creditease-sec / insight Goto Github PK
View Code? Open in Web Editor NEW洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。
License: GNU General Public License v3.0
洞察-宜信集应用系统资产管理、漏洞全生命周期管理、安全知识库管理三位一体的平台。
License: GNU General Public License v3.0
[root@bj2 insight]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
59b6c8a04af5 daocloud.io/liusheng/vulpm_docker:latest "sh -c 'supervisor..." 6 minutes ago Exited (2) 6 minutes ago open_source_srcpm
cb0053f35d22 mysql "docker-entrypoint..." 24 minutes ago Up 24 minutes 127.0.0.1:6606->3306/tcp open_source_mysqldb
[root@bj2 insight]# docker logs 59b
Error: could not find config file srcpm/supervisor.conf
For help, use /usr/bin/supervisord -h
[root@bj2 insight]#
[root@nxsec01 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
bbd4ed5f5607 daocloud.io/liusheng/vulpm_docker:latest "sh -c 'supervisor..." 23 minutes ago Exited (2) 4 seconds ago open_source_srcpm
c777f16d2d9e mysql "docker-entrypoint..." 57 minutes ago Up 54 minutes 127.0.0.1:6606->3306/tcp open_source_mysqldb
File "manage.py", line 38, in
manager.run()
File "/usr/local/lib/python2.7/site-packages/flask_script/init.py", line 417, in run
result = self.handle(argv[0], argv[1:])
File "/usr/local/lib/python2.7/site-packages/flask_script/init.py", line 386, in handle
res = handle(*args, **config)
File "/usr/local/lib/python2.7/site-packages/flask_script/commands.py", line 216, in call
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/flask_migrate/init.py", line 95, in wrapped
f(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/flask_migrate/init.py", line 215, in migrate
version_path=version_path, rev_id=rev_id)
File "/usr/local/lib/python2.7/site-packages/alembic/command.py", line 176, in revision
script_directory.run_env()
File "/usr/local/lib/python2.7/site-packages/alembic/script/base.py", line 427, in run_env
util.load_python_file(self.dir, 'env.py')
File "/usr/local/lib/python2.7/site-packages/alembic/util/pyfiles.py", line 81, in load_python_file
module = load_module_py(module_id, path)
File "/usr/local/lib/python2.7/site-packages/alembic/util/compat.py", line 141, in load_module_py
mod = imp.load_source(module_id, path, fp)
File "migrations/env.py", line 87, in
run_migrations_online()
File "migrations/env.py", line 70, in run_migrations_online
poolclass=pool.NullPool)
File "/usr/local/lib/python2.7/site-packages/sqlalchemy/engine/init.py", line 465, in engine_from_config
return create_engine(url, **options)
File "/usr/local/lib/python2.7/site-packages/sqlalchemy/engine/init.py", line 424, in create_engine
return strategy.create(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/sqlalchemy/engine/strategies.py", line 50, in create
u = url.make_url(name_or_url)
File "/usr/local/lib/python2.7/site-packages/sqlalchemy/engine/url.py", line 211, in make_url
return _parse_rfc1738_args(name_or_url)
File "/usr/local/lib/python2.7/site-packages/sqlalchemy/engine/url.py", line 270, in _parse_rfc1738_args
"Could not parse rfc1738 URL from string '%s'" % name)
sqlalchemy.exc.ArgumentError: Could not parse rfc1738 URL from string ''
作者和大家好,我按照配置文件smtp服务器,使用新浪的smtp,并配置有效的用户名,密码和端口,但是在注册新用户,在漏洞提交等过程中未收到邮件,请问可能是什么原因?
在网上搜索python发送要取消‘utf-8’字段,不知道这个是否是通用,还是只有新浪邮箱需要去掉‘utf-8’参数?
怎么才可以走漏洞暂不处理流程,这边测试只能选择知悉和申请复测,没有暂不处理。
我在web页面里没有找到新增用户的地方,请问怎么新增用户?
srcpm/config.py 配置文件:
17 #公司邮箱后缀限制,只能使用公司邮箱注册账号。
18 CORP_MAIL = '@qq.com'
...
...
