def delete(self): if not session.get('status'): return redirect(url_for('html_system_login'), 302) args = self.parser.parse_args() key_cus_name = args.cus_name user_query = SrcCustomer.query.filter( SrcCustomer.cus_name == key_cus_name).first() if not user_query: # 删除的厂商不存在 addlog(session.get('username'), session.get('login_ip'), f'删除厂商:[{key_cus_name}] 失败,原因:该厂商不存在') return {'status_code': 500, 'msg': '删除厂商失败,无此厂商'} DB.session.delete(user_query) try: DB.session.commit() except: DB.session.rollback() return {'status_code': 500, 'msg': '删除厂商失败,SQL错误'} addlog(session.get('username'), session.get('login_ip'), f'删除厂商:[{key_cus_name}] 成功') return {'status_code': 200, 'msg': '删除厂商成功'}
def delete(self): if not session.get('status'): return {'result': {'status_code': 401}} args = self.parser.parse_args() key_domain = escape(args.domain) domain_query = SrcDomain.query.filter( SrcDomain.domain == key_domain).first() if not domain_query: # 删除的domain不存在 return {'result': {'status_code': 202}} DB.session.delete(domain_query) try: DB.session.commit() except Exception as e: DB.session.rollback() logger.log('ALERT', f'删除主任务失败,{e}') return {'result': {'status_code': 500}} addlog(session.get('username'), session.get('login_ip'), f'删除主任务:[{key_domain}] 成功') logger.log('INFOR', f'删除主任务成功,{key_domain}') return {'result': {'status_code': 200}}
def post(self): if not session.get('status'): return {'result': {'status_code': 401}} args = self.parser.parse_args() key_time = args.url_time url_query = SrcUrls.query.filter(SrcUrls.url_time == key_time).first() if not url_query: # 添加的url不存在 return {'result': {'status_code': 202}} url_query.flag = True url_query.reptile = True try: DB.session.commit() except Exception as e: DB.session.rollback() logger.log('ALERT', f'添加URL扫描任务失败,{e}') return {'result': {'status_code': 500}} addlog(session.get('username'), session.get('login_ip'), f'添加URL扫描任务成功') logger.log('INFOR', f'添加URL扫描任务成功') return {'result': {'status_code': 200}}
def put(self): '''发送测试邮件''' if not session.get('status'): return redirect(url_for('html_system_login'), 302) mail_query = MailSetting.query.first() if not mail_query: return {'status_code': 201, 'msg': f'发送邮件失败,请完成上一步操作'} args = self.parser.parse_args() key_address_email = args.address_email key_mail_title = args.mail_title key_mail_txt = args.mail_txt smail = SMail() result, msg = smail.send_mail(key_address_email, key_mail_title, key_mail_txt) if result: addlog(session.get('username'), session.get('login_ip'), f'发送测试邮件成功:[{key_mail_title}]') return {'status_code': 200, 'msg': '发送邮件成功'} else: return {'status_code': 201, 'msg': f'发送邮件失败:{msg}'}
def post(self): if not session.get('status'): return {'result': {'status_code': 401}} args = self.parser.parse_args() key_xingming = args.xingming key_phone = args.phone key_email = args.email key_remark = args.remark user_query = User.query.filter( User.username == session.get('username')).first() if not user_query: addlog(session.get('username'), session.get('login_ip'), '修改用户资料失败,原因:越权修改其他用户') return {'result': {'status_code': 500}} user_query.name = key_xingming user_query.phone = key_phone user_query.email = key_email if key_remark: user_query.remark = key_remark try: DB.session.commit() except Exception as e: logger.log('ALERT', f'用户修改资料接口SQL错误:{e}') DB.session.rollback() addlog(session.get('username'), session.get('login_ip'), '修改用户资料失败,原因:SQL错误') return {'result': {'status_code': 500}} addlog(session.get('username'), session.get('login_ip'), '修改用户资料成功') logger.log('INFOR', f"[{session.get('username')}]修改用户资料成功") return {'result': {'status_code': 200}}
