def del_rule():
vc = ValidateClass(request, "rule_id")
vc.check_args()
rule_id = vc.vars.rule_id
if rule_id:
# 检查该条rule是否存在result和task的依赖
result = db.session.query(CobraResults.task_id).filter(
CobraResults.rule_id == rule_id).group_by(
CobraResults.task_id).all()
if len(result):
# 存在依赖
task_rely = ""
for res in result:
task_rely += str(res.task_id) + ","
task_rely = task_rely.strip(",")
message = "Delete failed. Please check and delete the task rely on this rule first.<br />"
message += "<strong>Rely Tasks: </strong>" + task_rely
return jsonify(code=1004, tag="danger", msg=message)
r = CobraRules.query.filter_by(id=rule_id).first()
try:
db.session.delete(r)
db.session.commit()
return jsonify(code=1001, tag='success', msg='delete success.')
except SQLAlchemyError:
return jsonify(code=1004,
tag='danger',
msg='delete failed. Try again later?')
else:
return jsonify(code=1004, tag='danger', msg='wrong id')
def del_rule():
vc = ValidateClass(request, "rule_id")
vc.check_args()
vul_id = vc.vars.rule_id
if vul_id:
r = CobraRules.query.filter_by(id=vul_id).first()
try:
db.session.delete(r)
db.session.commit()
return jsonify(tag='success', msg='delete success.')
except:
return jsonify(tag='danger', msg='delete failed. Try again later?')
else:
return jsonify(tag='danger', msg='wrong id')
def edit_vul(vul_id):
if not ValidateClass.check_login():
return redirect(ADMIN_URL + "/index")
if request.method == "POST":
vc = ValidateClass(request, "name", "description", "repair")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
v = CobraVuls.query.filter_by(id=vul_id).first()
v.name = vc.args.name
v.description = vc.args.description
v.repair = vc.args.repair
try:
db.session.add(v)
db.session.commit()
return jsonify(tag="success", msg="save success.")
except:
return jsonify(tag="danger", msg="save failed. Try again later?")
else:
v = CobraVuls.query.filter_by(id=vul_id).first()
return render_template("backend/vul/edit_vul.html", data={"vul": v})
def edit_language(language_id):
if not ValidateClass.check_login():
return redirect(ADMIN_URL + "/index")
if request.method == "POST":
vc = ValidateClass(request, "language", "extensions")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
l = CobraLanguages.query.filter_by(id=language_id).first()
try:
l.language = vc.vars.language
l.extensions = vc.vars.extensions
db.session.add(l)
db.session.commit()
return jsonify(tag="success", msg="update success.")
except:
return jsonify(tag="danger", msg="try again later?")
else:
l = CobraLanguages.query.filter_by(id=language_id).first()
data = {
'language': l,
}
return render_template("backend/language/edit_language.html", data=data)
def index():
if ValidateClass.check_login():
return redirect(ADMIN_URL + '/main')
if request.method == "POST":
vc = ValidateClass(request, 'username', 'password')
ret, msg = vc.check_args()
if not ret:
return msg
au = CobraAdminUser.query.filter_by(username=vc.vars.username).first()
if not au or not au.verify_password(vc.vars.password):
# login failed.
return "Wrong username or password."
else:
# login success.
session['role'] = au.role
session['username'] = escape(au.username)
session['is_login'] = True
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
au.last_login_time = current_time
au.last_login_ip = request.remote_addr
db.session.add(au)
db.session.commit()
return "Login success, jumping...<br /><script>window.setTimeout(\"location='main'\", 1000);</script>"
else:
return render_template("backend/index/index.html")
def edit_project(project_id):
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == "POST":
vc = ValidateClass(request, "project_id", "name", "repository", "author", "remark")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
project = CobraProjects.query.filter_by(id=project_id).first()
if not project:
return jsonify(tag='danger', msg='wrong project id.')
