代码测试
存在
http://sast.infosec.ctripcorp.com/#/apiVulDetail/35589
GET /liveadmin/api/plive/anchorPLiveRecord?liveId=123 HTTP/1.1
Host: you.fws.qa.nt.ctripcorp.com
Cookie: cticket=740E562EA75570C0A19682B1E929BF3A457C813A71386413B55C7D4093C367DC
python 代码测试
import requests
import json
from collections import defaultdict
def fetch_json(url, timeout=10):
"""统一请求并解析 JSON"""
try:
r = requests.get(url, timeout=timeout)
r.raise_for_status()
return r.json()
except Exception as e:
print(f"请求失败 {url}: {e}")
return None
def build_captain_url(app_id, env, group_id):
"""生成 Captain 页面链接"""
return (f"https://captain.release.ctripcorp.com/app/{app_id}"
f"/cluster/{env}?groupId={group_id}&type=info")
def main():
appId = input("输入要查询的 appId: ").strip()
# added_by = input("输入提交人 (added_by, 默认 liangkh): ").strip() or "liangkh"
# 1. 查询 group 列表
groups_data = fetch_json(
f"http://captain.release.ctripcorp.com/v1/groups?application_id={appId}"
)
if not groups_data or not groups_data.get('result'):
print("未找到任何 group")
return
# 2. 收集每个 env 下的所有 pod
env_pods = defaultdict(list)
for g in groups_data['result']:
env = g['env']
group_id = g['id']
captain_url = build_captain_url(appId, env, group_id)
pods_data = fetch_json(
f"http://captain.release.ctripcorp.com/v1/pods?group_id={group_id}"
)
if not pods_data:
continue
if not pods_data.get('result'):
env_pods[env].append({
"group_id": group_id,
"captain_url": captain_url,
"empty": True
})
continue
for item in pods_data['result']:
env_pods[env].append({
"group_id": group_id,
"captain_url": captain_url,
"pod_name": item.get('name'),
"updated_at": item.get('updated_at'),
"ip": item.get('ip'),
"image_name": item.get('version', {}).get('image', {}).get('name'),
"empty": False
})
# 3. 按指定顺序输出
env_order = {'prod': 0, 'uat': 1, 'fat': 2, 'dev': 3}
sorted_envs = sorted(env_pods.keys(), key=lambda x: env_order.get(x, 99))
for env in sorted_envs:
pods = env_pods[env]
real_pods = [p for p in pods if not p['empty']]
print("#" * 70)
print(f"# {env.upper()} 环境 (共 {len(real_pods)} 个实例)")
print("#" * 70)
pods.sort(key=lambda x: (x['group_id'], x.get('pod_name') or ''))
last_gid = None
for p in pods:
if p['group_id'] != last_gid:
print(f"┌─ group_id : {p['group_id']}")
print(f"└─ Captain : {p['captain_url']}")
last_gid = p['group_id']
if p['empty']:
print(" └─ 无实例机器")
continue
print(" " + "-" * 56)
print(f" Pod 名称 : {p['pod_name']}")
print(f" 更新时间 : {p['updated_at']}")
print(f" IP 地址 : {p['ip']}")
print(f" 镜像名称 : {p['image_name']}")
# ============ ★ 4. 构建最终提交的 JSON 数据 ============
# 用 dict 做去重: key=image, value=set(envs)
image_env_map = defaultdict(set)
for env, pods in env_pods.items():
for p in pods:
if p.get('empty'):
continue
image = p.get('image_name')
if not image: # 没有 image 的跳过
continue
image_env_map[image].add(env.upper()) # env 转大写
# 转成 items 列表
items = [
{"image": image, "envs": sorted(list(envs))}
for image, envs in image_env_map.items()
]
submit_data = {
"appid": appId,
"items": items,
# "added_by": added_by
"added_by": "liangkh"
}
# 5. 输出最终 JSON
print("=" * 70)
print("提交的 json 数据:\n" + json.dumps(submit_data, indent=2, ensure_ascii=False))
if __name__ == "__main__":
main()