def post(self): if not session.get('status'): return {'result': {'status_code': 401}} args = self.parser.parse_args() key_old_password = args.old_password key_new_password = args.new_password key_again_password = args.again_password if key_new_password != key_again_password: return {'result': {'status_code': 203}} if key_old_password == key_new_password: return {'result': {'status_code': 204}} user_query = User.query.filter( User.username == session.get('username')).first() if not user_query: addlog(session.get('username'), session.get('login_ip'), '修改用户密码失败,原因:不存在此账户') return {'result': {'status_code': 500}} if not check_password_hash(user_query.password, key_old_password): # 检测原密码 addlog(session.get('username'), session.get('login_ip'), '修改用户密码失败,原因:原密码不正确') return {'result': {'status_code': 201}} user_query.password = generate_password_hash(key_new_password) # 更新密码 try: DB.session.commit() except Exception as e: logger.log('ALERT', f'用户修改密码接口SQL错误:{e}') DB.session.rollback() return {'result': {'status_code': 500}} addlog(session.get('username'), session.get('login_ip'), '修改用户密码成功') logger.log('INFOR', f"[{session.get('username')}]修改用户密码成功") return {'result': {'status_code': 200}}
def post(self): if not session.get('status'): return redirect(url_for('html_system_login'), 302) args = self.parser.parse_args() key_phone = args.phone key_email = args.email key_remark = args.remark user_query = User.query.filter( User.username == session.get('username')).first() if not user_query: addlog(session.get('username'), session.get('login_ip'), '修改用户资料失败,原因:越权修改其他用户') return {'status_code': 500, 'msg': '禁止越权修改用户信息'} user_query.phone = key_phone user_query.email = key_email if key_remark: user_query.remark = key_remark try: DB.session.commit() except Exception as e: logger.log('ALERT', f'用户修改资料接口SQL错误:{e}') DB.session.rollback() addlog(session.get('username'), session.get('login_ip'), '修改用户资料失败,原因:SQL错误') return {'status_code': 500, 'msg': '修改用户资料失败,SQL出错'} addlog(session.get('username'), session.get('login_ip'), '修改用户资料成功') logger.log('INFOR', f"[{session.get('username')}]修改用户资料成功") return {'status_code': 200}
def post(self): if not session.get('status'): return redirect(url_for('html_system_login'), 302) args = self.parser.parse_args() key_old_password = args.old_password key_new_password = args.new_password key_again_password = args.again_password if key_new_password != key_again_password: return {'status_code': 201, 'msg': '两次输入的新密码不一致'} if key_old_password == key_new_password: return {'status_code': 201, 'msg': '新密码不能和旧密码一致'} user_query = User.query.filter( User.username == session.get('username')).first() if not user_query: addlog(session.get('username'), session.get('login_ip'), '修改用户密码失败,原因:不存在此账户') return {'status_code': 201, 'msg': '修改密码失败,session失效'} if not check_password_hash(user_query.password, key_old_password): # 检测原密码 addlog(session.get('username'), session.get('login_ip'), '修改用户密码失败,原因:原密码不正确') return {'status_code': 201, 'msg': '修改密码失败,旧密码不正确'} user_query.password = generate_password_hash(key_new_password) # 更新密码 try: DB.session.commit() except Exception as e: logger.log('ALERT', f'用户修改密码接口SQL错误:{e}') DB.session.rollback() return {'status_code': 201, 'msg': '修改密码失败,SQL错误'} addlog(session.get('username'), session.get('login_ip'), '修改用户密码成功') logger.log('INFOR', f"[{session.get('username')}]修改用户密码成功") return {'status_code': 200, 'msg': '修改密码成功'}