51 # 平台发邮件账号设置
52 SRCPM_MAIL_SENDER = '安全部 [email protected]'
53
54 # 发送邮件的服务器设置,账号密码由系统变量中读取
55 MAIL_SERVER = 'smtp.qq.com'
56 MAIL_PORT = 587
57 MAIL_USE_TLS = True
58 MAIL_USERNAME = os.environ.get(
59 'MAIL_USERNAME') or '[email protected]'
60 MAIL_PASSWORD = os.environ.get('MAIL_PASSWORD') or ''
...
...
70 # 平台发邮件账号设置
71 SRCPM_MAIL_SENDER = '安全部 [email protected]'
72
73 # 发送邮件的服务器设置,账号密码由系统变量中读取
74 MAIL_SERVER = 'smtp.qq.com'
75 MAIL_PORT = 25
76 MAIL_USE_TLS = False
77 MAIL_USERNAME = os.environ.get(
78 'MAIL_USERNAME') or '[email protected]'
79 MAIL_PASSWORD = os.environ.get('MAIL_PASSWORD') or ''
修改定时周期邮件 mail_sender.py 的配置:
50 #主机名设置
51 SERVER_NAME = 'insight.lxxxxo.com'
...
120 # 平台发邮件账号设置
121 SRCPM_MAIL_SENDER = '安全部 [email protected]'
122
123 # 发送邮件的服务器设置,账号密码由系统变量中读取
124 MAIL_SERVER = 'smtp.qq.com'
125 MAIL_PORT = 25
126 MAIL_USE_TLS = False
127 MAIL_USERNAME = os.environ.get(
128 'MAIL_USERNAME') or '[email protected]'
129 MAIL_PASSWORD = os.environ.get('MAIL_PASSWORD') or ''
1)给 【安全部 [email protected]】邮箱设置一个邮箱独立密码
docker run -d -p 10.10.10.2:9000:5000 \ ###此处是你的主机IP
--link open_source_mysqldb:db
--name open_source_srcpm
-v $PWD/srcpm:/opt/webapp/srcpm
-e DEV_DATABASE_URL='mysql://vuluser:vulpassword@db/vuldb'
-e SrcPM_CONFIG=development
-e MAIL_PASSWORD='fievppjzjhlebeec' \ ###注意此处是你的QQ邮箱的授权码
daocloud.io/liusheng/vulpm_docker:latest
sh -c 'supervisord -c srcpm/supervisor.conf && supervisorctl -c srcpm/supervisor.conf start all && tail -f srcpm/log/gunicorn.err && tail -f srcpm/log/mail_sender.err'
修改配置文件:
[root@insight insight]# vim srcpm/app/auth/views.py
添加 flash(u'srcpm/auth/confirm/{}'.format(token))
点击这个的时候,激活的链接会直接显示在当前页面上
复制粘贴这个链接,到你应用的路径后,访问,这个账号就激活了
部门管理员不能查看本部门的漏洞返回如下:
Sorry,internal server error!
错误日志如下:
[2018-04-29 11:38:00,818] ERROR in app: Exception on /srcpm/src/vul_notify_list [GET]
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/flask/app.py", line 1988, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python2.7/site-packages/flask/app.py", line 1641, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python2.7/site-packages/flask/app.py", line 1544, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/lib/python2.7/site-packages/flask/app.py", line 1639, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python2.7/site-packages/flask/app.py", line 1625, in dispatch_request
return self.view_functionsrule.endpoint
File "/usr/lib/python2.7/site-packages/flask_login.py", line 792, in decorated_view
return func(*args, **kwargs)
File "/opt/webapp/srcpm/app/src/views.py", line 356, in vul_notify_list
return render_template('src/vul_notify_list.html', vul_report_list=vul_report_list, opt_label=opt_label)
UnboundLocalError: local variable 'vul_report_list' referenced before assignment
@zwalts @liusec
该系统搭建好后只能走http,想问下怎么走https
我添加了一个与普通人员一样的权限,但是点我的漏洞管理时出现错误提示Sorry,internal server error!。 直连数据库发现权限设置的的确是一样的,但是出现的效果完全不同,且报错。
搭建系统后,安全人员上传附件“漏洞信息”,管理员进行审核时,不能查看附件的漏洞信息。
这种状况是什么原因呢?
