def language_create(): if request.method == 'POST': vc = ValidateClass(request, "language", "extensions") ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) exist = CobraLanguages.query.filter( CobraLanguages.language == vc.vars.language).first() if exist is not None: return jsonify(code=4001, message='The language exist') l = CobraLanguages(vc.vars.language, vc.vars.extensions) try: db.session.add(l) db.session.commit() return jsonify(code=1001, message='add success.') except: return jsonify(code=4001, message='unknown error. Try again later?') else: data = { 'title': 'Create language', 'type': 'create', 'language': dict() } return render_template('backend/language/edit.html', data=data)
def create_framework_rule(fid): if request.method == 'POST': vc = ValidateClass(request, 'status', 'path', 'content') ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) item = CobraWebFrameRules(frame_id=fid, path_rule=vc.vars.path, content_rule=vc.vars.content, status=vc.vars.status) try: db.session.add(item) db.session.commit() return jsonify(code=1001, message='add success.') except: return jsonify(code=4001, message='unknown error. Try again later?') else: data = { 'title': 'Create framework rule', 'type': 'create', 'framework_rule': dict(), 'fid': fid } return render_template('backend/framework/edit_rule.html', data=data)
def del_rule(): vc = ValidateClass(request, "id") vc.check_args() rule_id = vc.vars.id if rule_id: # 检查该条rule是否存在result和task的依赖 result = db.session.query( CobraResults.task_id ).filter(CobraResults.rule_id == rule_id).group_by(CobraResults.task_id).all() if len(result): # 存在依赖 task_rely = "" for res in result: task_rely += str(res.task_id) + "," task_rely = task_rely.strip(",") message = "Delete failed. Please check and delete the task rely on this rule first.<br />" message += "<strong>Rely Tasks: </strong>" + task_rely return jsonify(code=1004, message=message) r = CobraRules.query.filter_by(id=rule_id).first() try: db.session.delete(r) db.session.commit() return jsonify(code=1001, message='delete success.') except SQLAlchemyError: return jsonify(code=1004, message='delete failed. Try again later?') else: return jsonify(code=1004, message='wrong id')
def framework_edit(id): if request.method == 'POST': vc = ValidateClass(request, "name", "description") ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) item = CobraWebFrame.query.filter_by(id=id).first() if not item: return jsonify(code=4001, message='wrong white-list') item.frame_name = vc.vars.name item.description = vc.vars.description try: db.session.add(item) db.session.commit() return jsonify(code=1001, message='update success.') except: return jsonify(code=4001, message='unknown error.') else: framework = CobraWebFrame.query.filter_by(id=id).first() data = { 'title': 'Edit framework', 'type': 'edit', 'framework': framework, 'id': id } return render_template('backend/framework/edit.html', data=data)
def edit_framework_rule(fid, id): if request.method == 'POST': vc = ValidateClass(request, 'path', 'content', 'status') ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) item = CobraWebFrameRules.query.filter_by(id=id, frame_id=fid).first() if not item: return jsonify(code=4001, message='wrong white-list') item.path_rule = vc.vars.path item.content_rule = vc.vars.content item.status = vc.vars.status try: db.session.add(item) db.session.commit() return jsonify(code=1001, message='update success.') except: return jsonify(code=4001, message='unknown error.') else: framework_rule = CobraWebFrameRules.query.filter_by(id=id, frame_id=fid).first() data = { 'title': 'Edit framework rule', 'type': 'edit', 'framework_rule': framework_rule, 'id': id, 'fid': fid } return render_template('backend/framework/edit_rule.html', data=data)
def add_white_list(): if request.method == 'POST': vc = ValidateClass(request, "project", "rule", "path", "reason", 'status') ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) current_time = time.strftime('%Y-%m-%d %X', time.localtime()) if vc.vars.path[0] != '/': vc.vars.path = '/' + vc.vars.path whitelist = CobraWhiteList(vc.vars.project, vc.vars.rule, vc.vars.path, vc.vars.reason, vc.vars.status, current_time, current_time) try: db.session.add(whitelist) db.session.commit() return jsonify(code=1001, message='add success.') except: return jsonify(code=4001, message='unknown error. Try again later?') else: rules = CobraRules.query.all() projects = CobraProjects.query.all() data = { 'title': 'Create white-list', 'type': 'create', 'rules': rules, 'projects': projects, 'whitelist': dict() } return render_template('backend/white-list/edit.html', data=data)
