From 5b3a169fa427e4594d4deda0f87b0dbb2c3f616e Mon Sep 17 00:00:00 2001 From: weidong Date: Mon, 18 Apr 2022 10:21:09 +0800 Subject: [PATCH 1/4] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=98=AF=E5=90=A6?= =?UTF-8?q?=E5=8F=AF=E7=BC=96=E8=BE=91=E5=AD=97=E6=AE=B5=E5=88=97=E8=A1=A8?= =?UTF-8?q?=E5=BA=8F=E5=88=97=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sysom_api/apps/vul/serializer.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sysom_api/apps/vul/serializer.py b/sysom_api/apps/vul/serializer.py index a287b3d6..85e72e78 100644 --- a/sysom_api/apps/vul/serializer.py +++ b/sysom_api/apps/vul/serializer.py @@ -16,7 +16,7 @@ class VulAddrListSerializer(serializers.ModelSerializer): class Meta: model = VulAddrModel fields = ["id", "name", "description", "method", "method_display", "url", "headers", "params", "body", - "authorization_type", "parser", "status" + "authorization_type", "parser", "status", "is_edited" ] def get_method_display(self, attr: VulAddrModel) -> int: -- Gitee From e3376e67363080b667385695f408984d4706f8c4 Mon Sep 17 00:00:00 2001 From: weidong Date: Mon, 18 Apr 2022 14:12:46 +0800 Subject: [PATCH 2/4] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=B5=8B=E8=AF=95?= =?UTF-8?q?=E8=BF=9E=E6=8E=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sysom_api/apps/vul/models.py | 22 +++++++++++----------- sysom_api/apps/vul/views.py | 35 ++++++++++++++++++++++++++++++++--- 2 files changed, 43 insertions(+), 14 deletions(-) diff --git a/sysom_api/apps/vul/models.py b/sysom_api/apps/vul/models.py index 6b2df7f9..d62ae1c0 100644 --- a/sysom_api/apps/vul/models.py +++ b/sysom_api/apps/vul/models.py @@ -41,17 +41,17 @@ class VulAddrModel(models.Model): def __str__(self): return f'vul addres: {self.url}' - def get_req_arg(self): - headers = self.headers - if "User-Agent" not in headers: - headers[ - "User-Agent"] = "Mozilla/5.0 (X11; Linux x86_64) Chrome/99.0.4844.51" - - if self.authorization_type.lower() == "basic" and self.authorization_body: - auth = self.authorization_body - else: - auth = {} - return self.url, self.get_method_display(), headers, self.params, self.body, auth + # def get_req_arg(self): + # headers = self.headers + # if "User-Agent" not in headers: + # headers[ + # "User-Agent"] = "Mozilla/5.0 (X11; Linux x86_64) Chrome/99.0.4844.51" + # + # if self.authorization_type.lower() == "basic" and self.authorization_body: + # auth = self.authorization_body + # else: + # auth = {} + # return self.url, self.get_method_display(), headers, self.params, self.body, auth class VulBaseModel(BaseModel): diff --git a/sysom_api/apps/vul/views.py b/sysom_api/apps/vul/views.py index d35e6ae0..203d7800 100644 --- a/sysom_api/apps/vul/views.py +++ b/sysom_api/apps/vul/views.py @@ -332,16 +332,45 @@ class VulAddrViewSet(viewsets.ModelViewSet): super().update(request, *args, **kwargs) return success(result={}, message="修改成功") - @action(detail=True, methods=['get']) + # @action(detail=True, methods=['get']) + # def test_connect(self, request, *args, **kwargs): + # vul = self.get_object() + # url, method, headers, params, payload, auth = vul.get_req_arg() + # req = requests.Request(method, url, headers=headers, data=payload, params=params, auth=auth) + # prepped = req.prepare() + # data = {"request": self.get_req_struct(prepped), + # "status": self.get_resp_result(prepped)} + # return success(result=data, message="") + + @action(detail=False, methods=['post']) def test_connect(self, request, *args, **kwargs): - vul = self.get_object() - url, method, headers, params, payload, auth = vul.get_req_arg() + body = request.data + url, method, headers, params, payload, auth = self.get_req_arg(body) req = requests.Request(method, url, headers=headers, data=payload, params=params, auth=auth) prepped = req.prepare() data = {"request": self.get_req_struct(prepped), "status": self.get_resp_result(prepped)} return success(result=data, message="") + @staticmethod + def get_req_arg(body): + headers = body.get("headers") + if "User-Agent" not in headers: + headers[ + "User-Agent"] = "Mozilla/5.0 (X11; Linux x86_64) Chrome/99.0.4844.51" + + if body.get("authorization_type").lower() == "basic" and body.get("authorization_body"): + auth = body.get("authorization_body") + else: + auth = {} + + for i in VulAddrModel.REQUEST_METHOD_CHOICES: + if i[0] == body.get("method"): + method = i[1] + break + + return body.get("url"), method, headers, body.get("params"), body.get("body"), auth + @staticmethod def get_req_struct(req): req_struct = '{}\n\n{}\n\n{}'.format( -- Gitee From edf362f55d7d069b73aa901dcc7b4151e1a57ca0 Mon Sep 17 00:00:00 2001 From: weidong Date: Mon, 18 Apr 2022 16:35:36 +0800 Subject: [PATCH 3/4] =?UTF-8?q?