错误信息是CSRF token missing or incorrect.
启动docker报错,centos 7上没有iptables,用yum装了一个,还是报这个错误。怎么把这个东西去掉?防火墙已经手动关闭了。
(iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 127.0.0.1 --dport 9000 -j DNAT --to-destination 172.17.0.3:5000 ! -i docker0: iptables: No chain/target/match by that name. (exit status 1)).
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'identified by 'root'' at line 1
本身属于乙方公司,给甲方公司部署该应用,希望能够限定两个邮箱后缀。我自己尝试了修改以下参数
#公司邮箱后缀限制,只能使用公司邮箱注册账号。
CORP_MAIL = ['@company1.cn'
,'@company2.cn']
但是结果是两个都无法注册。
还有这个项目名字叫洞察,是否能提供自定义功能?目前我只能修改应用部署文件中所有名字,着实费了些时间。
注册新用户-邮箱激活步骤:发现激活邮件中给出的激活链接地址是以“http://127.0.0.1/srcpm...+token”形式的链接,请教此处“http://127.0.0.1”这个地址如何修改为云主机的公网IP(srcpm已部署至云主机环境)?
我容器启动时运行的地址是docker run -d -p 0.0.0.0:9000:5000...
当使用以下命令启动容器(替换为我公网IP):
docker run -d -p 47.xx.xx.100:9000:5000 ..........
则会报错:
docker: Error response from daemon: driver failed programming external connectivity on endpoint open_source_srcpm (07b77b355b72017f2f3742b356b6d0051f80d245bc8c1e91fdb78df328ca43ce): Error starting userland proxy: listen tcp 47.XX.XX.100:9000: bind: cannot assign requested address.
请教详细配置步骤,如何修改配置才能实现激活邮件中的激活链接地址自动更改为我云主机的公网IP
@liusec @wsjswy
作者和大家好,我想禁用未登录用户查看漏洞的权限请问如何处理?
在提交漏洞后,通过admin确认漏洞,之后进入我的漏洞管理--新通告漏洞,回罗列出已确认的漏洞,点击任意一个漏洞,出现漏洞详情,再次点击(请确认已知悉漏洞) 以超级管理员admin去操作都会返回403页面,无法继续下面漏洞追踪的操作,例如:修复中的漏洞、暂不处理漏洞都无法进行到这些步骤,请问是什么问题。
/opt/webapp/srcpm/app/templates/src/vul_report_read.html
请确认已知悉漏洞
[root@localhost ~]# mysql -h 127.0.0.1 -P 6606 -u root -p
Enter password:
ERROR 2059 (HY000): Authentication plugin 'caching_sha2_password' cannot be loaded: /usr/lib64/mysql/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory
[root@0308c00c05e3 srcpm]# python manage.py db migrate
Traceback (most recent call last):
File "manage.py", line 38, in
manager.run()
File "/usr/lib/python2.7/site-packages/flask_script/init.py", line 412, in run
result = self.handle(sys.argv[0], sys.argv[1:])
File "/usr/lib/python2.7/site-packages/flask_script/init.py", line 383, in handle
res = handle(*args, **config)
File "/usr/lib/python2.7/site-packages/flask_script/commands.py", line 216, in call
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/flask_migrate/init.py", line 173, in migrate
version_path=version_path, rev_id=rev_id)
File "/usr/lib/python2.7/site-packages/alembic/command.py", line 176, in revision
script_directory.run_env()
File "/usr/lib/python2.7/site-packages/alembic/script/base.py", line 427, in run_env
util.load_python_file(self.dir, 'env.py')
File "/usr/lib/python2.7/site-packages/alembic/util/pyfiles.py", line 81, in load_python_file
module = load_module_py(module_id, path)
File "/usr/lib/python2.7/site-packages/alembic/util/compat.py", line 141, in load_module_py
mod = imp.load_source(module_id, path, fp)
File "migrations/env.py", line 87, in
run_migrations_online()
File "migrations/env.py", line 72, in run_migrations_online
connection = engine.connect()
File "/usr/lib64/python2.7/site-packages/sqlalchemy/engine/base.py", line 2102, in connect
return self._connection_cls(self, **kwargs)
File "/usr/lib64/python2.7/site-packages/sqlalchemy/engine/base.py", line 90, in init
if connection is not None else engine.raw_connection()
File "/usr/lib64/python2.7/site-packages/sqlalchemy/engine/base.py", line 2188, in raw_connection
self.pool.unique_connection, _connection)
File "/usr/lib64/python2.7/site-packages/sqlalchemy/engine/base.py", line 2162, in _wrap_pool_connect
e, dialect, self)
File "/usr/lib64/python2.7/site-packages/sqlalchemy/engine/base.py", line 1476, in _handle_dbapi_exception_noconnection
exc_info
File "/usr/lib64/python2.7/site-packages/sqlalchemy/util/compat.py", line 203, in raise_from_cause
reraise(type(exception), exception, tb=exc_tb, cause=cause)
File "/usr/lib64/python2.7/site-packages/sqlalchemy/engine/base.py", line 2158, in _wrap_pool_connect
return fn()