# update project data
project.name = vc.vars.name
project.author = vc.vars.author
project.remark = vc.vars.remark
project.repository = vc.vars.repository
project.updated_at = current_time
try:
db.session.add(project)
db.session.commit()
return jsonify(tag='success', msg='save success.')
except:
return jsonify(tag='danger', msg='Unknown error.')
else:
project = CobraProjects.query.filter_by(id=project_id).first()
return render_template('backend/project/edit_project.html', data={
'project': project
})
def edit_language(language_id):
if not ValidateClass.check_login():
return redirect(ADMIN_URL + "/index")
if request.method == "POST":
vc = ValidateClass(request, "language", "extensions")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
l = CobraLanguages.query.filter_by(id=language_id).first()
try:
l.language = vc.vars.language
l.extensions = vc.vars.extensions
db.session.add(l)
db.session.commit()
return jsonify(tag="success", msg="update success.")
except:
return jsonify(tag="danger", msg="try again later?")
else:
l = CobraLanguages.query.filter_by(id=language_id).first()
data = {
'language': l,
}
return render_template("backend/language/edit_language.html",
data=data)
def add_whitelist():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == 'POST':
vc = ValidateClass(request, "project_id", "rule_id", "path", "reason")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
if vc.vars.path[0] != '/':
vc.vars.path = '/' + vc.vars.path
whitelist = CobraWhiteList(vc.vars.project_id, vc.vars.rule_id, vc.vars.path, vc.vars.reason,
1, current_time, current_time)
try:
db.session.add(whitelist)
db.session.commit()
return jsonify(tag='success', msg='add success.')
except:
return jsonify(tag='danger', msg='unknown error. Try again later?')
else:
rules = CobraRules.query.all()
projects = CobraProjects.query.all()
data = {
'rules': rules,
'projects': projects,
}
return render_template('backend/whitelist/add_new_whitelist.html', data=data)
def add_new_rule():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == 'POST':
vc = ValidateClass(request, 'vul_type', 'language', 'regex', 'regex_confirm',
'description', 'repair', 'level')
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
rule = CobraRules(vc.vars.vul_type, vc.vars.language, vc.vars.regex, vc.vars.regex_confirm,
vc.vars.description, vc.vars.repair, 1, vc.vars.level, current_time, current_time)
try:
db.session.add(rule)
db.session.commit()
return jsonify(tag='success', msg='add success.')
except:
return jsonify(tag='danger', msg='add failed, try again later?')
else:
vul_type = CobraVuls.query.all()
languages = CobraLanguages.query.all()
data = {
'vul_type': vul_type,
'languages': languages
}
return render_template('backend/rule/add_new_rule.html', data=data)
def edit_project(project_id):
if request.method == "POST":
vc = ValidateClass(request, "project_id", "name", "repository", "author", "remark")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
project = CobraProjects.query.filter_by(id=project_id).first()
if not project:
return jsonify(tag='danger', msg='wrong project id.')
# update project data
project.name = vc.vars.name
project.author = vc.vars.author
project.remark = vc.vars.remark
project.repository = vc.vars.repository
project.updated_at = current_time
try:
db.session.add(project)
db.session.commit()
return jsonify(tag='success', msg='save success.')
except:
return jsonify(tag='danger', msg='Unknown error.')
else:
project = CobraProjects.query.filter_by(id=project_id).first()
return render_template('backend/project/edit_project.html', data={
'project': project
})
def add_whitelist():
if request.method == 'POST':
vc = ValidateClass(request, "project_id", "rule_id", "path", "reason")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
if vc.vars.path[0] != '/':
vc.vars.path = '/' + vc.vars.path
whitelist = CobraWhiteList(vc.vars.project_id, vc.vars.rule_id, vc.vars.path, vc.vars.reason,
1, current_time, current_time)
try:
db.session.add(whitelist)
db.session.commit()
return jsonify(tag='success', msg='add success.')
except:
return jsonify(tag='danger', msg='unknown error. Try again later?')
