Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v1.15.0 #1820

Merged
merged 181 commits into from
Sep 15, 2023
Merged

v1.15.0 #1820

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
181 commits
Select commit Hold shift click to select a range
1142584
fix: remove print
st1020 Aug 17, 2023
c5e72c3
pref: improve app vul list pref
st1020 Aug 18, 2023
e119303
pref: use group celery tasks in sca bulk handler
st1020 Aug 18, 2023
a6660be
Merge pull request #1739 from st1020/fix/remove-print
Bidaya0 Aug 18, 2023
b5c7e74
Merge pull request #1749 from st1020/pref/sca-bulk-celery-tasks
Bidaya0 Aug 18, 2023
aeaa94b
feat: add session engine
st1020 Aug 21, 2023
317dd8b
Merge pull request #1753 from st1020/feat/add-session-engine
Bidaya0 Aug 21, 2023
c0791da
feat: remove outdate code
st1020 Aug 21, 2023
150889f
Merge pull request #1742 from st1020/pref/improve-app-vul-list-pref
st1020 Aug 21, 2023
ea35c2b
feat: remove outdate code
st1020 Aug 21, 2023
4d2513a
feat: set session expiry
st1020 Aug 22, 2023
00d6699
Merge pull request #1755 from st1020/feat/set-session-expiry
Bidaya0 Aug 22, 2023
f95055f
Merge pull request #1754 from st1020/feat/remove-outdate-code
Bidaya0 Aug 22, 2023
a359d73
fix: app vul list error
st1020 Aug 22, 2023
d3b2397
Merge pull request #1756 from st1020/fix/app-vul-list-error
st1020 Aug 22, 2023
70236c9
feat: add failed login count
st1020 Aug 22, 2023
ae00a02
Merge pull request #1757 from st1020/feat/failed-login-count
Bidaya0 Aug 22, 2023
01e3e99
feat: new patch implementation
st1020 Aug 24, 2023
6915411
feat: update ci
tscuite Aug 24, 2023
6d2ea37
Merge pull request #1760 from tscuite/develop
tscuite Aug 24, 2023
38ade47
fix: login error
st1020 Aug 24, 2023
7d1bf4f
fix: login error
st1020 Aug 24, 2023
5b7aaf4
feat: new patch implementation
st1020 Aug 24, 2023
2fecb78
Merge pull request #1761 from st1020/fix/login-error
Bidaya0 Aug 24, 2023
b7b4086
feat: add login lock status
st1020 Aug 24, 2023
bee92de
Merge pull request #1759 from st1020/feat/new-patch-impl
Bidaya0 Aug 24, 2023
87b17d5
Merge pull request #1762 from st1020/feat/add-login-lock-status
Bidaya0 Aug 24, 2023
7f339f3
feat: modify project summary api day_num field
st1020 Aug 24, 2023
c9e924f
build(deps): bump uwsgi from 2.0.21 to 2.0.22
dependabot[bot] Aug 24, 2023
69d4af4
Merge pull request #1764 from HXSecurity/dependabot/pip/uwsgi-2.0.22
Bidaya0 Aug 25, 2023
a0c1187
feat: method pool save
st1020 Aug 25, 2023
7af4ebe
feat: method pool save
st1020 Aug 25, 2023
129113a
feat: method pool save
st1020 Aug 25, 2023
0045fab
feat: method pool save
st1020 Aug 28, 2023
a8614c6
feat: modify project summary api day_num field
st1020 Aug 28, 2023
11b72b6
feat: method pool save
st1020 Aug 28, 2023
40efec3
fix: ruff error
st1020 Aug 28, 2023
29bd97b
feat: method pool save
st1020 Aug 28, 2023
0cd9688
feat: modify project summary api day_num field
st1020 Aug 28, 2023
5d210e8
feat: method pool save
st1020 Aug 28, 2023
2650e9a
Merge branch 'develop' into feat/method-pool-save
st1020 Aug 28, 2023
e27b9bd
feat: method pool save
st1020 Aug 28, 2023
3198094
Merge pull request #1763 from st1020/feat/modify-project-summary-day-num
st1020 Aug 28, 2023
c43e05a
Merge pull request #1766 from st1020/feat/method-pool-save
st1020 Aug 28, 2023
c54157e
feat: reduce memory usage in vul scan.
Bidaya0 Aug 28, 2023
7a7b758
feat: change to networkx
Bidaya0 Aug 28, 2023
014b79d
Merge branch 'develop' into feat/reduce-memory-usage
Bidaya0 Aug 28, 2023
5f89edd
deps: add networkx
Bidaya0 Aug 28, 2023
3732799
deps: add networkx
Bidaya0 Aug 28, 2023
3f7639a
deps: add networkx
Bidaya0 Aug 29, 2023
0191871
deps: add networkx
Bidaya0 Aug 29, 2023
dbe304a
feat: modify vul save logic
st1020 Aug 29, 2023
8750f3d
deps: add networkx
Bidaya0 Aug 29, 2023
68d2791
deps: add networkx
Bidaya0 Aug 29, 2023
d1e6f76
Merge pull request #1767 from Bidaya0/feat/reduce-memory-usage
Bidaya0 Aug 29, 2023
716902e
feat: modify vul save logic
st1020 Aug 29, 2023
8f6a3c7
feat: modify vul save logic
st1020 Aug 29, 2023
8ef1f45
feat: modify vul save logic
st1020 Aug 29, 2023
5f87136
Merge pull request #1768 from st1020/feat/change-vul-save
Bidaya0 Aug 29, 2023
c7b65ec
