Merge pull request #154 from fofapro/0.3.2.3

v0.3.2.3
fofapro · Jun 5, 2021 · 7658f86 · 7658f86
2 parents 295bef6 + 238fe68
commit 7658f86
Show file tree

Hide file tree

Showing 61 changed files with 1,289 additions and 296 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,16 @@
 ## 更新日志
 
+### v0.3.2.3
+
+更新时间：2021-06-05
+
+- 更新6个漏洞镜像。
+- 新增镜像同步功能。
+- 新增漏洞分类功能。
+- 新增计时模式漏洞分类功能。
+- 修复过排名不一致问题。 [#149](https://github.com/fofapro/vulfocus/issues/149)
+- 修复图片上传时错误问题。 [#148](https://github.com/fofapro/vulfocus/issues/148)
+
 ### v0.3.2.2
 
 更新时间：2021-05-28

diff --git a/images/README.md b/images/README.md
@@ -4,6 +4,12 @@ Vulfocus 镜像维护目录，该目录中存储 Vulfocus 所有的 Dockerfile
 
 | 漏洞名称         | 拉取命令                                  | 描述             |贡献者|
 | :--------------- | :--------------------------------------------------- | :--------------- |:--------------- |
+|CVE-2020-35606|`docker pull vulfocus/webmin-cve_2020_35606`|CVE-2020-35606|[Vulfocus](https://github.com/fofapro/vulfocus)|
+|CVE-2020-25790|`docker pull vulfocus/typesetter-cve_2020_25790`|CVE-2020-25790|[Vulfocus](https://github.com/fofapro/vulfocus)|
+|CVE-2018-1270|`docker pull vulfocus/spring-cve_2018_1270`|CVE-2018-1270|[Vulfocus](https://github.com/fofapro/vulfocus)|
+|CVE-2020-50280|`docker pull vulfocus/wordpress-cnvd_2020_50280`|CVE-2020-50280|[Vulfocus](https://github.com/fofapro/vulfocus)|
+|CVE-2019-33156|`docker pull vulfocus/apache-zeppelin-cnvd_2019_33156`|CVE-2019-33156|[Vulfocus](https://github.com/fofapro/vulfocus)|
+|CVE-2019-7580|`docker pull vulfocus/thinkcmf-cve_2019_7580`|CVE-2019-7580|[Vulfocus](https://github.com/fofapro/vulfocus)|
 |CVE-2020-13384|`docker pull vulfocus/monstra-cve_2020_13384`|CVE-2020-13384|[Vulfocus](https://github.com/fofapro/vulfocus)|
 |CVE-2020-24741|`docker pull vulfocus/junams-cnvd_2020_24741`|CVE-2020-24741|[Vulfocus](https://github.com/fofapro/vulfocus)|
 |CVE-2020-22721|`docker pull vulfocus/seacms-cnvd_2020_22721`|CVE-2020-22721|[Vulfocus](https://github.com/fofapro/vulfocus)|
@@ -134,6 +140,15 @@ Vulfocus 镜像维护目录，该目录中存储 Vulfocus 所有的 Dockerfile
 
 ## 镜像新增日志
 
+2021-06-05
+
+- vulfocus/webmin-cve_2020_35606
+- vulfocus/typesetter-cve_2020_25790
+- vulfocus/spring-cve_2018_1270
+- vulfocus/wordpress-cnvd_2020_50280
+- vulfocus/apache-zeppelin-cnvd_2019_33156
+- vulfocus/thinkcmf-cve_2019_7580
+
 2021-05-28
 
 - vulfocus/monstra-cve_2020_13384

diff --git a/vulfocus-api/db.sqlite3 b/vulfocus-api/db.sqlite3
diff --git a/vulfocus-api/default b/vulfocus-api/default
@@ -51,6 +51,10 @@ server {
 		try_files $uri $uri/ =404;
 	}
 