File "/usr/lib64/python2.7/site-packages/sqlalchemy/pool.py", line 345, in unique_connection
return _ConnectionFairy._checkout(self)
File "/usr/lib64/python2.7/site-packages/sqlalchemy/pool.py", line 784, in _checkout
fairy = _ConnectionRecord.checkout(pool)
File "/usr/lib64/python2.7/site-packages/sqlalchemy/pool.py", line 532, in checkout
rec = pool._do_get()
File "/usr/lib64/python2.7/site-packages/sqlalchemy/pool.py", line 1280, in _do_get
return self._create_connection()
File "/usr/lib64/python2.7/site-packages/sqlalchemy/pool.py", line 350, in _create_connection
return _ConnectionRecord(self)
File "/usr/lib64/python2.7/site-packages/sqlalchemy/pool.py", line 477, in init
self.__connect(first_connect_check=True)
File "/usr/lib64/python2.7/site-packages/sqlalchemy/pool.py", line 667, in __connect
connection = pool._invoke_creator(self)
File "/usr/lib64/python2.7/site-packages/sqlalchemy/engine/strategies.py", line 106, in connect
return dialect.connect(*cargs, **cparams)
File "/usr/lib64/python2.7/site-packages/sqlalchemy/engine/default.py", line 410, in connect
return self.dbapi.connect(*cargs, **cparams)
File "/usr/lib64/python2.7/site-packages/MySQLdb/init.py", line 81, in Connect
return Connection(*args, **kwargs)
File "/usr/lib64/python2.7/site-packages/MySQLdb/connections.py", line 193, in init
super(Connection, self).init(*args, **kwargs2)
sqlalchemy.exc.OperationalError: (_mysql_exceptions.OperationalError) (1045, "Access denied for user 'vuluser'@'172.17.0.3' (using password: YES)") (Background on this error at: http://sqlalche.me/e/e3q8)
也不算个问题。
查询出错
[2019-04-15 09:53:02,476] ERROR in app: Exception on /srcpm/drops/search [POST]
Traceback (most recent call last):
File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1988, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1641, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1544, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1639, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python2.7/site-packages/flask/app.py", line 1625, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/opt/webapp/srcpm/app/drops/views.py", line 133, in search
searchresult = Postdrop.query.search(searchword)
File "/opt/webapp/srcpm/app/drops/models.py", line 99, in search
q = reduce(db.and_, criteria)
TypeError: reduce() of empty sequence with no initial value
Error: could not find config file srcpm/supervisor.conf
用户注册时,如何先关闭用户注册时邮箱验证的功能?先不使用发件邮箱配置
vulnerability file: https://github.com/creditease-sec/insight/blob/open-source/srcpm/app/admin/views.py
@admin.route('/login_user_delete/<id>')
@permission_required('admin.login_user_delete')
def login_user_delete(id):
lg_user_del = LoginUser.query.get_or_404(id)
db.session.delete(lg_user_del)
flash(u'删除用户 %s 成功' %lg_user_del.username)
return redirect(url_for('admin.login_user_read'))
@admin.route('/role_perm_delete/<role_name>')
@permission_required('admin.role_perm_delete')
def role_perm_delete(role_name):
role_perm_del = Permission.query.filter_by(role_name=role_name)
#删除权限
for r_p_d in role_perm_del:
db.session.delete(r_p_d)
flash(u'删除权限成功')
#删除角色
role = Role.query.filter_by(role_name=role_name).first()
db.session.delete(role)
flash(u'删除权限 %s 成功' %role_name)
return redirect(url_for('admin.role_read'))
@admin.route('/depart_delete/<id>')
@permission_required('admin.depart_delete')
def depart_delete(id):
depart_del = Depart.query.get_or_404(id)
db.session.delete(depart_del)
flash(u'删除部门成功')
return redirect(url_for('admin.depart_read'))
@admin.route('/user_delete/<id>')
@permission_required('admin.user_delete')
def user_delete(id):
user_del = User.query.get_or_404(id)
db.session.delete(user_del)
flash(u'删除人员成功')
return redirect(url_for('admin.user_read'))
poc:
![](http://127.0.0.1:9000/srcpm/admin/login_user_delete/[user id])
理想上应该是 配置一个配置文件,拉一个镜像下来,docker run -v运行并指定下文件 就完成了~
Sorry,internal server error!
