def vulnerabilities_detail(): v_id = request.form.get("id", None) # query result/rules/vulnerabilities v_detail = CobraResults.query.filter_by(id=v_id).first() rule_info = CobraRules.query.filter_by(id=v_detail.rule_id).first() vulnerabilities_description = CobraVuls.query.filter_by( id=rule_info.vul_id).first() if rule_info.author.strip() == '': rule_info.author = 'Undefined' # get code content project = CobraProjects.query.filter_by(id=v_detail.project_id).first() if project.repository[0] == '/': # upload directory project_code_path = project.repository else: # git project_path_split = project.repository.replace('.git', '').split('/') project_path = os.path.join(project_path_split[3], project_path_split[4]) upload = os.path.join( config.Config('upload', 'directory').value, 'versions') project_code_path = os.path.join(upload, project_path) if v_detail.file[0] == '/': v_detail.file = v_detail.file[1:] file_path = os.path.join(project_code_path, v_detail.file) if os.path.isfile(file_path) is not True: code_content = '// There is no code snippet for this type of file' line_trigger = 1 line_start = 1 c_author = 'Not support' c_time = 'Not support' c_ret = False else: # get committer c_ret, c_author, c_time = Git.committer(v_detail.file, project_code_path, v_detail.line) if c_ret is not True: c_author = 'Not support' c_time = 'Not support' code_content = '' fp = open(file_path, 'r') block_lines = 50 if v_detail.line < block_lines: block_start = 0 block_end = v_detail.line + block_lines else: block_start = v_detail.line - block_lines block_end = v_detail.line + block_lines for i, line in enumerate(fp): if block_start <= i <= block_end: code_content = code_content + line fp.close() line_trigger = v_detail.line - block_start line_start = block_start + 1 try: jsonify(data=code_content) except Exception as e: code_content = '// The encoding type code is not supported' line_trigger = 1 line_start = 1 return_data = { 'detail': { 'id': v_detail.id, 'file': v_detail.file, 'line_trigger': line_trigger, 'line_start': line_start, 'code': code_content, 'c_ret': c_ret, 'c_author': c_author, 'c_time': c_time, 'repair': const.Vulnerabilities(v_detail.repair).repair_description(), 'status': const.Vulnerabilities(v_detail.status).status_description(), 'created': v_detail.created_at, 'updated': v_detail.updated_at }, 'rule': { 'id': rule_info.id, 'language': rule_info.language, 'description': rule_info.description, 'repair': rule_info.repair, 'author': rule_info.author, 'level': const.Vulnerabilities(rule_info.level).level_description(), 'status': rule_info.status, 'created': rule_info.created_at, 'updated': rule_info.updated_at }, 'description': { 'id': vulnerabilities_description.id, 'name': vulnerabilities_description.name, 'description': vulnerabilities_description.description, 'repair': vulnerabilities_description.repair, 'third_v_id': vulnerabilities_description.third_v_id } } return jsonify(status_code=1001, message='success', data=return_data)
def vulnerabilities_detail(): v_id = request.form.get("id", None) # query result/rules/vulnerabilities v_detail = CobraResults.query.filter_by(id=v_id).first() rule_info = CobraRules.query.filter_by(id=v_detail.rule_id).first() language_info = CobraLanguages.query.filter( CobraLanguages.id == rule_info.language).first() language = language_info.language vulnerabilities_description = CobraVuls.query.filter_by( id=rule_info.vul_id).first() if rule_info.author.strip() == '': rule_info.author = 'Undefined' # get code content project = CobraProjects.query.filter_by(id=v_detail.project_id).first() if project.repository[0] == '/': # upload directory project_code_path = project.repository else: # git project_path_split = project.repository.replace('.git', '').split('/') project_path = os.path.join(project_path_split[3], project_path_split[4]) upload = os.path.join( config.Config('upload', 'directory').value, 'versions') project_code_path = os.path.join(upload, project_path) if v_detail.file[0] == '/': v_detail.file = v_detail.file[1:] file_path = os.path.join(project_code_path, v_detail.file) # https://codemirror.net/mode/clike/index.html mode_mime = { 'javascript': 'javascript', 'php': 'php', 'python': 'python', 'lua': 'lua', 'ruby': 'ruby', 'perl': 'perl', 'go': 'go', 'cmake': 'cmake', 'html': 'htmlmixed', 'jsp': 'htmlmixed', 'xml': 'xml', 'yaml': 'yaml', 'css': 'css', 'markdown': 'markdown', 'shell': 'shell', 'sql': 'sql', 'c': 'text/x-csrc', 'c++': 'text/x-c++src', 'java': 'text/x-java', 'c#': 'text/x-csharp', 'objective-c': 'text/x-objectivec', 'scale': 'text/x-scale', 'shader': 'text/x-vertex', 'squirrel': 'text/x-squirrel', 'kotlin': 'text/x-kotlin', 'ceylon': 'text/ceylon' } if language.lower() in mode_mime: mode = mode_mime[language.lower()] else: mode = 'htmlmixed' if '.' in file_path: ext = file_path.split('.')[-1:][0] if ext.lower() in mode_mime: mode = mode_mime[ext.lower()] if os.path.isfile(file_path) is not True: code_content = '// File does not exist' line_trigger = 1 line_start = 1 c_author = 'Not support' c_time = 'Not support' c_ret = False else: # get committer c_ret, c_author, c_time = Git.committer(v_detail.file, project_code_path, v_detail.line) if c_ret is not True: c_author = 'Not support' c_time = 'Not support' code_content = '' fp = open(file_path, 'r') block_lines = 50 block_start = 0 if v_detail.line < block_lines: block_end = v_detail.line + block_lines else: block_end = v_detail.line + block_lines for i, line in enumerate(fp): if block_start <= i <= block_end: code_content = code_content + line fp.close() line_trigger = v_detail.line - block_start line_start = block_start + 1 try: jsonify(data=code_content) except Exception as e: code_content = '// The file encoding type is not supported' line_trigger = 1 line_start = 1 return_data = { 'detail': { 'id': v_detail.id, 'file': v_detail.file, 'line_trigger': line_trigger, 'line_start': line_start, 'code': code_content, 'c_ret': c_ret, 'c_author': c_author, 'c_time': c_time, 'mode': mode, 'repair': const.Vulnerabilities(v_detail.repair).repair_description(), 'status': const.Vulnerabilities(v_detail.status).status_description(), 'created': str(v_detail.created_at), 'updated': str(v_detail.updated_at) }, 'rule': { 'id': rule_info.id, 'language': language, 'description': rule_info.description, 'repair': rule_info.repair, 'author': rule_info.author, 'level': const.Vulnerabilities(rule_info.level).level_description(), 'status': rule_info.status, 'created': str(rule_info.created_at), 'updated': str(rule_info.updated_at) }, 'description': { 'id': vulnerabilities_description.id, 'name': vulnerabilities_description.name, 'description': vulnerabilities_description.description, 'repair': vulnerabilities_description.repair, 'third_v_id': vulnerabilities_description.third_v_id } } return jsonify(status_code=1001, message='success', data=return_data)