def index(request):
"""
:param request:
:return:
"""
cate = request.GET.get('c', '')
keyword = request.GET.get('k', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
if cate:
sql_where['origin__id'] = int(cate)
items = HostInfo.objects.filter(**sql_where).order_by('-created_at')
paginator = Paginator(items, page_size, request=request, pre_name=u"节点")
page = paginator.page(page_num)
return render(
request, 'node/host/index.html', {
'nav': 'node',
'page': page,
'keyword': keyword,
'node_role': NODE_ROLE_TYPE,
})
def index(request):
"""
:param request:
:return:
"""
keyword = request.GET.get('k', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
if keyword:
keyword = keyword.strip()
sql_where['name__icontains'] = keyword
items = EngineInfo.objects.filter(**sql_where).order_by('-created_at')
paginator = Paginator(items, page_size, request=request, pre_name=u"引擎")
page = paginator.page(page_num)
return render(request, 'tactic/engine/index.html', {
'nav': 'tactic',
'page': page,
'keyword': keyword,
})
def index(request):
"""
:param request:
:return:
"""
state = request.GET.get('s', 'active')
keyword = request.GET.get('k', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
if state:
sql_where['state'] = state
if keyword:
keyword = keyword.strip()
sql_where['username__icontains'] = keyword
items = MemberInfo.objects.filter(**sql_where).order_by('-created_at')
paginator = Paginator(items, page_size, request=request, pre_name=u"成员")
page = paginator.page(page_num)
return render(request, 'project/member/index.html', {
'nav': 'pro',
'page': page,
'keyword': keyword,
's': state,
})
def index(request):
"""
:param request:
:return:
"""
title = request.GET.get('t', '')
level = request.GET.get('l', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {'id__gt': 1}
if title:
sql_where['name__icontains'] = title
if level:
sql_where['level'] = int(level)
items = PeriodicTask.objects.filter(**sql_where).order_by('-date_changed')
paginator = Paginator(items, page_size, request=request, pre_name=u"服务")
page = paginator.page(page_num)
return render(request, 'system/service/index.html', {
'nav': 'sys',
'page': page,
'level': level,
'title': title,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == "POST":
try:
save(request)
name = request.POST.get('name', '')
msg = urlquote(' "{0}" 服务注册成功!'.format(name))
return HttpResponseRedirect('/node/service/?msg={0}'.format(msg))
except Exception as ex:
import traceback
traceback.print_exc()
return HttpResponseRedirect('/node/service/?errmsg={0}'.format(
urlquote(str(ex))))
else:
action = request.GET.get('action', '')
if action:
items = ServiceInfo.objects.all()
services = []
for item in items:
services.append({
'name': item.name,
'key': item.key,
'role': 'ui' if item.role == 1 else 'client',
'keyword': item.process_keyword
})
response = HttpResponse(json.dumps(services, indent=2),
content_type='application/json')
response[
'Content-Disposition'] = 'attachment; filename="services.json"'
response.write(codecs.BOM_UTF8)
return response
else:
keyword = request.GET.get('k', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
if keyword:
sql_where['name__icontains'] = keyword.strip()
items = ServiceInfo.objects.filter(
**sql_where).order_by('-created_at')
paginator = Paginator(items,
page_size,
request=request,
pre_name=u"服务")
page = paginator.page(page_num)
return render(
request, 'node/service/index.html', {
'nav': 'node',
'page': page,
'keyword': keyword,
'engines': get_all_engine(),
'node_role': NODE_ROLE_TYPE,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == 'POST':
name = request.POST.get('name', '')
email = request.POST.get('email', '')
password1 = request.POST.get('password1', '')
password2 = request.POST.get('password2', '')
is_active = parse_bool(request.POST.get('active', ''))
if not all((name, email, password1, password2)):
raise Exception("缺少关键字。")
if password1.strip() == password2.strip():
user_obj = User(
username=name.strip(),
passord=password1.strip(),
email=email.strip(),
is_active=is_active,
)
user_obj.save()
return HttpResponseRedirect("/sys/account/")
else:
status = request.GET.get('s', '')
user_name = request.GET.get('u', '')
group_id = request.GET.get('g', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 15), 15)
groups = Group.objects.all().order_by('-id')
sql_where = {}
if status:
sql_where['is_active'] = True if int(status) == 1 else False
if user_name:
sql_where['username__icontains'] = user_name
if group_id:
group_obj = Group.objects.get(id=int(group_id))
paginator = Paginator(group_obj.user_set.filter(**sql_where), page_size, request=request, pre_name=u"账户")
page = paginator.page(page_num)
else:
items = User.objects.filter(**sql_where)
paginator = Paginator(items, page_size, request=request, pre_name=u"账户")
page = paginator.page(page_num)
return render(request, 'system/account/index.html', {
'nav': 'sys',
'page': page,
'status': status,
'user_name': user_name,
'groups': groups,
'group': group_id,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == 'POST':
try:
name = request.POST.get('name')
if not name:
raise Exception('分组名称不能为空!')
