FeeiCN · FeeiCN · Jun 3, 2016 · Jun 3, 2016 · Jun 3, 2016 · Jun 3, 2016
diff --git a/app/controller/RulesAdmin.py b/app/controller/RulesAdmin.py
@@ -71,10 +71,12 @@ def rules():
 @web.route(ADMIN_URL + '/add_new_rule', methods=['GET', 'POST'])
 def add_new_rule():
     if request.method == 'POST':
-        vul_type = request.form['vul_type']
-        lang = request.form['language']
-        regex = request.form['regex']
-        description = request.form['description']
+        vul_type = request.form.get('vul_type')
+        lang = request.form.get('language')
+        regex = request.form.get('regex')
+        regex_confirm = request.form.get('regex_confirm')
+        description = request.form.get('description')
+        repair = request.form.get('repair')
 
         if not vul_type or vul_type == "":
             return jsonify(tag='danger', msg='vul type error.')
@@ -84,9 +86,14 @@ def add_new_rule():
             return jsonify(tag='danger', msg='regex can not be blank')
         if not description or description == "":
             return jsonify(tag='danger', msg='description can not be blank')
+        if not regex_confirm or regex_confirm == "":
+            return jsonify(tag='danger', msg='confirm regex can not be blank')
+        if not repair or repair == "":
+            return jsonify(tag='danger', msg='repair can not be empty')
 
         current_time = time.strftime('%Y-%m-%d %X', time.localtime())
-        rule = CobraRules(vul_type, lang, regex, description, current_time, current_time)
+        rule = CobraRules(vul_type, lang, regex, regex_confirm, description, repair,
+                          1, current_time, current_time)
         try:
             db.session.add(rule)
             db.session.commit()
@@ -123,26 +130,39 @@ def del_rule():
 @web.route(ADMIN_URL + '/edit_rule/<int:rule_id>', methods=['GET', 'POST'])
 def edit_rule(rule_id):
     if request.method == 'POST':
-        vul_type = request.form['vul_type']
-        lang = request.form['language']
-        regex = request.form['regex']
-        description = request.form['description']
-        rule_id = request.form['rule_id']
+        vul_type = request.form.get('vul_type')
+        lang = request.form.get('language')
+        regex = request.form.get('regex')
+        regex_confirm = request.form.get('regex_confirm')
+        description = request.form.get('description')
+        rule_id = request.form.get('rule_id')
+        repair = request.form.get('repair')
+        status = request.form.get('status')
 
         if not vul_type or vul_type == "":
             return jsonify(tag='danger', msg='vul type error.')
         if not lang or lang == "":
             return jsonify(tag='danger', msg='language error.')
         if not regex or regex == "":
             return jsonify(tag='danger', msg='regex can not be blank')
+        if not regex_confirm or regex_confirm == "":
+            return jsonify(tag='danger', msg='confirm regex can not be blank')
         if not description or description == "":
             return jsonify(tag='danger', msg='description can not be blank')
+        if not repair or repair == "":
+            return jsonify(tag='danger', msg='repair can not be blank')
+        if not status or status == "" or (status != '1' and status != '2'):
+            return jsonify(tag="danger", msg='status error.')
 
