示例#1
0
    def __init__(self, **kwargs):
        token = kwargs.get('token', None)
        self.logger = kwargs.get("logger", _logger)
        self.sonar_server = kwargs.get('sonar_server', None)
        self.http_timeout_retry = parse_int(kwargs.get('http_timeout_retry'),
                                            3)
        self.http_failed_retry = parse_int(kwargs.get('http_failed_retry'), 3)
        self.http_timeout = parse_int(kwargs.get('http_timeout'), 10)

        self.session = requests.Session()
        user_password = '******'.format(token, '')
        headers = {
            "Authorization":
            'Basic {0}'.format(
                base64.b64encode(
                    user_password.encode('utf-8')).decode("utf-8")),
        }

        self.session.headers.update(headers)
        if not self.sonar_server.endswith('/'):
            self.sonar_server = '{0}/'.format(self.sonar_server)

        if not self.__validate_authentication():
            msg = "The authentication failed. Please check if the token({0}) is correct.".format(
                token)
            raise SonarQubeAuthenticationFailed(msg)
示例#2
0
def create_app_obj(**kwargs):
    """

    :param kwargs:
    :return:
    """
    project_obj = kwargs.get('project_obj', None)
    repo_obj = kwargs.get('repo_obj', None)
    lang_obj = kwargs.get('lang_obj', None)
    module_name = kwargs.get('module_name', None)
    app_name = kwargs.get('app_name', None)
    version = kwargs.get('version', '')
    code_total = parse_int(kwargs.get('code_total', 0))
    size = parse_int(kwargs.get('size', 0))
    report_url = kwargs.get('report_url', '')
    ignore_count = parse_int(kwargs.get('ignore_count', 0))
    critical = parse_int(kwargs.get('critical', 0))
    high = parse_int(kwargs.get('high', 0))
    medium = parse_int(kwargs.get('medium', 0))
    low = parse_int(kwargs.get('low', 0))
    info = parse_int(kwargs.get('info', 0))
    status = kwargs.get('info', 1)

    if not all((
            project_obj,
            module_name,
            app_name,
    )):
        raise ParameterIsEmptyException(
            u'"project_obj, module_name, app_name" parameters cannot be empty !'
        )

    module_name = module_name.lower()

    close_old_connections()

    app = ApplicationInfo(
        project=project_obj,
        repo=repo_obj,
        lang=lang_obj,
        module_name=module_name.strip(),
        app_name=app_name.strip(),
        version=version,
        code_total=code_total,
        size=size,
        report_url=report_url,
        ignore_count=ignore_count,
        critical=critical,
        high=high,
        medium=medium,
        low=low,
        info=info,
        risk_scope=0,
        status=status,
    )
    app.save()
    return app
示例#3
0
def update_app_statistics(**kwargs):
    """

    :param kwargs:
    :return:
    """
    app_id = kwargs.get("app_id")
    critical = parse_int(kwargs.get("critical", 0))
    high = parse_int(kwargs.get("high", 0))
    medium = parse_int(kwargs.get("medium", 0))
    low = parse_int(kwargs.get("low", 0))
    info = parse_int(kwargs.get("info", 0))
    scope = kwargs.get("scope")

    return update_app_obj(
        app_id=app_id,
        critical=critical,
        high=high,
        medium=medium,
        low=low,
        info=info,
        scope=scope,
    )
示例#4
0
def update_app_obj(**kwargs):
    """

    :param kwargs:
    :return:
    """
    result = None
    app_id = kwargs.get('app_id', None)
    repo_obj = kwargs.get('repo_obj', None)
    lang_obj = kwargs.get('lang_obj', None)
    module_name = kwargs.get('module_name', None)
    app_name = kwargs.get('app_name', None)
    version = kwargs.get('version', '')
    code_total = kwargs.get('code_total', None)
    size = kwargs.get('size', None)
    report_url = kwargs.get('report_url', '')
    ignore_count = kwargs.get('ignore_count', None)
    critical = parse_int(kwargs.get("critical", 0))
    high = parse_int(kwargs.get("high", 0))
    medium = parse_int(kwargs.get("medium", 0))
    low = parse_int(kwargs.get("low", 0))
    info = parse_int(kwargs.get("info", 0))
    scope = kwargs.get('scope', 0)
    status = kwargs.get('status', None)
    last_scan_time = kwargs.get('last_scan_time', None)

    try:
        sql_where = {}

        if app_id:
            sql_where['id'] = int(app_id)
        if module_name:
            sql_where['module_name'] = module_name.lower().strip()

        if not sql_where:
            raise QueryConditionIsEmptyException(
                u'Missing "app_id, module_name" key parameters!')