if get_group_by_name(name=name.strip()):
raise Exception('分组已存在!')
group_type = parse_int(request.POST.get('type'), 1)
key = pinyin.get(name, format='strip', delimiter="")
create_group_obj(name=name,
description=request.POST.get('description'),
web_url=request.POST.get('url'),
path=key,
full_path=key,
type=group_type,
user=request.user)
return HttpResponseRedirect('/project/group/?msg={0}'.format(
urlquote('创建分组成功!')))
except Exception as ex:
return HttpResponseRedirect('/project/group/?errmsg={0}'.format(
urlquote(str(ex))))
else:
keyword = request.GET.get('k', '')
at = request.GET.get('a', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
if keyword:
sql_where['name__icontains'] = keyword.strip()
if at:
sql_where['type'] = int(at)
items = GroupInfo.objects.filter(**sql_where).order_by('-created_at')
paginator = Paginator(items,
page_size,
request=request,
pre_name=u"项目组")
page = paginator.page(page_num)
return render(
request, 'project/group/index.html', {
'nav': 'pro',
'page': page,
'app_type': APP_TYPE,
'keyword': keyword,
'at': at,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == 'POST':
try:
lang_obj = None
action = request.POST.get('action', None)
if action == 'del':
ids = request.POST.get('ids', None)
LanguageInfo.objects.filter(
id__in=[_ for _ in ids.split(',') if _]).delete()
return HttpResponseRedirect('/sys/lang/')
else:
name = request.POST.get('name', None)
key = request.POST.get('key', None)
if not name:
raise Exception('语言名称不能为空!')
if key:
lang_obj = get_lang_by_key(key=key)
if name:
lang_obj = get_lang_by_name(name=name)
if lang_obj:
raise Exception('开发语言已存在!')
create_lang_obj(name=name, key=key)
return HttpResponseRedirect('/sys/lang/?msg={0}'.format(
urlquote('添加成功!')))
except Exception as ex:
return HttpResponseRedirect('/sys/lang/?errmsg={0}'.format(
urlquote(ex)))
else:
keyword = request.GET.get('k', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
if keyword:
sql_where['name__icontains'] = keyword.strip()
items = LanguageInfo.objects.filter(
**sql_where).order_by('-created_at')
paginator = Paginator(items,
page_size,
request=request,
pre_name=u"语言")
page = paginator.page(page_num)
return render(request, 'system/lang/index.html', {
'nav': 'sys',
'page': page,
'keyword': keyword,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == 'POST':
try:
action = request.POST.get('action')
if action == 'del':
ids = request.POST.get('ids')
# TODO 检查待删除的分类是否有漏洞
VulnCategoryInfo.objects.filter(id__in=[_ for _ in ids.split(',') if _]).delete()
return HttpResponseRedirect('/tactic/kb/cate/')
else:
name = request.POST.get('name')
key = request.POST.get('key')
tag = request.POST.get('tag')
parent = request.POST.get('parent')
if not name:
raise Exception('分类名称不能为空!')
if get_cate_obj_by_name(name=name.strip()):
raise Exception('分类已存在!')
create_cate_obj(
name=name,
parent=parent,
key=key,
tag=tag,
)
return HttpResponseRedirect('/tactic/kb/cate/?msg={0}'.format(u'创建漏洞分类成功!'))