+	location /images/ {
+		alias /vulfocus-api/static/;
+	}
+
 	location /api/ {
 		proxy_pass http://127.0.0.1:8000/;
     }

diff --git a/vulfocus-api/dockerapi/common.py b/vulfocus-api/dockerapi/common.py
@@ -18,7 +18,8 @@
     "share_username": "",
     "username": "vulshare",
     "pwd": "2a295233-801b-4efb-9f78-916330b984f6",
-    "time": 30 * 60
+    "time": 30 * 60,
+    "is_synchronization": 0
 }
 
 
@@ -41,7 +42,13 @@ def get_setting_config():
         if not config:
             config = SysConfig(config_key=config_key, config_value=config_value)
             config.save()
+        config_key = config.config_key
         config_value = config.config_value
+        if config_key == 'is_synchronization':
+            if config_value == 1 or config_value == '1':
+                config_value = True
+            else:
+                config_value = False
         rsp_data[config_key] = config_value
     return rsp_data
 

diff --git a/...ions/0006_timemoudel_timerank_timetemp.py → ...api/migrations/0006_auto_20210604_2358.py b/...ions/0006_timemoudel_timerank_timetemp.py → ...api/migrations/0006_auto_20210604_2358.py
@@ -1,4 +1,4 @@
-# Generated by Django 3.1.4 on 2021-05-28 23:20
+# Generated by Django 3.1.4 on 2021-06-04 23:58
 
 from django.db import migrations, models
 import django.db.models.deletion
@@ -20,12 +20,19 @@ class Migration(migrations.Migration):
                 ('time_range', models.IntegerField(verbose_name='计时模式时间')),
                 ('image_name', models.TextField(default='', verbose_name='图片名称')),
                 ('time_desc', models.TextField(null=True, verbose_name='计时模版描述')),
+                ('time_img_type', models.TextField(blank=True, default='', verbose_name='漏洞类型')),
+                ('rank_range', models.TextField(blank=True, default='', verbose_name='漏洞类型')),
                 ('flag_status', models.BooleanField(default=False, verbose_name='用于判断')),
             ],
             options={
-                'db_table': 'time_Temp',
+                'db_table': 'time_temp',
             },
         ),
+        migrations.AddField(
+            model_name='imageinfo',
+            name='degree',
+            field=models.TextField(blank=True, default='', verbose_name='漏洞类型'),
+        ),
         migrations.CreateModel(
             name='TimeRank',
             fields=[
@@ -42,7 +49,7 @@ class Migration(migrations.Migration):
         migrations.CreateModel(
             name='TimeMoudel',
             fields=[
-                ('time_id', models.CharField(default='e3080cd3-2ba6-4f67-85e7-18413c14deac', max_length=255, primary_key=True, serialize=False, verbose_name='ID')),
+                ('time_id', models.CharField(default='ec405c01-3ecb-4c8f-892c-607f904d7b87', max_length=255, primary_key=True, serialize=False, verbose_name='ID')),
                 ('user_id', models.IntegerField(verbose_name='用户ID')),
                 ('start_time', models.FloatField(verbose_name='开始时间戳')),
                 ('end_time', models.FloatField(verbose_name='结束时间')),

diff --git a/...api/migrations/0007_auto_20210528_2320.py → ...api/migrations/0007_auto_20210604_2359.py b/...api/migrations/0007_auto_20210528_2320.py → ...api/migrations/0007_auto_20210604_2359.py
@@ -1,18 +1,18 @@
-# Generated by Django 3.1.4 on 2021-05-28 23:20
+# Generated by Django 3.1.4 on 2021-06-04 23:59
 
 from django.db import migrations, models
 
 
 class Migration(migrations.Migration):
 
     dependencies = [
-        ('dockerapi', '0006_timemoudel_timerank_timetemp'),
+        ('dockerapi', '0006_auto_20210604_2358'),
     ]
 
