def modify_vuln_info(request, vuln_id): vuln_info = vulnerability_info.objects.get(vuln_id=vuln_id) soft_folder = vuln_info.cve_info.vuln_soft.sourcecodepath if request.method == "GET": vuln_info.vuln_file = vuln_info.vuln_file[len(soft_folder):] return render_to_response("modify_vuln_infos.html", RequestContext(request,{'vuln_info':vuln_info})) else: vuln_file = request.POST.get("vuln_file") vuln_func = request.POST.get("vuln_func") if os.path.isfile(os.path.join(soft_folder, vuln_file)): vuln_file = os.path.join(soft_folder, vuln_file) else: files = get_vuln_file(os.path.basename(vuln_file), soft_folder) if len(files) == 1: vuln_file = files[0] else: return HttpResponse("输入信息不正确") lines = open(vuln_file, "r").readlines() start, end = getFuncFromSrc(lines, vuln_func) if start < 0: return HttpResponse("找不到该函数") else: vuln_type=request.POST.get("vuln_type") vuln_info.vuln_file = vuln_file vuln_info.vuln_func = vuln_func vuln_info.vuln_type = vuln_type vuln_info.save() return HttpResponse("修改成功")
def import_vuln_info(request): if request.method == "GET": vuln_info = vuln_info_class() return render_to_response("import_vuln.html",\ RequestContext(request, {'vuln_info':vuln_info})) else: vuln_info = vuln_info_class(request.POST) if vuln_info.is_valid(): _id = int(request.POST['cve_id']) cve_info = cve_infos.objects.get(info_id = _id) #检测漏洞文件位置 vuln_file = "" if os.path.isfile(os.path.join(cve_info.vuln_soft.sourcecodepath, vuln_info.cleaned_data['vuln_func_file'].strip())): #轻松找到 vuln_file = os.path.join(cve_info.vuln_soft.sourcecodepath, vuln_info.cleaned_data['vuln_func_file'].strip()) else: #尝试搜索 files = get_vuln_file(os.path.basename(vuln_info.cleaned_data['vuln_func_file'].strip()), cve_info.vuln_soft.sourcecodepath) #未搜索到 if len(files) == 0: return render_to_response("import_vuln.html", RequestContext(request,{'vuln_info':vuln_info, 'no_file_found':True})) #成功搜索到 elif len(files) == 1: vuln_file = files[0] #搜索到多个重名文件, elif len(files) > 1: return render_to_response("import_vuln.html", RequestContext(request,{'vuln_info':vuln_info, 'multi_file_found':True})) #允许函数名字段为空,填写的为None if vuln_info.cleaned_data['vuln_func'].strip() == "None": try: obj = vulnerability_info.objects.get(cve_info=cve_info, vuln_func="None", vuln_file=vuln_file) return render_to_response("import_vuln.html", RequestContext(request,{'vuln_info':vuln_info, 'already':True})) except vulnerability_info.DoesNotExist: info = vulnerability_info(cve_info = cve_info, vuln_file = vuln_file, vuln_func = "None", vuln_type = vuln_info.cleaned_data['vuln_type'].strip(), user = request.user) info.save() return HttpResponse(u"录入成功,感谢" + request.user.username + u"对本平台的贡献" ) try: obj = vulnerability_info.objects.get(cve_info=cve_info, vuln_func = vuln_info.cleaned_data['vuln_func'].strip()) return render_to_response("import_vuln.html", RequestContext(request,{'vuln_info':vuln_info, 'already':True})) except vulnerability_info.DoesNotExist: #检测该文件中是否有对应函数 line_contents = open(vuln_file, 'r').readlines() start, end = getFuncFromSrc(line_contents, vuln_info.cleaned_data['vuln_func']) if start == -1: return render_to_response("import_vuln.html", RequestContext(request,{'vuln_info':vuln_info, 'no_func_found':True})) else: info = vulnerability_info(cve_info = cve_info, vuln_func = vuln_info.cleaned_data['vuln_func'].strip(), vuln_file = vuln_file, vuln_type = vuln_info.cleaned_data['vuln_type'].strip(), user = request.user) info.save() return HttpResponse(u"录入成功,感谢" + request.user.username + u"对本平台的贡献" ) else: return render_to_response("import_vuln.html", RequestContext(request,{'vuln_info':vuln_info}))