except Exception as ex:
return HttpResponseRedirect('/tactic/kb/cate/?errmsg={0}'.format(ex))
else:
keyword = request.GET.get('k', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {
'parent__isnull': True
}
if keyword:
sql_where['name__icontains'] = keyword.strip()
parent_list = VulnCategoryInfo.objects.filter(parent__isnull=True)
items = VulnCategoryInfo.objects.filter(**sql_where).order_by('-created_at')
paginator = Paginator(items, page_size, request=request, pre_name=u"漏洞分类")
page = paginator.page(page_num)
return render(request, 'tactic/kb/cate/index.html', {
'nav': 'tactic',
'page': page,
'keyword': keyword,
'parent_list': parent_list,
})
def origin_index(request):
"""
:param request:
:return:
"""
if request.method == 'POST':
try:
action = request.POST.get('action')
if action == 'del':
# TODO 检测来源是否有在使用
ids = request.POST.get('ids')
TagInfo.objects.filter(parent__id=1, id__in=[_ for _ in ids.split(',') if _]).delete()
return HttpResponseRedirect("/tactic/kb/origin/")
if action == 'update':
id = request.POST.get('id')
name = request.POST.get('name')
update_tag_obj(
tag_id=id,
name=name
)
return JsonResponse({"status": "ok"}, safe=True)
else:
name = request.POST.get('name')
if not name:
raise Exception('来源名称不能为空!')
if get_tag_obj_by_name(name=name.strip()):
raise Exception('来源已存在!')
cate_obj = get_tag_obj_by_id(tag_id=1)
create_tag_obj(name=name, parent=cate_obj)
return HttpResponseRedirect('/tactic/kb/origin/?msg={0}'.format(u'创建漏洞来源成功!'))
except Exception as ex:
return HttpResponseRedirect('/tactic/kb/origin/?errmsg={0}'.format(ex))
else:
keyword = request.GET.get('k', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {
'parent__id': 1
}
if keyword:
sql_where['name__icontains'] = keyword.strip()
items = TagInfo.objects.filter(**sql_where).order_by('-created_at')
paginator = Paginator(items, page_size, request=request, pre_name=u"来源")
page = paginator.page(page_num)
return render(request, 'tactic/kb/origin/index.html', {
'nav': 'tactic',
'page': page,
'keyword': keyword,
})
def index(request):
"""
:param request:
:return:
"""
pro_id = request.GET.get('pro', '')
app_id = request.GET.get('a', '')
keyword = request.GET.get('k', '')
archive = request.GET.get('archive', '')
dork_query = get_dork_query(keyword)
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {'is_archive': False}
project_obj = None
app_obj = None
if pro_id:
sql_where['app__project__id'] = int(pro_id)
project_obj = get_project_by_id(pro_id)
if app_id:
sql_where['app__id'] = int(app_id)
app_obj = get_app_by_id(app_id)
if keyword:
if dork_query['data']:
for q, k in dork_query['data'].items():
if q == 'name':
sql_where['name'] = k
elif q == 'group':
sql_where['group_id'] = k
elif q == 'origin':
sql_where['file_name__icontains'] = k
else:
keyword = keyword.strip()
sql_where['name__icontains'] = keyword
if archive == '1':
sql_where['is_archive'] = True
items = DependentInfo.objects.filter(**sql_where).order_by('-created_at')
paginator = Paginator(items, page_size, request=request, pre_name=u"组件")
page = paginator.page(page_num)
return render(
request, 'project/component/index.html', {
'nav': 'pro',
'page': page,
'keyword': keyword,
'project_obj': project_obj,
'app_obj': app_obj,
'archive': archive,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == 'POST':
create_project(request)
return HttpResponseRedirect('/project/')
else:
lang = request.GET.get('l', '')
group_id = request.GET.get('g', '')
project_id = request.GET.get('_p', '')
status = request.GET.get('s', '')
archive = request.GET.get('archive', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
group_obj = None
project_obj = None
sql_where = {
'is_archive': False
}
if lang:
sql_where['lang'] = lang
if group_id:
group_obj = get_group_by_id(group_id=group_id)
sql_where['group__id'] = int(group_id)
if project_id:
project_obj = get_project_by_id(project_id=project_id)
sql_where['id'] = int(project_id)
if status:
status = int(status)
sql_where['type'] = status
if archive == '1':
sql_where['is_archive'] = True
items = ProjectInfo.objects.filter(**sql_where).order_by('-updated_at')
paginator = Paginator(items, page_size, request=request, pre_name=u"项目")
page = paginator.page(page_num)
return render(request, 'project/item/index.html', {
'nav': 'pro',
