from tools.ToolBase import ToolBase
import pexpect

class EchoTool(ToolBase):
    def validate_instruction(self, instruction):
        #指令过滤
        timeout = 60*5
        return instruction,timeout

    def do_worker_pexpect(self, str_instruction, timeout, ext_params):
        try:
            result = ""
            exc_do = pexpect.spawn('bash', ['-c', str_instruction], timeout=timeout,
                                   encoding='utf-8')  # spawn 第一个参数是可执行文件
            index = exc_do.expect([
                pexpect.TIMEOUT,
                pexpect.EOF
            ])
            result += str(exc_do.before)
            if index == 0:
                result += f"\n执行超时{timeout}秒"
            elif index == 1:
                pass
            else:
                print("遇到其他输出！")
                pass
            return result
        except Exception as e:
            return f"执行错误: {str(e)}"

    def execute_instruction(self, instruction_old):
        ext_params = self.create_extparams()
        # 第一步：验证指令合法性
        instruction,time_out = self.validate_instruction(instruction_old)
        if not instruction:
            return False, instruction_old, "该指令暂不执行！","",ext_params
        # 过滤修改后的指令是否需要判重？同样指令再执行结果一致？待定---#？

        # 第二步：执行指令---需要对ftp指令进行区分判断
        output = self.do_worker_pexpect(instruction, time_out, ext_params)

        # 第三步：分析执行结果
        analysis = self.analyze_result(output,instruction,"","")

        return True, instruction, analysis,output,ext_params

    def analyze_result(self, result,instruction,stderr,stdout):
        #指令结果分析
        if "GET / HTTP/1.1" in result and "X-Original-URL: /proc/self/environ" in result:
            #通过构造 ‌自定义HTTP请求头‌ 尝试利用服务器配置漏洞，访问敏感文件
            if "HTTP/1.1 200" in result and "PATH=" in result:
                #result = "存在安全问题"  #暂时保留结果
                pass
            else:
                result ="不存在安全问题"
        else:
            pass

        return result