else:
rules = CobraRules.query.all()
projects = CobraProjects.query.all()
data = {
'rules': rules,
'projects': projects,
}
return render_template('backend/whitelist/add_new_whitelist.html', data=data)
def edit_vul(vul_id):
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == 'POST':
vc = ValidateClass(request, "name", "description", "repair")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
v = CobraVuls.query.filter_by(id=vul_id).first()
v.name = vc.args.name
v.description = vc.args.description
v.repair = vc.args.repair
try:
db.session.add(v)
db.session.commit()
return jsonify(tag='success', msg='save success.')
except:
return jsonify(tag='danger', msg='save failed. Try again later?')
else:
v = CobraVuls.query.filter_by(id=vul_id).first()
return render_template('backend/vul/edit_vul.html', data={
'vul': v,
})
def add_new_rule():
if request.method == 'POST':
vc = ValidateClass(request, 'vul_type', 'language', 'regex_location',
'regex_repair', 'repair_block', 'description',
'repair', 'level')
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = datetime.datetime.now()
rule = CobraRules(vul_id=vc.vars.vul_type,
language=vc.vars.language,
regex_location=vc.vars.regex_location,
regex_repair=vc.vars.regex_repair,
block_repair=vc.vars.repair_block,
description=vc.vars.description,
repair=vc.vars.repair,
status=1,
level=vc.vars.level,
created_at=current_time,
updated_at=current_time)
try:
db.session.add(rule)
db.session.commit()
return jsonify(tag='success', msg='add success.')
except Exception as e:
return jsonify(tag='danger',
msg='add failed, try again later?' + e.message)
else:
vul_type = CobraVuls.query.all()
languages = CobraLanguages.query.all()
data = {'vul_type': vul_type, 'languages': languages}
return render_template('backend/rule/add_new_rule.html', data=data)
def index():
if ValidateClass.check_login():
return redirect(ADMIN_URL + '/main')
if request.method == "POST":
vc = ValidateClass(request, 'username', 'password')
ret, msg = vc.check_args()
if not ret:
return msg
au = CobraAdminUser.query.filter_by(username=vc.vars.username).first()
if not au or not au.verify_password(vc.vars.password):
# login failed.
return "Wrong username or password."
else:
# login success.
session['role'] = au.role
session['username'] = escape(au.username)
session['is_login'] = True
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
au.last_login_time = current_time
au.last_login_ip = request.remote_addr
db.session.add(au)
db.session.commit()
return "Login success, jumping...<br /><script>window.setTimeout(\"location='main'\", 1000);</script>"
else:
return render_template("backend/index/index.html")
def add_white_list():
if request.method == 'POST':
vc = ValidateClass(request, "project", "rule", "path", "reason",
'status')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
if vc.vars.path[0] != '/':
vc.vars.path = '/' + vc.vars.path
whitelist = CobraWhiteList(vc.vars.project, vc.vars.rule, vc.vars.path,
vc.vars.reason, vc.vars.status,
current_time, current_time)
try:
db.session.add(whitelist)
db.session.commit()
return jsonify(code=1001, message='add success.')
except:
return jsonify(code=4001,
message='unknown error. Try again later?')
else:
rules = CobraRules.query.all()
projects = CobraProjects.query.all()
data = {
'title': 'Create white-list',
'type': 'create',
'rules': rules,
'projects': projects,
'whitelist': dict()
}
return render_template('backend/white-list/edit.html', data=data)
def add_new_rule():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == 'POST':
vc = ValidateClass(request, 'vul_type', 'language', 'regex',
'regex_confirm', 'description', 'repair', 'level')
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
block_repair = 1
rule = CobraRules(vc.vars.vul_type, vc.vars.language, vc.vars.regex,
vc.vars.regex_confirm, block_repair,
vc.vars.description, vc.vars.repair, 1,
vc.vars.level, current_time, current_time)
try:
db.session.add(rule)
db.session.commit()
return jsonify(tag='success', msg='add success.')
except:
return jsonify(tag='danger', msg='add failed, try again later?')