         r = CobraRules.query.filter_by(id=rule_id).first()
         r.vul_id = vul_type
         r.language = lang
         r.regex = regex
+        r.regex_confirm = regex_confirm
         r.description = description
+        r.repair = repair
+        r.status = status
+        r.updated_at = time.strftime('%Y-%m-%d %X', time.localtime())
         try:
             db.session.add(r)
             db.session.commit()
@@ -154,10 +174,7 @@ def edit_rule(rule_id):
         vul_type = CobraVuls.query.all()
         languages = CobraLanguages.query.all()
         return render_template('rulesadmin/edit_rule.html', data={
-            'vul_type': r.vul_id,
-            'language': r.language,
-            'regex': r.regex,
-            'description': r.description,
+            'rule': r,
             'all_vuls': vul_type,
             'all_lang': languages,
         })
@@ -167,22 +184,24 @@ def edit_rule(rule_id):
 @web.route(ADMIN_URL + '/add_new_vul', methods=['GET', 'POST'])
 def add_new_vul():
     if request.method == 'POST':
-        name = request.form['name']
-        description = request.form['description']
+        name = request.form.get('name')
+        description = request.form.get('description')
+        repair = request.form.get('repair')
         if not name or name == "":
-            return jsonify(tag='danger', msg='name is empty')
+            return jsonify(tag='danger', msg='name can not be blank.')
         if not description or description == "":
-            return jsonify(tag='danger', msg='description is empty')
+            return jsonify(tag='danger', msg='description can not be blank.')
+        if not repair or repair == "":
+            return jsonify(tag='danger', msg='repair can not be blank.')
 
         current_time = time.strftime('%Y-%m-%d %X', time.localtime())
-        vul = CobraVuls(name, description, current_time, current_time)
+        vul = CobraVuls(name, description, repair, current_time, current_time)
         try:
             db.session.add(vul)
             db.session.commit()
             return jsonify(tag='success', msg='Add Success.')
         except:
             return jsonify(tag='danger', msg='Add failed. Please try again later.')
-
     else:
         return render_template('rulesadmin/add_new_vul.html')
 
@@ -217,15 +236,22 @@ def del_vul():
 @web.route(ADMIN_URL + '/edit_vul/<int:vul_id>', methods=['GET', 'POST'])
 def edit_vul(vul_id):
     if request.method == 'POST':
-        name = request.form['name']
-        description = request.form['description']
+        name = request.form.get('name')
+        description = request.form.get('description')
+        repair = request.form.get('repair')
+
         if not name or name == "":
             return jsonify(tag='danger', msg='name can not be empty')
         if not description or description == "":
             return jsonify(tag='danger', msg='description can not be empty')
+        if not repair or repair == "":
+            return jsonify(tag='danger', msg='repair can not be empty')
+
         v = CobraVuls.query.filter_by(id=vul_id).first()
         v.name = name
         v.description = description
+        v.repair = repair
+
         try:
             db.session.add(v)
             db.session.commit()
@@ -235,8 +261,7 @@ def edit_vul(vul_id):
     else:
         v = CobraVuls.query.filter_by(id=vul_id).first()
         return render_template('rulesadmin/edit_vul.html', data={
-            'name': v.name,
-            'description': v.description,
+            'vul': v,
         })
 
 

diff --git a/app/controller/api.py b/app/controller/api.py
@@ -24,14 +24,12 @@ def add_new_task():
         {
             "url": "https://gitlab.com/username/project",   // must, gitlab address
             "branch": "master",                             // must, the project branch
-            "username": "your username",    // optional, the username access to the repo. If the repo is public, leave this blank.
-            "password": "your password",    // optional, the password access to the repo. If the repo is public, leave this blank.
+            "username": "username here",        // if the repo is private, please provide the account username
+            "password": "password here",        // if the repo is private, please provide the account password
             "old_version": "old version here",  // optional, if you choice diff scan mode, you should provide old version hash.
             "new_version": "new version here",  // optional, if you choice diff scan mode, you should provide new version hash.
             "scan_way": 1,      // must, scan way, 1-full scan, 2-diff scan, if you want to use full scan mode,
                                 // leave old_version and new_version blank.
-            "scan_type": 2,     // must, scan type, 1-all vulnerabilities, 2-general vulnerabilities, 3-code syntax
-            "level": "1",       // must, scan level, 1-5
         }
     :return:
         The return value also in json format, usually is:
@@ -48,13 +46,11 @@ def add_new_task():
     # get data
     url = data.get('url')
     branch = data.get('branch')
-    username = data.get('username')
-    password = data.get('password')
     new_version = data.get('new_version')
     old_version = data.get('old_version')
+    username = data.get('username')
+    password = data.get('password')
     scan_way = data.get('scan_way')
-    scan_type = data.get('scan_type')
-    level = data.get('level')
 