def index(): if ValidateClass.check_login(): return redirect(ADMIN_URL + '/overview') if request.method == "POST": vc = ValidateClass(request, 'username', 'password') ret, msg = vc.check_args() if not ret: return msg au = CobraAdminUser.query.filter_by(username=vc.vars.username).first() if not au or not au.verify_password(vc.vars.password): # login failed. return "Wrong username or password." else: # login success. session['role'] = au.role session['username'] = escape(au.username) session['is_login'] = True current_time = time.strftime('%Y-%m-%d %X', time.localtime()) au.last_login_time = current_time au.last_login_ip = request.remote_addr db.session.add(au) db.session.commit() return "Login success, jumping...<br /><script>window.setTimeout(\"location='overview'\", 1000);</script>" else: return render_template("backend/index/index.html")
def edit_vul(vul_id): if request.method == 'POST': vc = ValidateClass(request, "name", "description", "repair", "third_v_id") ret, msg = vc.check_args() if not ret: return jsonify(tag="danger", msg=msg) v = CobraVuls.query.filter_by(id=vul_id).first() v.name = vc.vars.name v.description = vc.vars.description v.repair = vc.vars.repair v.third_v_id = vc.vars.third_v_id try: db.session.add(v) db.session.commit() return jsonify(tag='success', msg='save success.') except: return jsonify(tag='danger', msg='save failed. Try again later?') else: v = CobraVuls.query.filter_by(id=vul_id).first() return render_template('backend/vul/edit_vul.html', data={ 'vul': v, })
def test_rule(): vc = ValidateClass(request, 'rid', 'pid') ret, msg = vc.check_args() if not ret: return jsonify(code=4004, message=msg) # all projects if int(vc.vars.pid) == 0: project_directory = os.path.join(config.Config('upload', 'directory').value, 'versions') else: project = CobraProjects.query.filter(CobraProjects.id == vc.vars.pid).first() if 'gitlab' in project.repository or 'github' in project.repository: username = config.Config('git', 'username').value password = config.Config('git', 'password').value gg = git.Git(project.repository, branch='master', username=username, password=password) try: clone_ret, clone_err = gg.clone() if clone_ret is False: return jsonify(code=4001, message='Clone Failed ({0})'.format(clone_err)) except GitError: return jsonify(code=4001, message='Exception') project_directory = gg.repo_directory else: project_directory = project.repository data = static.Static(project_directory, project_id=vc.vars.pid, rule_id=vc.vars.rid).analyse(test=True) data = '\r\n'.join(data) return jsonify(code=1001, message=data)
def language_edit(id): if request.method == 'POST': vc = ValidateClass(request, "language", "extensions") ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) item = CobraLanguages.query.filter_by(id=id).first() if not item: return jsonify(code=4001, message='wrong white-list') item.language = vc.vars.language item.extensions = vc.vars.extensions try: db.session.add(item) db.session.commit() return jsonify(code=1001, message='update success.') except: return jsonify(code=4001, message='unknown error.') else: language = CobraLanguages.query.filter_by(id=id).first() data = { 'title': 'Edit language', 'type': 'edit', 'language': language, 'id': id } return render_template('backend/language/edit.html', data=data)
def vulnerability_create(): if request.method == 'POST': vc = ValidateClass(request, "name", "description", "repair", "third_v_id") ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) current_time = time.strftime('%Y-%m-%d %X', time.localtime()) vul = CobraVuls(vc.vars.name, vc.vars.description, vc.vars.repair, vc.vars.third_v_id, current_time, current_time) try: db.session.add(vul) db.session.commit() return jsonify(code=1001, message='add success.') except: return jsonify(code=4001, message='unknown error. Try again later?') else: data = { 'title': 'Create vulnerability', 'type': 'create', 'vulnerability': dict() } return render_template('backend/vulnerability/edit.html', data=data)
def vulnerability_edit(vid): if request.method == 'POST': vc = ValidateClass(request, "name", "description", "repair", "third_v_id") ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) v = CobraVuls.query.filter_by(id=vid).first() if not v: return jsonify(code=4001, message='wrong white-list') v.name = vc.vars.name v.description = vc.vars.description v.repair = vc.vars.repair v.third_v_id = vc.vars.third_v_id try: db.session.add(v) db.session.commit() return jsonify(code=1001, message='update success.') except: return jsonify(code=4001, message='unknown error.') else: vulnerability = CobraVuls.query.filter_by(id=vid).first() data = { 'title': 'Edit vulnerability', 'type': 'edit', 'vulnerability': vulnerability, 'id': vid } return render_template('backend/vulnerability/edit.html', data=data)