else:
vul_type = CobraVuls.query.all()
languages = CobraLanguages.query.all()
data = {'vul_type': vul_type, 'languages': languages}
return render_template('backend/rule/add_new_rule.html', data=data)
def del_rule():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
vc = ValidateClass(request, "rule_id")
vc.check_args()
vul_id = vc.vars.rule_id
if vul_id:
r = CobraRules.query.filter_by(id=vul_id).first()
try:
db.session.delete(r)
db.session.commit()
return jsonify(tag='success', msg='delete success.')
except:
return jsonify(tag='danger', msg='delete failed. Try again later?')
else:
return jsonify(tag='danger', msg='wrong id')
def delete_white_list():
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
whitelist = CobraWhiteList.query.filter_by(id=vc.vars.id).first()
try:
db.session.delete(whitelist)
db.session.commit()
return jsonify(code=1001, message='delete success.')
except:
return jsonify(code=4002, message='unknown error.')
def search_rules():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == 'POST':
vc = ValidateClass(request, "language", "vul")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
rules = None
if vc.vars.language == 'all' and vc.vars.vul == 'all':
rules = CobraRules.query.all()
elif vc.vars.language == 'all' and vc.vars.vul != 'all':
rules = CobraRules.query.filter_by(vul_id=vc.vars.vul).all()
elif vc.vars.language != 'all' and vc.vars.vul == 'all':
rules = CobraRules.query.filter_by(language=vc.vars.language).all()
elif vc.vars.language != 'all' and vc.vars.vul != 'all':
rules = CobraRules.query.filter_by(language=vc.vars.language,
vul_id=vc.vars.vul).all()
else:
return 'error!'
cobra_vuls = CobraVuls.query.all()
cobra_lang = CobraLanguages.query.all()
all_vuls = {}
all_language = {}
for vul in cobra_vuls:
all_vuls[vul.id] = vul.name
for lang in cobra_lang:
all_language[lang.id] = lang.language
# replace id with real name
for rule in rules:
try:
rule.vul_id = all_vuls[rule.vul_id]
except KeyError:
rule.vul_id = 'Unknown Type'
try:
rule.language = all_language[rule.language]
except KeyError:
rule.language = 'Unknown Language'
data = {
'rules': rules,
}
return render_template('backend/rule/rules.html', data=data)
def search_rules():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == 'POST':
vc = ValidateClass(request, "language", "vul")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
rules = None
if vc.vars.language == 'all' and vc.vars.vul == 'all':
rules = CobraRules.query.all()
elif vc.vars.language == 'all' and vc.vars.vul != 'all':
rules = CobraRules.query.filter_by(vul_id=vc.vars.vul).all()
elif vc.vars.language != 'all' and vc.vars.vul == 'all':
rules = CobraRules.query.filter_by(language=vc.vars.language).all()
elif vc.vars.language != 'all' and vc.vars.vul != 'all':
rules = CobraRules.query.filter_by(language=vc.vars.language, vul_id=vc.vars.vul).all()
else:
return 'error!'
cobra_vuls = CobraVuls.query.all()
cobra_lang = CobraLanguages.query.all()
all_vuls = {}
all_language = {}
for vul in cobra_vuls:
all_vuls[vul.id] = vul.name
for lang in cobra_lang:
all_language[lang.id] = lang.language
# replace id with real name
for rule in rules:
try:
rule.vul_id = all_vuls[rule.vul_id]
except KeyError:
rule.vul_id = 'Unknown Type'
try:
rule.language = all_language[rule.language]
except KeyError:
rule.language = 'Unknown Language'
data = {
'rules': rules,
}
return render_template('backend/rule/rules.html', data=data)
def del_task():
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
task = CobraTaskInfo.query.filter_by(id=vc.vars.id).first()
try:
db.session.delete(task)
db.session.commit()
return jsonify(tag='success', msg='delete success.')
except SQLAlchemyError as e:
print(e)
return jsonify(tag='danger', msg='unknown error.')
