add api for task result and resultflow

LoRexxar · Oct 12, 2021 · e89e199 · e89e199
1 parent 86edd3c
commit e89e199
Show file tree

Hide file tree

Showing 3 changed files with 89 additions and 8 deletions.
diff --git a/web/api/urls.py b/web/api/urls.py
@@ -18,14 +18,21 @@
     # task details
     path("task/<int:task_id>", views.TaskDetailApiView.as_view(), name="task_detail"),
     # task result details
-    path("task/<int:task_id>/result", views.TaskResultDetailApiView.as_view(), name="task_result_detail"),
+    path("task/<int:task_id>/result", views.TaskResultApiView.as_view(), name="task_result_detail"),
     # task resultflow details
-    path("task/<int:task_id>/resultflow", views.TaskResultFlowDetailApiView.as_view(), name="task_resultflow_detail"),
+    path("task/<int:task_id>/resultflow", views.TaskResultFlowApiView.as_view(), name="task_resultflow_detail"),
     # task new evil func
     path("task/<int:task_id>/newevilfunc", views.TaskNewEvilFuncApiView.as_view(), name="task_new_evil_func_detail"),
     # task vendors
     path("task/<int:task_id>/vendors", views.TaskVendorsApiView.as_view(), name="task_vendors"),
 
+    # task result
+    path("task/result/<int:result_id>", views.TaskResultDetailApiView.as_view(), name="task_result"),
+    path("task/result/<int:result_id>/del", views.TaskResultDetailDelApiView.as_view(), name="task_result_del"),
+    # task resultflow
+    path("task/result/<int:result_id>/resultflow/<int:vul_id>", views.TaskResultFlowDetailApiView.as_view(), name="task_resultflow"),
+    # path("task/<int:task_id>/resultflow/<int:vul_id>/del", views.TaskResultFlowDetailDelApiView.as_view(), name="task_resultflow_detail_del"),
+
     # rule list
     path("rule/list", views.RuleListApiView.as_view(), name="rule_list"),
     # rule details

diff --git a/web/api/views.py b/web/api/views.py
@@ -18,7 +18,7 @@
 from django.views import View
 from django.db.models import Count
 
-from web.index.models import ScanTask, VendorVulns, Rules, Tampers, NewEvilFunc, Project, ProjectVendors
+from web.index.models import ScanTask, VendorVulns, Rules, Tampers, NewEvilFunc, Project, ProjectVendors, ScanResultTask
 from web.index.models import get_and_check_scantask_project_id, get_resultflow_class, get_and_check_scanresult
 from core.vendors import get_project_vendor_by_name, get_vendor_vul_by_name
 
@@ -64,8 +64,8 @@ def get(request, task_id):
         return JsonResponse({"code": 200, "status": True, "message":  list(scantask)})
 
 
-class TaskResultDetailApiView(View):
-    """展示当前任务结果细节"""
+class TaskResultApiView(View):
+    """展示当前任务所有结果细节"""
 
     @staticmethod
     @api_token_required
@@ -82,7 +82,37 @@ def get(request, task_id):
             {"code": 200, "status": True, "message": scantaskresults})
 
 
-class TaskResultFlowDetailApiView(View):
+class TaskResultDetailApiView(View):
+    """指定任务结果细节"""
+
+    @staticmethod
+    @api_token_required
+    def get(request, result_id):
+        srt = ScanResultTask.objects.filter(id=result_id, is_active=1).values()
+
+        if not srt:
+            return JsonResponse({"code": 403, "status": False, "message": "TaskResult {} not exist.".format(result_id)})
+
+        return JsonResponse({"code": 200, "status": True, "message": list(srt)})
+
+
+class TaskResultDetailDelApiView(View):
+    """删除当前任务结果细节"""
+
+    @staticmethod
+    @api_token_required
+    def get(request, result_id):
+        srt = ScanResultTask.objects.filter(id=result_id).first()
+
+        if not srt or srt.is_active == 0:
+            return JsonResponse({"code": 403, "status": False, "message": "TaskResult {} not exist.".format(result_id)})
+
+        srt.is_active = 0
+        srt.save()
+        return JsonResponse({"code": 200, "status": True, "message": "Delete Success."})
+
+
+class TaskResultFlowApiView(View):
     """展示当前任务结果流细节"""
 
     @staticmethod
@@ -101,6 +131,45 @@ def get(request, task_id):
             {"code": 200, "status": True, "message": resultflow_list})
 
 
+class TaskResultFlowDetailApiView(View):
+    """展示指定任务结果流细节"""
+
+    @staticmethod
+    @api_token_required
+    def get(request, result_id, vul_id):
+        scantask = ScanResultTask.objects.filter(id=result_id).first()
+        task_id = scantask.scan_task_id
+
+        if not scantask.is_finished:
+            return JsonResponse({"code": 403, "status": False, "message": "Task {} not finished.".format(task_id)})
+
+        ResultFlow = get_resultflow_class(int(task_id))
+        rfs = ResultFlow.objects.filter(vul_id=vul_id)
+
+        resultflow_list = list(rfs.values())
+        return JsonResponse(
+            {"code": 200, "status": True, "message": resultflow_list})
+
+
+# class TaskResultFlowDetailDelApiView(View):
+#     """删除当前任务结果流细节"""
+#
+#     @staticmethod
+#     @api_token_required
+#     def get(request, task_id, vul_id):
+#         scantask = ScanTask.objects.filter(id=task_id).first()
+#
+#         if not scantask.is_finished:
+#             return JsonResponse({"code": 403, "status": False, "message": "Task {} not finished.".format(task_id)})
+#
+#         ResultFlow = get_resultflow_class(int(task_id))
+#         rfs = ResultFlow.objects.filter(vul_id=vul_id)
+#
+#         resultflow_list = list(rfs.values())
+#         return JsonResponse(
+#             {"code": 200, "status": True, "message": resultflow_list})
+
+
 class TaskNewEvilFuncApiView(View):
     """展示当前任务生成的新恶意函数"""
 

diff --git a/web/index/controller.py b/web/index/controller.py
@@ -43,9 +43,14 @@ def api_token_required(function):
 
     def wrapper(request, *args, **kwargs):
 
-        if "apitoken" in request.REQUEST:
+        if "apitoken" in request.GET:
 
-            if request.REQUEST['apitoken'] == API_TOKEN:
+            if request.GET['apitoken'] == API_TOKEN:
+                return function(request, *args, **kwargs)
+
+        elif "apitoken" in request.POST:
+
+            if request.POST['apitoken'] == API_TOKEN:
                 return function(request, *args, **kwargs)
 
         return JsonResponse({"code": 401, "status": "error", "message": "Auth check error. token required."})