.commit()
            return jsonify(tag='success', msg='save success.')
        except:
            return jsonify(tag='danger', msg='save failed. Try again later?')
    else:
        v = CobraVuls.query.filter_by(id=vul_id).first()
        return render_template('backend/vul/edit_vul.html', data={
            'vul': v,
        })
Exemplo n.º 11
0
def edit_vul(vul_id):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    if request.method == "POST":

        vc = ValidateClass(request, "name", "description", "repair")
        ret, msg = vc.check_args()

        if not ret:
            return jsonify(tag="danger", msg=msg)

        v = CobraVuls.query.filter_by(id=vul_id).first()
        v.name = vc.args.name
        v.description = vc.args.description
        v.repair = vc.args.repair

        try:
            db.session.add(v)
            db.session.commit()
            return jsonify(tag="success", msg="save success.")
        except:
            return jsonify(tag="danger", msg="save failed. Try again later?")
    else:
        v = CobraVuls.query.filter_by(id=vul_id).first()
        return render_template("backend/vul/edit_vul.html", data={"vul": v})
Exemplo n.º 12
0
def add_whitelist():

    if request.method == 'POST':

        vc = ValidateClass(request, "project_id", "rule_id", "path", "reason")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        if vc.vars.path[0] != '/':
            vc.vars.path = '/' + vc.vars.path
        whitelist = CobraWhiteList(vc.vars.project_id, vc.vars.rule_id, vc.vars.path, vc.vars.reason,
                                   1, current_time, current_time)
        try:
            db.session.add(whitelist)
            db.session.commit()
            return jsonify(tag='success', msg='add success.')
        except:
            return jsonify(tag='danger', msg='unknown error. Try again later?')
    else:
        rules = CobraRules.query.all()
        projects = CobraProjects.query.all()
        data = {
            'rules': rules,
            'projects': projects,
        }
        return render_template('backend/whitelist/add_new_whitelist.html', data=data)
Exemplo n.º 13
0
def add_new_rule():

    if request.method == 'POST':
        vc = ValidateClass(request, 'vul_type', 'language', 'regex_location',
                           'regex_repair', 'repair_block', 'description',
                           'repair', 'level')
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = datetime.datetime.now()
        rule = CobraRules(vul_id=vc.vars.vul_type,
                          language=vc.vars.language,
                          regex_location=vc.vars.regex_location,
                          regex_repair=vc.vars.regex_repair,
                          block_repair=vc.vars.repair_block,
                          description=vc.vars.description,
                          repair=vc.vars.repair,
                          status=1,
                          level=vc.vars.level,
                          created_at=current_time,
                          updated_at=current_time)
        try:
            db.session.add(rule)
            db.session.commit()
            return jsonify(tag='success', msg='add success.')
        except Exception as e:
            return jsonify(tag='danger',
                           msg='add failed, try again later?' + e.message)
    else:
        vul_type = CobraVuls.query.all()
        languages = CobraLanguages.query.all()
        data = {'vul_type': vul_type, 'languages': languages}
        return render_template('backend/rule/add_new_rule.html', data=data)
Exemplo n.º 14
0
def add_white_list():
    if request.method == 'POST':
        vc = ValidateClass(request, "project", "rule", "path", "reason",
                           'status')
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(code=4001, message=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        if vc.vars.path[0] != '/':
            vc.vars.path = '/' + vc.vars.path
        whitelist = CobraWhiteList(vc.vars.project, vc.vars.rule, vc.vars.path,
                                   vc.vars.reason, vc.vars.status,
                                   current_time, current_time)
        try:
            db.session.add(whitelist)
            db.session.commit()
            return jsonify(code=1001, message='add success.')
        except:
            return jsonify(code=4001,
                           message='unknown error. Try again later?')
    else:
        rules = CobraRules.query.all()
        projects = CobraProjects.query.all()
        data = {
            'title': 'Create white-list',
            'type': 'create',
            'rules': rules,
            'projects': projects,
            'whitelist': dict()
        }
        return render_template('backend/white-list/edit.html', data=data)
Exemplo n.º 15
0
def index():