def del_whitelist():
vc = ValidateClass(request, "whitelist_id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
whitelist = CobraWhiteList.query.filter_by(id=vc.vars.whitelist_id).first()
try:
db.session.delete(whitelist)
db.session.commit()
return jsonify(tag='success', msg='delete success.')
except:
return jsonify(tag='danger', msg='unknown error.')
def del_vul():
vc = ValidateClass(request, "vul_id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
if vc.vars.vul_id:
v = CobraVuls.query.filter_by(id=vc.vars.vul_id).first()
try:
db.session.delete(v)
db.session.commit()
return jsonify(tag='success', msg='delete success.')
except:
return jsonify(tag='danger', msg='delete failed. Try again later?')
else:
return jsonify(tag='danger', msg='wrong id')
def del_task():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
task = CobraTaskInfo.query.filter_by(id=vc.vars.task_id).first()
try:
db.session.delete(task)
db.session.commit()
return jsonify(tag='success', msg='delete success.')
except:
return jsonify(tag='danger', msg='unknown error.')
def del_language():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + "/index")
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
l = CobraLanguages.query.filter_by(id=vc.vars.id).first()
try:
db.session.delete(l)
db.session.commit()
return jsonify(tag="success", msg="delete success.")
except:
return jsonify(tag="danger", msg="delete failed.")
def delete_vulnerability():
vc = ValidateClass(request, 'vid')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
from app.models import CobraResults
try:
vulnerability_ret = CobraResults.query.filter(
CobraResults.id == vc.vars.vid).delete()
if vulnerability_ret is not None:
db.session.commit()
return jsonify(code=1001, message='Deleted success!')
else:
return jsonify(code=4001, message='Not exist this vulnerability')
except:
return jsonify(code=4002, message="delete failed")
def del_language():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + "/index")
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
l = CobraLanguages.query.filter_by(id=vc.vars.id).first()
try:
db.session.delete(l)
db.session.commit()
return jsonify(tag="success", msg="delete success.")
except:
return jsonify(tag="danger", msg="delete failed.")
def edit_rule(rule_id):
if request.method == 'POST':
vc = ValidateClass(request, "vul_type", "language", "regex_location",
"repair_block", "description", "rule_id", "repair",
'verify', "author", "status", "level")
ret, msg = vc.check_args()
regex_repair = request.form.get("regex_repair", "")
if not ret:
return jsonify(code=4004, message=msg)
r = CobraRules.query.filter_by(id=rule_id).first()
r.vul_id = vc.vars.vul_type
r.language = vc.vars.language
r.block_repair = vc.vars.repair_block
r.regex_location = vc.vars.regex_location
r.regex_repair = regex_repair
r.description = vc.vars.description
r.repair = vc.vars.repair
r.verify = vc.vars.verify
r.author = vc.vars.author
r.status = vc.vars.status
r.level = vc.vars.level
r.updated_at = datetime.datetime.now()
try:
db.session.add(r)
db.session.commit()
return jsonify(code=1001, message='success')
except SQLAlchemyError:
return jsonify(code=4004, message='save failed. Try again later?')
else:
r = CobraRules.query.filter_by(id=rule_id).first()
vul_type = CobraVuls.query.all()
languages = CobraLanguages.query.all()
return render_template('backend/rule/edit.html',
data={
'type': 'edit',
'title': 'Edit rule',
'id': r.id,
'rule': r,
'all_vuls': vul_type,
'all_lang': languages,
})
def add_new_vul():
if request.method == 'POST':
vc = ValidateClass(request, "name", "description", "repair", "third_v_id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
vul = CobraVuls(vc.vars.name, vc.vars.description, vc.vars.repair, current_time, current_time)
try:
db.session.add(vul)
db.session.commit()
return jsonify(tag='success', msg='Add Success.')
except:
return jsonify(tag='danger', msg='Add failed. Please try again later.')