     # check data
     if not url or url == "":
@@ -63,34 +59,33 @@ def add_new_task():
         return jsonify(code=1002, msg=u'branch can not be empty.')
     if not scan_way or scan_way == "":
         return jsonify(code=1002, msg=u'scan way can not be empty')
-    if not scan_type or scan_type == "":
-        return jsonify(code=1002, msg=u'scan type can not be empty')
-    if not level or level == "":
-        return jsonify(code=1002, msg=u'level can not be empty')
 
-    current_timestamp = int(time.time())
     current_time = time.strftime('%Y-%m-%d %X', time.localtime())
     gg = GitTools.Git(url, branch=branch, username=username, password=password)
-    repo_name = gg.repo_directory.split('/')[-1]
-    repo_name = repo_name.split('_')[-1]
+    repo_author = gg.repo_author
+    repo_name = gg.repo_name
 
     new_version = None if new_version == "" else new_version
     old_version = None if old_version == "" else old_version
     username = None if username == "" else username
     password = None if password == "" else password
 
+    # TODO: file count
+
     # insert into task info table.
-    task_info = CobraTaskInfo(task_type=1, create_time=current_timestamp, filename=None, url=url, branch=branch,
-                              username=username, password=password, scan_type=scan_type, level=level, scan_way=scan_way,
-                              old_version=old_version, new_version=new_version)
+    task = CobraTaskInfo(url, branch, scan_way, new_version, old_version, None, None, None, 1,
+                         current_time, current_time)
 
-    # insert into project table.
-    project = CobraProjects(name=repo_name, repo_type=1, repository=url, branch=branch, username=username,
-                           password=password, scan_at=None, created_at=current_time, updated_at=current_time)
+    p = CobraProjects.query.filter_by(repository=url).first()
+    project = None
+    if not p:
+        # insert into project table.
+        project = CobraProjects(url, repo_name, repo_author, None, None, current_time, current_time)
 
     try:
-        db.session.add(task_info)
-        db.session.add(project)
+        db.session.add(task)
+        if not p:
+            db.session.add(project)
         db.session.commit()
         return jsonify(code=1001, msg=u'task add success.')
     except:

diff --git a/app/models.py b/app/models.py
@@ -12,56 +12,45 @@
 # See the file 'doc/COPYING' for copying permission
 #
 
-from sqlalchemy.dialects.mysql import TINYINT, INTEGER
+from sqlalchemy.dialects.mysql import TINYINT, INTEGER, SMALLINT
 
 from app import db
 
 
 # task_info table. store task information.
 class CobraTaskInfo(db.Model):
-    '''
-    id:             task id
-    task_type:      task type, 1-login to gitlab with username and password, 2-upload file
-    create_time:    task created time
-    filename:       filename, if user upload source code, this is the archive filename
-    url:            url, if user provide gitlab account, this is the project url on gitlab
-    username:       username, gitlab username
-    password:       password, gitlab password
-    scan_type:      scan type, 1-all vulnerabislities, 2-general vulnerabilities, 3-code syntax,
-    level:          level, scan level
-    scan_way:       scan way, 1-full scan, 2-diff scan
-    old_version:    old version, if user select diff scan, this is the old version of the project
-    new_version:    new version, if user select diff scan, this is the new version of the project
-    '''
 