     operations = [
         migrations.AlterField(
             model_name='timemoudel',
             name='time_id',
-            field=models.CharField(default='bff901de-a681-4035-af21-5eddc51bf0db', max_length=255, primary_key=True, serialize=False, verbose_name='ID'),
+            field=models.CharField(default='a561f9cf-b0da-4fcc-8e15-700cb767e030', max_length=255, primary_key=True, serialize=False, verbose_name='ID'),
         ),
     ]
diff --git a/vulfocus-api/dockerapi/migrations/0008_auto_20210605_0001.py b/vulfocus-api/dockerapi/migrations/0008_auto_20210605_0001.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.4 on 2021-06-05 00:01
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dockerapi', '0007_auto_20210604_2359'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='timemoudel',
+            name='time_id',
+            field=models.CharField(default='05ce8a4e-90c0-4422-9447-3ece7ebe8fd0', max_length=255, primary_key=True, serialize=False, verbose_name='ID'),
+        ),
+    ]
diff --git a/vulfocus-api/dockerapi/migrations/0009_auto_20210605_0004.py b/vulfocus-api/dockerapi/migrations/0009_auto_20210605_0004.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.4 on 2021-06-05 00:04
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dockerapi', '0008_auto_20210605_0001'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='timemoudel',
+            name='time_id',
+            field=models.CharField(default='d4f3664c-8a11-4931-ac35-5e1969c0289a', max_length=255, primary_key=True, serialize=False, verbose_name='ID'),
+        ),
+    ]
diff --git a/vulfocus-api/dockerapi/migrations/0010_auto_20210605_0006.py b/vulfocus-api/dockerapi/migrations/0010_auto_20210605_0006.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.4 on 2021-06-05 00:06
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dockerapi', '0009_auto_20210605_0004'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='timemoudel',
+            name='time_id',
+            field=models.CharField(default='a49a302a-2631-48b2-a73b-b89741250827', max_length=255, primary_key=True, serialize=False, verbose_name='ID'),
+        ),
+    ]
diff --git a/vulfocus-api/dockerapi/migrations/0011_auto_20210605_0007.py b/vulfocus-api/dockerapi/migrations/0011_auto_20210605_0007.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.4 on 2021-06-05 00:07
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dockerapi', '0010_auto_20210605_0006'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='timemoudel',
+            name='time_id',
+            field=models.CharField(default='1547c11c-5e5b-446c-84fa-d15cab047845', max_length=255, primary_key=True, serialize=False, verbose_name='ID'),
+        ),
+    ]
diff --git a/vulfocus-api/dockerapi/migrations/0012_auto_20210605_0009.py b/vulfocus-api/dockerapi/migrations/0012_auto_20210605_0009.py
@@ -0,0 +1,28 @@
+# Generated by Django 3.1.4 on 2021-06-05 00:09
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dockerapi', '0011_auto_20210605_0007'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='timemoudel',
+            name='time_id',
+            field=models.CharField(default='9716f18e-22b2-462f-a850-b15ce822ec0c', max_length=255, primary_key=True, serialize=False, verbose_name='ID'),
+        ),
+        migrations.AlterField(
+            model_name='timetemp',
+            name='rank_range',
+            field=models.TextField(default='', verbose_name='漏洞类型'),
+        ),
+        migrations.AlterField(
+            model_name='timetemp',
+            name='time_img_type',
+            field=models.TextField(default='', verbose_name='漏洞类型'),
+        ),
+    ]
diff --git a/vulfocus-api/dockerapi/migrations/0013_auto_20210605_2005.py b/vulfocus-api/dockerapi/migrations/0013_auto_20210605_2005.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.4 on 2021-06-05 20:05
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dockerapi', '0012_auto_20210605_0009'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='timemoudel',
+            name='time_id',
+            field=models.CharField(default='808a3c18-3091-471d-9884-9b96056f1586', max_length=255, primary_key=True, serialize=False, verbose_name='ID'),
+        ),
+    ]
diff --git a/vulfocus-api/dockerapi/migrations/0014_auto_20210605_2019.py b/vulfocus-api/dockerapi/migrations/0014_auto_20210605_2019.py
@@ -0,0 +1,18 @@
+# Generated by Django 3.1.4 on 2021-06-05 20:19
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dockerapi', '0013_auto_20210605_2005'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='timemoudel',
+            name='time_id',
+            field=models.CharField(default='1d2b72ed-cb22-4e6c-be27-4dc6433c66cb', max_length=255, primary_key=True, serialize=False, verbose_name='ID'),
+        ),
+    ]
diff --git a/vulfocus-api/dockerapi/models.py b/vulfocus-api/dockerapi/models.py
@@ -13,10 +13,12 @@ class TimeTemp(models.Model):
     time_range = models.IntegerField(verbose_name='计时模式时间')
     image_name = models.TextField(null=False, default="", verbose_name="图片名称")
     time_desc = models.TextField(verbose_name='计时模版描述', null=True)
+    time_img_type = models.TextField(verbose_name="漏洞类型", default="")
+    rank_range = models.TextField(verbose_name="漏洞类型", default="")
     flag_status = models.BooleanField(verbose_name='用于判断', default=False)
 