    if ValidateClass.check_login():
        return redirect(ADMIN_URL + '/main')

    if request.method == "POST":

        vc = ValidateClass(request, 'username', 'password')
        ret, msg = vc.check_args()

        if not ret:
            return msg

        au = CobraAdminUser.query.filter_by(username=vc.vars.username).first()
        if not au or not au.verify_password(vc.vars.password):
            # login failed.
            return "Wrong username or password."
        else:
            # login success.
            session['role'] = au.role
            session['username'] = escape(au.username)
            session['is_login'] = True

            current_time = time.strftime('%Y-%m-%d %X', time.localtime())
            au.last_login_time = current_time
            au.last_login_ip = request.remote_addr
            db.session.add(au)
            db.session.commit()

            return "Login success, jumping...<br /><script>window.setTimeout(\"location='main'\", 1000);</script>"
    else:
        return render_template("backend/index/index.html")
Exemplo n.º 16
0
def delete_white_list():
    vc = ValidateClass(request, "id")
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(code=4001, message=msg)

    whitelist = CobraWhiteList.query.filter_by(id=vc.vars.id).first()
    try:
        db.session.delete(whitelist)
        db.session.commit()
        return jsonify(code=1001, message='delete success.')
    except:
        return jsonify(code=4002, message='unknown error.')
Exemplo n.º 17
0
def search_rules():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "language", "vul")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        rules = None

        if vc.vars.language == 'all' and vc.vars.vul == 'all':
            rules = CobraRules.query.all()
        elif vc.vars.language == 'all' and vc.vars.vul != 'all':
            rules = CobraRules.query.filter_by(vul_id=vc.vars.vul).all()
        elif vc.vars.language != 'all' and vc.vars.vul == 'all':
            rules = CobraRules.query.filter_by(language=vc.vars.language).all()
        elif vc.vars.language != 'all' and vc.vars.vul != 'all':
            rules = CobraRules.query.filter_by(language=vc.vars.language,
                                               vul_id=vc.vars.vul).all()
        else:
            return 'error!'

        cobra_vuls = CobraVuls.query.all()
        cobra_lang = CobraLanguages.query.all()
        all_vuls = {}
        all_language = {}
        for vul in cobra_vuls:
            all_vuls[vul.id] = vul.name
        for lang in cobra_lang:
            all_language[lang.id] = lang.language

        # replace id with real name
        for rule in rules:
            try:
                rule.vul_id = all_vuls[rule.vul_id]
            except KeyError:
                rule.vul_id = 'Unknown Type'
            try:
                rule.language = all_language[rule.language]
            except KeyError:
                rule.language = 'Unknown Language'

        data = {
            'rules': rules,
        }

        return render_template('backend/rule/rules.html', data=data)
Exemplo n.º 18
0
def del_rule():
    vc = ValidateClass(request, "rule_id")
    vc.check_args()
    vul_id = vc.vars.rule_id
    if vul_id:
        r = CobraRules.query.filter_by(id=vul_id).first()
        try:
            db.session.delete(r)
            db.session.commit()
            return jsonify(tag='success', msg='delete success.')
        except:
            return jsonify(tag='danger', msg='delete failed. Try again later?')
    else:
        return jsonify(tag='danger', msg='wrong id')
Exemplo n.º 19
0
def del_task():
    vc = ValidateClass(request, "id")
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(tag="danger", msg=msg)

    task = CobraTaskInfo.query.filter_by(id=vc.vars.id).first()
    try:
        db.session.delete(task)
        db.session.commit()
        return jsonify(tag='success', msg='delete success.')
    except SQLAlchemyError as e:
        print(e)
        return jsonify(tag='danger', msg='unknown error.')
Exemplo n.º 20
0
def del_whitelist():

    vc = ValidateClass(request, "whitelist_id")
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(tag="danger", msg=msg)

