1 .字体设置
from docx import Document
from docx.oxml.ns import qn#设置字体
document=Document()
#document=Document(r'./scan.docx')
document.styles['Normal'].font.name = u'宋体'
document.styles['Normal']._element.rPr.rFonts.set(qn('w:eastAsia'), u'宋体')
document.add_paragraph('APPSACN漏洞级别:分为高危、中危、低危、参考等四级',style='List Bullet')
document.save("test.docx")
代码遗留问题,针对新建的文件字体设置有效,追加的文档就失效。暂时还没有想到怎么解决。有大佬解决的留下评论。
2.页脚设置
document.sections[0].footer.paragraphs[0].text= '\t这里是页脚文字\t'
3.居中设置
center=document.add_heading('安全扫描平台安全评估报告',0)#数字为添加下划线
paragraph_format =center.paragraph_format
paragraph_format.alignment = WD_ALIGN_PARAGRAPH.CENTER
4,表格样式,更改style 风格即可, 可参考链接https://blog.csdn.net/xtfge0915/article/details/83480120
document.add_table(3,4,style='Medium Grid 1 Accent 1')
5 表格数据渲染方法一 ( 缺点数据较多时写入速度慢)
table = document.add_table(rows=1, cols=3) #插入表格
hdr_cells = table.rows[0].cells
hdr_cells[0].text = 'Qty'
hdr_cells[1].text = 'Id'
hdr_cells[2].text = 'Desc'
for item in recordset:
row_cells = table.add_row().cells
row_cells[0].text = str(item.qty)
row_cells[1].text = str(item.id)
row_cells[2].text = item.desc
6,表格数据渲染方法一二 解决效率问题,一次性插入数据。后续优化问题表头第一行标题添加进去的
table = document.add_table(rows=int(count)+1, cols=3, style="Medium Grid 1 Accent 1")
table_cells = table._cells
a=(('QTY',"Id",'Desc'),)#单独写的一行,单独生成表格的第一行,没找到更好实现方式生成第一行标题
TASK=-1
recordset=a+recordset
if int(count)>0:
for item in recordset:
TASK+=1
row_cells = table_cells[TASK * 3:(TASK + 1) * 3]
row_cells[0].text = str(item.qty)
row_cells[1].text = str(item.id)
row_cells[2].text = item.desc
7:修改表格字体设置,表格生成完毕后 调用此函数即可
def change_size(table):
# 修改字体
for row in table.rows:
for cell in row.cells:
for paragraph in cell.paragraphs:
for run in paragraph.runs:
run.font.name = '宋体' # 英文字体设置
run._element.rPr.rFonts.set(qn('w:eastAsia'), '宋体')
8:给world添加水印,本人找了很久没有找到利用python给word生成水印的方法。实现方式通过python调用java实现的。java添加水印能够实现。
def WaterMark(jar_path,text,docx_path,save_path,font):
"""
基本的开发流程如下:
①、使用jpype开启jvm
②、加载java类
③、调用java方法
④、关闭jvm(不是真正意义上的关闭,卸载之前加载的类)
"""
# ①、使用jpype开启虚拟机(在开启jvm之前要加载类路径)
# 加载刚才打包的jar文件
jarpath = os.path.join(os.path.abspath("."),jar_path )
# 获取jvm.dll 的文件路径
jvmPath = jpype.getDefaultJVMPath()
# 开启jvm
if not jpype.isJVMStarted():#这个判断非常重要,因为JVM在一个进程内就会自动关闭,后面在调用就会报错
try:
jpype.startJVM(jvmPath,"-ea", "-Djava.class.path=%s" % (jarpath))
except:
pass
# ②、加载java类(参数是java的长类名)
javaClass = jpype.JClass("waterMark.WaterMarkUtil")#参数java类名。
# ③、调用java方法
javaClass.InsertTextWatermark(text,docx_path,save_path,font)#调用方法
pass
综合案例包含上述所有的场景
# -*- coding: utf-8 -*-
from docx.enum.text import WD_ALIGN_PARAGRAPH
from docx import Document
from docx.shared import Inches
from docx.oxml.ns import qn#设置字体
from docx.shared import Pt
from docx.shared import RGBColor # 设置字体颜色
from DataBase import database
import sys
# import jpype
import os
# from db import database
jar_path=r"./java_word.jar"
text="水印文字"
docx_path=r"./WORD_REPORT.docx"
save_path=r"./WORD_REPORT.docx"
