def sql_analysis(cls): query_data = BaseFunction.join_query(keyword="URI", rule_name="sql_analysis") result = Query().query(None, data=query_data) BaseFunction.result_dispose( result, index=None, query=query_data, none_message="========SQL注入分析未检测到威胁========")
def web_command_attack_analysis(cls): query_data = BaseFunction.join_query(keyword="URI", rule_name="common_web_analysis") result = Query().query(None, data=query_data) BaseFunction.result_dispose( result, index=None, query=query_data, none_message="========Web 通用攻击分析未检测到威胁========")
def http_method_analysis(cls): query_data = BaseFunction.join_query(keyword="method", rule_name="http_method_analysis") result = Query().query(index=None, data=query_data) BaseFunction.result_dispose( result, index=None, query=query_data, none_message="========http method 分析未检测到威胁(无不安全的http请求方法)========")
def backup_file_analysis(self, index): """ 备份文件检测 :param index: elasticsearch 中的id :return: """ # 读取config.ini配置文件中的rule config = ConfigParser.ConfigParser() config.read('config/config.ini') rule = config.get('backup_file_analysis', 'rule') elastic = Query(ip="127.0.0.1", port=9200) result = elastic.query(index=index, data=rule) BaseFunction.result_dispose( result, index=index, query=rule, none_message="========备份文件分析未检测到威胁========")
def make_dict(lines): sum_counter = BaseFunction.iter_sum([Counter(line) for line in lines]) words = sorted(sum_counter.keys()) return dict(zip(words, range(len(words))))