    whitelist = CobraWhiteList.query.filter_by(id=vc.vars.whitelist_id).first()
    try:
        db.session.delete(whitelist)
        db.session.commit()
        return jsonify(tag='success', msg='delete success.')
    except:
        return jsonify(tag='danger', msg='unknown error.')
Exemplo n.º 21
0
def search_rules():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "language", "vul")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        rules = None

        if vc.vars.language == 'all' and vc.vars.vul == 'all':
            rules = CobraRules.query.all()
        elif vc.vars.language == 'all' and vc.vars.vul != 'all':
            rules = CobraRules.query.filter_by(vul_id=vc.vars.vul).all()
        elif vc.vars.language != 'all' and vc.vars.vul == 'all':
            rules = CobraRules.query.filter_by(language=vc.vars.language).all()
        elif vc.vars.language != 'all' and vc.vars.vul != 'all':
            rules = CobraRules.query.filter_by(language=vc.vars.language, vul_id=vc.vars.vul).all()
        else:
            return 'error!'

        cobra_vuls = CobraVuls.query.all()
        cobra_lang = CobraLanguages.query.all()
        all_vuls = {}
        all_language = {}
        for vul in cobra_vuls:
            all_vuls[vul.id] = vul.name
        for lang in cobra_lang:
            all_language[lang.id] = lang.language

        # replace id with real name
        for rule in rules:
            try:
                rule.vul_id = all_vuls[rule.vul_id]
            except KeyError:
                rule.vul_id = 'Unknown Type'
            try:
                rule.language = all_language[rule.language]
            except KeyError:
                rule.language = 'Unknown Language'

        data = {
            'rules': rules,
        }

        return render_template('backend/rule/rules.html', data=data)
Exemplo n.º 22
0
def all_languages_count():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    languages_count = CobraLanguages.query.count()
    return str(languages_count)
Exemplo n.º 23
0
def del_vul():
    vc = ValidateClass(request, "vul_id")
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(tag="danger", msg=msg)

    if vc.vars.vul_id:
        v = CobraVuls.query.filter_by(id=vc.vars.vul_id).first()
        try:
            db.session.delete(v)
            db.session.commit()
            return jsonify(tag='success', msg='delete success.')
        except:
            return jsonify(tag='danger', msg='delete failed. Try again later?')
    else:
        return jsonify(tag='danger', msg='wrong id')
Exemplo n.º 24
0
def all_whitelists_count():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    whitelists_count = CobraWhiteList.query.count()
    return str(whitelists_count)
Exemplo n.º 25
0
def all_projects_count():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    projects_count = CobraProjects.query.count()
    return str(projects_count)
Exemplo n.º 26
0
def all_vuls_count():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    vuls_count = CobraVuls.query.count()
    return str(vuls_count)
Exemplo n.º 27
0
def all_rules_count():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    rules_count = CobraRules.query.count()
    return str(rules_count)
Exemplo n.º 28
0
def get_scan_information():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == "POST":
        start_time_stamp = request.form.get("start_time_stamp")[0:10]
        end_time_stamp = request.form.get("end_time_stamp")[0:10]
        start_time_array = datetime.datetime.fromtimestamp(int(start_time_stamp))
        end_time_array = datetime.datetime.fromtimestamp(int(end_time_stamp))

        if start_time_stamp >= end_time_stamp:
            return jsonify(tag="danger", msg="wrong date select.", code=1002)

        task_count = CobraTaskInfo.query.filter(
            and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp)
        ).count()
        vulns_count = CobraResults.query.filter(
            and_(CobraResults.created_at >= start_time_array, CobraResults.created_at <= end_time_array)
        ).count()
        projects_count = CobraProjects.query.filter(
            and_(CobraProjects.last_scan >= start_time_array, CobraProjects.last_scan <= end_time_array)
        ).count()
        files_count = db.session.query(func.sum(CobraTaskInfo.file_count).label('files')).filter(
            and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp)
        ).first()[0]
        code_number = db.session.query(func.sum(CobraTaskInfo.code_number).label('codes')).filter(
            and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp)
        ).first()[0]