def edit_language(language_id): if not ValidateClass.check_login(): return redirect(ADMIN_URL + "/index") if request.method == "POST": vc = ValidateClass(request, "language", "extensions") ret, msg = vc.check_args() if not ret: return jsonify(tag="danger", msg=msg) l = CobraLanguages.query.filter_by(id=language_id).first() try: l.language = vc.vars.language l.extensions = vc.vars.extensions db.session.add(l) db.session.commit() return jsonify(tag="success", msg="update success.") except: return jsonify(tag="danger", msg="try again later?") else: l = CobraLanguages.query.filter_by(id=language_id).first() data = { 'language': l, } return render_template("backend/language/edit_language.html", data=data)
def edit_framework_rule(fid, id): if request.method == 'POST': vc = ValidateClass(request, 'path', 'content', 'status') ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) item = CobraWebFrameRules.query.filter_by(id=id, frame_id=fid).first() if not item: return jsonify(code=4001, message='wrong white-list') item.path_rule = vc.vars.path item.content_rule = vc.vars.content item.status = vc.vars.status try: db.session.add(item) db.session.commit() return jsonify(code=1001, message='update success.') except: return jsonify(code=4001, message='unknown error.') else: framework_rule = CobraWebFrameRules.query.filter_by( id=id, frame_id=fid).first() data = { 'title': 'Edit framework rule', 'type': 'edit', 'framework_rule': framework_rule, 'id': id, 'fid': fid } return render_template('backend/framework/edit_rule.html', data=data)
def delete_framework_rule(fid): vc = ValidateClass(request, "id") ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) v = CobraWebFrameRules.query.filter_by(id=vc.vars.id, frame_id=fid).first() try: db.session.delete(v) db.session.commit() return jsonify(code=1001, message='delete success.') except: return jsonify(code=4002, message='unknown error.')
def vulnerability_delete(): vc = ValidateClass(request, "id") ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) v = CobraVuls.query.filter_by(id=vc.vars.id).first() try: db.session.delete(v) db.session.commit() return jsonify(code=1001, message='delete success.') except: return jsonify(code=4002, message='unknown error.')
def language_delete(): vc = ValidateClass(request, "id") ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) v = CobraLanguages.query.filter_by(id=vc.vars.id).first() try: db.session.delete(v) db.session.commit() return jsonify(code=1001, message='delete success.') except: return jsonify(code=4002, message='unknown error.')
def edit_rule(rule_id): if request.method == 'POST': vc = ValidateClass(request, "vul_type", "language", "regex_location", "repair_block", "description", "rule_id", "repair", 'verify', "author", "status", "level") ret, msg = vc.check_args() regex_repair = request.form.get("regex_repair", "") if not ret: return jsonify(code=4004, message=msg) r = CobraRules.query.filter_by(id=rule_id).first() r.vul_id = vc.vars.vul_type r.language = vc.vars.language r.block_repair = vc.vars.repair_block r.regex_location = vc.vars.regex_location r.regex_repair = regex_repair r.description = vc.vars.description r.repair = vc.vars.repair r.verify = vc.vars.verify r.author = vc.vars.author r.status = vc.vars.status r.level = vc.vars.level r.updated_at = datetime.datetime.now() try: db.session.add(r) db.session.commit() return jsonify(code=1001, message='success') except SQLAlchemyError: return jsonify(code=4004, message='save failed. Try again later?') else: r = CobraRules.query.filter_by(id=rule_id).first() verify_data = rule.Rule(r.regex_location, r.regex_repair, r.verify).verify() vul_type = CobraVuls.query.all() languages = CobraLanguages.query.all() projects = CobraProjects.query.with_entities( CobraProjects.id, CobraProjects.name, CobraProjects.repository).all() return render_template('backend/rule/edit.html', data={ 'type': 'edit', 'title': 'Edit rule', 'id': r.id, 'rule': r, 'verify': verify_data, 'all_vuls': vul_type, 'all_lang': languages, 'projects': projects })
def delete_white_list(): vc = ValidateClass(request, "id") ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) whitelist = CobraWhiteList.query.filter_by(id=vc.vars.id).first() try: db.session.delete(whitelist) db.session.commit() return jsonify(code=1001, message='delete success.') except: return jsonify(code=4002, message='unknown error.')
def del_task(): vc = ValidateClass(request, "id") ret, msg = vc.check_args() if not ret: return jsonify(tag="danger", msg=msg) task = CobraTaskInfo.query.filter_by(id=vc.vars.id).first() try: db.session.delete(task) db.session.commit() return jsonify(code=1001, message='delete success.') except SQLAlchemyError as e: print(e) return jsonify(code=4004, message='unknown error.')
