AttackCheckEngine/write_todb.py at master · luyg24/AttackCheckEngine · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# !/usr/bin/env python
# -*- coding:utf-8 -*-
"""
write info to db, url and post convert to base64 before write, if vul Y not N, not sure M
"""

import mysql.connector
import record_err
import base64
import linecache
import commands
import time


filename = 'ids_mysql.conf'


def writedb(data):
    try:
        config = getinfo(filename)
        conn = mysql.connector.connect(**config)
        cur = conn.cursor()
        # sql = 'desc ids_info'
        attacktype = data[u'attack_type']
        hostname = data[u'hostname']
        status = int(data[u'status'])
        method = data[u'method']
        url = data[u'url']
        baseurl = base64.b64encode(url)
        if method.lower() == 'post':
            post = data[u'post']
            basepost = base64.b64encode(post)
        # write to db
        if method.lower() == 'get':
            insertsql1 = 'insert into  ids_info(attack_type, hostname, status, method, url ) ' \
                         'values("%s", "%s", %d, "%s", "%s")' % (attacktype, hostname, status, method, baseurl)
            cur.execute(insertsql1)
            conn.commit()
        elif method.lower() == 'post':
            insertsql2 = 'insert into  ids_info(attack_type, hostname, status, method, url, postdata ) ' \
                         'values("%s", "%s", %d, "%s", "%s", "%s")' % (attacktype, hostname, status, method, baseurl, basepost)
            # print insertsql2
            cur.execute(insertsql2)
            conn.commit()
        else:
            print 'what?'
        # result_set = cur.fetchall()
        # print result_set
        conn.close()
    except Exception as e:
        record_err.logrecord()


def getinfo(filename):
    try:
        file = open(filename, 'r')
        config = {}
        content = file.readlines()
        for i in range(len(content)):
            tmp = content[i].split(':')
            key = tmp[0]
            value = tmp[1].split('\n')[0]
            config[key] = value
        return config
    except Exception as e:
        record_err.logrecord()


if __name__ == '__main__':
    # print __name__
    writedb('ids_mysql.conf')