def show_context(filename, line_number, show_line=3, is_back=False):
if not show_line:
return ""
filename = check_filepath(PROJECT_DIRECTORY, filename)
line_number = line_number if line_number else 0
line_start = int(line_number) - show_line if (int(line_number) -
show_line) > 0 else 0
line_start = line_start if line_start else 1
line_end = int(line_start) + show_line + show_line
lines = get_line(filename, "{},{}".format(line_start, line_end))
contents = ""
i = 0
for line in lines:
if not is_back:
if line_start + i == int(line_number):
logger_console.warning(
"%4d: %s" % (line_start + i, line.replace("\n", "")))
else:
logger_console.info("%4d: %s" %
(line_start + i, line.replace("\n", "")))
contents += "%4d: %s" % (line_start + i, line)
i += 1
return contents
def show_context(filename, line_number, show_line=3):
filename = check_filepath(PROJECT_DIRECTORY, filename)
line_start = int(line_number) - show_line
line_end = int(line_number) + show_line
lines = get_line(filename, "{},{}".format(line_start, line_end))
i = 0
for line in lines:
i += 1
if i == (show_line + 1):
logger_console.warning(
"%4d: %s" % (line_start + i - 1, line.replace("\n", "")))
else:
logger_console.info("%4d: %s" %
(line_start + i - 1, line.replace("\n", "")))
def display_result(scan_id, is_ask=False):
table = PrettyTable([
'#', 'CVI', 'Rule(ID/Name)', 'Lang/CVE-id', 'Level',
'Target-File:Line-Number', 'Commit(Author)', 'Source Code Content',
'Analysis'
])
table.align = 'l'
# check unconfirm
if is_ask:
logger.warning(
"[INIT] whether Show Unconfirm Result?(Y/N) (Default Y)")
project_id = get_and_check_scantask_project_id(scan_id)
if is_ask:
if input().lower() != 'n':
srs = get_and_check_scanresult(scan_id).objects.filter(
scan_project_id=project_id, is_active=True)
else:
srs = get_and_check_scanresult(scan_id).objects.filter(
scan_project_id=project_id, is_active=True, is_unconfirm=False)
else:
srs = get_and_check_scanresult(scan_id).objects.filter(
scan_project_id=project_id, is_active=True, is_unconfirm=False)
logger.info("[INIT] Project ID is {}".format(project_id))
if srs:
logger.info("[MainThread] Scan id {} Result: ".format(scan_id))
for sr in srs:
# for vendor scan
if sr.cvi_id == '9999':
vendor_vuls_id = int(sr.vulfile_path.split(':')[-1])
vv = VendorVulns.objects.filter(id=vendor_vuls_id).first()
if vv:
rule_name = vv.title
author = 'SCA'
level = VENDOR_VUL_LEVEL[int(vv.severity)]
# sr.source_code = vv.description
else:
rule_name = 'SCA Scan'
author = 'SCA'
level = VENDOR_VUL_LEVEL[1]
else:
rule = Rules.objects.filter(svid=sr.cvi_id).first()
rule_name = rule.rule_name
author = rule.author
level = VUL_LEVEL[rule.level]
row = [
sr.id, sr.cvi_id, rule_name, sr.language, level,
sr.vulfile_path, author, sr.source_code, sr.result_type
]
table.add_row(row)
# show Vuls Chain
ResultFlow = get_resultflow_class(scan_id)
rfs = ResultFlow.objects.filter(vul_id=sr.id)
logger.info("[Chain] Vul {}".format(sr.id))
for rf in rfs:
logger.info("[Chain] {}, {}, {}:{}".format(
rf.node_type, rf.node_content, rf.node_path,
rf.node_lineno))
try:
if author == 'SCA':
continue
if not show_context(rf.node_path, rf.node_lineno):
logger_console.info(rf.node_source)
except:
logger.error("[SCAN] Error: {}".format(
traceback.print_exc()))
continue
logger.info(
"[SCAN] ending\r\n -------------------------------------------------------------------------"
)
logger.info("[SCAN] Trigger Vulnerabilities ({vn})\r\n{table}".format(
vn=len(srs), table=table))
# show New evil Function
nfs = NewEvilFunc.objects.filter(project_id=project_id, is_active=1)
if nfs:
table2 = PrettyTable(
['#', 'NewFunction', 'OriginFunction', 'Related Rules id'])
table2.align = 'l'
idy = 1
for nf in nfs:
row = [idy, nf.func_name, nf.origin_func_name, nf.svid]
table2.add_row(row)
idy += 1
logger.info(
"[MainThread] New evil Function list by NewCore:\r\n{table}".
format(table=table2))
else:
logger.info("[MainThread] Scan id {} has no Result.".format(scan_id))