        return jsonify(code=1001, task_count=task_count, vulns_count=vulns_count, projects_count=projects_count,
                       files_count=int(files_count), code_number=int(code_number))
Exemplo n.º 29
0
def del_task():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    vc = ValidateClass(request, "id")
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(tag="danger", msg=msg)

    task = CobraTaskInfo.query.filter_by(id=vc.vars.task_id).first()
    try:
        db.session.delete(task)
        db.session.commit()
        return jsonify(tag='success', msg='delete success.')
    except:
        return jsonify(tag='danger', msg='unknown error.')
Exemplo n.º 30
0
def all_tasks_count():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    tasks_count = CobraTaskInfo.query.count()
    return str(tasks_count)
Exemplo n.º 31
0
def del_language():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    vc = ValidateClass(request, "id")
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(tag="danger", msg=msg)

    l = CobraLanguages.query.filter_by(id=vc.vars.id).first()
    try:
        db.session.delete(l)
        db.session.commit()
        return jsonify(tag="success", msg="delete success.")
    except:
        return jsonify(tag="danger", msg="delete failed.")
Exemplo n.º 32
0
def delete_vulnerability():
    vc = ValidateClass(request, 'vid')
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(code=4001, message=msg)
    from app.models import CobraResults

    try:
        vulnerability_ret = CobraResults.query.filter(
            CobraResults.id == vc.vars.vid).delete()
        if vulnerability_ret is not None:
            db.session.commit()
            return jsonify(code=1001, message='Deleted success!')
        else:
            return jsonify(code=4001, message='Not exist this vulnerability')
    except:
        return jsonify(code=4002, message="delete failed")
Exemplo n.º 33
0
def del_rule():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    vc = ValidateClass(request, "rule_id")
    vc.check_args()
    vul_id = vc.vars.rule_id
    if vul_id:
        r = CobraRules.query.filter_by(id=vul_id).first()
        try:
            db.session.delete(r)
            db.session.commit()
            return jsonify(tag='success', msg='delete success.')
        except:
            return jsonify(tag='danger', msg='delete failed. Try again later?')
    else:
        return jsonify(tag='danger', msg='wrong id')
Exemplo n.º 34
0
def del_language():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    vc = ValidateClass(request, "id")
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(tag="danger", msg=msg)

    l = CobraLanguages.query.filter_by(id=vc.vars.id).first()
    try:
        db.session.delete(l)
        db.session.commit()
        return jsonify(tag="success", msg="delete success.")
    except:
        return jsonify(tag="danger", msg="delete failed.")
Exemplo n.º 35
0
def edit_rule(rule_id):
    if request.method == 'POST':

        vc = ValidateClass(request, "vul_type", "language", "regex_location",
                           "repair_block", "description", "rule_id", "repair",
                           'verify', "author", "status", "level")
        ret, msg = vc.check_args()

        regex_repair = request.form.get("regex_repair", "")

        if not ret:
            return jsonify(code=4004, message=msg)

        r = CobraRules.query.filter_by(id=rule_id).first()
        r.vul_id = vc.vars.vul_type
        r.language = vc.vars.language
        r.block_repair = vc.vars.repair_block
        r.regex_location = vc.vars.regex_location
        r.regex_repair = regex_repair
        r.description = vc.vars.description
        r.repair = vc.vars.repair
        r.verify = vc.vars.verify
        r.author = vc.vars.author
        r.status = vc.vars.status
        r.level = vc.vars.level
        r.updated_at = datetime.datetime.now()
        try:
            db.session.add(r)
            db.session.commit()
            return jsonify(code=1001, message='success')
        except SQLAlchemyError:
            return jsonify(code=4004, message='save failed. Try again later?')
    else:
        r = CobraRules.query.filter_by(id=rule_id).first()
        vul_type = CobraVuls.query.all()
        languages = CobraLanguages.query.all()
        return render_template('backend/rule/edit.html',
                               data={
                                   'type': 'edit',
                                   'title': 'Edit rule',
                                   'id': r.id,
                                   'rule': r,
                                   'all_vuls': vul_type,
                                   'all_lang': languages,
                               })
Exemplo n.º 36
0
def add_new_vul():
    if request.method == 'POST':

