完成后台规则管理,规则对应的漏洞类型管理的主要功能.

FeeiCN · May 27, 2016 · 489eb69 · 489eb69
1 parent 1dd9175
commit 489eb69
Show file tree

Hide file tree

Showing 5 changed files with 321 additions and 24 deletions.
diff --git a/app/controller/RulesAdmin.py b/app/controller/RulesAdmin.py
@@ -3,7 +3,7 @@
 
 from flask import render_template, request, jsonify
 
-from app import web, CobraRules, CobraVuls, db
+from app import web, CobraRules, CobraVuls, db, CobraSupportLanguage
 
 # default admin url
 ADMIN_URL = '/admin'
@@ -26,6 +26,26 @@ def main():
 def rules():
     # cobra_rules = CobraRules.query.paginate(1, per_page=5, error_out=False)
     cobra_rules = CobraRules.query.all()
+    cobra_vuls = CobraVuls.query.all()
+    cobra_lang = CobraSupportLanguage.query.all()
+    all_vuls = {}
+    all_language = {}
+    for vul in cobra_vuls:
+        all_vuls[vul.id] = vul.name
+    for lang in cobra_lang:
+        all_language[lang.id] = lang.language
+
+    # replace id with real name
+    for rule in cobra_rules:
+        try:
+            rule.vul_id = all_vuls[rule.vul_id]
+        except KeyError:
+            rule.vul_id = 'Unknown Type'
+        try:
+            rule.language = all_language[rule.language]
+        except KeyError:
+            rule.language = 'Unknown Language'
+
     data = {
         # 'paginate': cobra_rules,
         'rules': cobra_rules,
@@ -37,13 +57,97 @@ def rules():
 # add new rules button
 @web.route(ADMIN_URL + '/add_new_rule', methods=['GET', 'POST'])
 def add_new_rule():
+    if request.method == 'POST':
+        vul_type = request.form['vul_type']
+        lang = request.form['language']
+        regex = request.form['regex']
+        description = request.form['description']
+
+        if not vul_type or vul_type == "":
+            return jsonify(tag='danger', msg='vul type error.')
+        if not lang or lang == "":
+            return jsonify(tag='danger', msg='language error.')
+        if not regex or regex == "":
+            return jsonify(tag='danger', msg='regex can not be blank')
+        if not description or description == "":
+            return jsonify(tag='danger', msg='description can not be blank')
+
+        current_time = time.strftime('%Y-%m-%d %X', time.localtime())
+        rule = CobraRules(vul_type, lang, regex, description, current_time, current_time)
+        try:
+            db.session.add(rule)
+            db.session.commit()
+            return jsonify(tag='success', msg='add success.')
+        except:
+            return jsonify(tag='danger', msg='add failed, try again later?')
+    else:
+        vul_type = CobraVuls.query.all()
+        languages = CobraSupportLanguage.query.all()
+        data = {
+            'vul_type': vul_type,
+            'languages': languages
+        }
+        return render_template('rulesadmin/add_new_rule.html', data=data)
+
+
+# del special rule
+@web.route(ADMIN_URL + '/del_rule', methods=['POST'])
+def del_rule():
+    vul_id = request.form['rule_id']
+    if vul_id:
+        r = CobraRules.query.filter_by(id=vul_id).first()
+        try:
+            db.session.delete(r)
+            db.session.commit()
+            return jsonify(tag='success', msg='delete success.')
+        except:
+            return jsonify(tag='danger', msg='delete failed. Try again later?')
+    else:
+        return jsonify(tag='danger', msg='wrong id')
 
