def api_vuln_global_time(request, **kwargs):
http = HttpClient(api_settings.SERVER, timeout=20)
vuln_type = request.GET.get('type')
url = http.murl('{url}?type={type}'.format(url=api_settings.GLOBAL_TIME,
type=vuln_type))
try:
res = http.mget(url)
except Exception as e:
logger.error('get vuln global risk error: %s --server[%s]', e.message,
url)
# return default_views.Http404Page(request, e)
raise exceptions.NotFound(ResError.VULN_CONNECTED_FAILED)
res_data = http.result(res, True)
if res.status_code == 200:
time = res_data['time']
data = res_data['content']
else:
logger.error('get vuln global risk error: %s --server[%s]',
res_data.get('message'), url)
# return default_views.Http404Page(request, Exception())
raise exceptions.NotFound(ResError.VULN_CONNECTED_FAILED)
return response.Response(OrderedDict([('time', time), ('content', data)]),
status=status.HTTP_200_OK)
def api_vuln_global_risk(request, **kwargs):
http = HttpClient(api_settings.SERVER, timeout=20)
vuln_type = request.GET.get('type')
url = http.murl('{url}?type={type}'.format(url=api_settings.GLOBAL_RISK,
type=vuln_type))
try:
res = http.mget(url)
except Exception as e:
logger.error('get vuln global risk error: %s -- server[%s]', e.message,
url)
# return default_views.Http404Page(request, e)
raise exceptions.NotFound(ResError.VULN_CONNECTED_FAILED)
res_data = http.result(res, True)
if res.status_code == 200:
if len(res_data) > 0:
data = res_data
else:
# return default_views.Http404Page(request, Exception())
raise exceptions.NotFound(ResError.VULN_CONNECTED_FAILED)
else:
logger.error('get vuln global risk error: %s --server[%s]',
res_data.get('message'), url)
# return default_views.Http404Page(request, Exception())
raise exceptions.NotFound(ResError.VULN_CONNECTED_FAILED)
en_name = ['High Risk', 'Medium Risk', 'Low Risk', 'Unknown']
if getattr(request, 'LANGUAGE_CODE', settings.LANGUAGE_CODE) == 'en':
for index, type_data in enumerate(data):
type_data['name'] = en_name[index]
return response.Response(data, status=status.HTTP_200_OK)
def api_http(self):
if not hasattr(self, '_api_http'):
self._api_http = HttpClient(
api_settings.GUACAMOLE_API_URL_PREFIX.format(
server=self.server),
timeout=5)
return self._api_http
def http_vis_request(url, **kwargs):
vis_user = api_settings.VIS_USER
vis_password = api_settings.VIS_PASSWORD
api_key = '{user}:{key}'.format(user=vis_user,
key=hashlib.md5(vis_password).hexdigest())
json = {
'api_key': api_key,
}
for p in kwargs:
json[p] = kwargs[p]
http = HttpClient(settings.VIS_HOST, timeout=5)
res = http.mpost(url, json=json)
res_data = http.result(res, True)
return res_data
def api_vuln_list(request, **kwargs):
http = HttpClient(api_settings.SERVER, timeout=20)
query_params = request.GET
try:
offset = int(query_params.get('offset') or 0)
limit = int(query_params.get('limit') or 10)
cn = query_params.get('cn')
exploit = query_params.get('exploit')
except:
offset = 0
limit = 10
cn = ''
exploit = ''
page = offset / limit + 1
json_data = {
'api_key': '123456',
'keyword': query_params.get('search', ''),
'page': page,
'per_page': limit,
'zh': cn,
'exploit': exploit
}
url = http.murl(api_settings.LIST_URL)
try:
res = http.mpost(url, json=json_data)
except Exception as e:
logger.error('get vuln list error: %s -- data[%s] server[%s]',
e.message, json_data, url)
total = 0
data = []
else:
res_data = http.result(res, True)
if res.status_code == 200:
total = res_data.get('total_records', 0)
data = res_data['data']
else:
logger.error('get vuln list error: %s -- data[%s] server[%s]',
res_data.get('message'), json_data, url)
total = 0
data = []
return response.Response(OrderedDict([('total', total), ('rows', data)]))
def vuln_detail(request, pk, **kwargs):
context = kwargs.get('menu')
context['pk'] = pk
http = HttpClient(api_settings.SERVER, timeout=20)
json_data = {
'api_key': '123456',
'_id': pk,
}
url = http.murl(api_settings.DETAIL_URL)
try:
res = http.mpost(url, json=json_data)
except Exception as e:
logger.error('get vuln detail error: %s -- data[%s] server[%s]',
e.message, json_data, url)
# return default_views.Http404Page(request, e)
return default_views.Http404Page(request, Exception())
res_data = http.result(res, True)
if res.status_code != 200:
return default_views.Http404Page(request, Exception())
return render(request, 'x_vulns/web/vuln_detail.html', context)
def api_vuln_detail(request, pk, **kwargs):
http = HttpClient(api_settings.SERVER, timeout=20)
json_data = {
'api_key': '123456',
'_id': pk,
}
url = http.murl(api_settings.DETAIL_URL)
try:
res = http.mpost(url, json=json_data)
except Exception as e:
logger.error('get vuln detail error: %s -- data[%s] server[%s]',
e.message, json_data, url)
# return default_views.Http404Page(request, e)
raise exceptions.NotFound(ResError.VULN_CONNECTED_FAILED)
res_data = http.result(res, True)
if res.status_code == 200:
data_list = res_data['data']
if len(data_list) > 0:
data = json.loads(data_list)
if data.get('software_list') is not None:
rows = []
for software in data.get('software_list'):
rows.append(eval(software))
data['software_list'] = rows
cvss_data = gen_cvss_indicator(data.get('cvss'))
data['cvss_data'] = cvss_data
else:
# return default_views.Http404Page(request, Exception())
raise exceptions.NotFound(ResError.VULN_CONNECTED_FAILED)
else:
logger.error('get vuln detail error: %s -- data[%s] server[%s]',
res_data.get('message'), json_data, url)
# return default_views.Http404Page(request, Exception())
raise exceptions.NotFound(ResError.VULN_CONNECTED_FAILED)
return response.Response(data)