diff --git a/web/api/urls.py b/web/api/urls.py index 203e8ff4..91a812a8 100644 --- a/web/api/urls.py +++ b/web/api/urls.py @@ -18,14 +18,21 @@ # task details path("task/", views.TaskDetailApiView.as_view(), name="task_detail"), # task result details - path("task//result", views.TaskResultDetailApiView.as_view(), name="task_result_detail"), + path("task//result", views.TaskResultApiView.as_view(), name="task_result_detail"), # task resultflow details - path("task//resultflow", views.TaskResultFlowDetailApiView.as_view(), name="task_resultflow_detail"), + path("task//resultflow", views.TaskResultFlowApiView.as_view(), name="task_resultflow_detail"), # task new evil func path("task//newevilfunc", views.TaskNewEvilFuncApiView.as_view(), name="task_new_evil_func_detail"), # task vendors path("task//vendors", views.TaskVendorsApiView.as_view(), name="task_vendors"), + # task result + path("task/result/", views.TaskResultDetailApiView.as_view(), name="task_result"), + path("task/result//del", views.TaskResultDetailDelApiView.as_view(), name="task_result_del"), + # task resultflow + path("task/result//resultflow/", views.TaskResultFlowDetailApiView.as_view(), name="task_resultflow"), + # path("task//resultflow//del", views.TaskResultFlowDetailDelApiView.as_view(), name="task_resultflow_detail_del"), + # rule list path("rule/list", views.RuleListApiView.as_view(), name="rule_list"), # rule details diff --git a/web/api/views.py b/web/api/views.py index d412f6d0..42d03a12 100644 --- a/web/api/views.py +++ b/web/api/views.py @@ -18,7 +18,7 @@ from django.views import View from django.db.models import Count -from web.index.models import ScanTask, VendorVulns, Rules, Tampers, NewEvilFunc, Project, ProjectVendors +from web.index.models import ScanTask, VendorVulns, Rules, Tampers, NewEvilFunc, Project, ProjectVendors, ScanResultTask from web.index.models import get_and_check_scantask_project_id, get_resultflow_class, get_and_check_scanresult from core.vendors import get_project_vendor_by_name, get_vendor_vul_by_name @@ -64,8 +64,8 @@ def get(request, task_id): return JsonResponse({"code": 200, "status": True, "message": list(scantask)}) -class TaskResultDetailApiView(View): - """展示当前任务结果细节""" +class TaskResultApiView(View): + """展示当前任务所有结果细节""" @staticmethod @api_token_required @@ -82,7 +82,37 @@ def get(request, task_id): {"code": 200, "status": True, "message": scantaskresults}) -class TaskResultFlowDetailApiView(View): +class TaskResultDetailApiView(View): + """指定任务结果细节""" + + @staticmethod + @api_token_required + def get(request, result_id): + srt = ScanResultTask.objects.filter(id=result_id, is_active=1).values() + + if not srt: + return JsonResponse({"code": 403, "status": False, "message": "TaskResult {} not exist.".format(result_id)}) + + return JsonResponse({"code": 200, "status": True, "message": list(srt)}) + + +class TaskResultDetailDelApiView(View): + """删除当前任务结果细节""" + + @staticmethod + @api_token_required + def get(request, result_id): + srt = ScanResultTask.objects.filter(id=result_id).first() + + if not srt or srt.is_active == 0: + return JsonResponse({"code": 403, "status": False, "message": "TaskResult {} not exist.".format(result_id)}) + + srt.is_active = 0 + srt.save() + return JsonResponse({"code": 200, "status": True, "message": "Delete Success."}) + + +class TaskResultFlowApiView(View): """展示当前任务结果流细节""" @staticmethod @@ -101,6 +131,45 @@ def get(request, task_id): {"code": 200, "status": True, "message": resultflow_list}) +class TaskResultFlowDetailApiView(View): + """展示指定任务结果流细节""" + + @staticmethod + @api_token_required + def get(request, result_id, vul_id): + scantask = ScanResultTask.objects.filter(id=result_id).first() + task_id = scantask.scan_task_id + + if not scantask.is_finished: + return JsonResponse({"code": 403, "status": False, "message": "Task {} not finished.".format(task_id)}) + + ResultFlow = get_resultflow_class(int(task_id)) + rfs = ResultFlow.objects.filter(vul_id=vul_id) + + resultflow_list = list(rfs.values()) + return JsonResponse( + {"code": 200, "status": True, "message": resultflow_list}) + + +# class TaskResultFlowDetailDelApiView(View): +# """删除当前任务结果流细节""" +# +# @staticmethod +# @api_token_required +# def get(request, task_id, vul_id): +# scantask = ScanTask.objects.filter(id=task_id).first() +# +# if not scantask.is_finished: +# return JsonResponse({"code": 403, "status": False, "message": "Task {} not finished.".format(task_id)}) +# +# ResultFlow = get_resultflow_class(int(task_id)) +# rfs = ResultFlow.objects.filter(vul_id=vul_id) +# +# resultflow_list = list(rfs.values()) +# return JsonResponse( +# {"code": 200, "status": True, "message": resultflow_list}) + + class TaskNewEvilFuncApiView(View): """展示当前任务生成的新恶意函数""" diff --git a/web/index/controller.py b/web/index/controller.py index 2b881f93..c1e595a0 100644 --- a/web/index/controller.py +++ b/web/index/controller.py @@ -43,9 +43,14 @@ def api_token_required(function): def wrapper(request, *args, **kwargs): - if "apitoken" in request.REQUEST: + if "apitoken" in request.GET: - if request.REQUEST['apitoken'] == API_TOKEN: + if request.GET['apitoken'] == API_TOKEN: + return function(request, *args, **kwargs) + + elif "apitoken" in request.POST: + + if request.POST['apitoken'] == API_TOKEN: return function(request, *args, **kwargs) return JsonResponse({"code": 401, "status": "error", "message": "Auth check error. token required."})