def vulnerabilities_list():
project_id = request.form.get("project_id", None)
# 待搜索的漏洞类型ID
search_vul_id = request.form.get("search_vul_type", None)
# 待搜索的规则类型ID
search_rule_id = request.form.get("search_rule", None)
# 待搜索的漏洞等级
search_level = request.form.get("search_level", None)
# 待搜索的task id
search_task_id = request.form.get("search_task", "")
search_task_id = None if search_task_id == "all" or search_task_id == "" else search_task_id
# 获取页码, 默认第一页
try:
page = int(request.form.get("page", 1))
except ValueError:
page = 1
# 是否显示修复的漏洞
# 0 - all, 1 - repaired, 2 - unrepair, 3 - others
search_status_type = request.form.get("search_status", 2)
# 检索全部的漏洞信息
# status: 0 - all, 1 - repaired, 2 - unrepair, 3 - others
if search_task_id is None:
filter_group = (
CobraResults.project_id == project_id,
CobraResults.rule_id == CobraRules.id,
CobraVuls.id == CobraRules.vul_id,
)
else:
filter_group = (
CobraResults.task_id == search_task_id,
CobraResults.rule_id == CobraRules.id,
CobraVuls.id == CobraRules.vul_id,
)
if search_status_type == "1":
filter_group += (CobraResults.status == 2, )
elif search_status_type == "2":
filter_group += (CobraResults.status < 2, )
elif search_status_type == "3":
filter_group += (CobraResults.status == 1, )
# 根据传入的筛选条件添加SQL的条件
if search_vul_id is not None and search_vul_id != "all":
filter_group += (CobraVuls.id == search_vul_id, )
if search_rule_id is not None and search_rule_id != "all":
filter_group += (CobraRules.id == search_rule_id, )
if search_level is not None and search_level != "all":
filter_group += (CobraRules.level == search_level, )
# 构建SQL语句
all_scan_results = db.session.query(
CobraResults.id, CobraResults.file, CobraResults.line,
CobraResults.code, CobraRules.description, CobraRules.level,
CobraRules.regex_location, CobraRules.regex_repair, CobraRules.repair,
CobraVuls.name, CobraResults.rule_id,
CobraResults.status).filter(*filter_group)
# 设置分页
page_size = 15
total_number = all_scan_results.all()
pagination = {
'page': page,
'total': len(total_number),
'per_page': page_size
}
total_pages = len(total_number) / page_size + 1
all_scan_results = all_scan_results.limit(page_size).offset(
(page - 1) * page_size).all()
# 处理漏洞信息
vulnerabilities = list()
map_level = ["Undefined", "Low", "Medium", "High"]
map_color = ["low", "low", "medium", "high"]
for result in all_scan_results:
# 生成data数据
data_dict = dict()
data_dict['id'] = result[0]
data_dict["file"] = result[1]
data_dict["file_short"] = common.path_to_file(result[1])
data_dict["line"] = result[2]
data_dict["code"] = result[3]
data_dict["rule"] = result[4]
data_dict["level"] = map_level[result[5]]
data_dict["color"] = map_color[result[5]]
data_dict["repair"] = result[8]
data_dict["v_name"] = result[9]
data_dict['verify'] = ''
data_dict['rule_id'] = result[10]
if result[11] == 2:
status_class = u'fixed'
elif result[11] == 1:
status_class = u'not_fixed'
else:
status_class = u'not_fixed'
data_dict["status"] = result[11]
data_dict["status_class"] = status_class
vulnerabilities.append(data_dict)
current_url = request.url.replace("&page={}".format(page),
"").replace("page={}".format(page), "")
if "?" not in current_url:
current_url += "?"