def get_scan_information(): if not ValidateClass.check_login(): return redirect(ADMIN_URL + '/index') if request.method == "POST": start_time_stamp = request.form.get("start_time_stamp")[0:10] end_time_stamp = request.form.get("end_time_stamp")[0:10] start_time_array = datetime.datetime.fromtimestamp(int(start_time_stamp)) end_time_array = datetime.datetime.fromtimestamp(int(end_time_stamp)) if start_time_stamp >= end_time_stamp: return jsonify(tag="danger", msg="wrong date select.", code=1002) task_count = CobraTaskInfo.query.filter( and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp) ).count() vulns_count = CobraResults.query.filter( and_(CobraResults.created_at >= start_time_array, CobraResults.created_at <= end_time_array) ).count() projects_count = CobraProjects.query.filter( and_(CobraProjects.last_scan >= start_time_array, CobraProjects.last_scan <= end_time_array) ).count() files_count = db.session.query(func.sum(CobraTaskInfo.file_count).label('files')).filter( and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp) ).first()[0] code_number = db.session.query(func.sum(CobraTaskInfo.code_number).label('codes')).filter( and_(CobraTaskInfo.time_start >= start_time_stamp, CobraTaskInfo.time_start <= end_time_stamp) ).first()[0] return jsonify(code=1001, task_count=task_count, vulns_count=vulns_count, projects_count=projects_count, files_count=int(files_count), code_number=int(code_number))
def delete_vulnerability(): vc = ValidateClass(request, 'vid') ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) from app.models import CobraResults try: vulnerability_ret = CobraResults.query.filter(CobraResults.id == vc.vars.vid).delete() if vulnerability_ret is not None: db.session.commit() return jsonify(code=1001, message='Deleted success!') else: return jsonify(code=4001, message='Not exist this vulnerability') except: return jsonify(code=4002, message="delete failed")
def del_vul(): vc = ValidateClass(request, "vul_id") ret, msg = vc.check_args() if not ret: return jsonify(tag="danger", msg=msg) if vc.vars.vul_id: v = CobraVuls.query.filter_by(id=vc.vars.vul_id).first() try: db.session.delete(v) db.session.commit() return jsonify(tag='success', msg='delete success.') except: return jsonify(tag='danger', msg='delete failed. Try again later?') else: return jsonify(tag='danger', msg='wrong id')
def edit_rule(rule_id): if request.method == 'POST': vc = ValidateClass(request, "vul_type", "language", "regex_location", "repair_block", "description", "rule_id", "repair", 'verify', "author", "status", "level") ret, msg = vc.check_args() regex_repair = request.form.get("regex_repair", "") if not ret: return jsonify(code=4004, message=msg) r = CobraRules.query.filter_by(id=rule_id).first() r.vul_id = vc.vars.vul_type r.language = vc.vars.language r.block_repair = vc.vars.repair_block r.regex_location = vc.vars.regex_location r.regex_repair = regex_repair r.description = vc.vars.description r.repair = vc.vars.repair r.verify = vc.vars.verify r.author = vc.vars.author r.status = vc.vars.status r.level = vc.vars.level r.updated_at = datetime.datetime.now() try: db.session.add(r) db.session.commit() return jsonify(code=1001, message='success') except SQLAlchemyError: return jsonify(code=4004, message='save failed. Try again later?') else: r = CobraRules.query.filter_by(id=rule_id).first() verify_data = rule.Rule(r.regex_location, r.regex_repair, r.verify).verify() vul_type = CobraVuls.query.all() languages = CobraLanguages.query.all() projects = CobraProjects.query.with_entities(CobraProjects.id, CobraProjects.name, CobraProjects.repository).all() return render_template('backend/rule/edit.html', data={ 'type': 'edit', 'title': 'Edit rule', 'id': r.id, 'rule': r, 'verify': verify_data, 'all_vuls': vul_type, 'all_lang': languages, 'projects': projects })
def del_language(): if not ValidateClass.check_login(): return redirect(ADMIN_URL + "/index") vc = ValidateClass(request, "id") ret, msg = vc.check_args() if not ret: return jsonify(tag="danger", msg=msg) l = CobraLanguages.query.filter_by(id=vc.vars.id).first() try: db.session.delete(l) db.session.commit() return jsonify(tag="success", msg="delete success.") except: return jsonify(tag="danger", msg="delete failed.")
