示例#1
0
def show_context(filename, line_number, show_line=3, is_back=False):

    if not show_line:
        return ""

    filename = check_filepath(PROJECT_DIRECTORY, filename)

    line_number = line_number if line_number else 0
    line_start = int(line_number) - show_line if (int(line_number) -
                                                  show_line) > 0 else 0
    line_start = line_start if line_start else 1
    line_end = int(line_start) + show_line + show_line

    lines = get_line(filename, "{},{}".format(line_start, line_end))

    contents = ""

    i = 0
    for line in lines:

        if not is_back:
            if line_start + i == int(line_number):
                logger_console.warning(
                    "%4d: %s" % (line_start + i, line.replace("\n", "")))
            else:
                logger_console.info("%4d: %s" %
                                    (line_start + i, line.replace("\n", "")))

        contents += "%4d: %s" % (line_start + i, line)
        i += 1

    return contents
示例#2
0
def show_context(filename, line_number, show_line=3):
    filename = check_filepath(PROJECT_DIRECTORY, filename)
    line_start = int(line_number) - show_line
    line_end = int(line_number) + show_line

    lines = get_line(filename, "{},{}".format(line_start, line_end))

    i = 0
    for line in lines:
        i += 1

        if i == (show_line + 1):
            logger_console.warning(
                "%4d: %s" % (line_start + i - 1, line.replace("\n", "")))
        else:
            logger_console.info("%4d: %s" %
                                (line_start + i - 1, line.replace("\n", "")))
示例#3
0
def display_result(scan_id, is_ask=False):

    table = PrettyTable([
        '#', 'CVI', 'Rule(ID/Name)', 'Lang/CVE-id', 'Level',
        'Target-File:Line-Number', 'Commit(Author)', 'Source Code Content',
        'Analysis'
    ])
    table.align = 'l'

    # check unconfirm
    if is_ask:
        logger.warning(
            "[INIT] whether Show Unconfirm Result?(Y/N) (Default Y)")

    project_id = get_and_check_scantask_project_id(scan_id)

    if is_ask:
        if input().lower() != 'n':
            srs = get_and_check_scanresult(scan_id).objects.filter(
                scan_project_id=project_id, is_active=True)
        else:
            srs = get_and_check_scanresult(scan_id).objects.filter(
                scan_project_id=project_id, is_active=True, is_unconfirm=False)
    else:
        srs = get_and_check_scanresult(scan_id).objects.filter(
            scan_project_id=project_id, is_active=True, is_unconfirm=False)
    logger.info("[INIT] Project ID is {}".format(project_id))

    if srs:
        logger.info("[MainThread] Scan id {} Result: ".format(scan_id))

        for sr in srs:

            # for vendor scan
            if sr.cvi_id == '9999':
                vendor_vuls_id = int(sr.vulfile_path.split(':')[-1])
                vv = VendorVulns.objects.filter(id=vendor_vuls_id).first()

                if vv:
                    rule_name = vv.title
                    author = 'SCA'
                    level = VENDOR_VUL_LEVEL[int(vv.severity)]
                    # sr.source_code = vv.description
                else:
                    rule_name = 'SCA Scan'
                    author = 'SCA'
                    level = VENDOR_VUL_LEVEL[1]

            else:
                rule = Rules.objects.filter(svid=sr.cvi_id).first()
                rule_name = rule.rule_name
                author = rule.author
                level = VUL_LEVEL[rule.level]

            row = [
                sr.id, sr.cvi_id, rule_name, sr.language, level,
                sr.vulfile_path, author, sr.source_code, sr.result_type
            ]

            table.add_row(row)

            # show Vuls Chain
            ResultFlow = get_resultflow_class(scan_id)
            rfs = ResultFlow.objects.filter(vul_id=sr.id)

            logger.info("[Chain] Vul {}".format(sr.id))
            for rf in rfs:
                logger.info("[Chain] {}, {}, {}:{}".format(
                    rf.node_type, rf.node_content, rf.node_path,
                    rf.node_lineno))

                try:
                    if author == 'SCA':
                        continue

                    if not show_context(rf.node_path, rf.node_lineno):
                        logger_console.info(rf.node_source)
                except:
                    logger.error("[SCAN] Error: {}".format(
                        traceback.print_exc()))
                    continue

            logger.info(
                "[SCAN] ending\r\n -------------------------------------------------------------------------"
            )

        logger.info("[SCAN] Trigger Vulnerabilities ({vn})\r\n{table}".format(
            vn=len(srs), table=table))

        # show New evil Function
        nfs = NewEvilFunc.objects.filter(project_id=project_id, is_active=1)

        if nfs:

            table2 = PrettyTable(
                ['#', 'NewFunction', 'OriginFunction', 'Related Rules id'])

            table2.align = 'l'
            idy = 1

            for nf in nfs:
                row = [idy, nf.func_name, nf.origin_func_name, nf.svid]

                table2.add_row(row)
                idy += 1

            logger.info(
                "[MainThread] New evil Function list by NewCore:\r\n{table}".
                format(table=table2))

    else:
        logger.info("[MainThread] Scan id {} has no Result.".format(scan_id))