Exemplo n.º 1
0
 def push(self):
     status = Config('third_party_vulnerabilities', 'status').value
     if int(status):
         v = Vulnerabilities()
         data = [{
             "name":
             "Cobra发现{0}项目一处{1}漏洞({2})".format(self.project_name,
                                               self.vuln_name,
                                               self.vuln_id),
             "time":
             self.time,
             "vuln_type":
             self.vuln_type,
             "filepath":
             self.file_path,
             "linenum":
             self.line_number,
             "code":
             "\r\n\r\n{0}".format(self.code),
             "summitid":
             v.key,
             "signid":
             self.vuln_id,
             'description':
             '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!'
         }]
         push_vulnerabilities.apply_async(data,
                                          link_error=error_handler.s(),
                                          serializer='json')
     else:
         return True
Exemplo n.º 2
0
 def push(self):
     v = Vulnerabilities()
     data = [{
         "name":
         "{0}项目{1}漏洞({2})".format(self.project_name, self.vuln_name,
                                  self.vuln_id),
         "time":
         self.time,
         "vuln_type":
         self.vuln_type,
         "filepath":
         self.file_path,
         "linenum":
         self.line_number,
         "code":
         "\r\n\r\n{0}".format(self.code),
         "summitid":
         v.key,
         "signid":
         self.vuln_id,
         'description':
         '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!'
     }]
     push_vulnerabilities.apply_async(data,
                                      link_error=error_handler.s(),
                                      serializer='json')
Exemplo n.º 3
0
 def test_push(self):
     from daemon import push_vulnerabilities, error_handler
     from utils.third_party import Vulnerabilities
     v = Vulnerabilities()
     data = [{
         "name": "Cobra发现(/path/to/mogujie)项目一处SSRF漏洞",
         "time": "2016-09-12 17:01:40",
         "vuln_type": "10000000",
         "filepath": "/path/to/test.php",
         "linenum": "123",
         "code": "\r\n\r\n$str = $_GET['test'];\r\necho $str;",
         "summitid": v.key,
         "signid": '12',
         'description': '\r\n\r\n该漏洞由Cobra(代码安全审计系统)自动发现并报告!'
     }]
     push_vulnerabilities.apply_async(data, link_error=error_handler.s(), serializer='json')
Exemplo n.º 4
0
def push_vulnerabilities(vulnerabilities_info):
    v = Vulnerabilities()
    v.add(vulnerabilities_info)
    return v.push()