def add_log(type, title, contents):
user_uuid = UserSession.get_uuid()
mysql_db = pymysql.connect(host='192.168.182.88',
user='******',
password='******',
db='asset_scan',
port=13306)
cursor = mysql_db.cursor()
# 插入数据 日志表内相应数据
sql_insert = """insert into system_logs
(uuid,type,title,contents,create_time,create_user_uuid)
values('%s',%s,'%s','%s','%s','%s')""" % (str(
uuid.uuid4()), type, title, contents, SysUtils.get_now_time_str(),
user_uuid)
try:
cursor.execute(sql_insert)
# 提交事务
mysql_db.commit()
except Exception as e:
# 如果异常则回滚事务
mysql_db.rollback()
raise e # 可做自己想做的事
finally:
mysql_db.close()
return
def query(self, offset, count):
result_cursor = method_fs.find().sort([("_id", pymongo.DESCENDING)])
item_list = list(result_cursor[offset:offset + count])
items = []
for item in item_list:
items.append(SysUtils.grid_out_to_dict(item))
# item_list = list(result_cursor[offset: offset + count])
return items
def add(self, firmware_id, alias, content):
type = SysUtils.parse_file_type(alias)
# 更新POC到 GridFS 存储桶中
# method_fs.put(content.encode(encoding="utf-8"), content_type=type, filename=firmware_id, aliases=[alias])
method_fs.put(content,
content_type=type,
filename=firmware_id,
aliases=[alias])
return True
def update(self, firmware_id, alias, content):
# 删除旧的POC
self.delete(firmware_id)
type = SysUtils.parse_file_type(alias)
# 更新POC到 GridFS 存储桶中
method_fs.put(content.encode(encoding="utf-8"),
content_type=type,
filename=firmware_id,
aliases=[alias])
return True
def fetch(self, firmware_id):
grid_out = method_fs.find_one({'filename': firmware_id})
item = SysUtils.grid_out_to_dict(grid_out)
if item is None:
return None
data = grid_out.read()
print(item['aliases'])
# save path file
filename = os.getcwd() + "\\firmware\\" + item['aliases']
outf = open(filename, 'wb') # 创建文件
outf.write(data)
outf.close()
# uncompress zip
filepath = SysUtils.un_py7zr(filename)
# item['firmware_id'] = firmware_id
item['firmware_path'] = filepath
return item
def add(request):
# firmware_id = req_post_param(request, "firmware_id")
title = req_post_param(request, "title")
author = req_post_param(request, "author")
type = req_post_param(request, "type")
platform = req_post_param(request, "platform")
# 获取可用的firmware_id,内部检查取值范围和是否冲突(firmware_id需要唯一)
firmware_id = firmware_db.get_suggest_firmware_id(None)
# with common.config.g_mongo_client.start_session(causal_consistency=True) as session:
# """事物必须在session下执行,with保证了session的正常关闭"""
# with session.start_transaction():
# """一旦出现异常会自动调用session.abort_transaction()"""
# 获取各字段的索引号,如果是新值,则添加一条新索引,并返回新的id号
author_id = firmware_db.fetch_field_id('author', author)
type_id = firmware_db.fetch_field_id('type', type)
platform_id = firmware_db.fetch_field_id('platform', platform)
# 组装漏洞信息,并添加
item = {
'description': [firmware_id, title],
'date_published': SysUtils.get_now_time().strftime('%Y-%m-%d'),
'verified': 0,
'port': 0,
'customized': 1,
'author': {
'id': author_id,
'name': author
},
'type': {
'id': type_id,
'name': type
},
'platform': {
'id': platform_id,
'platform': platform
},
'firmware_id': firmware_id
}
result = firmware_db.add(item)
# 为性能测试中降低CPU使用率,小段延时
time.sleep(1.0)
# 本版本不检查成功与否
#SysLog.success('新建漏洞', '成功添加漏洞信息,漏洞ID={}'.format(firmware_id))
return app_ok_p({
'firmware_id': firmware_id,
'customized': 1,
'date_published': item['date_published']
})
def poc_download(request):
firmware_id = req_get_param(request, 'firmware_id')
item = firmware_pocs.fetch(firmware_id)
if item is None:
return sys_app_err('ERROR_FWPOC_NOT_FOUND')
file_name = item['aliases']
# 对文本类型的文件名称增加txt后缀
download_name = SysUtils.add_plain_text_file_suffix(file_name)
# 设置响应内容的文件下载参数
response = HttpResponse(item['content'],
content_type='application/octet-stream')
response['Content-Disposition'] = 'attachment;filename="%s"' % (
urlquote(download_name))
#SysLog.success('下载POC', '成功下载POC文件,漏洞ID={}'.format(firmware_id))
return response
def fetch_no_content(self, firmware_id):
grid_out = method_fs.find_one({'filename': firmware_id})
item = SysUtils.grid_out_to_dict(grid_out)
if item is None:
return None
return item