def add_to_recent_scan(name, md5, url, request):
"""Add Entry to Database under Recent Scan."""
user = get_user_by_token(request)
if not user:
# 未登录跳转到登陆页面
return HttpResponseRedirect('login/')
try:
# 增加用户id判断
db_obj = RecentScansDB.objects.filter(MD5=md5, USER_ID=user.id)
if not db_obj.exists():
db_obj = RecentScansDB.objects.filter(MD5=md5)
if len(db_obj) > 0:
db_obj = db_obj[0]
new_db_obj = RecentScansDB(APP_NAME=db_obj.APP_NAME, PACKAGE_NAME=db_obj.PACKAGE_NAME,
VERSION_NAME=db_obj.VERSION_NAME,
FILE_NAME=name, MD5=md5, URL=url,
TIMESTAMP=timezone.now() + timedelta(hours=8),
USER_ID=user.id)
else:
new_db_obj = RecentScansDB(
FILE_NAME=name, MD5=md5, URL=url,
TIMESTAMP=timezone.now() + timedelta(hours=8),
USER_ID=user.id)
new_db_obj.save()
except Exception:
logger.exception('Adding Scan URL to Database')
def post(self, request):
user = get_user_by_token(request)
if not user:
return JsonResponse({'errmsg': '用户不存在', 'code': 201})
dict = json.loads(request.body.decode())
old_pwd = dict.get('old_pwd')
new_pwd = dict.get('new_pwd')
new_pwd2 = dict.get('sure_pwd')
if new_pwd != new_pwd2:
return JsonResponse({'errmsg': '密码不一致', 'code': 202})
ret = user.check_password(raw_password=old_pwd)
if not ret:
return JsonResponse({'errmsg': '旧密码错误', 'code': 203})
if new_pwd == old_pwd:
return JsonResponse({'errmsg': '新密码不能与旧密码一致', 'code': 204})
user.set_password(raw_password=new_pwd)
user.save()
return JsonResponse({'errmsg': 'ok', 'code': 0})
def post(self, request):
user = get_user_by_token(request)
if not user:
return JsonResponse({'errmsg': '请先登录', 'code': 201})
# 判断是否是管理员
if user.is_superuser:
db_obj_item = RecentScansDB.objects.values('MD5').distinct()
db_obj = []
for i in range(len(db_obj_item)):
db_obj.append(
RecentScansDB.objects.filter(
MD5=db_obj_item[i].get("MD5")).last().to_dict())
db_obj = db_obj[::-1]
else:
db_obj = RecentScansDB.objects.filter(
USER_ID=user.id).order_by('-TIMESTAMP').values()
entries = []
android = StaticAnalyzerAndroid.objects.all()
package_mapping = {}
for item in android:
package_mapping[item.MD5] = item.PACKAGE_NAME
for entry in db_obj:
if entry['MD5'] in package_mapping.keys():
entry['PACKAGE'] = package_mapping[entry['MD5']]
else:
entry['PACKAGE'] = ''
entries.append(entry)
context = {
'title': 'Recent Scans',
'entries': entries,
'version': settings.MOBSF_VER,
}
template = 'general/recent.html'
ret = render(request, template, context)
ret = (ret.content).decode()
return JsonResponse({'errmsg': 'ok', 'code': 0, 'data': ret})
def delete_scan(request, api=False):
"""Delete Scan from DB and remove the scan related files."""
# todo
user = get_user_by_token(request)
if not user:
# 未登录跳转到登陆页面
return HttpResponseRedirect('/login/')
try:
if request.method == 'POST':
if api:
md5_hash = request.POST['hash']
else:
md5_hash = request.POST['md5']
data = {'deleted': 'scan hash not found'}
if re.match('[0-9a-f]{32}', md5_hash):
# Delete DB Entries
scan = RecentScansDB.objects.filter(MD5=md5_hash)
if scan.exists():
if user.is_superuser:
# 管理员删掉所有该app
RecentScansDB.objects.filter(MD5=md5_hash).delete()
StaticAnalyzerAndroid.objects.filter(
MD5=md5_hash).delete()
StaticAnalyzerIOS.objects.filter(MD5=md5_hash).delete()
StaticAnalyzerWindows.objects.filter(
MD5=md5_hash).delete()
# Delete Upload Dir Contents
app_upload_dir = os.path.join(settings.UPLD_DIR,
md5_hash)
# Delete Upload Dir Contents
KEYS = [
MODEL_K % ("RecentScansDB", md5_hash),
MODEL_K % ("StaticAnalyzerAndroid", md5_hash),
MODEL_K % ("StaticAnalyzerIOS", md5_hash),
MODEL_K % ("StaticAnalyzerWindows", md5_hash)
]
for key in KEYS:
RDS_DB5.delete(key)
# Delete Upload Dir Contents
app_upload_dir = os.path.join(settings.UPLD_DIR,
md5_hash)
if is_dir_exists(app_upload_dir):
shutil.rmtree(app_upload_dir)
# Delete Download Dir Contents
dw_dir = settings.DWD_DIR
for item in os.listdir(dw_dir):
item_path = os.path.join(dw_dir, item)
valid_item = item.startswith(md5_hash + '-')
# Delete all related files
if is_file_exists(item_path) and valid_item:
os.remove(item_path)
# Delete related directories
if is_dir_exists(item_path) and valid_item:
shutil.rmtree(item_path)
else:
# 普通用户只能删掉自己上传的app
RecentScansDB.objects.filter(MD5=md5_hash,
USER_ID=user.id).delete()
# StaticAnalyzerAndroid.objects.filter(MD5=md5_hash).delete()
StaticAnalyzerIOS.objects.filter(MD5=md5_hash).delete()
StaticAnalyzerWindows.objects.filter(
MD5=md5_hash).delete()
data = {'deleted': 'yes'}
if api:
return data
else:
ctype = 'application/json; charset=utf-8'
return HttpResponse(json.dumps(data), content_type=ctype)
except Exception as exp:
msg = str(exp)
exp_doc = exp.__doc__
if api:
return print_n_send_error_response(request, msg, True, exp_doc)
else:
return print_n_send_error_response(request, msg, False, exp_doc)
def get(self, request):
user = get_user_by_token(request)
if user:
return JsonResponse({'errmsg': 'ok', 'code': 0})
else:
return JsonResponse({"errmsg": 'error', 'code': 201})