        item = ApplicationInfo.objects.filter(**sql_where).first()
        if item:
            if repo_obj:
                item.repo = repo_obj
            if lang_obj:
                item.lang = lang_obj
            if app_name:
                item.app_name = app_name.strip()
            if version:
                item.version = version.strip()
            if code_total and code_total > 0:
                item.code_total = int(code_total)
            if size and size > 0:
                item.size = int(size) * 1024
            if report_url:
                item.report_url = report_url.strip()
            if ignore_count and ignore_count > 0:
                item.ignore_count = int(ignore_count)
            if critical and critical > 0:
                item.critical = int(critical)
            if high and high > 0:
                item.high = int(high)
            if medium and medium > 0:
                item.medium = int(medium)
            if low and low > 0:
                item.low = int(low)
            if info and info > 0:
                item.info = int(info)
            if scope:
                item.risk_scope = round(float(scope), 2)
            if last_scan_time:
                item.last_scan_time = last_scan_time
            if status:
                item.status = int(status)

            item.save()
            cache.set('{0}:{1}'.format(PROJECT_APP_CACHE[1], app_id), None, 0)
            cache.set('{0}:{1}'.format(PROJECT_APP_CACHE[4], app_id), None, 0)
            result = item
    except ApplicationInfo.DoesNotExist as ex:
        logger.warning(ex)
    return result
示例#5
0
    def post(self, request, task_id):
        """

        :param request:
        :param task_id:
        :return:
        """
        try:
            if 'application/json' not in request.content_type:
                raise Exception(
                    u'"Content-type" 格式必须为 json 格式, 当前格式: {0}'.format(
                        request.content_type))

            task = get_task_by_id(task_id)
            task_status = request.data.get("status", None)
            end_time = request.data.get("end_time", None)
            start_time = request.data.get("start_time", None)
            executor_ip = request.data.get("executor_ip")

            if not all((task, task_status)):
                raise SeeCodeMissingImportantParameters(
                    "Missing 'task_id, status' parameter.")

            if end_time:
                end_time = utc2local(end_time)
            else:
                end_time = datetime.datetime.now()
            if start_time:
                start_time = utc2local(start_time)
            else:
                end_time = datetime.datetime.now()

            task_status = parse_int(task_status)
            code, message = -1, '更新失败'

            if task_status == 1:  # failed
                msg = request.data.get("msg", '')
                is_ok = update_task_failed(task_id=task.id,
                                           title='扫描任务失败',
                                           reason=msg,
                                           end_time=end_time)
                if is_ok:
                    code, message = 1, '更新成功'

            elif task_status == 3:  # init
                log_path = request.data.get("log_path", '')
                scan_template = request.data.get("scan_template", '')
                scan_template_version = request.data.get(
                    "scan_template_version", '')
                is_ok = update_task_scan_init(
                    task_id=task.id,
                    executor_ip=executor_ip,
                    scan_template=scan_template,
                    scan_template_version=scan_template_version,
                    start_time=start_time,
                    title='开始初始化扫描任务',
                    reason='',
                    log_path=log_path,
                )
                if is_ok:
                    code, message = 1, '更新成功'

            elif task_status == 4:  # component
                commit_hash = request.data.get("commit_hash")
                title = request.data.get("title", '开始同步项目代码')
                is_ok = update_task_scan_component(
                    task_id=task.id,
                    executor_ip=executor_ip,
                    commit_hash=commit_hash,
                    title=title,
                    reason='',
                )
                if is_ok:
                    code, message = 1, '更新成功'

            elif task_status == 5:  # start
                is_ok = update_task_start(
                    task_id=task.id,
                    executor_ip=executor_ip,
                    title='开始扫描代码',
                    reason='',
                )
                if is_ok:
                    code, message = 1, '更新成功'

            elif task_status == 6:  # success
                statistics = request.data.get("statistics", None)
                msg = request.data.get("msg")
                is_ok = update_task_success(
                    task_id=task.id,
                    executor_ip=executor_ip,
                    end_time=end_time,
                    title=msg,
                )
                try:
                    if statistics:
                        critical = statistics['critical'] or 0
                        high = statistics['high'] or 0
                        medium = statistics['medium'] or 0
                        low = statistics['low'] or 0
                        info = statistics['info'] or 0
                        scope = statistics['scope'] or 0
                        update_task_statistics(
                            task_id=task_id,
                            critical=critical,
                            high=high,
                            medium=medium,
                            low=low,
                            info=info,
                            scope=scope,
                        )
                except Exception as ex:
                    pass
                if is_ok:
                    code, message = 1, '更新成功'

            elif task_status == 7:  # message
                title = request.data.get("title", '')
                reason = request.data.get("reason", '')
                level = request.data.get("level", '')
                is_ok = update_task_title(
                    task_id=task.id,
                    title=title,
                    reason=reason,
                    level=level,
                )
                if is_ok:
                    code, message = 1, '更新成功'

            else:
                raise Exception("Parameter 'status' is out of range.")

            return JsonResponse(data={'task_id': task.id},
                                desc=message,
                                status=status.HTTP_200_OK,
                                code=code)
        except Exception as ex:
            import traceback
            traceback.print_exc()
            return JsonResponse(desc=str(ex),
                                code=status.HTTP_400_BAD_REQUEST,
                                status=status.HTTP_200_OK)