+
+# edit special rule
+@web.route(ADMIN_URL + '/edit_rule/<int:rule_id>', methods=['GET', 'POST'])
+def edit_rule(rule_id):
     if request.method == 'POST':
-        return '123'
+        vul_type = request.form['vul_type']
+        lang = request.form['language']
+        regex = request.form['regex']
+        description = request.form['description']
+        rule_id = request.form['rule_id']
+
+        if not vul_type or vul_type == "":
+            return jsonify(tag='danger', msg='vul type error.')
+        if not lang or lang == "":
+            return jsonify(tag='danger', msg='language error.')
+        if not regex or regex == "":
+            return jsonify(tag='danger', msg='regex can not be blank')
+        if not description or description == "":
+            return jsonify(tag='danger', msg='description can not be blank')
+
+        r = CobraRules.query.filter_by(id=rule_id).first()
+        r.vul_id = vul_type
+        r.language = lang
+        r.regex = regex
+        r.description = description
+        try:
+            db.session.add(r)
+            db.session.commit()
+            return jsonify(tag='success', msg='save success.')
+        except:
+            return jsonify(tag='danger', msg='save failed. Try again later?')
     else:
+        r = CobraRules.query.filter_by(id=rule_id).first()
         vul_type = CobraVuls.query.all()
-        print vul_type
-        return render_template('rulesadmin/add_new_rule.html')
+        languages = CobraSupportLanguage.query.all()
+        return render_template('rulesadmin/edit_rule.html', data={
+            'vul_type': r.vul_id,
+            'language': r.language,
+            'regex': r.regex,
+            'description': r.description,
+            'all_vuls': vul_type,
+            'all_lang': languages,
+        })
 
 
 # add new vuls button

diff --git a/app/templates/rulesadmin/add_new_rule.html b/app/templates/rulesadmin/add_new_rule.html
@@ -1,29 +1,32 @@
 <form role="form">
     <div class="form-group">
         <label for="vul_id">Vul type</label>
-        <select name="scan_type" class="form-control">
-            <option value="1">
-                SQL Injection
-            </option>
-            <option value="2">
-                XSS
-            </option>
-            <option value="3">
-                Code execute
-            </option>
+        <select id="vul_type" class="form-control">
+            {% for vul in data.vul_type %}
+                <option value="{{ vul.id }}">
+                {{ vul.name }}
+                </option>
+            {% endfor %}
         </select>
     </div>
     <div class="form-group">
-        <label for="language">Password</label>
-        <input type="password" class="form-control" id="exampleInputPassword1" />
+        <label for="language">Language</label>
+        <select id="language" class="form-control">
+            {% for lang in data.languages %}
+                <option value="{{ lang.id }}">
+                {{ lang.language }}
+                </option>
+            {% endfor %}
+        </select>
     </div>
     <div class="form-group">
-        <label for="regex">Password</label>
-        <input type="password" class="form-control" id="exampleInputPassword1" />
+        <label for="regex">Regex in perl mode</label>
+        <input type="text" class="form-control" id="regex" />
     </div>
     <div class="form-group">
-        <label for="description">Password</label>
-        <input type="password" class="form-control" id="exampleInputPassword1" />
+        <label for="description">Description</label>
+        <input type="text" class="form-control" id="description" />
     </div>
-    <button type="submit" class="btn btn-default">Submit</button>
+    <div id="add-new-rule-result" hidden></div>
+    <button type="button" class="btn btn-success" id="add-new-rule-button">Add</button>
 </form>
diff --git a/app/templates/rulesadmin/edit_rule.html b/app/templates/rulesadmin/edit_rule.html
@@ -0,0 +1,32 @@
+<form role="form">
+    <div class="form-group">
+        <label for="vul_id">Vul type</label>
+        <select id="vul_type" class="form-control">
+            {% for vul in data.all_vuls %}
+                <option value="{{ vul.id }}" {% if vul.id == data.vul_type %}selected="selected"{% endif %}>
+                {{ vul.name }}
+                </option>
+            {% endfor %}
+        </select>
+    </div>
+    <div class="form-group">
+        <label for="language">Language</label>
+        <select id="language" class="form-control">
+            {% for lang in data.all_lang %}
+                <option value="{{ lang.id }}" {% if lang.id == data.language %}selected="selected"{% endif %}>
+                {{ lang.language }}
+                </option>
+            {% endfor %}
+        </select>
+    </div>
+    <div class="form-group">
+        <label for="regex">Regex in perl mode</label>
+        <input type="text" class="form-control" id="regex" value="{{ data.regex }}"/>
+    </div>
+    <div class="form-group">
+        <label for="description">Description</label>
+        <input type="text" class="form-control" id="description" value="{{ data.description }}" />
+    </div>
+    <div id="edit-rule-result" hidden></div>
+    <button type="button" class="btn btn-success" id="edit-rule-button">Save</button>
+</form>