Merge pull request #149 from LoRexxar/develop

Develop
LoRexxar · Jul 7, 2021 · a32aa13 · a32aa13
2 parents b925f52 + 85e4da5
commit a32aa13
Show file tree

Hide file tree

Showing 32 changed files with 176 additions and 408 deletions.
diff --git a/.gitignore b/.gitignore
@@ -126,3 +126,5 @@ manage.py
 web/backend/migrations/0002_delete_tasks.py
 web/dashboard/migrations/*_auto_*.py
 
+# dockerfile
+Dockerfile
diff --git a/Kunlun_M/settings.py.bak b/Kunlun_M/settings.py.bak
@@ -144,7 +144,7 @@ IS_OPEN_REGISTER = True
 # 全局变量配置
 
 PROJECT_DIRECTORY = os.path.abspath(os.path.join(os.path.dirname(__file__), os.pardir))
-TMP_PATH = './tmp'
+TMP_PATH = os.path.join(PROJECT_DIRECTORY, 'tmp')
 if os.path.isdir(TMP_PATH) is not True:
     os.mkdir(TMP_PATH)
 RUNNING_PATH = os.path.join(PROJECT_DIRECTORY, TMP_PATH, 'running')
@@ -166,9 +166,10 @@ EXPORT_PATH = os.path.join(PROJECT_DIRECTORY, TMP_PATH, 'export')
 if not os.path.exists(EXPORT_PATH):
     os.mkdir(EXPORT_PATH)
 
-if os.path.isdir('./result') is not True:
-    os.mkdir('./result')
-DEFAULT_RESULT_PATH = os.path.join(PROJECT_DIRECTORY, 'result/')
+RESULT_PATH = os.path.join(PROJECT_DIRECTORY, 'result')
+if os.path.isdir(RESULT_PATH) is not True:
+    os.mkdir(RESULT_PATH)
+DEFAULT_RESULT_PATH = RESULT_PATH
 
 KUNLUN_MAIN = os.path.join(PROJECT_DIRECTORY, 'kunlun.py')
 CORE_PATH = os.path.join(PROJECT_DIRECTORY, 'core')
@@ -195,3 +196,9 @@ elif "Darwin" in platform_pack.system():
 
 # api profile
 API_TOKEN = "secret_api_token"
+
+
+# server profile
+IS_OPEN_REMOTE_SERVER = False
+REMOTE_URL = "http://127.0.0.1:9999"
+REMOTE_URL_APITOKEN = "secret_api_token_in_server"
diff --git a/core/__init__.py b/core/__init__.py
@@ -12,6 +12,7 @@
     :license:   MIT, see LICENSE for more details.
     :copyright: Copyright (c) 2017 Feei. All rights reserved
 """
+import os
 import sys
 import time
 import argparse
@@ -21,6 +22,7 @@
 from django.core.management import call_command
 from utils.log import log, logger, log_add, log_rm
 from utils.utils import get_mainstr_from_filename, get_scan_id
+from utils.web import upload_log
 from utils.file import load_kunlunmignore
 
 from . import cli
@@ -35,6 +37,8 @@
 from core.console import KunlunInterpreter
 from web.index.models import ScanTask
 
+from Kunlun_M.settings import LOGS_PATH, IS_OPEN_REMOTE_SERVER, REMOTE_URL, REMOTE_URL_APITOKEN
+
 from . import plugins
 
 try:
@@ -233,10 +237,12 @@ def main():
 
         if hasattr(args, "log") and args.log:
             logger.info("[INIT] New Log file {}.log .".format(args.log))
-            log_add(logging.INFO, args.log)
+            log_name = args.log
         else:
             logger.info("[INIT] New Log file ScanTask_{}.log .".format(sid))
-            log_add(logging.INFO, "ScanTask_{}".format(sid))
+            log_name = "ScanTask_{}".format(sid)
+
+        log_add(logging.DEBUG, log_name)
 