def add_new_vul(): if request.method == 'POST': vc = ValidateClass(request, "name", "description", "repair", "third_v_id") ret, msg = vc.check_args() if not ret: return jsonify(tag="danger", msg=msg) current_time = time.strftime('%Y-%m-%d %X', time.localtime()) vul = CobraVuls(vc.vars.name, vc.vars.description, vc.vars.repair, current_time, current_time) try: db.session.add(vul) db.session.commit() return jsonify(tag='success', msg='Add Success.') except: return jsonify(tag='danger', msg='Add failed. Please try again later.') else: return render_template('backend/vul/add_new_vul.html')
def del_project(): if request.method == 'POST': vc = ValidateClass(request, "id") ret, msg = vc.check_args() if not ret: return jsonify(tag="danger", msg=msg) project_id = vc.vars.id project = CobraProjects.query.filter_by(id=project_id).first() try: db.session.delete(project) db.session.commit() return jsonify(code=1001, message='delete success.') except: return jsonify(code=4004, message='unknown error. please try later?') else: return 'Method error!'
def add_new_rule(): if request.method == 'POST': vc = ValidateClass(request, 'vul_type', 'language', 'regex_location', 'repair_block', 'description', 'repair', 'verify', 'author', 'level', 'status') ret, msg = vc.check_args() if not ret: return jsonify(code=4004, message=msg) current_time = datetime.datetime.now() rule = CobraRules( vul_id=vc.vars.vul_type, language=vc.vars.language, regex_location=vc.vars.regex_location, regex_repair=request.form.get("regex_repair", ""), block_repair=vc.vars.repair_block, description=vc.vars.description, repair=vc.vars.repair, verify=vc.vars.verify, author=vc.vars.author, status=vc.vars.status, level=vc.vars.level, created_at=current_time, updated_at=current_time ) try: db.session.add(rule) db.session.commit() return jsonify(code=1001, message='add success.') except Exception as e: return jsonify(code=1004, message='add failed, try again later?' + e.message) else: vul_type = CobraVuls.query.all() languages = CobraLanguages.query.all() data = { 'type': 'add', 'title': 'Create rule', 'all_vuls': vul_type, 'all_lang': languages, 'verify': {}, 'rule': dict() } return render_template('backend/rule/edit.html', data=data)
def add_new_language(): if not ValidateClass.check_login(): return redirect(ADMIN_URL + '/index') if request.method == "POST": vc = ValidateClass(request, "language", "extensions") ret, msg = vc.check_args() if not ret: return jsonify(tag="danger", msg=msg) l = CobraLanguages(vc.vars.language, vc.vars.extensions) try: db.session.add(l) db.session.commit() return jsonify(tag="success", msg="add success") except: return jsonify(tag="danger", msg="try again later?") else: return render_template("backend/language/add_new_language.html")
def framework_create(): if request.method == 'POST': vc = ValidateClass(request, "name", "description") ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) item = CobraWebFrame(vc.vars.name, vc.vars.description) try: db.session.add(item) db.session.commit() return jsonify(code=1001, message='add success.') except: return jsonify(code=4001, message='unknown error. Try again later?') else: data = { 'title': 'Create framework', 'type': 'create', 'framework': dict() } return render_template('backend/framework/edit.html', data=data)
def languages(page): if not ValidateClass.check_login(): return redirect(ADMIN_URL + "/index") per_page = 10 languages = CobraLanguages.query.order_by( CobraLanguages.id.desc()).limit(per_page).offset( (page - 1) * per_page).all() data = { 'languages': languages, } return render_template("backend/language/languages.html", data=data)
def edit_project(project_id): if request.method == "POST": vc = ValidateClass(request, "id", "name", "repository", "url", "author", "pe", "remark", 'status') ret, msg = vc.check_args() if not ret: return jsonify(code=4004, message=msg) current_time = time.strftime('%Y-%m-%d %X', time.localtime()) project = CobraProjects.query.filter_by(id=project_id).first() if not project: return jsonify(code=4004, message='wrong project id.') # update project data project.name = vc.vars.name project.author = vc.vars.author project.pe = vc.vars.pe project.remark = vc.vars.remark project.status = vc.vars.status project.url = vc.vars.url project.repository = vc.vars.repository project.updated_at = current_time try: db.session.add(project) db.session.commit() return jsonify(code=1001, message='save success.') except: return jsonify(code=4004, message='Unknown error.') else: project = CobraProjects.query.filter_by(id=project_id).first() return render_template('backend/project/edit.html', data={ 'title': 'Edit project', 'type': 'edit', 'project': project, 'id': project_id })