        vc = ValidateClass(request, "name", "description", "repair", "third_v_id")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        vul = CobraVuls(vc.vars.name, vc.vars.description, vc.vars.repair, current_time, current_time)
        try:
            db.session.add(vul)
            db.session.commit()
            return jsonify(tag='success', msg='Add Success.')
        except:
            return jsonify(tag='danger', msg='Add failed. Please try again later.')
    else:
        return render_template('backend/vul/add_new_vul.html')
Exemplo n.º 37
0
def del_project():
    if request.method == 'POST':

        vc = ValidateClass(request, "id")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        project_id = vc.vars.id
        project = CobraProjects.query.filter_by(id=project_id).first()
        try:
            db.session.delete(project)
            db.session.commit()
            return jsonify(tag='success', msg='delete success.')
        except:
            return jsonify(tag='danger', msg='unknown error. please try later?')
    else:
        return 'Method error!'
Exemplo n.º 38
0
def vuls(page):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    per_page_vuls = 10
    all_vuls = CobraVuls.query.order_by("id desc").limit(per_page_vuls).offset((page - 1) * per_page_vuls).all()
    data = {"vuls": all_vuls}
    return render_template("backend/vul/vuls.html", data=data)
Exemplo n.º 39
0
def languages():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    languages = CobraLanguages.query.order_by('id desc').all()
    data = {
        'languages': languages,
    }
    return render_template("backend/language/languages.html", data=data)
Exemplo n.º 40
0
def add_project():
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')
    if request.method == "POST":
        vc = ValidateClass(request, "name", "repository", "url", "author", "pe", "remark")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
        project = CobraProjects(vc.vars.repository, vc.vars.url, vc.vars.name, vc.vars.author, '', vc.vars.pe, vc.vars.remark, current_time)
        try:
            db.session.add(project)
            db.session.commit()
            return jsonify(tag='success', msg='save success.')
        except:
            return jsonify(tag='danger', msg='Unknown error.')
    else:
        return render_template('backend/project/add_project.html', data={})
Exemplo n.º 41
0
def languages():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    languages = CobraLanguages.query.order_by(CobraLanguages.id.desc()).all()
    data = {
        'languages': languages,
    }
    return render_template("backend/language/languages.html", data=data)
Exemplo n.º 42
0
def projects(page):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    per_page = 10
    project = CobraProjects.query.order_by('id desc').limit(per_page).offset((page - 1) * per_page).all()
    data = {
        'projects': project,
    }
    return render_template("backend/project/projects.html", data=data)
Exemplo n.º 43
0
def whitelists(page):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    per_page = 10
    whitelists = CobraWhiteList.query.order_by('id desc').limit(per_page).offset((page - 1) * per_page).all()
    data = {
        'whitelists': whitelists,
    }
    return render_template('backend/whitelist/whitelists.html', data=data)
Exemplo n.º 44
0
def del_vul():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    vc = ValidateClass(request, "vul_id")
    ret, msg = vc.check_args()
    if not ret:
        return jsonify(tag="danger", msg=msg)

    if vc.vars.vul_id:
        v = CobraVuls.query.filter_by(id=vc.vars.vul_id).first()
        try:
            db.session.delete(v)
            db.session.commit()
            return jsonify(tag="success", msg="delete success.")
        except:
            return jsonify(tag="danger", msg="delete failed. Try again later?")
    else:
        return jsonify(tag="danger", msg="wrong id")
Exemplo n.º 45
0
def vuls(page):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    per_page_vuls = 10
    all_vuls = CobraVuls.query.order_by('id desc').limit(per_page_vuls).offset((page-1)*per_page_vuls).all()
    data = {
        'vuls': all_vuls
    }
    return render_template('backend/vul/vuls.html', data=data)
Exemplo n.º 46
0
def add_new_rule():
    if request.method == 'POST':
        vc = ValidateClass(request, 'vul_type', 'language', 'regex_location', 'repair_block',
                           'description', 'repair', 'verify', 'author', 'level', 'status')
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(code=4004, message=msg)