BuildError: Could not build url for endpoint 'src.assets_add_ajax'. Did you mean 'src.assets_add' instead?
2018/4/17 下午2:34:42[2018-04-17 06:34:42,274] ERROR in app: Exception on /srcpm/src/assets_modify/1 [GET]
2018/4/17 下午2:34:42Traceback (most recent call last):
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask/app.py", line 1988, in wsgi_app
2018/4/17 下午2:34:42 response = self.full_dispatch_request()
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask/app.py", line 1641, in full_dispatch_request
2018/4/17 下午2:34:42 rv = self.handle_user_exception(e)
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask/app.py", line 1544, in handle_user_exception
2018/4/17 下午2:34:42 reraise(exc_type, exc_value, tb)
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask/app.py", line 1639, in full_dispatch_request
2018/4/17 下午2:34:42 rv = self.dispatch_request()
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask/app.py", line 1625, in dispatch_request
2018/4/17 下午2:34:42 return self.view_functionsrule.endpoint
2018/4/17 下午2:34:42 File "/opt/webapp/srcpm/app/decorators.py", line 13, in decorated_function
2018/4/17 下午2:34:42 return f(*args, **kwargs)
2018/4/17 下午2:34:42 File "/opt/webapp/srcpm/app/src/views.py", line 1223, in assets_modify
2018/4/17 下午2:34:42 return render_template('src/assets_modify.html', form=form, id = asset_get.id)
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask/templating.py", line 134, in render_template
2018/4/17 下午2:34:42 context, ctx.app)
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask/templating.py", line 116, in _render
2018/4/17 下午2:34:42 rv = template.render(context)
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 1008, in render
2018/4/17 下午2:34:42 return self.environment.handle_exception(exc_info, True)
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/jinja2/environment.py", line 780, in handle_exception
2018/4/17 下午2:34:42 reraise(exc_type, exc_value, tb)
2018/4/17 下午2:34:42 File "/opt/webapp/srcpm/app/templates/src/assets_modify.html", line 2, in top-level template code
2018/4/17 下午2:34:42 {% import 'bootstrap/wtf.html' as wtf %}
2018/4/17 下午2:34:42 File "/opt/webapp/srcpm/app/templates/base.html", line 1, in top-level template code
2018/4/17 下午2:34:42 {% extends 'bootstrap/base.html' %}
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask_bootstrap/templates/bootstrap/base.html", line 1, in top-level template code
2018/4/17 下午2:34:42 {% block doc -%}
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask_bootstrap/templates/bootstrap/base.html", line 4, in block "doc"
2018/4/17 下午2:34:42 {%- block html %}
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask_bootstrap/templates/bootstrap/base.html", line 20, in block "html"
2018/4/17 下午2:34:42 {% block body -%}
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask_bootstrap/templates/bootstrap/base.html", line 26, in block "body"
2018/4/17 下午2:34:42 {% block scripts %}
2018/4/17 下午2:34:42 File "/opt/webapp/srcpm/app/templates/src/assets_modify.html", line 17, in block "scripts"
2018/4/17 下午2:34:42 url:"{{ url_for('src.assets_add_ajax') }}",
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask/helpers.py", line 332, in url_for
2018/4/17 下午2:34:42 return appctx.app.handle_url_build_error(error, endpoint, values)
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask/app.py", line 1811, in handle_url_build_error
2018/4/17 下午2:34:42 reraise(exc_type, exc_value, tb)
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/flask/helpers.py", line 322, in url_for
2018/4/17 下午2:34:42 force_external=external)
2018/4/17 下午2:34:42 File "/usr/lib/python2.7/site-packages/werkzeug/routing.py", line 1776, in build
2018/4/17 下午2:34:42 raise BuildError(endpoint, values, method, self)
2018/4/17 下午2:34:42BuildError: Could not build url for endpoint 'src.assets_add_ajax'. Did you mean 'src.assets_add' instead?