def language_create(): if request.method == 'POST': vc = ValidateClass(request, "language", "extensions") ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) exist = CobraLanguages.query.filter(CobraLanguages.language == vc.vars.language).first() if exist is not None: return jsonify(code=4001, message='The language exist') l = CobraLanguages(vc.vars.language, vc.vars.extensions) try: db.session.add(l) db.session.commit() return jsonify(code=1001, message='add success.') except: return jsonify(code=4001, message='unknown error. Try again later?') else: data = { 'title': 'Create language', 'type': 'create', 'language': dict() } return render_template('backend/language/edit.html', data=data)
def add_project(): if not ValidateClass.check_login(): return redirect(ADMIN_URL + '/index') if request.method == "POST": vc = ValidateClass(request, "name", "repository", "url", "author", "pe", "remark", 'status') ret, msg = vc.check_args() if not ret: return jsonify(tag="danger", msg=msg) current_time = time.strftime('%Y-%m-%d %X', time.localtime()) project = CobraProjects(vc.vars.repository, vc.vars.url, vc.vars.name, vc.vars.author, '', vc.vars.pe, vc.vars.remark, vc.vars.status, current_time) try: db.session.add(project) db.session.commit() return jsonify(tag='success', msg='save success.') except: return jsonify(tag='danger', msg='Unknown error.') else: data = {'title': 'Create project', 'type': 'add', 'project': dict()} return render_template('backend/project/edit.html', data=data)
def edit_white_list(wid): if request.method == 'POST': vc = ValidateClass(request, "project", "rule", "path", "reason", "status") ret, msg = vc.check_args() if not ret: return jsonify(code=4001, message=msg) white_list = CobraWhiteList.query.filter_by(id=wid).first() if not white_list: return jsonify(code=4001, message='wrong white-list') white_list.project_id = vc.vars.project white_list.rule_id = vc.vars.rule white_list.path = vc.vars.path white_list.reason = vc.vars.reason white_list.status = vc.vars.status white_list.updated_at = datetime.datetime.now() try: db.session.add(white_list) db.session.commit() return jsonify(code=1001, message='update success.') except: return jsonify(code=4001, message='unknown error.') else: rules = CobraRules.query.all() projects = CobraProjects.query.all() white_list = CobraWhiteList.query.filter_by(id=wid).first() data = { 'title': 'Edit white-list', 'type': 'edit', 'rules': rules, 'projects': projects, 'whitelist': white_list, 'id': wid } return render_template('backend/white-list/edit.html', data=data)
def add_project(): if not ValidateClass.check_login(): return redirect(ADMIN_URL + '/index') if request.method == "POST": vc = ValidateClass(request, "name", "repository", "url", "author", "pe", "remark", 'status') ret, msg = vc.check_args() if not ret: return jsonify(tag="danger", msg=msg) current_time = time.strftime('%Y-%m-%d %X', time.localtime()) project = CobraProjects(vc.vars.repository, vc.vars.url, vc.vars.name, vc.vars.author, '', vc.vars.pe, vc.vars.remark, vc.vars.status, current_time) try: db.session.add(project) db.session.commit() return jsonify(tag='success', msg='save success.') except: return jsonify(tag='danger', msg='Unknown error.') else: data = { 'title': 'Create project', 'type': 'add', 'project': dict() } return render_template('backend/project/edit.html', data=data)
def graph_languages(): if not ValidateClass.check_login(): return redirect(ADMIN_URL + '/index') show_all = request.form.get("show_all") return_value = dict() if show_all: hit_rules = db.session.query( func.count(CobraResults.rule_id).label("cnt"), CobraLanguages.language ).outerjoin( CobraRules, CobraResults.rule_id == CobraRules.id ).outerjoin( CobraLanguages, CobraRules.language == CobraLanguages.id ).group_by(CobraResults.rule_id).all() else: start_time_stamp = request.form.get("start_time_stamp") end_time_stamp = request.form.get("end_time_stamp") start_time = datetime.datetime.fromtimestamp(int(start_time_stamp[:10])) end_time = datetime.datetime.fromtimestamp(int(end_time_stamp[:10])) hit_rules = db.session.query( func.count(CobraResults.rule_id).label("cnt"), CobraLanguages.language ).outerjoin( CobraRules, CobraResults.rule_id == CobraRules.id ).outerjoin( CobraLanguages, CobraRules.language == CobraLanguages.id ).filter( and_(CobraResults.created_at >= start_time, CobraResults.created_at <= end_time) ).group_by(CobraResults.rule_id).all() for res in hit_rules: if return_value.get(res[1]): return_value[res[1]] += res[0] else: return_value[res[1]] = res[0] # 修改结果中的None为Unknown try: return_value.update(Unknown=return_value.pop(None)) except KeyError: pass return jsonify(data=return_value)