        current_time = datetime.datetime.now()
        rule = CobraRules(
            vul_id=vc.vars.vul_type,
            language=vc.vars.language,
            regex_location=vc.vars.regex_location,
            regex_repair=request.form.get("regex_repair", ""),
            block_repair=vc.vars.repair_block,
            description=vc.vars.description,
            repair=vc.vars.repair,
            verify=vc.vars.verify,
            author=vc.vars.author,
            status=vc.vars.status,
            level=vc.vars.level,
            created_at=current_time,
            updated_at=current_time
        )
        try:
            db.session.add(rule)
            db.session.commit()
            return jsonify(code=1001, message='add success.')
        except Exception as e:
            return jsonify(code=1004, message='add failed, try again later?' + e.message)
    else:
        vul_type = CobraVuls.query.all()
        languages = CobraLanguages.query.all()
        data = {
            'type': 'add',
            'title': 'Create rule',
            'all_vuls': vul_type,
            'all_lang': languages,
            'rule': dict()
        }
        return render_template('backend/rule/edit.html', data=data)
Exemplo n.º 47
0
def projects(page):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    per_page = 10
    project = CobraProjects.query.order_by('id desc').limit(per_page).offset(
        (page - 1) * per_page).all()
    data = {
        'projects': project,
    }
    return render_template("backend/project/projects.html", data=data)
Exemplo n.º 48
0
def add_new_language():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == "POST":

        vc = ValidateClass(request, "language", "extensions")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        l = CobraLanguages(vc.vars.language, vc.vars.extensions)
        try:
            db.session.add(l)
            db.session.commit()
            return jsonify(tag="success", msg="add success")
        except:
            return jsonify(tag="danger", msg="try again later?")
    else:
        return render_template("backend/language/add_new_language.html")
Exemplo n.º 49
0
def add_new_language():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == "POST":

        vc = ValidateClass(request, "language", "extensions")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        l = CobraLanguages(vc.vars.language, vc.vars.extensions)
        try:
            db.session.add(l)
            db.session.commit()
            return jsonify(tag="success", msg="add success")
        except:
            return jsonify(tag="danger", msg="try again later?")
    else:
        return render_template("backend/language/add_new_language.html")
Exemplo n.º 50
0
def edit_rule(rule_id):
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "vul_type", "language", "regex",
                           "regex_confirm", "description", "rule_id", "repair",
                           "status", "level")
        ret, msg = vc.check_args()

        if not ret:
            return jsonify(tag="danger", msg=msg)

        r = CobraRules.query.filter_by(id=rule_id).first()
        r.vul_id = vc.vars.vul_type
        r.language = vc.vars.language
        r.regex = vc.vars.regex
        r.regex_confirm = vc.vars.regex_confirm
        r.description = vc.vars.description
        r.repair = vc.vars.repair
        r.status = vc.vars.status
        r.level = vc.vars.level
        r.updated_at = time.strftime('%Y-%m-%d %X', time.localtime())
        try:
            db.session.add(r)
            db.session.commit()
            return jsonify(tag='success', msg='save success.')
        except:
            return jsonify(tag='danger', msg='save failed. Try again later?')
    else:
        r = CobraRules.query.filter_by(id=rule_id).first()
        vul_type = CobraVuls.query.all()
        languages = CobraLanguages.query.all()
        return render_template('backend/rule/edit_rule.html',
                               data={
                                   'rule': r,
                                   'all_vuls': vul_type,
                                   'all_lang': languages,
                               })
Exemplo n.º 51
0
def del_project():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "id")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        project_id = vc.vars.id
        project = CobraProjects.query.filter_by(id=project_id).first()
        try:
            db.session.delete(project)
            db.session.commit()
            return jsonify(tag='success', msg='delete success.')
        except:
            return jsonify(tag='danger', msg='unknown error. please try later?')
    else:
        return 'Method error!'
Exemplo n.º 52
0
def edit_rule(rule_id):