在实际使用中,我对于平台中markdown的语法支持产生了困惑。
举例子来说,我想输入一个javascript代码块。以我日常使用的语法习惯下,markdown源码应该是这样:
```markdown
我是代码块
第一行
第二行
第三行
```
但是这样的写法只会让代码块粘一块,既无换行更别提缩进了。我大致查了写资料测试了一下,你们的支持markdown语法应该是原生那个版本,也就是行尾部两个空格表示换行,而代码块显示的部分,语法是行首制表符或四个空格,或者最为常见```标记,也没有语法高亮功能。
建议后续支持GitHub Flavored Markdown语法规范吧!否者真心不方便啊!
部署好后直接sorry internal server error了,登入界面直接也无法显示
"Could not parse rfc1738 URL from string '%s'" % name
ArgumentError: Could not parse rfc1738 URL from string ''
有报这个错误
centos环境
目前资产还不支持批量导入吧,感觉一个个加不是特别方便 -。- 加资产加了好久
how to switch to other language version?
[root@localhost log]# cat gunicorn.err |more
[2018-04-24 10:13:14 +0000] [13] [INFO] Starting gunicorn 19.6.0
[2018-04-24 10:13:14 +0000] [13] [INFO] Listening at: http://0.0.0.0:5000 (13)
[2018-04-24 10:13:14 +0000] [13] [INFO] Using worker: sync
[2018-04-24 10:13:14 +0000] [23] [INFO] Booting worker with pid: 23
[2018-04-24 10:13:14 +0000] [28] [INFO] Booting worker with pid: 28
[2018-04-24 10:13:14 +0000] [29] [INFO] Booting worker with pid: 29
[2018-04-24 10:13:14 +0000] [30] [INFO] Booting worker with pid: 30
Exception in thread Thread-1:
Traceback (most recent call last):
File "/usr/lib64/python2.7/threading.py", line 812, in __bootstrap_inner
self.run()
File "/usr/lib64/python2.7/threading.py", line 765, in run
self.__target(*self.__args, **self.__kwargs)
File "/opt/webapp/srcpm/app/email.py", line 23, in send_async_email
mail.send(msg)
File "/usr/lib/python2.7/site-packages/flask_mail.py", line 491, in send
with self.connect() as connection:
File "/usr/lib/python2.7/site-packages/flask_mail.py", line 144, in enter
self.host = self.configure_host()
File "/usr/lib/python2.7/site-packages/flask_mail.py", line 158, in configure_host
host = smtplib.SMTP(self.mail.server, self.mail.port)
File "/usr/lib64/python2.7/smtplib.py", line 255, in init
(code, msg) = self.connect(host, port)
File "/usr/lib64/python2.7/smtplib.py", line 316, in connect
(code, msg) = self.getreply()
File "/usr/lib64/python2.7/smtplib.py", line 367, in getreply
raise SMTPServerDisconnected("Connection unexpectedly closed")
SMTPServerDisconnected: Connection unexpectedly closed
[root@localhost containers]# docker run -d -p 127.0.0.1:9000:5000 --link open_source_mysqldb:db --name open_source_srcpm -v $PWD/srcpm:/opt/webapp/srcpm -e DEV_DATABASE_URL='mysql://vuluser:vulpassword@db/vuldb' -e SrcPM_CONFIG=development -e MAIL_PASSWORD='root' daocloud.io/liusheng/vulpm_docker:latest sh -c 'supervisord -c srcpm/supervisor.conf && supervisorctl -c srcpm/supervisor.conf start all && tail -f srcpm/log/gunicorn.err && tail -f srcpm/log/mail_sender.err'