     class Meta:
-        db_table = 'time_Temp'
+        db_table = 'time_temp'
 
 
 class TimeRank(models.Model):
@@ -47,6 +49,7 @@ class TimeMoudel(models.Model):
     class Meta:
         db_table = 'time_moudel'
 
+
 class ImageInfo(models.Model):
     """
     镜像实体Model
@@ -59,6 +62,7 @@ class ImageInfo(models.Model):
     rank = models.FloatField(verbose_name='Rank', null=False)
     is_ok = models.BooleanField(verbose_name="镜像是否可用", default=True)
     is_share = models.BooleanField(verbose_name="镜像是否贡献", default=False)
+    degree = models.TextField(verbose_name="漏洞类型", default="", blank=True)
     create_date = models.DateTimeField(auto_now_add=True, verbose_name='Docker创建时间，默认为当前时间')
     update_date = models.DateTimeField(auto_now=True, verbose_name='Docker更新时间，默认为当前时间')
 

diff --git a/vulfocus-api/dockerapi/serializers.py b/vulfocus-api/dockerapi/serializers.py
@@ -1,5 +1,6 @@
 # coding:utf-8
 from django.db.models import Q
+import traceback
 from rest_framework import serializers
 from dockerapi.models import ImageInfo, ContainerVul, SysLog, TimeMoudel, TimeRank, TimeTemp
 from user.models import UserProfile
@@ -15,6 +16,24 @@
 
 
 class TimeTempSerializer(serializers.ModelSerializer):
+    time_img_type = serializers.SerializerMethodField('typeck')
+    rank_range = serializers.SerializerMethodField('rankck')
+
+    def typeck(self, obj):
+        img_d = obj.time_img_type
+        try:
+            return json.loads(img_d)
+        except Exception as e:
+            return []
+
+    def rankck(self, obj):
+        # rank = obj.rank_range
+        if obj.rank_range != "":
+            try:
+                return float(obj.rank_range)
+            except Exception as e:
+                return 0.0
+
     class Meta:
         model = TimeTemp
         fields = "__all__"
@@ -59,6 +78,8 @@ def a_end_date(self, obj):
 class ImageInfoSerializer(serializers.ModelSerializer):
 
     status = serializers.SerializerMethodField('statusck')
+    degree = serializers.SerializerMethodField('degreeck')
+
 
     def statusck(self, obj):
         status = {}
@@ -144,6 +165,13 @@ def statusck(self, obj):
         status["now"] = int(timezone.now().timestamp())
         return status
 
+    def degreeck(self, obj):
+        img_d = obj.degree
+        try:
+            return json.loads(img_d)
+        except Exception as e:
+            return []
+
     class Meta:
         model = ImageInfo
         fields = "__all__"