Merge pull request #48 from HXSecurity/develop

Develop
HXSecurity · Aug 11, 2021 · e8c06cd · e8c06cd
2 parents 57847c2 + 3b213c6
commit e8c06cd
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 13 deletions.
diff --git a/.github/workflows/deploy_engine_to_aws.yml b/.github/workflows/deploy_engine_to_aws.yml
@@ -45,10 +45,9 @@ jobs:
           flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
 
       - name: Django Testing project
-        env:
-          DATABASE_URL: ${{ secrets.DATABASE_URL }}
         run: |
           cp conf/config.ini.example conf/config.ini
+          python3 manage.py migrate
           python3 manage.py test
 
       - name: Checkout

diff --git a/.github/workflows/deploy_engine_to_aws_test.yml b/.github/workflows/deploy_engine_to_aws_test.yml
@@ -45,10 +45,9 @@ jobs:
           # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide
           flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics
       - name: Django Testing project
-        env:
-          DATABASE_URL: ${{ secrets.DATABASE_URL }}
         run: |
           cp conf/config.ini.example conf/config.ini
+          python3 manage.py migrate
           python3 manage.py test
       - name: Checkout
         uses: actions/checkout@v2

diff --git a/.github/workflows/release_engine.yml b/.github/workflows/release_engine.yml
@@ -60,12 +60,17 @@ jobs:
           username: ${{ secrets.ALIYUN_DOCKERHUB_USER }}
           password: ${{ secrets.ALIYUN_DOCKERHUB_PASSWORD }}
 
+      - id: release
+        run: |
+          VERSION=`echo ${GITHUB_REF##*/} | awk -F'-' '{print $2}'`
+          echo "::set-output name=version::$VERSION"
+
       - name: Build and push
         uses: docker/build-push-action@v2
         with:
           context: .
           push: true
-          tags: "registry.cn-beijing.aliyuncs.com/huoxian_pub/dongtai-engine:1.0.0,"
+          tags: "registry.cn-beijing.aliyuncs.com/huoxian_pub/dongtai-engine:${{ steps.release.outputs.version }},"
 
       - name: finish build
         uses: joelwmale/webhook-action@master

diff --git a/core/tasks.py b/core/tasks.py
@@ -235,16 +235,16 @@ def search_vul_from_method_pool(method_pool_id):
                     search_and_save_vul(engine, method_pool_model, method_pool, strategy)
         logger.info(f'漏洞检测成功')
     except Exception as e:
-        logger.error(f'漏洞检测出错，错误原因：{e}')
+        logger.error(f'漏洞检测出错，方法池 {method_pool_id}. 错误原因：{e}')
 
 
 @shared_task(queue='dongtai-replay-vul-scan')
 def search_vul_from_replay_method_pool(method_pool_id):
-    logger.info(f'漏洞检测开始，方法池 {method_pool_id}')
+    logger.info(f'重放数据漏洞检测开始，方法池 {method_pool_id}')
     try:
         method_pool_model = IastAgentMethodPoolReplay.objects.filter(id=method_pool_id).first()
         if method_pool_model is None:
-            logger.warn(f'漏洞检测终止，方法池 {method_pool_id} 不存在')
+            logger.warn(f'重放数据漏洞检测终止，方法池 {method_pool_id} 不存在')
         strategies = load_sink_strategy(method_pool_model.agent.user)
         engine = VulEngine()
 
@@ -258,9 +258,9 @@ def search_vul_from_replay_method_pool(method_pool_id):
                 continue
 
             search_and_save_vul(engine, method_pool_model, method_pool, strategy)
-        logger.info(f'漏洞检测成功')
+        logger.info(f'重放数据漏洞检测成功')
     except Exception as e:
-        logger.error(f'漏洞检测出错，错误原因：{e}')
+        logger.error(f'重放数据漏洞检测出错，方法池 {method_pool_id}. 错误原因：{e}')
 
 
 @shared_task(queue='dongtai-strategy-scan')
@@ -583,7 +583,7 @@ def vul_recheck():
                 try:
                     headers = base64.b64encode('\n'.join(header_raw))
                 except Exception as e:
-                    logger.error(f'请求头解析失败，漏洞ID: {vulnerability.id}')
+                    logger.error(f'请求头解析失败，漏洞ID: {vulnerability["id"]}')
             elif position == 'COOKIE':
                 import base64
                 header_raw = base64.b64decode(headers).decode('utf-8').split('\n')
@@ -610,7 +610,7 @@ def vul_recheck():
                 try:
                     headers = base64.b64encode('\n'.join(header_raw))
                 except Exception as e:
-                    logger.error(f'请求头解析失败，漏洞ID: {vulnerability.id}')
+                    logger.error(f'请求头解析失败，漏洞ID: {vulnerability["id"]}')
 
             elif position == 'PATH':
                 # 检查path，替换

diff --git a/db.sqlite3 b/db.sqlite3
diff --git a/lingzhi_engine/settings.py b/lingzhi_engine/settings.py
@@ -89,7 +89,7 @@
 # Database
 # https://docs.djangoproject.com/en/3.0/ref/settings/#databases
 
-if len(sys.argv) > 1 and sys.argv[1] == 'test':
+if len(sys.argv) > 1 and sys.argv[1] in ('test', 'migrate', 'makemigrations'):
     DATABASES = {
         'default': {
             'ENGINE': 'django.db.backends.sqlite3',