=E9=9A=90=E8=97=8F=E4=B8=8D=E5=8F=AF?= =?UTF-8?q?=E7=BC=96=E8=BE=91=E6=BC=8F=E6=B4=9E=E6=95=B0=E6=8D=AE=E5=BA=93?= =?UTF-8?q?=E4=B8=AD=EF=BC=8C=E9=83=A8=E5=88=86=E9=9A=90=E7=A7=81=E4=BF=A1?= =?UTF-8?q?=E6=81=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sysom_api/apps/vul/serializer.py | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/sysom_api/apps/vul/serializer.py b/sysom_api/apps/vul/serializer.py index 85e72e78..0ce9e7b9 100644 --- a/sysom_api/apps/vul/serializer.py +++ b/sysom_api/apps/vul/serializer.py @@ -1,6 +1,6 @@ # -*- encoding: utf-8 -*- """ -@File : urls.py +@File : serializer.py @Time : 2022/4/8 下午1:49 @Author : weidongkl @Email : weidong@uniontech.com @@ -12,6 +12,8 @@ from apps.vul.models import VulAddrModel class VulAddrListSerializer(serializers.ModelSerializer): method_display = serializers.SerializerMethodField() + headers = serializers.SerializerMethodField() + description = serializers.SerializerMethodField() class Meta: model = VulAddrModel @@ -25,6 +27,18 @@ class VulAddrListSerializer(serializers.ModelSerializer): def get_description(self, attr: VulAddrModel) -> str: return attr.description or '暂未填写' + def get_headers(self, attr: VulAddrModel) -> str: + if attr.is_edited: + return attr.headers + else: + shadow_string = "x" * 12 + shadow_fields = ["token", "authorization"] + display_headers = attr.headers.copy() + for k, v in attr.headers.items(): + if k.lower() in shadow_fields: + display_headers[k] = shadow_string + return display_headers + class VulAddrModifySerializer(serializers.ModelSerializer): authorization_body = serializers.JSONField(required=False) -- Gitee From e968f7a2b6f38a6cb92af49b9138b83a72584a3c Mon Sep 17 00:00:00 2001 From: weidong Date: Mon, 18 Apr 2022 17:59:40 +0800 Subject: [PATCH 4/4] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=B3=A8=E9=87=8A?= =?UTF-8?q?=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- sysom_api/apps/vul/models.py | 12 ------------ sysom_api/apps/vul/views.py | 12 +----------- 2 files changed, 1 insertion(+), 23 deletions(-) diff --git a/sysom_api/apps/vul/models.py b/sysom_api/apps/vul/models.py index d62ae1c0..1c175012 100644 --- a/sysom_api/apps/vul/models.py +++ b/sysom_api/apps/vul/models.py @@ -41,18 +41,6 @@ class VulAddrModel(models.Model): def __str__(self): return f'vul addres: {self.url}' - # def get_req_arg(self): - # headers = self.headers - # if "User-Agent" not in headers: - # headers[ - # "User-Agent"] = "Mozilla/5.0 (X11; Linux x86_64) Chrome/99.0.4844.51" - # - # if self.authorization_type.lower() == "basic" and self.authorization_body: - # auth = self.authorization_body - # else: - # auth = {} - # return self.url, self.get_method_display(), headers, self.params, self.body, auth - class VulBaseModel(BaseModel): cve_id = models.CharField(max_length=100) diff --git a/sysom_api/apps/vul/views.py b/sysom_api/apps/vul/views.py index 203d7800..d574a301 100644 --- a/sysom_api/apps/vul/views.py +++ b/sysom_api/apps/vul/views.py @@ -332,16 +332,6 @@ class VulAddrViewSet(viewsets.ModelViewSet): super().update(request, *args, **kwargs) return success(result={}, message="修改成功") - # @action(detail=True, methods=['get']) - # def test_connect(self, request, *args, **kwargs): - # vul = self.get_object() - # url, method, headers, params, payload, auth = vul.get_req_arg() - # req = requests.Request(method, url, headers=headers, data=payload, params=params, auth=auth) - # prepped = req.prepare() - # data = {"request": self.get_req_struct(prepped), - # "status": self.get_resp_result(prepped)} - # return success(result=data, message="") - @action(detail=False, methods=['post']) def test_connect(self, request, *args, **kwargs): body = request.data @@ -390,7 +380,7 @@ class VulAddrViewSet(viewsets.ModelViewSet): msg = f"Status Code: {resp_status} OK" else: msg = f"Status Code: {resp_status} ERROR" + return msg except Exception as e: msg = f"Status Code: ERROR({e})" - finally: return msg -- Gitee