    if request.method == 'POST':

        vc = ValidateClass(request, "vul_type", "language", "regex_location",
                           "regex_repair", "block_repair", "description",
                           "rule_id", "repair", "status", "level")
        ret, msg = vc.check_args()

        if not ret:
            return jsonify(tag="danger", msg=msg)

        r = CobraRules.query.filter_by(id=rule_id).first()
        r.vul_id = vc.vars.vul_type
        r.language = vc.vars.language
        r.block_repair = vc.vars.block_repair
        r.regex_location = vc.vars.regex_location
        r.regex_repair = vc.vars.regex_repair
        r.description = vc.vars.description
        r.repair = vc.vars.repair
        r.status = vc.vars.status
        r.level = vc.vars.level
        r.updated_at = datetime.datetime.now()
        try:
            db.session.add(r)
            db.session.commit()
            return jsonify(tag='success', msg='save success.')
        except SQLAlchemyError:
            return jsonify(tag='danger', msg='save failed. Try again later?')
    else:
        r = CobraRules.query.filter_by(id=rule_id).first()
        vul_type = CobraVuls.query.all()
        languages = CobraLanguages.query.all()
        return render_template('backend/rule/edit_rule.html',
                               data={
                                   'rule': r,
                                   'all_vuls': vul_type,
                                   'all_lang': languages,
                               })
Exemplo n.º 53
0
def edit_whitelist(whitelist_id):

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "whitelist_id", "project", "rule", "path", "reason", "status")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        whitelist = CobraWhiteList.query.filter_by(id=whitelist_id).first()
        if not whitelist:
            return jsonify(tag='danger', msg='wrong whitelist')

        whitelist.project_id = vc.vars.project_id
        whitelist.rule_id = vc.vars.rule_id
        whitelist.path = vc.vars.path
        whitelist.reason = vc.vars.reason
        whitelist.status = vc.vars.status

        try:
            db.session.add(whitelist)
            db.session.commit()
            return jsonify(tag='success', msg='update success.')
        except:
            return jsonify(tag='danger', msg='unknown error.')
    else:
        rules = CobraRules.query.all()
        projects = CobraProjects.query.all()
        whitelist = CobraWhiteList.query.filter_by(id=whitelist_id).first()
        data = {
            'rules': rules,
            'projects': projects,
            'whitelist': whitelist,
        }

        return render_template('backend/whitelist/edit_whitelist.html', data=data)
Exemplo n.º 54
0
def add_new_vul():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + "/index")

    if request.method == "POST":

        vc = ValidateClass(request, "name", "description", "repair")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(tag="danger", msg=msg)

        current_time = time.strftime("%Y-%m-%d %X", time.localtime())
        vul = CobraVuls(vc.vars.name, vc.vars.description, vc.vars.repair, current_time, current_time)
        try:
            db.session.add(vul)
            db.session.commit()
            return jsonify(tag="success", msg="Add Success.")
        except:
            return jsonify(tag="danger", msg="Add failed. Please try again later.")
    else:
        return render_template("backend/vul/add_new_vul.html")
Exemplo n.º 55
0
def edit_white_list(wid):
    if request.method == 'POST':
        vc = ValidateClass(request, "project", "rule", "path", "reason",
                           "status")
        ret, msg = vc.check_args()
        if not ret:
            return jsonify(code=4001, message=msg)

        white_list = CobraWhiteList.query.filter_by(id=wid).first()
        if not white_list:
            return jsonify(code=4001, message='wrong white-list')

        white_list.project_id = vc.vars.project
        white_list.rule_id = vc.vars.rule
        white_list.path = vc.vars.path
        white_list.reason = vc.vars.reason
        white_list.status = vc.vars.status
        white_list.updated_at = datetime.datetime.now()