         data = {
             'status': 'running',
@@ -249,6 +255,13 @@ def main():
         s.is_finished = True
         s.save()
         t2 = time.time()
+
+        # 如果开启了上传日志到远程，则上传
+        if IS_OPEN_REMOTE_SERVER:
+            log_path = os.path.join(LOGS_PATH, "{}.log".format(log_name))
+
+            upload_log(log_path)
+
         logger.info('[INIT] Done! Consume Time:{ct}s'.format(ct=t2 - t1))
 
     except KeyboardInterrupt:

diff --git a/core/engine.py b/core/engine.py
@@ -248,8 +248,10 @@ async def start_scan(target_directory, rule, files, language, tamper_name):
         for chain in x.chain:
             if type(chain) == tuple:
                 ResultFlow = get_resultflow_class(int(a_sid))
+                node_source = show_context(chain[2], chain[3], is_back=True)
+
                 rf = ResultFlow(vul_id=idx + 1, node_type=chain[0], node_content=chain[1],
-                                node_path=chain[2], node_lineno=chain[3])
+                                node_path=chain[2], node_source=node_source, node_lineno=chain[3])
                 rf.save()
 
         data.append(row)

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -6,12 +6,12 @@ RUN sed -i "s/archive.ubuntu.com/mirrors.tuna.tsinghua.edu.cn/g" /etc/apt/source
 
 # Set the locale
 ENV DEBIAN_FRONTEND=noninteractive
-ENV LANG en_US.UTF-8
-ENV LANGUAGE en_US:en
-ENV LC_ALL en_US.UTF-8
 
 RUN apt-get update \
-    && apt-get install -y vim inetutils-ping curl ssh zip python3 python3-pip gunicorn
+    && apt-get install -y vim inetutils-ping curl ssh zip python3 python3-pip gunicorn language-pack-zh-hans
+
+ENV LANG zh_CN.UTF-8
+ENV LC_ALL zh_CN.UTF-8
 
 # python换源
 RUN mkdir /root/.pip

diff --git a/requirements.txt b/requirements.txt
@@ -9,4 +9,5 @@ Werkzeug==0.16.0
 esprima==4.0.1
 jsbeautifier==1.10.2
 bs4
-django
+django
+mysqlclient==2.0.3
diff --git a/rules/javascript/CVI_3001.py b/rules/javascript/CVI_3001.py
@@ -26,7 +26,7 @@ def __init__(self):
         self.description = "jQuery.extend 在3.4.0以下，"
 
         # status
-        self.status = True
+        self.status = False
 
         # 部分配置
         self.match_mode = "only-regex"

diff --git a/templates/dashboard/userinfo.html b/templates/dashboard/userinfo.html
@@ -20,6 +20,11 @@ <h3 class="box-title">User Profile</h3>
           <input type="text" class="form-control" value="{{ request.user.email }}" disabled>
         </div>
 
+        <div class="form-group">
+          <label>api-token</label>
+          <input type="text" class="form-control" value="{{ apitoken }}" disabled>
+        </div>
+
         <!-- textarea -->
         <div class="form-group">
           <label>Profile</label>

