zfsafe/tools/EchoTool.py

from tools.ToolBase import ToolBase

class EchoTool(ToolBase):
    def validate_instruction(self, instruction):
        #指令过滤
        timeout = 0
        if " nc " in instruction:
            timeout = 60
        return instruction,timeout

    def analyze_result(self, result,instruction,stderr,stdout):
        #指令结果分析
        if "GET / HTTP/1.1" in result and "X-Original-URL: /proc/self/environ" in result:
            #通过构造 ‌自定义HTTP请求头‌ 尝试利用服务器配置漏洞，访问敏感文件
            if "HTTP/1.1 200" in result and "PATH=" in result:
                #result = "存在安全问题"  #暂时保留结果
                pass
            else:
                result ="不存在安全问题"
        else:
            pass

        return result
初始版本0.1 2 months ago			`from tools.ToolBase import ToolBase`

			`class EchoTool(ToolBase):`
			`def validate_instruction(self, instruction):`
			`#指令过滤`
			`timeout = 0`
v0.5 web1.0 1 week ago			`if " nc " in instruction:`
			`timeout = 60`
初始版本0.1 2 months ago			`return instruction,timeout`

			`def analyze_result(self, result,instruction,stderr,stdout):`
			`#指令结果分析`
			`if "GET / HTTP/1.1" in result and "X-Original-URL: /proc/self/environ" in result:`
			`#通过构造 ‌自定义HTTP请求头‌ 尝试利用服务器配置漏洞，访问敏感文件`
			`if "HTTP/1.1 200" in result and "PATH=" in result:`
			`#result = "存在安全问题" #暂时保留结果`
			`pass`
			`else:`
			`result ="不存在安全问题"`
v0.5 web1.0 1 week ago			`else:`
v0.1.1 node_tree_0.5 完善了几个工具类的处理，节点树增加了messages控制机制（只保留三层） 1 month ago			`pass`
初始版本0.1 2 months ago
			`return result`