def graph_vulns(): if not ValidateClass.check_login(): return redirect(ADMIN_URL + '/index') if request.method == "POST": show_all = request.form.get("show_all") cobra_rules = db.session.query(CobraRules.id, CobraRules.vul_id, ).all() cobra_vuls = db.session.query(CobraVuls.id, CobraVuls.name).all() all_rules = {} for x in cobra_rules: all_rules[x.id] = x.vul_id # rule_id -> vul_id all_cobra_vuls = {} for x in cobra_vuls: all_cobra_vuls[x.id] = x.name # vul_id -> vul_name if show_all: # show all vulns all_vuls = db.session.query( CobraResults.rule_id, func.count("*").label('counts') ).group_by(CobraResults.rule_id).all() total_vuls = [] for x in all_vuls: # all_vuls: results group by rule_id and count(*) t = {} # get vulnerability name if x.rule_id not in all_rules: continue te = all_cobra_vuls[all_rules[x.rule_id]] # check if there is already a same vulnerability name in different language flag = False for tv in total_vuls: if te == tv['vuls']: tv['counts'] += x.counts flag = True break if not flag: t['vuls'] = all_cobra_vuls[all_rules[x.rule_id]] t['counts'] = x.counts if t: total_vuls.append(t) return jsonify(data=total_vuls) else: # show part of vulns start_time_stamp = request.form.get("start_time_stamp")[:10] end_time_stamp = request.form.get("end_time_stamp")[:10] if start_time_stamp >= end_time_stamp: return jsonify(code=1002, tag="danger", msg="wrong datetime.") start_time = datetime.datetime.fromtimestamp(int(start_time_stamp)) end_time = datetime.datetime.fromtimestamp(int(end_time_stamp)) # TODO: improve this all_vuls = db.session.query( CobraResults.rule_id, func.count("*").label('counts') ).filter( and_(CobraResults.created_at >= start_time, CobraResults.created_at <= end_time) ).group_by(CobraResults.rule_id).all() total_vuls = [] for x in all_vuls: # all_vuls: results group by rule_id and count(*) t = {} # get vulnerability name te = all_cobra_vuls[all_rules[x.rule_id]] # check if there is already a same vulnerability name in different language flag = False for tv in total_vuls: if te == tv['vuls']: tv['counts'] += x.counts flag = True break if not flag: t['vuls'] = all_cobra_vuls[all_rules[x.rule_id]] t['counts'] = x.counts if t: total_vuls.append(t) return jsonify(data=total_vuls)
def dashboard(): if not ValidateClass.check_login(): return redirect(ADMIN_URL + '/index') cobra_rules = db.session.query(CobraRules.id, CobraRules.vul_id, ).all() cobra_vuls = db.session.query(CobraVuls.id, CobraVuls.name).all() # get today date time and timestamp today_time_array = datetime.date.today() today_time_stamp = int(time.mktime(today_time_array.timetuple())) tomorrow_time_stamp = today_time_stamp + 3600 * 24 tomorrow_time_array = datetime.datetime.fromtimestamp(int(tomorrow_time_stamp)) # total overview total_task_count = CobraTaskInfo.query.count() total_vulns_count = CobraResults.query.count() total_projects_count = CobraProjects.query.count() total_files_count = db.session.query(func.sum(CobraTaskInfo.file_count).label('files')).first()[0] total_code_number = db.session.query(func.sum(CobraTaskInfo.code_number).label('codes')).first()[0] # today overview today_task_count = CobraTaskInfo.query.filter( and_(CobraTaskInfo.time_start >= today_time_stamp, CobraTaskInfo.time_start <= tomorrow_time_stamp) ).count() today_vulns_count = CobraResults.query.filter( and_(CobraResults.created_at >= today_time_array, CobraResults.created_at <= tomorrow_time_array) ).count() today_projects_count = CobraProjects.query.filter( and_(CobraProjects.last_scan >= today_time_array, CobraProjects.last_scan <= tomorrow_time_array) ).count() today_files_count = db.session.query(func.sum(CobraTaskInfo.file_count).label('files')).filter( and_(CobraTaskInfo.time_start >= today_time_stamp, CobraTaskInfo.time_start <= tomorrow_time_stamp) ).first()[0] today_code_number = db.session.query(func.sum(CobraTaskInfo.code_number).label('codes')).filter( and_(CobraTaskInfo.time_start >= today_time_stamp, CobraTaskInfo.time_start <= tomorrow_time_stamp) ).first()[0] # scanning time avg_scan_time = db.session.query(func.avg(CobraTaskInfo.time_consume)).first()[0] max_scan_time = db.session.query(func.max(CobraTaskInfo.time_consume)).first()[0] min_scan_time = db.session.query(func.min(CobraTaskInfo.time_consume)).first()[0] # total each vuls count all_vuls = db.session.query( CobraResults.rule_id, func.count("*").label('counts') ).group_by(CobraResults.rule_id).all() # today each vuls count all_vuls_today = db.session.query( CobraResults.rule_id, func.count("*").label('counts') ).group_by(CobraResults.rule_id).filter( and_(CobraResults.created_at >= today_time_array, CobraResults.created_at <= tomorrow_time_array) ).all() all_rules = {} for x in cobra_rules: all_rules[x.id] = x.vul_id # rule_id -> vul_id all_cobra_vuls = {} for x in cobra_vuls: all_cobra_vuls[x.id] = x.name # vul_id -> vul_name total_vuls = [] for x in all_vuls: # all_vuls: results group by rule_id and count(*) t = {} # get vulnerability name if x.rule_id not in all_rules: continue te = all_cobra_vuls[all_rules[x.rule_id]] # check if there is already a same vulnerability name in different language flag = False for tv in total_vuls: if te == tv.get('vuls'): tv['counts'] += x.counts flag = True break if not flag: t['vuls'] = all_cobra_vuls[all_rules[x.rule_id]] t['counts'] = x.counts if t: total_vuls.append(t) today_vuls = [] for x in all_vuls_today: t = {} # get vulnerability name te = all_cobra_vuls[all_rules[x.rule_id]] # check if there is already a same vulnerability name in different language flag = False for tv in today_vuls: if te == tv.get('vuls'): tv['counts'] += x.counts flag = True break if not flag: t['vuls'] = all_cobra_vuls[all_rules[x.rule_id]] t['counts'] = x.counts if t: today_vuls.append(t) data = { 'total_task_count': total_task_count, 'total_vulns_count': total_vulns_count, 'total_projects_count': total_projects_count, 'total_files_count': total_files_count, 'today_task_count': today_task_count, 'today_vulns_count': today_vulns_count, 'today_projects_count': today_projects_count, 'today_files_count': today_files_count, 'max_scan_time': max_scan_time, 'min_scan_time': min_scan_time, 'avg_scan_time': avg_scan_time, 'total_vuls': total_vuls, 'today_vuls': today_vuls, 'total_code_number': total_code_number, 'today_code_number': today_code_number, } return render_template("backend/index/dashboard.html", data=data)
def graph_lines(): # everyday vulns count # everyday scan count if not ValidateClass.check_login(): return redirect(ADMIN_URL + '/index') show_all = request.form.get("show_all") if show_all: days = 15 - 1 vuls = list() scans = list() labels = list() # get vulns count end_date = datetime.datetime.today() start_date = datetime.date.today() - datetime.timedelta(days=days) start_date = datetime.datetime.combine(start_date, datetime.datetime.min.time()) d = start_date while d < end_date: all_vuls = db.session.query( func.count("*").label('counts') ).filter( and_(CobraResults.created_at >= d, CobraResults.created_at <= d + datetime.timedelta(1)) ).all() vuls.append(all_vuls[0][0]) labels.append(d.strftime("%Y%m%d")) d += datetime.timedelta(1) # get scan count d = start_date while d < end_date: t = int(time.mktime(d.timetuple())) all_scans = db.session.query( func.count("*").label("counts") ).filter( and_(CobraTaskInfo.time_start >= t, CobraTaskInfo.time_start <= t + 3600 * 24) ).all() scans.append(all_scans[0][0]) d += datetime.timedelta(1) return jsonify(labels=labels, vuls=vuls, scans=scans) else: start_time_stamp = request.form.get("start_time_stamp")[:10] end_time_stamp = request.form.get("end_time_stamp")[:10] labels = list() vuls = list() scans = list() start_date = datetime.datetime.fromtimestamp(int(start_time_stamp[:10])) end_date = datetime.datetime.fromtimestamp(int(end_time_stamp[:10])) # get vulns count d = start_date while d < end_date: t = end_date if d + datetime.timedelta(1) > end_date else d + datetime.timedelta(1) all_vuls = db.session.query( func.count("*").label('counts') ).filter( and_(CobraResults.created_at >= d, CobraResults.created_at <= t) ).all() labels.append(d.strftime("%Y%m%d")) vuls.append(all_vuls[0][0]) d += datetime.timedelta(1) # get scans count d = start_date while d < end_date: t_end_date = end_date if d + datetime.timedelta(1) > end_date else d + datetime.timedelta(1) t_start_date = time.mktime(d.timetuple()) t_end_date = time.mktime(t_end_date.timetuple()) all_scans = db.session.query( func.count("*").label("counts") ).filter( and_(CobraTaskInfo.time_start >= t_start_date, CobraTaskInfo.time_start <= t_end_date) ).all() scans.append(all_scans[0][0]) d += datetime.timedelta(1) return jsonify(labels=labels, vuls=vuls, scans=scans)