aa3198465639e7199141f2eb321ec33d1434fecb8f553b4f18974f2823f5d133
[root@localhost containers]#
安全人员,在知识库页面,填入查询关键字后,点击提交,页面返回Bad Request。报错信息未:CSRF token missing or incorrect. url为:http://192.168.126.178:9000/srcpm/drops/search
File "/opt/webapp/srcpm/app/main/view.py",line 526, in index_stats_time
list_stats_retest_time.append(compute_retest_time)'all',vul_report_list_result))
File "/opt/webapp/srcpm/app/main/view.py",line 612, in compute_retest_time
vul_retest_time = (vul_retest_time_end - vul_retest_time_start).seconds
TypeError: unsupported operand type(s) for -: 'datetime.datetime' and 'int'
求各位大神,
在执行最后这一步时
docker run -d -p 127.0.0.1:9000:5000
--link open_source_mysqldb:db
--name open_source_srcpm
-v $PWD/srcpm:/opt/webapp/srcpm
-e DEV_DATABASE_URL='mysql://vuluser:vulpassword@db/vuldb'
-e SrcPM_CONFIG=development
-e MAIL_PASSWORD='xxxxxx'
daocloud.io/liusheng/vulpm_docker:latest
sh -c 'supervisord -c srcpm/supervisor.conf && supervisorctl -c srcpm/supervisor.conf start all && tail -f srcpm/log/gunicorn.err && tail -f srcpm/log/mail_sender.err'
没有报错,但视乎没有运行起来
查看docker logs
发现
myapp[spawn error]
mail_sender[spawn error]
问下是supervisor.conf这里有配置要修改吗
if (current_user.email not in email_dict['owner']) and (current_user.email !=
email_dict['department_manager']):
abort(403)
if (current_user.email.lower() not in email_dict['owner']) and (current_user.email !=
email_dict['department_manager']):
abort(403)
Step 12/14 : COPY srcpm/venv_srcpm/lib/python2.7/site-packages/flask_bootstrap/init.py /lib/python2.7/site-packages/flask_bootstrap/init.py
COPY failed: stat /var/lib/docker/tmp/docker-builder076187036/srcpm/venv_srcpm/lib/python2.7/site-packages/flask_bootstrap/init.py: no such file or directory
目前除了自己写SQL外,能否通过PY脚本实现自动化批量的功能?
root@ubuntu:~# curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://4e70ba5d.m.daocloud.io
root@ubuntu:~# cat /etc/docker/daemon.json
{"registry-mirrors": ["http://4e70ba5d.m.daocloud.io"]}
root@ubuntu:## service docker restart
root@ubuntu:
网上找的,不谢
[root@nxsec01 insight]# docker run -d –p 0.0.0.0:9000:5000 \
--link open_source_mysqldb:db
--name open_source_srcpm
-v $PWD/srcpm:/opt/webapp/srcpm
-e DEV_DATABASE_URL='mysql://vuluser:vulpassword@db/vuldb'
-e SrcPM_CONFIG=development
-e MAIL_PASSWORD=' xMNSjKLfmE3rNE1v'
daocloud.io/liusheng/vulpm_docker:latest
sh -c 'supervisord -c srcpm/supervisor.conf && supervisorctl -c srcpm/supervisor.conf start all && tail -f srcpm/log/gunicorn.err && tail -f srcpm/log/mail_sender.err'
docker: invalid reference format.
See 'docker run --help'.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.