else:
return render_template('backend/vul/add_new_vul.html')
def del_project():
if request.method == 'POST':
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
project_id = vc.vars.id
project = CobraProjects.query.filter_by(id=project_id).first()
try:
db.session.delete(project)
db.session.commit()
return jsonify(tag='success', msg='delete success.')
except:
return jsonify(tag='danger', msg='unknown error. please try later?')
else:
return 'Method error!'
def add_project():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == "POST":
vc = ValidateClass(request, "name", "repository", "url", "author", "pe", "remark")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
project = CobraProjects(vc.vars.repository, vc.vars.url, vc.vars.name, vc.vars.author, '', vc.vars.pe, vc.vars.remark, current_time)
try:
db.session.add(project)
db.session.commit()
return jsonify(tag='success', msg='save success.')
except:
return jsonify(tag='danger', msg='Unknown error.')
else:
return render_template('backend/project/add_project.html', data={})
def del_vul():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + "/index")
vc = ValidateClass(request, "vul_id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
if vc.vars.vul_id:
v = CobraVuls.query.filter_by(id=vc.vars.vul_id).first()
try:
db.session.delete(v)
db.session.commit()
return jsonify(tag="success", msg="delete success.")
except:
return jsonify(tag="danger", msg="delete failed. Try again later?")
else:
return jsonify(tag="danger", msg="wrong id")
def add_new_rule():
if request.method == 'POST':
vc = ValidateClass(request, 'vul_type', 'language', 'regex_location', 'repair_block',
'description', 'repair', 'verify', 'author', 'level', 'status')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4004, message=msg)
current_time = datetime.datetime.now()
rule = CobraRules(
vul_id=vc.vars.vul_type,
language=vc.vars.language,
regex_location=vc.vars.regex_location,
regex_repair=request.form.get("regex_repair", ""),
block_repair=vc.vars.repair_block,
description=vc.vars.description,
repair=vc.vars.repair,
verify=vc.vars.verify,
author=vc.vars.author,
status=vc.vars.status,
level=vc.vars.level,
created_at=current_time,
updated_at=current_time
)
try:
db.session.add(rule)
db.session.commit()
return jsonify(code=1001, message='add success.')
except Exception as e:
return jsonify(code=1004, message='add failed, try again later?' + e.message)
else:
vul_type = CobraVuls.query.all()
languages = CobraLanguages.query.all()
data = {
'type': 'add',
'title': 'Create rule',
'all_vuls': vul_type,
'all_lang': languages,
'rule': dict()
}
return render_template('backend/rule/edit.html', data=data)
def add_new_language():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == "POST":
vc = ValidateClass(request, "language", "extensions")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
l = CobraLanguages(vc.vars.language, vc.vars.extensions)
try:
db.session.add(l)
db.session.commit()
return jsonify(tag="success", msg="add success")
except:
return jsonify(tag="danger", msg="try again later?")
else:
return render_template("backend/language/add_new_language.html")
def add_new_language():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == "POST":
vc = ValidateClass(request, "language", "extensions")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
l = CobraLanguages(vc.vars.language, vc.vars.extensions)
try:
db.session.add(l)
db.session.commit()
return jsonify(tag="success", msg="add success")
except:
return jsonify(tag="danger", msg="try again later?")
else:
return render_template("backend/language/add_new_language.html")
def edit_rule(rule_id):
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == 'POST':
vc = ValidateClass(request, "vul_type", "language", "regex",
"regex_confirm", "description", "rule_id", "repair",
"status", "level")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
r = CobraRules.query.filter_by(id=rule_id).first()
r.vul_id = vc.vars.vul_type
r.language = vc.vars.language
r.regex = vc.vars.regex
r.regex_confirm = vc.vars.regex_confirm
r.description = vc.vars.description
r.repair = vc.vars.repair
r.status = vc.vars.status
r.level = vc.vars.level
r.updated_at = time.strftime('%Y-%m-%d %X', time.localtime())
try:
db.session.add(r)
db.session.commit()
return jsonify(tag='success', msg='save success.')
