/** * 纯基线安全测试的执行(仅用于基线安全测试) * @param filepath [description] * @param filename [description] * @return [description] */ int verify_python_baseline(char* filepath,char* filename) { int res; // 初始化python环境 Py_Initialize(); PyObject *pModule,*pFunc,*pValue; PyRun_SimpleString("import os,sys"); PyRun_SimpleString(pyfile_path(filepath)); pModule = PyImport_Import(PyString_FromString((char*)firstname(filename))); // 加载信息定义模块 pFunc = PyObject_GetAttrString(pModule, "info"); pValue = PyEval_CallObject(pFunc, NULL); // 输出模块相关的信息 printf("[*] Loading module name: %s \n", getDictString(pValue,"name")); printf("[*] Module severity: %s \n", getDictString(pValue,"severity")); printf("[*] Module create date: %s ,last update date: %s \n",getDictString(pValue,"create_date"),getDictString(pValue,"update_date")); Py_CLEAR(pValue); Py_CLEAR(pFunc); pFunc = PyObject_GetAttrString(pModule,"verify_print"); pValue = PyEval_CallObject(pFunc, NULL); res = PyInt_AsLong(pValue); Py_Finalize(); Py_CLEAR(pFunc); Py_CLEAR(pValue); return res; }
/** * 执行python插件的安全测试 * @param filepath [插件搜索路径] * @param filename [插件名称] * @param mode [插件执行模式|1:测试|2:攻击] * @param host [攻击地址] * @param port [端口] * @return [description] */ int verify_python(char* filepath,char* filename,int mode,char* host,int port) { int res; // 初始化python环境 Py_Initialize(); PyObject *pModule,*pFunc; PyObject *pArgs, *pValue; PyRun_SimpleString("import os,sys"); PyRun_SimpleString(pyfile_path(filepath)); pModule = PyImport_Import(PyString_FromString((char*)firstname(filename))); // 加载信息定义模块 pFunc = PyObject_GetAttrString(pModule, "info"); pValue = PyEval_CallObject(pFunc, NULL); // 输出模块相关的信息 printf("[*] Loading module name: %s \n", getDictString(pValue,"name")); printf("[*] Module severity: %s \n", getDictString(pValue,"severity")); printf("[*] Module create date: %s ,last update date: %s \n",getDictString(pValue,"create_date"),getDictString(pValue,"update_date")); Py_CLEAR(pValue); Py_CLEAR(pFunc); if (mode == 1){ // 现场输出模块 pFunc = PyObject_GetAttrString(pModule,"verify_print"); pArgs = PyTuple_New(2); PyTuple_SetItem(pArgs,0, PyString_FromString(host)); PyTuple_SetItem(pArgs,1, PyInt_FromLong(port)); pValue = PyObject_CallObject(pFunc, pArgs); res = PyInt_AsLong(pValue); Py_Finalize(); }else if (mode == 2){ // 执行漏洞测试后,存储漏洞测试结果 pFunc = PyObject_GetAttrString(pModule,"verify_save"); pArgs = PyTuple_New(2); PyTuple_SetItem(pArgs,0, PyString_FromString(host)); PyTuple_SetItem(pArgs,1, PyInt_FromLong(port)); pValue = PyObject_CallObject(pFunc, pArgs); // 存储功能未实现 ------------- Mark Py_Finalize(); } Py_CLEAR(pFunc); Py_CLEAR(pArgs); Py_CLEAR(pValue); return res; }
/** * 单纯测试模块,输出模块信息 * @param filepath [description] * @param filename [description] * @param mode [description] * @param host [description] * @param port [description] * @return [description] */ void verify_python_test(char* filepath,char* filename) { // 初始化python环境 Py_Initialize(); PyObject *pModule,*pFunc,*pValue; PyRun_SimpleString("import os,sys"); PyRun_SimpleString(pyfile_path(filepath)); pModule = PyImport_Import(PyString_FromString((char*)firstname(filename))); // 加载信息定义模块 pFunc = PyObject_GetAttrString(pModule, "info"); pValue = PyEval_CallObject(pFunc, NULL); // 输出模块相关的信息 printf("[*] Loading module name: %s \n", getDictString(pValue,"name")); printf("[*] Module Author: %s \n",getDictString(pValue,"author")); printf("[*] Module severity: %s \n", getDictString(pValue,"severity")); printf("[*] Module description: %s \n", getDictString(pValue,"desc")); printf("[*] Module proposed: %s \n", getDictString(pValue,"proposed")); printf("[*] Module testing type: %s \n", getDictString(pValue,"type")); printf("[*] Module testing version: %s \n",getDictString(pValue,"version")); printf("[*] Module create date: %s ,last update date: %s \n",getDictString(pValue,"create_date"),getDictString(pValue,"update_date")); Py_CLEAR(pValue); Py_CLEAR(pFunc); }
/** * saveStruct 形式で文字列化 * @param newline 改行コード 0:CRLF 1:LF * @return 実行結果 */ static tjs_error TJS_INTF_METHOD toStructString(tTJSVariant *result, tjs_int numparams, tTJSVariant **param, iTJSDispatch2 *objthis) { if (result) { IStringWriter writer(numparams > 0 ? (int)*param[0] : 0); writer.hex = true; getDictString(objthis, &writer); *result = writer.buf; } return TJS_S_OK; }
/** * saveStruct 形式でのオブジェクトの保存 * @param filename ファイル名 * @param utf true なら UTF-8 で出力 * @param newline 改行コード 0:CRLF 1:LF * @return 実行結果 */ static tjs_error TJS_INTF_METHOD saveStruct2(tTJSVariant *result, tjs_int numparams, tTJSVariant **param, iTJSDispatch2 *objthis) { if (numparams < 1) return TJS_E_BADPARAMCOUNT; IFileWriter writer(param[0]->GetString(), numparams > 1 ? (int)*param[1] != 0: false, numparams > 2 ? (int)*param[2] : 0 ); writer.hex = true; getDictString(objthis, &writer); return TJS_S_OK; }
static void getVariantString(tTJSVariant &var, IWriter *writer) { switch(var.Type()) { case tvtVoid: writer->write(L"void"); break; case tvtObject: { iTJSDispatch2 *obj = var.AsObjectNoAddRef(); if (obj == NULL) { writer->write(L"null"); } else if (obj->IsInstanceOf(TJS_IGNOREPROP,NULL,NULL,L"Array",obj) == TJS_S_TRUE) { getArrayString(obj, writer); } else { getDictString(obj, writer); } } break; case tvtString: quoteString(var.GetString(), writer); break; case tvtOctet: quoteOctet(var.AsOctetNoAddRef(), writer); break; case tvtInteger: writer->write(L"int "); writer->write((tTVInteger)var); break; case tvtReal: writer->write(L"real "); writer->write((tTVReal)var); break; default: writer->write(L"void"); break; }; }