return_data = {
"current_page": page,
"total_pages": total_pages,
"search_status_type": search_status_type,
"filter_vul_number": len(total_number),
"current_url": current_url,
"pagination": pagination,
'vulnerabilities': vulnerabilities,
}
return jsonify(status_code=1001, message='success', data=return_data)
def test_path_to_file():
path = '/impl/src/main/java/com/mogujie/service/mgs/digitalcert/utils/CertUtil.java'
short_file = common.path_to_file(path)
assert '.../CertUtil.java' == short_file
def vulnerabilities_list():
project_id = request.form.get("project_id", None)
search_vul_id = request.form.get("search_vul_type", None)
search_rule_id = request.form.get("search_rule", None)
search_level = request.form.get("search_level", None)
search_task_id = request.form.get("search_task", "")
search_task_id = None if search_task_id == "all" or search_task_id == "" else search_task_id
# Default page 1
try:
page = int(request.form.get("page", 1))
except ValueError:
page = 1
# 0 - all, 1 - repaired, 2 - unrepair, 3 - others
search_status_type = request.form.get("search_status", 2)
# status: 0 - all, 1 - repaired, 2 - unrepair, 3 - others
if search_task_id is None:
filter_group = (
CobraResults.project_id == project_id,
CobraResults.rule_id == CobraRules.id,
CobraVuls.id == CobraRules.vul_id,
)
else:
filter_group = (
CobraResults.task_id == search_task_id,
CobraResults.rule_id == CobraRules.id,
CobraVuls.id == CobraRules.vul_id,
)
if search_status_type == "1":
filter_group += (CobraResults.status == 2,)
elif search_status_type == "2":
filter_group += (CobraResults.status < 2,)
elif search_status_type == "3":
filter_group += (CobraResults.status == 1,)
if search_vul_id is not None and search_vul_id != "all":
filter_group += (CobraVuls.id == search_vul_id,)
if search_rule_id is not None and search_rule_id != "all":
filter_group += (CobraRules.id == search_rule_id,)
if search_level is not None and search_level != "all":
filter_group += (CobraRules.level == search_level,)
all_scan_results = db.session.query(
CobraResults.id, CobraResults.file, CobraResults.line, CobraResults.code,
CobraRules.description, CobraRules.level, CobraRules.regex_location,
CobraRules.regex_repair, CobraRules.repair, CobraVuls.name,
CobraResults.rule_id, CobraResults.status
).filter(
*filter_group
)
# Single page size
page_size = 15
total_number = all_scan_results.all()
pagination = {
'page': page,
'total': len(total_number),
'per_page': page_size
}
total_pages = len(total_number) / page_size + 1
all_scan_results = all_scan_results.limit(page_size).offset((page - 1) * page_size).all()
vulnerabilities = list()
map_level = ["Undefined", "Low", "Medium", "High"]
map_color = ["low", "low", "medium", "high"]
for result in all_scan_results:
data_dict = dict()
data_dict['id'] = result[0]
data_dict["file"] = result[1]
data_dict["file_short"] = common.path_to_file(result[1])
data_dict["line"] = result[2]
data_dict["code"] = result[3]
data_dict["rule"] = result[4]
data_dict["level"] = map_level[result[5]]
data_dict["color"] = map_color[result[5]]
data_dict["repair"] = result[8]
data_dict["v_name"] = result[9]
data_dict['verify'] = ''
data_dict['rule_id'] = result[10]
if result[11] == 2:
status_class = u'fixed'
elif result[11] == 1:
status_class = u'not_fixed'
else:
status_class = u'not_fixed'
data_dict["status"] = result[11]
data_dict["status_class"] = status_class
vulnerabilities.append(data_dict)
current_url = request.url.replace("&page={}".format(page), "").replace("page={}".format(page), "")
if "?" not in current_url:
current_url += "?"
return_data = {
"current_page": page,
"total_pages": total_pages,
"search_status_type": search_status_type,
"filter_vul_number": len(total_number),
"current_url": current_url,
"pagination": pagination,
'vulnerabilities': vulnerabilities,
}
return jsonify(status_code=1001, message='success', data=return_data)