'page': page,
'lang': lang,
'group_obj': group_obj,
'project_obj': project_obj,
'project_type': PROJECT_TYPE,
's': status,
'archive': archive,
})
def index(request):
"""
:param request:
:return:
"""
name = request.GET.get('n', '')
level = request.GET.get('l', '')
grade = request.GET.get('g', '')
status = request.GET.get('s', '1')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
if name:
sql_where['name__icontains'] = name
if level:
sql_where['department__level'] = int(level)
if status:
sql_where['status'] = int(status)
if grade:
if grade == '-':
sql_where['grade_level'] = ""
else:
sql_where['grade_level'] = grade
items = '' #EmployeeInfo.objects.filter(**sql_where).order_by('-modified_on')
paginator = Paginator(items, page_size, request=request, pre_name=u"员工")
page = paginator.page(page_num)
return render(request, 'system/node/index.html', {
'nav': 'sys',
'page': page,
'level': level,
'name': name,
'status': status,
'grade': grade,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == "POST":
try:
action = request.POST.get('action', '')
if action == 'del':
ids = request.POST.get('ids', '')
if action and 'del' == action:
profile_list = [_ for _ in ids.split(',') if _]
for item in profile_list:
delete_profile(profile_id=item)
return JsonResponse({'status': 'ok'}, safe=False)
else:
result = save(request)
name = request.POST.get('name', '')
if result == 1:
msg = urlquote('修改 "{0}" 模板成功!'.format(name))
else:
msg = urlquote('创建 "{0}" 模板成功!'.format(name))
return HttpResponseRedirect('/scan/template/?msg={0}'.format(msg))
except Exception as ex:
import traceback;traceback.print_exc()
return HttpResponseRedirect('/scan/template/?errmsg={0}'.format(urlquote(str(ex))))
else:
keyword = request.GET.get('k', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
if keyword:
keyword = keyword.strip()
sql_where['name__icontains'] = keyword
items = ScanProfileInfo.objects.filter(**sql_where).order_by('-created_at')
paginator = Paginator(items, page_size, request=request, pre_name=u"扫描模板")
page = paginator.page(page_num)
return render(request, 'scan/template/index.html', {
'nav': 'scan',
'page': page,
'keyword': keyword,
'engines': get_all_engine,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == 'POST':
try:
show(request)
return HttpResponseRedirect('/tactic/kb/?msg={0}'.format(
urlquote('添加漏洞成功!')))
except Exception as ex:
return HttpResponseRedirect('/tactic/kb/?errmsg={0}'.format(
urlquote(str(ex))))
else:
cate = request.GET.get('c', '')
keyword = request.GET.get('k', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
cate_list = VulnCategoryInfo.objects.filter(parent__isnull=True)
origin_list = get_origin_all_list()
sql_where = {}
if cate:
sql_where['origin__id'] = int(cate)
items = VulnInfo.objects.filter(**sql_where).order_by("-created_at")
paginator = Paginator(items,
page_size,
request=request,
pre_name=u"漏洞")
page = paginator.page(page_num)
return render(
request, 'tactic/kb/index.html', {
'nav': 'tactic',
'page': page,
'keyword': keyword,
'cate_list': cate_list,
'origin_list': origin_list,
'risk_list': RISK_TYPE,
})
def index(request):
"""
:param request:
:return:
"""
level = request.GET.get('l', '')
read = request.GET.get('r', '')
keyword = request.GET.get('k', '')
object_id = request.GET.get('o', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 15), 15)
modules = [] #ContentType.objects.filter(id__in=[1,2,3,4,5,6,7,8,9,11,12])
sql_where = {}
if object_id:
sql_where['object_id'] = object_id.strip()
if keyword:
keyword = keyword.strip()
sql_where['title__icontains'] = keyword
if level:
sql_where['level'] = int(level)
if read == '2':
sql_where['is_read'] = False
elif read == '1':
sql_where['is_read'] = True
items = SyslogInfo.objects.filter(**sql_where).order_by('-created_at')
paginator = Paginator(items, page_size, request=request, pre_name=u"日志")
page = paginator.page(page_num)
return render(
request, 'system/syslog/index.html', {
'nav': 'sys',
'page': page,
'k': keyword,
'l': level,
'r': read,
'obj_str': object_id,
'levels': SYSLOG_LEVEL,
'modules': modules,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == "POST":
# make upgrade package
action = request.POST.get('action', '')
if action == 'release':
description = request.POST.get('description', '')
