def zap_stop(request, ip, port):
if login_check.is_logged_in(request):
if check_user(request, port):
if request.method == "POST":
servers = ZAPServer.objects.filter(ip=ip, enabled=True)
if servers:
response = client.stop_zap_instance(ip, port)
if response['status']:
try:
instance = ZAPInstance.objects.get(
port=port, enabled=True, server=servers[0])
instance.enabled = False
instance.save()
return JsonResponse(response)
except:
return JsonResponse(
{
"message":
"No such instance found. Please check."
}, 400)
else:
return JsonResponse(
{
"message":
"No such instance found. Please check."
}, 400)
else:
return JsonResponse(
{"message": "No such server found. Please check."},
400)
else:
return JsonResponse({"message": "Access Denied"}, 401)
else:
return JsonResponse({"message": "Access Denied"}, 401)
def login(request):
try:
login_type = settings.LOGIN_METHOD
except:
login_type = "LOCAL"
if login_check.is_logged_in(request):
return HttpResponseRedirect(reverse("web:landing"))
return render(request, 'login.html', {"login_type": login_type.upper()})
def zap_scan_list(request):
port = request.GET.get("port", None)
ip = request.GET.get("ip", None)
if login_check.is_logged_in(request):
if check_user(request, port):
if port and ip:
zap = ZAPv2(
proxies={
'http': 'http://%s:%s' % (ip, port),
'https': 'http://%s:%s' % (ip, port)
})
try:
instance = ZAPInstance.objects.get(server__ip=ip,
port=port,
enabled=True)
scans = zap.ascan.scans
for i, scan in enumerate(scans):
try:
zapscan = ZAPScan.objects.get(
instance=instance,
scanId=scan['id'],
user=request.session['login_username'])
url = zapscan.url
except:
url = "ERROR"
scan['url'] = url
scans[i] = scan
return JsonResponse(scans)
except Exception as e:
return JsonResponse(
{"message": "No such instance found. Please check."},
400)
else:
return JsonResponse(
{"message": "Invalid parameters recieved."}, 400)
else:
return JsonResponse({"message": "Access Denied"}, 401)
else:
return JsonResponse({"message": "Access Denied"}, 401)
def zap_get_logs(request, ip, port):
if login_check.is_logged_in(request):
if check_user(request, port):
request.session['login_username']
zap = ZAPv2(
proxies={
'http': 'http://%s:%s' % (ip, port),
'https': 'http://%s:%s' % (ip, port)
})
zap_urls = zap.search.urls_by_url_regex(".*")
zap_o_data = requests.get(
'http://%s:%s/JSON/search/view/messagesByUrlRegex/?zapapiformat=JSON®ex=.*&baseurl=&start=&count='
% (ip, port))
zap_o_data = json.loads(
zap_o_data.content,
object_pairs_hook=OrderedDict)['messagesByUrlRegex']
data = {}
for url in zap_urls:
if not url['url'] in data:
data[url['url']] = {}
data[url['url']]['id'] = url['id']
data[url['url']]['method'] = url['method']
if url['method'] == "POST":
for z_data in zap_o_data:
if z_data['id'] == url['id']:
if isinstance(z_data['requestBody'], basestring):
data[
url['url']]['data'] = z_data['requestBody']
else:
data[url['url']]['data'] = "%s" % json.dumps(
z_data['requestBody'])
else:
data[url['url']]['data'] = ""
return JsonResponse(data)
else:
return JsonResponse({"message": "Access Denied"}, 401)
else:
return JsonResponse({"message": "Access Denied"}, 401)
def home(request, zap_index):
if not login_check.is_logged_in(request):
return HttpResponseRedirect(reverse("web:login"))
username = request.session['login_username']
instances = list_active_zap(username)
all_instances = instances
zap_instances = []
if instances:
zap_index = int(zap_index)
if not settings.ZAP_MULTIPLE_ALLOWED and not zap_index == 0:
return HttpResponseRedirect(reverse("web:home", kwargs={'zap_index': 0}))
try:
instances = instances[zap_index]
except:
return HttpResponseRedirect(reverse("web:home", kwargs={'zap_index': 0}))
if not settings.ZAP_MULTIPLE_ALLOWED:
zap_instances = [instances]
else:
zap_instances = all_instances[:settings.ZAP_MULTIPLE_MAX_COUNT]
return render(request, 'home.html', {"username": username, "instances": instances, "ZAP_MULTIPLE_ALLOWED": settings.ZAP_MULTIPLE_ALLOWED, "zap_instances": zap_instances, "ZAP_MULTIPLE_MAX_COUNT": settings.ZAP_MULTIPLE_MAX_COUNT})
def landing(request):
if not login_check.is_logged_in(request):
return HttpResponseRedirect(reverse("web:login"))
return HttpResponseRedirect(reverse("web:home", kwargs={'zap_index': 0}))
def zap_start(request):
if request.method == "POST":
if not login_check.is_logged_in(request):
return JsonResponse({"message": "Please login first."}, 403)
else:
user = request.session['login_username']
servers = ZAPServer.objects.filter(enabled=True)
instances = ZAPInstance.objects.filter(enabled=True, user=user)
if settings.ZAP_MULTIPLE_ALLOWED and len(
instances) >= settings.ZAP_MULTIPLE_MAX_COUNT:
return JsonResponse(
{
"message":
"You cannot start more ZAP Instances. Threshold exceeded."
}, 403)
elif not settings.ZAP_MULTIPLE_ALLOWED and len(instances) >= 1:
return JsonResponse(
{
"message":
"You cannot start more ZAP Instances. Multiple ZAP not allowed."
}, 403)
else:
if servers:
valid_servers = []
max_mem = 0
best_server = None
for server in servers:
stats = client.get_server_stats(server.ip)
if stats[
'free'] >= settings.ZAP_SERVER_MIN_FREE_MEMORY_THRESHOLD:
valid_servers.append({
"server": server,
"stats": stats
})
if valid_servers:
for server in valid_servers:
if server['stats']['percentage'] > max_mem:
max_mem = server['stats']['percentage']
best_server = server['server']
if best_server:
port, api_key, pid = client.start_zap_instance(
best_server.ip)
instance_name = request.POST.get("name", None)
if not instance_name:
haikunator = Haikunator()
instance_name = haikunator.haikunate(
token_length=0, delimiter=' ').title()
instance = ZAPInstance()
instance.server = best_server
instance.port = port
instance.api_key = api_key
instance.user = user
instance.name = instance_name
instance.session = request.session['session_id']
instance.pid = pid
instance.save()
zap = ZAPv2(
proxies={
'http':
'http://%s:%s' % (best_server.ip, port),
'https':
'http://%s:%s' % (best_server.ip, port)
})
zap.ascan.set_option_max_scans_in_ui(
600, apikey=api_key)
zap.ascan.set_option_thread_per_host(
5, apikey=api_key)
zap.core.set_option_timeout_in_secs(180,
apikey=api_key)
return JsonResponse({
"message": "ZAP Started",
"server": best_server.ip,
"port": port,
"name": instance_name
})
else:
return JsonResponse(
{
"message":
"All available servers are below defined Minimum Free Memory Threshold"
}, 503)
else:
return JsonResponse(
{
"message":
"No servers running. Please register servers first."
}, 503)