From 452997c57a468e4f93160248b1be5f3176b471cc Mon Sep 17 00:00:00 2001
From: BlBana <635373043@qq.com>
Date: Fri, 13 Apr 2018 18:16:21 +0800
Subject: [PATCH 1/3] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E4=BA=86report=E6=A8=A1?=
=?UTF-8?q?=E5=9D=97=E5=BC=82=E5=B8=B8=E7=9A=84=E5=A4=84=E7=90=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
cobra/report.py | 8 ++++++--
reports/report.js | 4 +---
2 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/cobra/report.py b/cobra/report.py
index 4b433c67..b714f660 100644
--- a/cobra/report.py
+++ b/cobra/report.py
@@ -61,10 +61,13 @@ def capture(self):
:return: boolean
"""
capture = None
+ if os.path.exists(node) is False:
+ logger.critical('[Capture] Please install node.js')
+ return False
p = subprocess.Popen(self.param, stdout=subprocess.PIPE)
result, err = p.communicate()
if 'Critical' in result:
- logger.critical(result)
+ logger.critical('[Capture] ' + result)
logger.critical('[Capture] Capture exception')
return False
lines = result.split('\n')
@@ -76,6 +79,7 @@ def capture(self):
logger.critical('[Capture] get capture image file failed')
return False
else:
+ logger.info('[Capture] The screenshot capture success: {}'.format(capture))
return os.path.join(project_directory, capture)
def notification(self, capture_path):
@@ -111,6 +115,6 @@ def notification(self, capture_path):
return False
except smtplib.SMTPException as error:
logger.critical(error)
- logger.critical('[EMAIL] Please config SMTP Server, port, username, password and sender in config file')
+ logger.critical('[EMAIL] Please config SMTP Server, port, username, to, password and sender in config file')
return False
diff --git a/reports/report.js b/reports/report.js
index 33933fbf..22cc4fc2 100644
--- a/reports/report.js
+++ b/reports/report.js
@@ -89,9 +89,7 @@ puppeteer.launch().then(async browser => {
await browser.close();
await console.log('Success:' + file)
} catch (err) {
- console.log('Critical: Unable to load the address, Please check the address');
+ console.log('Critical: Unable to load the address, Please check the cobra_ip in config');
process.exit();
}
});
-
-
From 9d3ef6aa4eef51a5017bd545e238eef6701450bf Mon Sep 17 00:00:00 2001
From: BlBana <635373043@qq.com>
Date: Wed, 18 Apr 2018 11:57:21 +0800
Subject: [PATCH 2/3] =?UTF-8?q?=E4=BC=98=E5=8C=96=E4=BA=86report=20api?=
=?UTF-8?q?=E4=BB=A3=E7=A0=81=EF=BC=8C=E5=A2=9E=E5=8A=A0=E4=BA=86phantomjs?=
=?UTF-8?q?=E6=88=AA=E5=9B=BE=E5=8A=9F=E8=83=BD=EF=BC=8C=E5=A2=9E=E5=8A=A0?=
=?UTF-8?q?=E4=BA=86report=E6=A8=A1=E5=9D=97=E6=96=87=E6=A1=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
cobra/api.py | 9 ++-
cobra/report.py | 29 +++++---
cobra/send_mail.py | 2 +-
cobra/templates/report_my.html | 51 +++++---------
docs/config.md | 1 +
docs/index.md | 1 +
docs/installation.md | 8 ++-
docs/report.md | 36 ++++++++++
docs/upgrade.md | 3 +-
reports/report.js | 118 +++++++++++++++++++++------------
10 files changed, 167 insertions(+), 91 deletions(-)
create mode 100644 docs/report.md
diff --git a/cobra/api.py b/cobra/api.py
index 44993960..1655de43 100644
--- a/cobra/api.py
+++ b/cobra/api.py
@@ -418,6 +418,7 @@ def report():
total_files = 0
total_vul_number = critical_vul_number = high_vul_number = medium_vul_number = low_vul_number = 0
rule_num = dict()
+ target_directorys = []
time_range = {}
time_start = request.args.get(key='start')
time_end = request.args.get(key='end')
@@ -459,9 +460,15 @@ def report():