     __tablename__ = 'tasks'
 
     id = db.Column(INTEGER(unsigned=True), primary_key=True, autoincrement=True, nullable=False)
-    task_type = db.Column(db.SmallInteger, nullable=False)
-    filename = db.Column(db.String(255), nullable=True)
-    url = db.Column(db.String(255), nullable=True)
-    branch = db.Column(db.String(64), nullable=True)
-    scan_way = db.Column(db.SmallInteger, nullable=False)
-    old_version = db.Column(db.String(40), nullable=True)
-    new_version = db.Column(db.String(40), nullable=True)
-    created_at = db.Column(db.DATETIME, nullable=False)
-    updated_at = db.Column(db.DATETIME, nullable=False)
-
-    def __init__(self, task_type, filename, url, branch, scan_way,
-                 old_version, new_version, created_at, updated_at):
-        self.task_type = task_type
-        self.filename = filename
-        self.url = url
+    target = db.Column(db.String(255), nullable=True, default=None)
+    branch = db.Column(db.String(64), nullable=True, default=None)
+    scan_way = db.Column(SMALLINT(6), nullable=True, default=None)
+    new_version = db.Column(db.String(40), nullable=True, default=None)
+    old_version = db.Column(db.String(40), nullable=True, default=None)
+    time_consume = db.Column(db.DateTime, nullable=True, default=None)
+    time_start = db.Column(db.DateTime, nullable=True, default=None)
+    time_end = db.Column(db.DateTime, nullable=True, default=None)
+    file_count = db.Column(db.Integer, nullable=True, default=None)
+    created_at = db.Column(db.DateTime, nullable=True, default=None)
+    updated_at = db.Column(db.DateTime, nullable=True, default=None)
+
+    def __init__(self, target, branch, scan_way, new_version, old_version, time_consume, time_start, time_end,
+                 file_count, created_at, updated_at):
+        self.target = target
         self.branch = branch
         self.scan_way = scan_way
-        self.old_version = old_version
         self.new_version = new_version
+        self.old_version = old_version
+        self.time_consume = time_consume
+        self.time_start = time_start
+        self.time_end = time_end
+        self.file_count = file_count
         self.created_at = created_at
         self.updated_at = updated_at
 
     def __repr__(self):
-        return '<task_info %r - %r>' % (self.id,
-                                        "username/password on gitlab" if self.scan_way == 1 else "file upload")
+        return '<task_info %r - %r>' % (self.id, self.target)
 
 
 class CobraRules(db.Model):
@@ -71,15 +60,21 @@ class CobraRules(db.Model):
     vul_id = db.Column(TINYINT(unsigned=False), nullable=True, default=None)
     language = db.Column(TINYINT(unsigned=False), nullable=True, default=None)
     regex = db.Column(db.String(512), nullable=True, default=None)
+    regex_confirm = db.Column(db.String(512), nullable=True, default=None)
     description = db.Column(db.String(256), nullable=True, default=None)
+    repair = db.Column(db.String(512), nullable=True, default=None)
+    status = db.Column(TINYINT(2), nullable=True, default=None)
     created_at = db.Column(db.DateTime, nullable=True, default=None)
     updated_at = db.Column(db.DateTime, nullable=True, default=None)
 
-    def __init__(self, vul_id, language, regex, description, created_at, updated_at):
+    def __init__(self, vul_id, language, regex, regex_confirm, description, repair, status, created_at, updated_at):
         self.vul_id = vul_id
         self.language = language
         self.regex = regex
+        self.regex_confirm = regex_confirm
         self.description = description
+        self.repair = repair
+        self.status = status
         self.created_at = created_at
         self.updated_at = updated_at
 
@@ -92,12 +87,14 @@ class CobraVuls(db.Model):
     id = db.Column(INTEGER(unsigned=True), primary_key=True, autoincrement=True, nullable=False)
     name = db.Column(db.String(56), nullable=True, default=None)
     description = db.Column(db.String(512), nullable=True, default=None)
+    repair = db.Column(db.String(512), nullable=True, default=None)
     created_at = db.Column(db.DateTime, nullable=True, default=None)
     updated_at = db.Column(db.DateTime, nullable=True, default=None)
 
-    def __init__(self, name, description, created_at, updated_at):
+    def __init__(self, name, description, repair, created_at, updated_at):
         self.name = name
         self.description = description
+        self.repair = repair
         self.created_at = created_at
         self.updated_at = updated_at