except:
return jsonify(tag='danger', msg='save failed. Try again later?')
else:
r = CobraRules.query.filter_by(id=rule_id).first()
vul_type = CobraVuls.query.all()
languages = CobraLanguages.query.all()
return render_template('backend/rule/edit_rule.html',
data={
'rule': r,
'all_vuls': vul_type,
'all_lang': languages,
})
def add_new_vul():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + "/index")
if request.method == "POST":
vc = ValidateClass(request, "name", "description", "repair")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
current_time = time.strftime("%Y-%m-%d %X", time.localtime())
vul = CobraVuls(vc.vars.name, vc.vars.description, vc.vars.repair, current_time, current_time)
try:
db.session.add(vul)
db.session.commit()
return jsonify(tag="success", msg="Add Success.")
except:
return jsonify(tag="danger", msg="Add failed. Please try again later.")
else:
return render_template("backend/vul/add_new_vul.html")
def edit_rule(rule_id):
if request.method == 'POST':
vc = ValidateClass(request, "vul_type", "language", "regex_location",
"regex_repair", "block_repair", "description",
"rule_id", "repair", "status", "level")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
r = CobraRules.query.filter_by(id=rule_id).first()
r.vul_id = vc.vars.vul_type
r.language = vc.vars.language
r.block_repair = vc.vars.block_repair
r.regex_location = vc.vars.regex_location
r.regex_repair = vc.vars.regex_repair
r.description = vc.vars.description
r.repair = vc.vars.repair
r.status = vc.vars.status
r.level = vc.vars.level
r.updated_at = datetime.datetime.now()
try:
db.session.add(r)
db.session.commit()
return jsonify(tag='success', msg='save success.')
except SQLAlchemyError:
return jsonify(tag='danger', msg='save failed. Try again later?')
else:
r = CobraRules.query.filter_by(id=rule_id).first()
vul_type = CobraVuls.query.all()
languages = CobraLanguages.query.all()
return render_template('backend/rule/edit_rule.html',
data={
'rule': r,
'all_vuls': vul_type,
'all_lang': languages,
})
def del_project():
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == 'POST':
vc = ValidateClass(request, "id")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
project_id = vc.vars.id
project = CobraProjects.query.filter_by(id=project_id).first()
try:
db.session.delete(project)
db.session.commit()
return jsonify(tag='success', msg='delete success.')
except:
return jsonify(tag='danger', msg='unknown error. please try later?')
else:
return 'Method error!'
def edit_whitelist(whitelist_id):
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == 'POST':
vc = ValidateClass(request, "whitelist_id", "project", "rule", "path", "reason", "status")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
whitelist = CobraWhiteList.query.filter_by(id=whitelist_id).first()
if not whitelist:
return jsonify(tag='danger', msg='wrong whitelist')
whitelist.project_id = vc.vars.project_id
whitelist.rule_id = vc.vars.rule_id
whitelist.path = vc.vars.path
whitelist.reason = vc.vars.reason
whitelist.status = vc.vars.status
try:
db.session.add(whitelist)
db.session.commit()
return jsonify(tag='success', msg='update success.')
except:
return jsonify(tag='danger', msg='unknown error.')
else:
rules = CobraRules.query.all()
projects = CobraProjects.query.all()
whitelist = CobraWhiteList.query.filter_by(id=whitelist_id).first()
data = {
'rules': rules,
'projects': projects,
'whitelist': whitelist,
}
return render_template('backend/whitelist/edit_whitelist.html', data=data)
def edit_white_list(wid):
if request.method == 'POST':
vc = ValidateClass(request, "project", "rule", "path", "reason",
"status")
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4001, message=msg)
white_list = CobraWhiteList.query.filter_by(id=wid).first()
if not white_list:
return jsonify(code=4001, message='wrong white-list')
white_list.project_id = vc.vars.project
white_list.rule_id = vc.vars.rule
white_list.path = vc.vars.path
white_list.reason = vc.vars.reason
white_list.status = vc.vars.status
white_list.updated_at = datetime.datetime.now()
try:
db.session.add(white_list)
db.session.commit()
return jsonify(code=1001, message='update success.')