create_package_obj(description=description)
elif action == 'archive':
archive(request)
return HttpResponseRedirect('/node/upgrade/')
else:
keyword = request.GET.get('k', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
if keyword:
sql_where['name__icontains'] = keyword.strip()
items = UpgradePackageInfo.objects.filter(
**sql_where).order_by('-created_at')
paginator = Paginator(items,
page_size,
request=request,
pre_name=u"升级包")
page = paginator.page(page_num)
return render(
request, 'node/upgrade/index.html', {
'nav': 'node',
'page': page,
'keyword': keyword,
'engines': get_all_engine(),
'node_role': NODE_ROLE_TYPE,
'version': get_current_client_version,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == 'POST':
save(request)
return HttpResponseRedirect("/sys/account/perm/")
else:
name = request.GET.get('n', '')
module = request.GET.get('m', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 15), 15)
modules = ContentType.objects.all()
sql_where = {}
if name:
sql_where['name__icontains'] = name
if module:
sql_where['content_type__id'] = int(module)
items = Permission.objects.filter(
**sql_where).order_by('-id').order_by('-content_type__model')
paginator = Paginator(items,
page_size,
request=request,
pre_name=u"权限")
page = paginator.page(page_num)
return render(
request, 'system/account/perm/index.html', {
'nav': 'sys',
'page': page,
'modules': modules,
'name': name,
'module': module,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == "POST":
try:
save(request)
return HttpResponseRedirect('/scan/group/?msg={0}'.format(urlquote('创建任务成功!')))
except Exception as ex:
import traceback;
traceback.print_exc()
return HttpResponseRedirect('/scan/group/?errmsg={0}'.format(urlquote(str(ex))))
else:
keyword = request.GET.get('k', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
if keyword:
sql_where['name__icontains'] = keyword.strip()
items = TaskGroupInfo.objects.filter(**sql_where).order_by('-created_at')
paginator = Paginator(items, page_size, request=request, pre_name=u"分组")
page = paginator.page(page_num)
return render(request, 'scan/group/index.html', {
'nav': 'scan',
'page': page,
'keyword': keyword,
'template_list': get_profile_all(),
'sched_list': get_sched_all(),
'group_type_list': TASK_GROUP_TYPE,
'task_group_list': TASK_GROUP_TYPE,
})
def member_index(request, group_id):
"""
:param request:
:param group_id:
:return:
"""
if request.method == 'POST':
name = request.POST.get('name', '')
print(name)
user = User.objects.get_by_natural_key(name)
group = get_group_obj(group_id=int(group_id))
if group:
user.groups.add(group)
delete_user_per_cache(user_id=user.id)
cache.set('permission_settings', None, 0)
return HttpResponseRedirect("/sys/group/member/{0}".format(group_id))
else:
group = get_group_obj(group_id=group_id)
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 15), 15)
items = group.user_set.all()
paginator = Paginator(items,
page_size,
request=request,
pre_name=u"用户")
page = paginator.page(page_num)
return render(request, 'system/account/group/member.html', {
'nav': 'sys',
'page': page,
'group': group,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == 'POST':
save(request)
return HttpResponseRedirect('/sys/group/')
else:
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 15), 15)
modules = get_permissions_by_all_module()
items = Group.objects.all()
paginator = Paginator(items,
page_size,
request=request,
pre_name=u"用户组")
page = paginator.page(page_num)
return render(request, 'system/account/group/index.html', {
'nav': 'sys',
'page': page,
'modules': modules,
})
def create_profile_obj(**kwargs):
"""
:param kwargs:
:return:
"""
host_obj = kwargs.get('host_obj', None)
name = kwargs.get('name', None)
description = kwargs.get('description', '')
exclude_dir = kwargs.get('exclude_dir', '')
exclude_ext = kwargs.get('exclude_ext', '')
exclude_file = kwargs.get('exclude_file', '')
exclude_java_package = kwargs.get('exclude_java_package', '')
config = kwargs.get('config', '')
enable_commit_issue = parse_bool(kwargs.get('enable_commit_issue', False))
enable_auto_ignore = parse_bool(kwargs.get('enable_auto_ignore', False))
task_timeout = parse_int(kwargs.get('task_timeout', 60 * 60 * 2))
if not all((name, )):
raise ParameterIsEmptyException(u'"name" parameters cannot be empty !')