font=40
def wordreport(taskname):
DB = database()
document=Document()
document.sections[0].footer.paragraphs[0].text= '\t页脚\t'
center=document.add_heading('添加标题',0)#数字为添加下划线
paragraph_format =center.paragraph_format
paragraph_format.alignment = WD_ALIGN_PARAGRAPH.CENTER
a=document.add_heading(level=1)
size_1=a.add_run('1综述信息')
a=document.add_heading(level=2)
size_2=a.add_run('1.1.任务信息',)
# taskname='AWVS_批量1'
sql="select jobname,Departments,groups_id,email,create_time from AssetInfo where jobname='%s'"%(taskname)
date=DB.query_sql(sql)
count = str(len(date))
records=date
table = document.add_table(rows=int(count)+1, cols=5, style="Medium Grid 1 Accent 1")
table_cells = table._cells
a=(('任务名称',"部门",'配置名称','邮箱',"创建时间"),)
TASK=-1
records=a+records
if int(count)>0:
for jobname,Departments,groups_id,email,create_time in records:
TASK+=1
row_cells = table_cells[TASK * 5:(TASK + 1) * 5]
row_cells[0].text = jobname
row_cells[1].text = Departments
if groups_id:
row_cells[2].text = str(groups_id)
else:
row_cells[2].text = str('')
row_cells[3].text = email
row_cells[4].text = str(create_time)[0:19]
change_size(table)
a=document.add_heading(level=1)
size_3=a.add_run('2.漏洞列表')
a=document.add_heading(level=2)
size_4=a.add_run('2.1.Nmap端口信息')
p=document.add_paragraph('Nmap发现漏洞个数为:')#ListBullet
# taskname="批量导入扫描任务模板-专线企业IP01_批量"
sql="select IP,Port,Protocol,Status,Service,Tunnel,Method,Confidence,Reason,Product,Version,Extra,Flagged,Notes from Nmap where taskname='%s'"%(taskname)
date=DB.query_sql(sql)#查询出所有数据
count=str(len(date))#数据的总量
p.add_run(count).bold = True
records =date
if int(count) > 0:
table = document.add_table(rows=int(count)+1, cols=14, style="Medium Grid 1 Accent 1")
table_cells = table._cells
a = (('IP','Port','Protocol','Status','Service','Tunnel','Method','Confidence','Reason','Product','Version','Extra','Flagged','Notes'),)
NMAP = -1
records = a + records
for IP, Port, Protocol, Status, Service, Tunnel, Method, Confidence, Reason, Product, Version, Extra, Flagged, Notes in records:
NMAP += 1
row_cells = table_cells[NMAP * 14:(NMAP + 1) * 14]
row_cells[0].text = IP
row_cells[1].text = Port
row_cells[2].text = Protocol
row_cells[3].text = Status
row_cells[4].text = Service
row_cells[5].text = Tunnel
row_cells[6].text = Method
row_cells[7].text = Confidence
row_cells[8].text = Reason
row_cells[9].text = Product
row_cells[10].text = Version
row_cells[11].text = Extra
row_cells[12].text = Flagged
row_cells[13].text = Notes
#修改字体
change_size(table)
a=document.add_heading(level=2)
size_5=a.add_run('2.2.APPSCAN漏洞信息')
p=document.add_paragraph('Appscan发现漏洞个数为:')#ListBullet
# taskname="AWVS_批量1"
sql="select Vl_name,vl_target,Vl_parameter,vl_leave,vl_introduce,vl_fix from Appscan where taskname='%s'"%(taskname)
date=DB.query_sql(sql)#查询出所有数据
count=str(len(date))#数据的总量
p.add_run(count).bold = True
records =date
if int(count) > 0:
table = document.add_table(rows=int(count)+1, cols=6, style="Medium Grid 1 Accent 1")
table_cells = table._cells
a = (('漏洞名称', "扫描目标", '实体', '风险等级', "漏洞介绍",'解决方案'),)
APPSCAN=-1
records = a + records
for name,vl_target,Vl_parameter,vl,vl_introduce,vl_fix in records:
APPSCAN+=1
row_cells = table_cells[APPSCAN * 6:(APPSCAN + 1) * 6]
row_cells[0].text = name
row_cells[1].text = vl_target
row_cells[2].text=Vl_parameter
row_cells[3].text = str(vl)
row_cells[4].text = str(vl_introduce)
row_cells[5].text = str(vl_fix)
# 修改字体
change_size(table)
a=document.add_heading(level=2)
size_6=a.add_run('2.3.AWVS漏洞信息')
p=document.add_paragraph('Awvs发现漏洞个数为:')#ListBullet
# taskname="AWVS01_批量1"
sql="select Vl_name,vl_target,Vl_path,vl_leave,vl_introduce,vl_fix from Awvs where taskname='%s'"%(taskname)
date=DB.query_sql(sql)#查询出所有数据
count=str(len(date))#数据的总量
p.add_run(count).bold = True
records =date
if int(count) > 0:
table = document.add_table(rows=int(count)+1, cols=6, style="Medium Grid 1 Accent 1")
table_cells = table._cells
a=(('漏洞名称','url','风险位置','风险等级','漏洞介绍','解决方案'),)
AWVS=-1
records = a + records
for name,vl_target,Vl_path,vl,vl_introduce,vl_fix in records:
AWVS+=1
row_cells = table_cells[AWVS * 6:(AWVS + 1) * 6]
row_cells[0].text = name
row_cells[1].text = vl_target
row_cells[2].text=Vl_path
row_cells[3].text = str(vl)
row_cells[4].text = str(vl_introduce)
row_cells[5].text = str(vl_fix)
# 修改字体
change_size(table)
a=document.add_heading(level=2)
size_7=a.add_run('2.4.RSAS漏洞信息')
p = document.add_paragraph('RSAS发现漏洞个数为:') # ListBullet
# taskname="AWVS_批量1"
sql = "select vl_target,Vl_name,vl_leave,vl_introduce,vl_fix from Rsas where taskname='%s'" % taskname
date = DB.query_sql(sql) # 查询出所有数据
count = str(len(date)) # 数据的总量
p.add_run(count).bold = True
records = date
if int(count) > 0:
table = document.add_table(rows=int(count)+1, cols=5, style="Medium Grid 1 Accent 1")
table_cells = table._cells
a = (('vl_target', 'Vl_name', 'vl_leave', 'vl_introduce', 'vl_fix'),)
RSAS=-1
records=a+records
for vl_target,Vl_name,vl_leave,vl_introduce,vl_fix in records:
RSAS=RSAS+1
row_cells = table_cells[RSAS * 5:(RSAS + 1) * 5]
row_cells[0].text = vl_target
row_cells[1].text = Vl_name
row_cells[2].text = vl_leave
row_cells[3].text = vl_introduce
row_cells[4].text = str(vl_fix)
# 修改字体
change_size(table)
a=document.add_heading(level=2)
size_8=a.add_run('2.5.NESSUS漏洞信息')
p=document.add_paragraph('Nessus发现漏洞个数为:')
# taskname="AWVS_批量1"
sql="select Vl_name,vl_target,vl_leave,vl_introduce,vl_fix,Plugin_Output from Nessus where taskname='%s'"%(taskname)
date=DB.query_sql(sql)#查询出所有数据
# print(date)
count=str(len(date))#数据的总量
p.add_run(count).bold = True
records =date
if int(count) > 0:
table = document.add_table(rows=int(count)+1, cols=6, style="Medium Grid 1 Accent 1")
table_cells = table._cells
a = (('漏洞名称', '扫描端口', '风险等级', '漏洞介绍', '解决方案','插件输出'),)
NESSUS=-1
records = a + records
for name,vl_target,vl,vl_introduce,vl_fix,Plugin_Output in records:
