/**
* 纯基线安全测试的执行(仅用于基线安全测试)
* @param filepath [description]
* @param filename [description]
* @return [description]
*/
int verify_python_baseline(char* filepath,char* filename)
{
int res;
// 初始化python环境
Py_Initialize();
PyObject *pModule,*pFunc,*pValue;
PyRun_SimpleString("import os,sys");
PyRun_SimpleString(pyfile_path(filepath));
pModule = PyImport_Import(PyString_FromString((char*)firstname(filename)));
// 加载信息定义模块
pFunc = PyObject_GetAttrString(pModule, "info");
pValue = PyEval_CallObject(pFunc, NULL);
// 输出模块相关的信息
printf("[*] Loading module name: %s \n", getDictString(pValue,"name"));
printf("[*] Module severity: %s \n", getDictString(pValue,"severity"));
printf("[*] Module create date: %s ,last update date: %s \n",getDictString(pValue,"create_date"),getDictString(pValue,"update_date"));
Py_CLEAR(pValue);
Py_CLEAR(pFunc);
pFunc = PyObject_GetAttrString(pModule,"verify_print");
pValue = PyEval_CallObject(pFunc, NULL);
res = PyInt_AsLong(pValue);
Py_Finalize();
Py_CLEAR(pFunc);
Py_CLEAR(pValue);
return res;
}
/**
* 执行python插件的安全测试
* @param filepath [插件搜索路径]
* @param filename [插件名称]
* @param mode [插件执行模式|1:测试|2:攻击]
* @param host [攻击地址]
* @param port [端口]
* @return [description]
*/
int verify_python(char* filepath,char* filename,int mode,char* host,int port)
{
int res;
// 初始化python环境
Py_Initialize();
PyObject *pModule,*pFunc;
PyObject *pArgs, *pValue;
PyRun_SimpleString("import os,sys");
PyRun_SimpleString(pyfile_path(filepath));
pModule = PyImport_Import(PyString_FromString((char*)firstname(filename)));
// 加载信息定义模块
pFunc = PyObject_GetAttrString(pModule, "info");
pValue = PyEval_CallObject(pFunc, NULL);
// 输出模块相关的信息
printf("[*] Loading module name: %s \n", getDictString(pValue,"name"));
printf("[*] Module severity: %s \n", getDictString(pValue,"severity"));
printf("[*] Module create date: %s ,last update date: %s \n",getDictString(pValue,"create_date"),getDictString(pValue,"update_date"));
Py_CLEAR(pValue);
Py_CLEAR(pFunc);
if (mode == 1){
// 现场输出模块
pFunc = PyObject_GetAttrString(pModule,"verify_print");
pArgs = PyTuple_New(2);
PyTuple_SetItem(pArgs,0, PyString_FromString(host));
PyTuple_SetItem(pArgs,1, PyInt_FromLong(port));
pValue = PyObject_CallObject(pFunc, pArgs);
res = PyInt_AsLong(pValue);
Py_Finalize();
}else if (mode == 2){
// 执行漏洞测试后,存储漏洞测试结果
pFunc = PyObject_GetAttrString(pModule,"verify_save");
pArgs = PyTuple_New(2);
PyTuple_SetItem(pArgs,0, PyString_FromString(host));
PyTuple_SetItem(pArgs,1, PyInt_FromLong(port));
pValue = PyObject_CallObject(pFunc, pArgs);
// 存储功能未实现 ------------- Mark
Py_Finalize();
}
Py_CLEAR(pFunc);
Py_CLEAR(pArgs);
Py_CLEAR(pValue);
return res;
}
/**
* 单纯测试模块,输出模块信息
* @param filepath [description]
* @param filename [description]
* @param mode [description]
* @param host [description]
* @param port [description]
* @return [description]
*/
void verify_python_test(char* filepath,char* filename)
{
// 初始化python环境
Py_Initialize();
PyObject *pModule,*pFunc,*pValue;
PyRun_SimpleString("import os,sys");
PyRun_SimpleString(pyfile_path(filepath));
pModule = PyImport_Import(PyString_FromString((char*)firstname(filename)));
// 加载信息定义模块
pFunc = PyObject_GetAttrString(pModule, "info");
pValue = PyEval_CallObject(pFunc, NULL);
// 输出模块相关的信息
printf("[*] Loading module name: %s \n", getDictString(pValue,"name"));
printf("[*] Module Author: %s \n",getDictString(pValue,"author"));
printf("[*] Module severity: %s \n", getDictString(pValue,"severity"));
printf("[*] Module description: %s \n", getDictString(pValue,"desc"));
printf("[*] Module proposed: %s \n", getDictString(pValue,"proposed"));
printf("[*] Module testing type: %s \n", getDictString(pValue,"type"));
printf("[*] Module testing version: %s \n",getDictString(pValue,"version"));
printf("[*] Module create date: %s ,last update date: %s \n",getDictString(pValue,"create_date"),getDictString(pValue,"update_date"));
Py_CLEAR(pValue);
Py_CLEAR(pFunc);
}
/**
* saveStruct 形式で文字列化
* @param newline 改行コード 0:CRLF 1:LF
* @return 実行結果
*/
static tjs_error TJS_INTF_METHOD toStructString(tTJSVariant *result,
tjs_int numparams,
tTJSVariant **param,
iTJSDispatch2 *objthis) {
if (result) {
IStringWriter writer(numparams > 0 ? (int)*param[0] : 0);
writer.hex = true;
getDictString(objthis, &writer);
*result = writer.buf;
}
return TJS_S_OK;
}
/**
* saveStruct 形式でのオブジェクトの保存
* @param filename ファイル名
* @param utf true なら UTF-8 で出力
* @param newline 改行コード 0:CRLF 1:LF
* @return 実行結果
*/
static tjs_error TJS_INTF_METHOD saveStruct2(tTJSVariant *result,
tjs_int numparams,
tTJSVariant **param,
iTJSDispatch2 *objthis) {
if (numparams < 1) return TJS_E_BADPARAMCOUNT;
IFileWriter writer(param[0]->GetString(),
numparams > 1 ? (int)*param[1] != 0: false,
numparams > 2 ? (int)*param[2] : 0
);
writer.hex = true;
getDictString(objthis, &writer);
return TJS_S_OK;
}
static void
getVariantString(tTJSVariant &var, IWriter *writer)
{
switch(var.Type()) {
case tvtVoid:
writer->write(L"void");
break;
case tvtObject:
{
iTJSDispatch2 *obj = var.AsObjectNoAddRef();
if (obj == NULL) {
writer->write(L"null");
} else if (obj->IsInstanceOf(TJS_IGNOREPROP,NULL,NULL,L"Array",obj) == TJS_S_TRUE) {
getArrayString(obj, writer);
} else {
getDictString(obj, writer);
}
}
break;
case tvtString:
quoteString(var.GetString(), writer);
break;
case tvtOctet:
quoteOctet(var.AsOctetNoAddRef(), writer);
break;
case tvtInteger:
writer->write(L"int ");
writer->write((tTVInteger)var);
break;
case tvtReal:
writer->write(L"real ");
writer->write((tTVReal)var);
break;
default:
writer->write(L"void");
break;
};
}
