def pull_code(self, branch='master'):
logging.info('Gitlab project')
# Git
if 'gitlab' in self.target:
username = config.Config('git', 'username').value
password = config.Config('git', 'password').value
else:
username = None
password = None
gg = git.Git(self.target,
branch=branch,
username=username,
password=password)
# Git Clone Error
try:
clone_ret, clone_err = gg.clone()
if clone_ret is False:
return 4001, 'Clone Failed ({0})'.format(clone_err), gg
except NotExistError:
# update project status
p = CobraProjects.query.filter_by(repository=self.target).first()
if p is not None:
if p.status == CobraProjects.get_status('on'):
p.status = CobraProjects.get_status('off')
db.session.add(p)
db.session.commit()
return 4001, 'Repository Does not exist!', gg
except AuthError:
logging.critical('Git Authentication Failed')
return 4001, 'Repository Authentication Failed', gg
return 1001, 'Success', gg
def test_rule():
vc = ValidateClass(request, 'rid', 'pid')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4004, message=msg)
# all projects
if int(vc.vars.pid) == 0:
project_directory = os.path.join(config.Config('upload', 'directory').value, 'versions')
else:
project = CobraProjects.query.filter(CobraProjects.id == vc.vars.pid).first()
if 'gitlab' in project.repository or 'github' in project.repository:
username = config.Config('git', 'username').value
password = config.Config('git', 'password').value
gg = git.Git(project.repository, branch='master', username=username, password=password)
clone_ret, clone_err = gg.clone()
if clone_ret is False:
return jsonify(code=4001, message='Clone Failed ({0})'.format(clone_err))
project_directory = gg.repo_directory
else:
project_directory = project.repository
data = static.Static(project_directory, project_id=vc.vars.pid, rule_id=vc.vars.rid).analyse(test=True)
data = '\r\n'.join(data)
return jsonify(code=1001, message=data)
def test_git_diff(self):
filename = 'test.php'
git = git.Git(filename, '123', '124')
git_diff = git.diff()
print git_diff
def version(self, branch=None, new_version=None, old_version=None):
# Gitlab
if '.git' in self.target:
logging.info('Gitlab project')
# Git
if 'gitlab' in self.target:
username = config.Config('git', 'username').value
password = config.Config('git', 'password').value
else:
username = None
password = None
gg = git.Git(self.target, branch=branch, username=username, password=password)
repo_author = gg.repo_author
repo_name = gg.repo_name
repo_directory = gg.repo_directory
# Git Clone Error
clone_ret, clone_err = gg.clone()
if clone_ret is False:
return 4001, 'Clone Failed ({0})'.format(clone_err)
elif 'svn' in self.target:
# SVN
repo_name = 'mogujie'
repo_author = 'all'
repo_directory = config.Config('upload', 'directory').value
else:
repo_name = 'Local Project'
repo_author = getpass.getuser()
repo_directory = self.target
if not os.path.exists(repo_directory):
return 1004, 'repo directory not exist ({0})'.format(repo_directory)
if new_version == "" or old_version == "":
scan_way = 1
else:
scan_way = 2
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
# insert into task info table.
task = CobraTaskInfo(self.target, branch, scan_way, new_version, old_version, 0, 0, 0, 1, 0, 0, current_time, current_time)
p = CobraProjects.query.filter_by(repository=self.target).first()
project = None
# detection framework for project
framework, language = detection.Detection(repo_directory).framework()
if framework != '' or language != '':
project_framework = '{0} ({1})'.format(framework, language)
else:
project_framework = ''
project_id = 0
if not p:
# insert into project table.
project = CobraProjects(self.target, '', repo_name, repo_author, project_framework, '', '', 1, current_time)
else:
project_id = p.id
# update project's framework
p.framework = project_framework
db.session.add(p)
try:
db.session.add(task)
if not p:
db.session.add(project)
db.session.commit()
if not p:
project_id = project.id
cobra_path = os.path.join(config.Config().project_directory, 'cobra.py')
if os.path.isfile(cobra_path) is not True:
return 1004, 'cobra.py not found'
# scan vulnerability
subprocess.Popen(['python', cobra_path, "scan", "-p", str(project_id), "-i", str(task.id), "-t", repo_directory])
# statistic code
subprocess.Popen(['python', cobra_path, "statistic", "-i", str(task.id), "-t", repo_directory])
# check repair
subprocess.Popen(['python', cobra_path, "repair", "-p", str(project_id)])
result = dict()
result['scan_id'] = task.id
result['project_id'] = project_id
result['msg'] = u'success'
return 1001, result
except Exception as e:
return 1004, 'Unknown error, try again later?' + e.message
def version(self, branch=None, new_version=None, old_version=None):
# Gitlab
if '.git' in self.target:
# Git
if 'gitlab' in self.target:
username = config.Config('git', 'username').value
password = config.Config('git', 'password').value
else:
username = False
password = False
gg = git.Git(self.target, branch=branch, username=username, password=password)
repo_author = gg.repo_author
repo_name = gg.repo_name
repo_directory = gg.repo_directory
# Git Clone Error
if gg.clone() is False:
return 4001, 'Clone Failed'
elif 'svn' in self.target:
# SVN
repo_name = 'mogujie'
repo_author = 'all'
repo_directory = os.path.join(config.Config('upload', 'directory').value, 'versions/mogujie')
else:
return 1005, 'Repository must contained .git or svn'
if new_version == "" or old_version == "":
scan_way = 1
else:
scan_way = 2
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
# insert into task info table.
task = CobraTaskInfo(self.target, branch, scan_way, new_version, old_version, 0, 0, 0, 1, 0, 0, current_time, current_time)
p = CobraProjects.query.filter_by(repository=self.target).first()
project = None
# detection framework for project
framework, language = detection.Detection(repo_directory).framework()
project_framework = '{0} ({1})'.format(framework, language)
if not p:
# insert into project table.
project = CobraProjects(self.target, '', repo_name, repo_author, project_framework, '', '', current_time)
project_id = project.id
else:
project_id = p.id
# update project's framework
p.framework = project_framework
db.session.add(p)
db.session.commit()
try:
db.session.add(task)
if not p:
db.session.add(project)
db.session.commit()
cobra_path = os.path.join(config.Config().project_directory, 'cobra.py')
if os.path.isfile(cobra_path) is not True:
return 1004, 'Cobra Not Found'
# Start Scanning
subprocess.Popen(['python', cobra_path, "scan", "-p", str(project_id), "-i", str(task.id), "-t", repo_directory])
# Statistic Code
subprocess.Popen(['python', cobra_path, "statistic", "-i", str(task.id), "-t", repo_directory])
result = dict()
result['scan_id'] = task.id
result['project_id'] = project_id
result['msg'] = u'success'
return 1001, result
except Exception as e:
return 1004, 'Unknown error, try again later?' + e.message