def put(self): '''添加厂商''' if not session.get('status'): return redirect(url_for('html_system_login'), 302) args = self.parser.parse_args() key_cus_name = args.cus_name key_cus_home = args.cus_home src_customer_query = SrcCustomer.query.filter(SrcCustomer.cus_name == key_cus_name).first() if src_customer_query: return {'status_code': 201, 'msg': f'已存在[{key_cus_name}]厂商名'} src_customer_query = SrcCustomer(key_cus_name, key_cus_home) DB.session.add(src_customer_query) try: DB.session.commit() except Exception as e: logger.log('ALERT', '厂商添加接口SQL错误:%s' % e) DB.session.rollback() return {'status_code': 500, 'msg': '添加厂商失败,原因:SQL错误'} addlog(session.get('username'), session.get('login_ip'), f'[{key_cus_name}]厂商添加成功') logger.log('INFOR', f'[{key_cus_name}]厂商添加成功') return {'status_code': 200, 'msg': '添加厂商成功'}
def post(self): '''更新SMTP配置''' if not session.get('status'): return redirect(url_for('html_system_login'), 302) args = self.parser.parse_args() key_smtp_ip = args.smtp_ip key_smtp_port = args.smtp_port key_smtp_username = args.smtp_username key_smtp_password = args.smtp_password key_smtp_ssl = args.smtp_ssl APP.config.update(MAIL_SERVER=key_smtp_ip, MAIL_PORT=key_smtp_port, MAIL_USERNAME=key_smtp_username, MAIL_PASSWORD=key_smtp_password, MAIL_DEFAULT_SENDER=(key_smtp_username, key_smtp_username), MAIL_USE_TLS=key_smtp_ssl) mail_query = MailSetting.query.first() if mail_query: mail_query.smtp_ip = key_smtp_ip mail_query.smtp_port = key_smtp_port mail_query.smtp_username = key_smtp_username mail_query.smtp_password = key_smtp_password mail_query.smtp_ssl = key_smtp_ssl else: mail_query = MailSetting(key_smtp_ip, key_smtp_port, key_smtp_username, key_smtp_password, key_smtp_ssl) DB.session.add(mail_query) try: DB.session.commit() except Exception as e: logger.log('ALERT', f'更新SMTP配置失败,原因:{e}') DB.session.rollback() return {'status_code': 500, 'msg': '更新SMTP配置失败,SQL错误'} addlog(session.get('username'), session.get('login_ip'), '更新SMTP配置成功') logger.log('INFOR', f'更新SMTP配置成功[{key_smtp_ip}]') return {'status_code': 200, 'msg': '更新SMTP配置成功'}
def put(self): if not session.get('status'): return {'result': {'status_code': 401}} args = self.parser.parse_args() key_scan_dict = args.scan.replace("'", '"') try: key_scan_dict = json.loads(key_scan_dict) except: return {'result': {'status_code': 500}} for key, value in key_scan_dict.items(): url_query = SrcVulnerabilitie.query.filter(SrcVulnerabilitie.time == key_scan_dict[key]['time']).first() if not url_query: continue else: DB.session.delete(url_query) try: DB.session.commit() except Exception as e: DB.session.rollback() logger.log('ALERT', f'批量删除漏洞任务失败,{e}') return {'result': {'status_code': 500}} addlog(session.get('username'), session.get('login_ip'), f'批量删除漏洞任务成功') logger.log('INFOR', f'批量删除漏洞任务成功') return {'result': {'status_code': 200}}
def delete(self): if not session.get('status'): return redirect(url_for('html_system_login'), 302) args = self.parser.parse_args() key_scan_dict = args.vlus.replace("'", '"') try: key_scan_dict = json.loads(key_scan_dict) except: return {'status_code': 500, 'msg': '删除漏洞失败'} for key, value in key_scan_dict.items(): url_query = SrcVul.query.filter(SrcVul.vul_time == key_scan_dict[key]['time']).first() if not url_query: continue else: DB.session.delete(url_query) try: DB.session.commit() except Exception as e: DB.session.rollback() logger.log('ALERT', f'批量删除漏洞任务失败,{e}') return {'status_code': 500, 'msg': '删除漏洞失败'} addlog(session.get('username'), session.get('login_ip'), f'批量删除漏洞成功') logger.log('INFOR', f'批量删除漏洞成功') return {'status_code': 200, 'msg': '删除漏洞成功'}