def generate_alerts(self, search_start_time):
alerts = {}
#alerts["HIDDEN ELEMENT"] = self.get_hidden_iframes_css(search_start_time)
alerts["HIDDEN ELEMENT"] = self.get_hidden_iframes(search_start_time)
alerts["PROFILING SCRIPT"] = self.get_cart_id_injections(search_start_time)
alerts["SCANBOX FRAMEWORK"] = self.get_scanbox_injections(search_start_time)
for alert in alerts:
for elem in alerts[alert]:
if hasattr(elem, 'uri') and (elem.domain == None or not self.check_whitelist(elem.uri)):
print "alert for ", elem.raw
infected_page = Page.objects.get(Q(event_time__gte=search_start_time),page_id=elem.page_id)
infected_page_url = ""
if infected_page is not None:
infected_page_url = infected_page.uri
a = Alert(reason=alert, raw=elem.raw, uri=elem.uri, page=infected_page_url, page_id=elem.page_id, org_id=elem.org_id, event_time=elem.event_time)
a.save()
alerts_nocheck = {}
if settings.ENABLE_EMAIL_ALERTS:
alerts_nocheck["EMAIL DISCLOSURE"] = self.get_email_disclosures(search_start_time)
print "here"
alerts_nocheck["SUSPICIOUS SCRIPT"] = self.get_pastebin_injections(search_start_time)
alerts_nocheck["WEBSHELL INJECTION"] = self.get_shell_injections(search_start_time)
alerts_nocheck["VBSCRIPT INJECTION"] = self.get_vbscript_injections(search_start_time)
alerts_nocheck["EVERCOOKIE SCRIPT"] = self.get_evercookie_scripts(search_start_time)
for alert in alerts_nocheck:
for elem in alerts_nocheck[alert]:
print elem.raw
infected_page = Page.objects.get(Q(event_time__gte=search_start_time),page_id=elem.page_id)
infected_page_url = ""
if infected_page is not None:
infected_page_url = infected_page.uri
a = Alert(reason=alert, raw=elem.raw, uri=elem.uri, page=infected_page_url, page_id=elem.page_id, org_id=elem.org_id, event_time=elem.event_time)
a.save()
def generate_alerts(self, search_start_time):
alerts = {}
#alerts["HIDDEN ELEMENT"] = self.get_hidden_iframes_css(search_start_time)
alerts["HIDDEN ELEMENT"] = self.get_hidden_iframes(search_start_time)
alerts["PROFILING SCRIPT"] = self.get_cart_id_injections(
search_start_time)
alerts["SCANBOX FRAMEWORK"] = self.get_scanbox_injections(
search_start_time)
for alert in alerts:
for elem in alerts[alert]:
if hasattr(elem,
'uri') and (elem.domain == None
or not self.check_whitelist(elem.uri)):
print "alert for ", elem.raw
infected_page = Page.objects.get(
Q(event_time__gte=search_start_time),
page_id=elem.page_id)
infected_page_url = ""
if infected_page is not None:
infected_page_url = infected_page.uri
a = Alert(reason=alert,
raw=elem.raw,
uri=elem.uri,
page=infected_page_url,
page_id=elem.page_id,
org_id=elem.org_id,
event_time=elem.event_time)
a.save()
alerts_nocheck = {}
if settings.ENABLE_EMAIL_ALERTS:
alerts_nocheck["EMAIL DISCLOSURE"] = self.get_email_disclosures(
search_start_time)
print "here"
alerts_nocheck["SUSPICIOUS SCRIPT"] = self.get_pastebin_injections(
search_start_time)
alerts_nocheck["WEBSHELL INJECTION"] = self.get_shell_injections(
search_start_time)
alerts_nocheck["VBSCRIPT INJECTION"] = self.get_vbscript_injections(
search_start_time)
alerts_nocheck["EVERCOOKIE SCRIPT"] = self.get_evercookie_scripts(
search_start_time)
for alert in alerts_nocheck:
for elem in alerts_nocheck[alert]:
print elem.raw
infected_page = Page.objects.get(
Q(event_time__gte=search_start_time), page_id=elem.page_id)
infected_page_url = ""
if infected_page is not None:
infected_page_url = infected_page.uri
a = Alert(reason=alert,
raw=elem.raw,
uri=elem.uri,
page=infected_page_url,
page_id=elem.page_id,
org_id=elem.org_id,
event_time=elem.event_time)
a.save()