diff --git a/utils/web.py b/utils/web.py
@@ -0,0 +1,44 @@
+#!/usr/bin/env python
+# encoding: utf-8
+'''
+@author: LoRexxar
+@contact: lorexxar@gmail.com
+@file: web.py
+@time: 2021/7/1 18:03
+@desc:
+
+'''
+
+import os
+import requests
+
+from Kunlun_M.settings import REMOTE_URL, REMOTE_URL_APITOKEN
+
+from utils.log import logger
+
+
+def upload_log(logpath):
+    """
+    上传日志到远程
+    :param logpath:
+    :return:
+    """
+
+    remote_upload_url = "{}/backend/uploadlog?apitoken={}".format(REMOTE_URL,REMOTE_URL_APITOKEN)
+
+    if not os.path.exists(logpath):
+        logger.warning("[UPLOAD LOG] log {} not exist.".format(logpath))
+        return False
+
+    files = {
+        "file": open(logpath, "rb")
+    }
+
+    r = requests.post(remote_upload_url, files=files)
+
+    if r.status_code != 200:
+        logger.warning("[UPLOAD LOG] upload log to {} error. response is {}".format(REMOTE_URL, r.text))
+        return False
+
+    logger.info("[UPLOAD LOG] upload log {} success".format(logpath))
+    return True
diff --git a/web/api/urls.py b/web/api/urls.py
@@ -27,5 +27,5 @@
     # rule list
     path("rule/list", views.RuleListApiView.as_view(), name="rule_list"),
     # rule details
-    path("rule/<int:rule_id>", views.RuleDetailApiView.as_view(), name="rule_detail"),
+    path("rule/<int:rule_cviid>", views.RuleDetailApiView.as_view(), name="rule_detail"),
 ]
diff --git a/web/api/views.py b/web/api/views.py
@@ -132,7 +132,7 @@ class RuleDetailApiView(View):
 
     @staticmethod
     @api_token_required
-    def get(request, rule_id):
-        rules = Rules.objects.filter(id=rule_id).values()
+    def get(request, rule_cviid):
+        rules = Rules.objects.filter(svid=rule_cviid).values()
 
         return JsonResponse({"code": 200, "status": True, "message":  list(rules)})
diff --git a/web/backend/migrations/0001_initial.py b/web/backend/migrations/0001_initial.py
diff --git a/web/backend/urls.py b/web/backend/urls.py
@@ -9,6 +9,8 @@
 
 from web.backend import views
 
+from django.views.decorators.csrf import csrf_exempt
+
 app_name = "backend"
 urlpatterns = [
     path('', views.index, name='index'),
@@ -19,4 +21,7 @@
     path("debuglog/<int:task_id>", views.debuglog, name="debuglog"),
     # download debug log
     path("downloadlog/<int:task_id>", views.downloadlog, name="downloadlog"),
+
+    # upload log
+    path("uploadlog", csrf_exempt(views.uploadlog), name="uploadlog")
 ]
diff --git a/web/backend/views.py b/web/backend/views.py
@@ -11,8 +11,9 @@
 import json
 from django.contrib.auth.decorators import login_required
 from django.shortcuts import render, redirect, HttpResponse
+from django.views.decorators.csrf import csrf_exempt
 
-from web.index.controller import login_or_token_required
+from web.index.controller import login_or_token_required, api_token_required
 from web.index.models import ScanTask, ScanResultTask, Rules, Tampers, NewEvilFunc, get_resultflow_class
 from utils.utils import show_context
 
@@ -60,7 +61,7 @@ def tasklog(req, task_id):
             'content': rf.node_content,
             'path': rf.node_path,
             'lineno': rf.node_lineno,
-            'details': show_context(rf.node_path, rf.node_lineno, is_back=True)
+            'details': rf.node_source
         }
 
         resultflowdict[rf.vul_id]['flow'].append(rfdict)
@@ -137,3 +138,21 @@ def downloadlog(req, task_id):
     response['X-Sendfile'] = path_to_file
     return response
 
+
+@api_token_required
+def uploadlog(req):
+    if "file" not in req.FILES:
+        return HttpResponse("Ooooops, bad request...")
+
+    logfile = req.FILES.get("file", None)
+
+    logfile_name = logfile.name
+
+    if os.path.exists(os.path.join(LOGS_PATH, logfile_name)):
+        return HttpResponse("Ooooops, log file {} exist...".format(logfile_name))
+
+    with open(os.path.join(LOGS_PATH, logfile_name), 'wb') as f:
+        for chunk in logfile.chunks():
+            f.write(chunk)
+
+    return HttpResponse("Success")
diff --git a/web/dashboard/migrations/0001_initial.py b/web/dashboard/migrations/0001_initial.py