NESSUS+=1
row_cells = table_cells[NESSUS * 6:(NESSUS + 1) * 6]
row_cells[0].text = name
row_cells[1].text = vl_target
row_cells[2].text = str(vl)
row_cells[3].text = str(vl_introduce)
row_cells[4].text = str(vl_fix)
row_cells[5].text= str(Plugin_Output)
# 修改字体
change_size(table)
a=document.add_heading(level=1)
size_9=a.add_run('3.参考标准')
a=document.add_heading(level=2)
size_10=a.add_run('3.1.漏洞风险等级评定标准')
document.styles['Normal'].font.name = u'宋体'
document.styles['Normal']._element.rPr.rFonts.set(qn('w:eastAsia'), u'宋体')
document.add_paragraph('APPSACN漏洞级别:分为高危、中危、低危、参考等四级',style='List Bullet')
document.add_paragraph('AWVS漏洞级别:分为高危、中危、低危、参考等四级',style='List Bullet')
document.add_paragraph('RSAS漏洞级别:分为高危、中危、低危等三级',style='List Bullet')
document.add_paragraph('NESSUS漏洞级别:分为严重、高危、中危、低危、参考等五级',style='List Bullet')
a=document.add_heading(level=2)
size_11=a.add_run('3.2.安全建议')
document.add_paragraph('随着越来越多的网络访问通过Web界面进行操作,Web安全已经成为互联网安全的一个热点,基于Web的攻击广为流行,SQL注入、跨站脚本等Web应用层漏洞的存在使得网站沦陷、页面篡改、网页挂马等攻击行为困扰着网站管理者并威胁着网站以及直接用户的安全。基于此,我们可从如下几个方面来消除这些风险,做到防患于未然:',style='List Bullet')
document.add_paragraph('对网站的开发人员进行安全编码方面的培训,在开发过程避免漏洞的引入能起到事半功倍的效果。',style='List Bullet')
document.add_paragraph('请专业的安全研究人员或安全公司对架构网站的程序和代码做全面的源码审计,修补所有发现的安全漏洞,这种白盒安全测试比较全面、深入,能发现绝大部分的安全问题。',style='List Bullet')
document.add_paragraph('在网站上线前,使用Web应用漏洞扫描系统进行安全评估,并修补发现的问题;在网站上线后,坚持更新并使用网站安全监测系统,对整站以及关键页面进行周期和实时监测,及时消除发现的隐患。',style='List Bullet')
#document.add_page_break()
sizel1 = [size_1, size_3, size_9]
sizel2 = [size_2, size_4, size_5, size_6, size_7, size_8, size_10, size_11]
for i in sizel1:
i.font.size = Pt(22) # 字体大小
i.bold = True # 字体是否加粗
i.font.name = '黑体' # 控制是西文时的字体
i.element.rPr.rFonts.set(qn('w:eastAsia'), '宋体') # 控制是中文时的字体
i.font.color.rgb = RGBColor(0, 0, 0)
for i in sizel2:
i.font.size = Pt(16) # 字体大小
i.bold = True # 字体是否加粗
i.font.name = '黑体' # 控制是西文时的字体
i.element.rPr.rFonts.set(qn('w:eastAsia'), '黑体') # 控制是中文时的字体
i.font.color.rgb = RGBColor(0, 0, 0)
document.save("./SSP_WORD_REPORT.docx")
# WaterMark(jar_path, text, docx_path, save_path, font)
def WaterMark(jar_path,text,docx_path,save_path,font):
"""
基本的开发流程如下:
①、使用jpype开启jvm
②、加载java类
③、调用java方法
④、关闭jvm(不是真正意义上的关闭,卸载之前加载的类)
"""
# ①、使用jpype开启虚拟机(在开启jvm之前要加载类路径)
# 加载刚才打包的jar文件
jarpath = os.path.join(os.path.abspath("."),jar_path )
# 获取jvm.dll 的文件路径
jvmPath = jpype.getDefaultJVMPath()
# 开启jvm
if not jpype.isJVMStarted():#这个判断非常重要,因为JVM在一个进程内就会自动关闭,后面在调用就会报错
try:
jpype.startJVM(jvmPath,"-ea", "-Djava.class.path=%s" % (jarpath))
except:
pass
# ②、加载java类(参数是java的长类名)
javaClass = jpype.JClass("waterMark.WaterMarkUtil")#参数java类名。
# ③、调用java方法
javaClass.InsertTextWatermark(text,docx_path,save_path,font)#调用方法
pass
def change_size(table):
# 修改字体
for row in table.rows:
for cell in row.cells:
for paragraph in cell.paragraphs:
for run in paragraph.runs:
run.font.name = '宋体' # 英文字体设置
run._element.rPr.rFonts.set(qn('w:eastAsia'), '宋体')
wordreport("监控系统3-4")