except:
return jsonify(code=4001, message='unknown error.')
else:
rules = CobraRules.query.all()
projects = CobraProjects.query.all()
white_list = CobraWhiteList.query.filter_by(id=wid).first()
data = {
'title': 'Edit white-list',
'type': 'edit',
'rules': rules,
'projects': projects,
'whitelist': white_list,
'id': wid
}
return render_template('backend/white-list/edit.html', data=data)
def edit_project(project_id):
if request.method == "POST":
vc = ValidateClass(request, "id", "name", "repository", "url",
"author", "pe", "remark", 'status')
ret, msg = vc.check_args()
if not ret:
return jsonify(code=4004, message=msg)
current_time = time.strftime('%Y-%m-%d %X', time.localtime())
project = CobraProjects.query.filter_by(id=project_id).first()
if not project:
return jsonify(code=4004, message='wrong project id.')
# update project data
project.name = vc.vars.name
project.author = vc.vars.author
project.pe = vc.vars.pe
project.remark = vc.vars.remark
project.status = vc.vars.status
project.url = vc.vars.url
project.repository = vc.vars.repository
project.updated_at = current_time
try:
db.session.add(project)
db.session.commit()
return jsonify(code=1001, message='save success.')
except:
return jsonify(code=4004, message='Unknown error.')
else:
project = CobraProjects.query.filter_by(id=project_id).first()
return render_template('backend/project/edit.html',
data={
'title': 'Edit project',
'type': 'edit',
'project': project,
'id': project_id
})
def edit_whitelist(whitelist_id):
if request.method == 'POST':
vc = ValidateClass(request, "whitelist_id", "project", "rule", "path",
"reason", "status")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
whitelist = CobraWhiteList.query.filter_by(id=whitelist_id).first()
if not whitelist:
return jsonify(tag='danger', msg='wrong whitelist')
whitelist.project_id = vc.vars.project_id
whitelist.rule_id = vc.vars.rule_id
whitelist.path = vc.vars.path
whitelist.reason = vc.vars.reason
whitelist.status = vc.vars.status
try:
db.session.add(whitelist)
db.session.commit()
return jsonify(tag='success', msg='update success.')
except:
return jsonify(tag='danger', msg='unknown error.')
else:
rules = CobraRules.query.all()
projects = CobraProjects.query.all()
whitelist = CobraWhiteList.query.filter_by(id=whitelist_id).first()
data = {
'rules': rules,
'projects': projects,
'whitelist': whitelist,
}
return render_template('backend/whitelist/edit_whitelist.html',
data=data)
def edit_rule(rule_id):
if not ValidateClass.check_login():
return redirect(ADMIN_URL + '/index')
if request.method == 'POST':
vc = ValidateClass(request, "vul_type", "language", "regex", "regex_confirm", "description", "rule_id",
"repair", "status", "level")
ret, msg = vc.check_args()
if not ret:
return jsonify(tag="danger", msg=msg)
r = CobraRules.query.filter_by(id=rule_id).first()
r.vul_id = vc.vars.vul_type
r.language = vc.vars.language
r.regex = vc.vars.regex
r.regex_confirm = vc.vars.regex_confirm
r.description = vc.vars.description
r.repair = vc.vars.repair
r.status = vc.vars.status
r.level = vc.vars.level
r.updated_at = time.strftime('%Y-%m-%d %X', time.localtime())
try:
db.session.add(r)
db.session.commit()
return jsonify(tag='success', msg='save success.')
except:
return jsonify(tag='danger', msg='save failed. Try again later?')
else:
r = CobraRules.query.filter_by(id=rule_id).first()
vul_type = CobraVuls.query.all()
languages = CobraLanguages.query.all()
return render_template('backend/rule/edit_rule.html', data={
'rule': r,
'all_vuls': vul_type,
'all_lang': languages,
})