if name and len(name) > 32:
name = name[:32]
close_old_connections()
profile = ScanProfileInfo(
host=host_obj,
name=name,
description=description,
exclude_dir=exclude_dir,
exclude_ext=exclude_ext,
exclude_file=exclude_file,
exclude_java_package=exclude_java_package,
config=config,
enable_commit_issue=enable_commit_issue,
enable_auto_ignore=enable_auto_ignore,
task_timeout=task_timeout,
)
profile.save()
update_client_minor_version(action=1,
module=3,
description='添加“{0}”扫描模板'.format(name))
return profile
def index(request, template_id):
"""
:param request:
:param template_id:
:return:
"""
model = ScanProfileInfo.objects.filter(id=template_id).first()
if request.method == "POST":
save(request, model)
return HttpResponseRedirect(
'/scan/template/{0}/tactics/'.format(template_id))
else:
risk = request.GET.get('r', '')
nature_type = request.GET.get('n', '')
engine = request.GET.get('e', '')
cate = request.GET.get('c', '')
keyword = request.GET.get('k', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
if risk:
sql_where['risk'] = int(risk)
if engine:
sql_where['engine__id'] = int(engine)
else:
if model.engines.all():
sql_where['engine__id__in'] = [
_.id for _ in model.engines.all()
]
if cate:
sql_where['type'] = int(cate)
if nature_type:
sql_where['nature_type'] = nature_type
if keyword:
sql_where['name__icontains'] = keyword.strip()
items = TacticInfo.objects.filter(**sql_where).order_by("-created_at")
engine_ids = get_all_customize_engine()
paginator = Paginator(items,
page_size,
request=request,
pre_name=u"扫描策略")
page = paginator.page(page_num)
return render(
request, 'scan/template/items/index.html', {
'nav':
'scan',
'page':
page,
'keyword':
keyword,
'e':
engine,
'c':
cate,
'r':
risk,
'n':
nature_type,
'model':
model,
'risk_list':
RISK_TYPE,
'tactics':
TACTIC_TYPE,
'rule_list':
TacticInfo.objects.filter(
engine__id__in=[_.id for _ in engine_ids]),
})
def index(request, task_id=None):
"""
:param request:
:param task_id:
:return:
"""
app_id = strip(request.GET.get('app', ''))
e = strip(request.GET.get('e', ''))
cate = strip(request.GET.get('c', ''))
risk = strip(request.GET.get('r', ''))
done = strip(request.GET.get('d', ''))
keyword = request.GET.get('k', '')
a = request.GET.get('a', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
app_obj = None
if task_id:
task = get_task_by_id(task_id)
if task:
app_obj = get_app_by_id(task.app.id)
sql_where['app__id'] = task.app.id
if app_id:
app_obj = get_app_by_id(app_id)
sql_where['app__id'] = app_id
if e:
sql_where['tactic__engine__id'] = int(e)
if risk:
sql_where['tactic__risk'] = risk
if cate:
sql_where['tactic__type'] = int(cate)
if keyword:
keyword = keyword.strip()
sql_where['title__icontains'] = keyword
if a:
if a == '1':
sql_where['is_send_alarm'] = True
elif a == '2':
sql_where['scm_url__isnull'] = False
if done:
if done == '1':
sql_where['status__in'] = [2, 3, 4, 5]
elif done == '2':
sql_where['status'] = 1
elif done == '3':
sql_where['is_false_positive'] = True
items = IssueInfo.objects.filter(**sql_where).order_by("-updated_at")
paginator = Paginator(items, page_size, request=request, pre_name=u"问题")
page = paginator.page(page_num)
return render(
request, 'scan/issue/index.html', {
'nav': 'scan',
'page': page,
'e': e,
'c': cate,
'r': risk,
'd': done,
'alarm': a,
'app_obj': app_obj,
'keyword': keyword,
'issues_type': TACTIC_TYPE,
'risk_list': RISK_TYPE,
'engine_list': get_all_engine(),
'issues_status': ISSUE_STATUS,
})
def update_profile_obj(**kwargs):
"""
获取资产
:param kwargs:
:return:
"""
profile_id = kwargs.get('profile_id', None)
host_obj = kwargs.get('host_obj', None)
name = kwargs.get('name', None)
description = kwargs.get('description', '')
exclude_dir = kwargs.get('exclude_dir', '')
exclude_ext = kwargs.get('exclude_ext', '')
exclude_file = kwargs.get('exclude_file', '')
exclude_java_package = kwargs.get('exclude_java_package', '')
config = kwargs.get('config', None)
enable_commit_issue = parse_bool(kwargs.get('enable_commit_issue', None))
enable_auto_ignore = parse_bool(kwargs.get('enable_auto_ignore', None))
task_timeout = parse_int(kwargs.get('task_timeout', 60 * 60 * 2))
try:
sql_where = {}
if profile_id:
sql_where['id'] = int(profile_id)
if not sql_where:
raise QueryConditionIsEmptyException(
u'Missing "profile_id" key parameters!')