data_content = json.load(f)
data_results = data_content.get('result')
if data_results:
+ target_directory = data_results.get('target_directory')
+ if target_directory in target_directorys:
+ continue
+ else:
+ target_directorys.append(target_directory)
+
total_files += data_results.get('file')
total_vul_number += len(data_results.get('vulnerabilities'))
- time_range[data_time] += total_vul_number
+ time_range[data_time] += len(data_results.get('vulnerabilities'))
for vul in data_results.get('vulnerabilities'):
if 9 <= int(vul.get('level')) <= 10:
diff --git a/cobra/report.py b/cobra/report.py
index b714f660..d7ec9147 100644
--- a/cobra/report.py
+++ b/cobra/report.py
@@ -14,6 +14,7 @@
import os
import subprocess
import datetime
+import base64
from .log import logger
from .config import Config, project_directory
@@ -21,8 +22,12 @@
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
-
-node = '/usr/local/bin/node'
+if os.path.exists('/usr/local/bin/phantomjs'):
+ phantomjs = '/usr/local/bin/phantomjs'
+elif os.path.exists('/usr/bin/phantomjs'):
+ phantomjs = '/usr/bin/phantomjs'
+else:
+ phantomjs = 'phantomjs'
class Report(object):
@@ -40,7 +45,7 @@ def __init__(self):
start = datetime.datetime.today() + datetime.timedelta(days=-7)
end = datetime.datetime.today().strftime("%Y-%m-%d")
start = start.strftime("%Y-%m-%d")
- self.param = [node, os.path.join(project_directory, 'reports', 'report.js'), project_directory, start, end]
+ self.param = [phantomjs, os.path.join(project_directory, 'reports', 'report.js'), project_directory, start, end]
def run(self):
capture = self.capture()
@@ -61,7 +66,7 @@ def capture(self):
:return: boolean
"""
capture = None
- if os.path.exists(node) is False:
+ if os.path.exists(phantomjs) is False:
logger.critical('[Capture] Please install node.js')
return False
p = subprocess.Popen(self.param, stdout=subprocess.PIPE)
@@ -93,10 +98,18 @@ def notification(self, capture_path):
message['To'] = self.to
message['Subject'] = self.subject
- att = MIMEText(open(capture_path, 'rb').read(), 'base64', 'utf-8')
- att['Content-Type'] = 'application/octet-stream'
- att["Content-Disposition"] = 'attachment; filename="W({0}).png"'.format(self.wd)
- message.attach(att)
+ # 周报图片以附件的形式发送
+ # att = MIMEText(open(capture_path, 'rb').read(), 'base64', 'utf-8')
+ # att['Content-Type'] = 'application/octet-stream'
+ # att["Content-Disposition"] = 'attachment; filename="W({0}).png"'.format(self.wd)
+ # message.attach(att)
+
+ # 周报图片以在正文中直接显示
+ with open(capture_path, "rb") as image_file:
+ encoded_string = base64.b64encode(image_file.read())
+
+ text = MIMEText('
'.format(encoded_string), 'html')
+ message.attach(text)
try:
smtp = smtplib.SMTP_SSL(host=self.host, port=self.port)
diff --git a/cobra/send_mail.py b/cobra/send_mail.py
index 0a630c41..a3bd3eb9 100644
--- a/cobra/send_mail.py
+++ b/cobra/send_mail.py
@@ -42,7 +42,7 @@ def send_mail(target, filename, receiver):
try:
server.login(user=username, password=password)
- server.sendmail(from_addr=sender, to_addrs=receiver, msg=msg.as_string())
+ server.sendmail(from_addr=username, to_addrs=receiver, msg=msg.as_string())
server.quit()
logger.info('[EMAIL] Email delivered successfully.')
return True
diff --git a/cobra/templates/report_my.html b/cobra/templates/report_my.html
index 424e143d..ad3b3deb 100644
--- a/cobra/templates/report_my.html
+++ b/cobra/templates/report_my.html
@@ -15,7 +15,6 @@
-