        try:
            db.session.add(white_list)
            db.session.commit()
            return jsonify(code=1001, message='update success.')
        except:
            return jsonify(code=4001, message='unknown error.')
    else:
        rules = CobraRules.query.all()
        projects = CobraProjects.query.all()
        white_list = CobraWhiteList.query.filter_by(id=wid).first()
        data = {
            'title': 'Edit white-list',
            'type': 'edit',
            'rules': rules,
            'projects': projects,
            'whitelist': white_list,
            'id': wid
        }
        return render_template('backend/white-list/edit.html', data=data)
Exemplo n.º 56
0
def edit_rule(rule_id):
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    if request.method == 'POST':

        vc = ValidateClass(request, "vul_type", "language", "regex", "regex_confirm", "description", "rule_id",
                           "repair", "status", "level")
        ret, msg = vc.check_args()

        if not ret:
            return jsonify(tag="danger", msg=msg)

        r = CobraRules.query.filter_by(id=rule_id).first()
        r.vul_id = vc.vars.vul_type
        r.language = vc.vars.language
        r.regex = vc.vars.regex
        r.regex_confirm = vc.vars.regex_confirm
        r.description = vc.vars.description
        r.repair = vc.vars.repair
        r.status = vc.vars.status
        r.level = vc.vars.level
        r.updated_at = time.strftime('%Y-%m-%d %X', time.localtime())
        try:
            db.session.add(r)
            db.session.commit()
            return jsonify(tag='success', msg='save success.')
        except:
            return jsonify(tag='danger', msg='save failed. Try again later?')
    else:
        r = CobraRules.query.filter_by(id=rule_id).first()
        vul_type = CobraVuls.query.all()
        languages = CobraLanguages.query.all()
        return render_template('backend/rule/edit_rule.html', data={
            'rule': r,
            'all_vuls': vul_type,
            'all_lang': languages,
        })
Exemplo n.º 57
0
def search_rules_bar():

    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    languages = CobraLanguages.query.all()
    vuls = CobraVuls.query.all()

    data = {
        'languages': languages,
        'vuls': vuls,
    }

    return render_template('backend/index/search_rules_bar.html', data=data)
Exemplo n.º 58
0
def tasks(page):
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    per_page = 10
    tasks = CobraTaskInfo.query.order_by('id desc').limit(per_page).offset((page - 1) * per_page).all()

    # replace data
    for task in tasks:
        task.scan_way = "Full Scan" if task.scan_way == 1 else "Diff Scan"
        task.report = 'http://' + config.Config('cobra', 'domain').value + '/report/' + str(task.id)
    data = {
        'tasks': tasks,
    }
    return render_template('backend/task/tasks.html', data=data)
Exemplo n.º 59
0
def rules(page):
    if not ValidateClass.check_login():
        return redirect(ADMIN_URL + '/index')

    per_page = 10
    cobra_rules = CobraRules.query.order_by('id desc').limit(per_page).offset((page - 1) * per_page).all()
    cobra_vuls = CobraVuls.query.all()
    cobra_lang = CobraLanguages.query.all()
    all_vuls = {}
    all_language = {}
    all_level = {1: 'Low', 2: 'Medium', 3: 'High'}
    for vul in cobra_vuls:
        all_vuls[vul.id] = vul.name
    for lang in cobra_lang:
        all_language[lang.id] = lang.language

    # replace id with real name
    status_desc = {1: 'ON', 0: 'OFF'}
    for rule in cobra_rules:
        try:
            rule.vul_id = all_vuls[rule.vul_id]
        except KeyError:
            rule.vul_id = 'Unknown Type'

        try:
            rule.status = status_desc[rule.status]
        except KeyError:
            rule.status = 'Unknown'

        try:
            rule.language = all_language[rule.language]
        except KeyError:
            rule.language = 'Unknown Language'

        try:
            rule.level = all_level[rule.level]
        except KeyError:
            rule.level = 'Unknown Level'

    data = {
        # 'paginate': cobra_rules,
        'rules': cobra_rules,
    }

    return render_template('backend/rule/rules.html', data=data)