item = ScanProfileInfo.objects.get(**sql_where)
if item:
item.enable_commit_issue = enable_commit_issue
item.enable_auto_ignore = enable_auto_ignore
if host_obj:
item.host = host_obj
if name:
item.name = name
item.description = description
item.exclude_dir = exclude_dir
item.exclude_ext = exclude_ext
item.exclude_file = exclude_file
item.exclude_java_package = exclude_java_package
item.task_timeout = task_timeout
if config:
item.config = config
item.revision = round(item.revision + 0.1, 2)
cache.set('{0}:{1}'.format(SCAN_PROFILE_CACHE[1], item.id), None,
0)
cache.set('{0}:{1}'.format(SCAN_PROFILE_CACHE[2], item.id), None,
0)
cache.set('{0}:{1}'.format(SCAN_PROFILE_CACHE[3], item.id), None,
0)
cache.set('{0}:{1}'.format(SCAN_PROFILE_CACHE[4], item.id), None,
0)
cache.set('{0}'.format(SCAN_PROFILE_CACHE[5]), None, 0)
update_client_revision_version(action=3,
module=3,
description='修改“{0}”扫描模板内容'.format(
item.name))
item.save()
return item
except ScanProfileInfo.DoesNotExist as ex:
logger.warn(ex)
return None
def index(request):
"""
:param request:
:return:
"""
if request.method == 'POST':
try:
save(request)
name = request.POST.get('name', None)
return HttpResponseRedirect('/project/app/?msg={0}'.format(urlquote('创建"{0}"应用成功!'.format(name))))
except Exception as ex:
import traceback;traceback.print_exc()
return HttpResponseRedirect('/project/app/?errmsg={0}'.format(urlquote(str(ex))))
else:
group_id = request.GET.get('g', '')
project_id = request.GET.get('pro', '')
risk = request.GET.get('r', '')
archive = request.GET.get('archive', '')
form_dt = request.GET.get('dt', '')
group_obj = None
project_obj = None
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {
'is_archive': False
}
if archive == '1':
sql_where['is_archive'] = True
if group_id:
group_obj = get_group_by_id(group_id=group_id)
sql_where['project__group__id'] = int(group_id)
if project_id:
project_obj = get_project_by_id(project_id=project_id)
sql_where['project__id'] = int(project_id)
if risk:
if risk == '1':
sql_where['risk_scope__gt'] = 300
elif risk == '2':
sql_where['risk_scope__gt'] = 200
sql_where['risk_scope__lte'] = 300
elif risk == '3':
sql_where['risk_scope__lte'] = 200
elif risk == '4':
sql_where['status'] = 1
elif risk == '5':
sql_where['status__in'] = [2, 3]
if form_dt:
try:
start_date, end_date = form_dt.split(" - ")
sql_where['last_scan_time__gte'] = '{0} 00:00:00'.format(start_date)
sql_where['last_scan_time__lte'] = '{0} 23:59:59'.format(end_date)
except:
pass
items = ApplicationInfo.objects.filter(**sql_where).order_by('-last_scan_time')
paginator = Paginator(items, page_size, request=request, pre_name=u"应用")
page = paginator.page(page_num)
return render(request, 'project/app/index.html', {
'nav': 'pro',
'page': page,
'form_dt': form_dt,
'group_obj': group_obj,
'project_obj': project_obj,
'archive': archive,
'r': risk,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == 'POST':
try:
save(request)
return HttpResponseRedirect('/scan/task/?msg={0}'.format(
urlquote('下发扫描任务成功!')))
except Exception as ex:
import traceback
traceback.print_exc()
return HttpResponseRedirect('/scan/task/?errmsg={0}'.format(
urlquote(str(ex))))
else:
group = request.GET.get('g', '')
status = request.GET.get('s', '')
app = request.GET.get('a', '')
keyword = request.GET.get('k', '')
form_dt = request.GET.get('dt', '')
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
if status:
sql_where['status'] = int(status)
if app:
sql_where['app__id'] = int(app)
app = get_app_by_id(app)
if group:
group = TaskGroupInfo.objects.filter(id=group).first()
if form_dt:
try:
start_date, end_date = form_dt.split(" - ")
sql_where['start_time__gte'] = '{0} 00:00:00'.format(
start_date)
sql_where['start_time__lte'] = '{0} 23:59:59'.format(end_date)
except:
pass
items = TaskInfo.objects.filter(**sql_where).order_by('-created_at')
paginator = Paginator(items,
page_size,
request=request,
pre_name=u"任务")
page = paginator.page(page_num)
return render(
request, 'scan/task/index.html', {
'nav': 'scan',
'page': page,
's': status,
'group': group,
'app': app,
'keyword': keyword,
'form_dt': form_dt,
'scan_status': SCAN_STATUS,
'template_list': get_profile_all(),
'sched_list': get_sched_all(),
'group_type_list': TASK_GROUP_TYPE,
})
def index(request):
"""
:param request:
:return:
"""
if request.method == "POST":
try:
tactic_id = request.POST.get('tactic_id', None)
if tactic_id:
msg = '修改策略规则成功!'
else:
msg = '添加策略规则成功!'
save(request)
return HttpResponseRedirect('/tactic/rule/?msg={0}'.format(
urlquote(msg)))
except (Exception, QueryConditionIsEmptyException,
ParameterIsEmptyException) as ex:
import traceback
traceback.print_exc() # FIXME syslog
return HttpResponseRedirect('/tactic/rule/?errmsg={0}'.format(
urlquote(str(ex))))
else:
t = strip(request.GET.get('t', ''))
e = strip(request.GET.get('e', ''))
n = strip(request.GET.get('n', ''))
r = strip(request.GET.get('r', ''))
lang = strip(request.GET.get('l', ''))
keyword = strip(request.GET.get('k', ''))
a = strip(request.GET.get('a', ''))
kb = strip(request.GET.get('kb', ''))
page_num = parse_int(request.GET.get('p', 1), 1)
page_size = parse_int(request.GET.get('ps', 20), 20)
sql_where = {}
if n:
sql_where['nature_type'] = parse_int(n, 0)
if t:
sql_where['type'] = parse_int(t, 0)
if r:
sql_where['risk'] = parse_int(r, 0)
if e:
sql_where['engine__id'] = int(e)
if keyword:
sql_where['name__icontains'] = keyword
if lang:
sql_where['lang__id'] = int(lang)
if a:
if a == '1':
sql_where['alarm_enable'] = True
else:
sql_where['alarm_enable'] = False
if kb:
if kb == '1':
sql_where['vuln__isnull'] = False
else:
sql_where['vuln__isnull'] = True
items = TacticInfo.objects.filter(**sql_where).order_by('-updated_at')
paginator = Paginator(items,
page_size,
request=request,
pre_name=u"规则")
page = paginator.page(page_num)
return render(
request, 'tactic/rule/index.html', {
'nav': 'tactic',
'page': page,
't': t,
'r': r,
'n': n,
'a': a,
'e': e,
'kb': kb,
'l': lang,
'keyword': keyword,
'risk_list': RISK_TYPE,
'tactic_type_list': TACTIC_TYPE,
'match_list': TACTIC_MATCH_TYPE,
'engine_list': get_all_engine(),
'component_match_list': COMPONENT_MATCH_TYPE,
'lang_list': get_lang_all(),
})