fix: vul method pool error
st1020 Aug 29, 2023
70a54e0
Merge pull request #1769 from st1020/fix/vul-method-pool-error
st1020 Aug 29, 2023
cf652d4
feat: add has vul method pool field
st1020 Aug 29, 2023
68f4599
fix: iast_vulnerability table migration
st1020 Aug 30, 2023
c56a957
feat: package focus
st1020 Aug 30, 2023
590373f
feat: package focus
st1020 Aug 30, 2023
c5d3970
Merge pull request #1771 from st1020/feat/add-has-vul-method-pool-field
Bidaya0 Aug 30, 2023
4cf5b82
Merge pull request #1772 from st1020/fix/vul-migration
Bidaya0 Aug 30, 2023
1bcb93e
Merge pull request #1773 from st1020/feat/package-focus
st1020 Aug 30, 2023
d4a0c97
feat: focus package priority
st1020 Aug 30, 2023
8028343
feat: focus package priority
st1020 Aug 30, 2023
43f10b1
Merge pull request #1775 from st1020/feat/focus-package-priority
Bidaya0 Aug 31, 2023
904d620
feat: add custom tag
Bidaya0 Sep 1, 2023
ceb5b14
Merge pull request #1777 from Bidaya0/feat/add-custom-tag
Bidaya0 Sep 1, 2023
248f1b3
feat: change hook strategy length limit.
Bidaya0 Sep 1, 2023
5c32901
Merge pull request #1778 from Bidaya0/feat/change-hook-strategy-lengt…
Bidaya0 Sep 1, 2023
214028d
add project topo api.
Bidaya0 Sep 1, 2023
db9f808
feat: add new topo graph model.
Bidaya0 Sep 1, 2023
6336aeb
feat: add new topo graph model.
Bidaya0 Sep 1, 2023
8ed0bad
feat: add new topo graph model.
Bidaya0 Sep 1, 2023
6ec843b
feat: add new topo graph model.
Bidaya0 Sep 1, 2023
a51103b
feat: add new topo graph model.
Bidaya0 Sep 1, 2023
4cf3ef4
Merge pull request #1779 from Bidaya0/feat/add-new-topo-table
Bidaya0 Sep 1, 2023
3b168c4
fix: memory reduce.
Bidaya0 Sep 1, 2023
e1f4023
deps: add pandas dependance
st1020 Sep 4, 2023
1a5498c
Merge pull request #1781 from st1020/deps/add-pandas-deps
st1020 Sep 4, 2023
870cb68
feat: custom max page size
st1020 Sep 4, 2023
4fd3c51
Merge pull request #1782 from st1020/feat/custom-max-page-size
st1020 Sep 4, 2023
79172d7
feat: modify notify
st1020 Sep 4, 2023
073cc48
feat: modify notify
st1020 Sep 4, 2023
73854b4
Merge pull request #1783 from st1020/feat/modify-notify
st1020 Sep 4, 2023
401dfb1
refactor: vul details api parse_graph
st1020 Sep 6, 2023
180188d
Merge pull request #1784 from st1020/refactor/vul-details
st1020 Sep 6, 2023
53fe75d
feat: update ci
tscuite Sep 6, 2023
309e8cb
Merge pull request #1785 from tscuite/develop
tscuite Sep 6, 2023
5222186
feat: add replay header
st1020 Sep 6, 2023
90fec8e
feat: add replay header
st1020 Sep 6, 2023
4ef89e0
Merge pull request #1786 from st1020/feat/add-replay-header
st1020 Sep 6, 2023
b84f784
feat: update ci
tscuite Sep 7, 2023
d6669f5
Merge pull request #1787 from tscuite/develop
tscuite Sep 7, 2023
f9fce7d
feat: update ci
tscuite Sep 8, 2023
0274fcd
Merge pull request #1788 from tscuite/develop
tscuite Sep 8, 2023
9a2da71
feat: modify hook strategy update logic
st1020 Sep 8, 2023
26d21a5
feat: update ci
tscuite Sep 8, 2023
7059245
Merge pull request #1790 from tscuite/develop
tscuite Sep 8, 2023
87cc6a1
feat: modify hook strategy update logic
st1020 Sep 8, 2023
9a86310
feat: update ci
tscuite Sep 8, 2023
f7fe5ee
Merge pull request #1791 from tscuite/develop
tscuite Sep 8, 2023
c95a302
feat: modify hook strategy update logic
st1020 Sep 8, 2023
28a64ad
feat: modify hook strategy update logic
st1020 Sep 8, 2023
50f9448
Merge pull request #1789 from st1020/feat/modify-hook_strategy
st1020 Sep 8, 2023
cd6b12a
feat: update ci
tscuite Sep 8, 2023
3f84716
Merge pull request #1792 from tscuite/develop
tscuite Sep 8, 2023
c9ce36c
feat: update ci
tscuite Sep 8, 2023
ce560bb
Merge pull request #1793 from tscuite/develop
tscuite Sep 8, 2023
773dbc4
feat: update ci
tscuite Sep 8, 2023
343fae4
Merge pull request #1794 from tscuite/develop
tscuite Sep 8, 2023
a2d170b
feat: heartbeat use celery task
st1020 Sep 11, 2023
9aaa4f9
fix: save vul did not save uri
st1020 Sep 11, 2023
293ad3a
feat: add project token
Bidaya0 Sep 11, 2023
5a62e32
feat: add project token
Bidaya0 Sep 11, 2023
5765508
feat: add project token
Bidaya0 Sep 11, 2023
36ef77a
Merge pull request #1797 from Bidaya0/feat/add-project-token
Bidaya0 Sep 11, 2023
8958afb
Merge pull request #1795 from st1020/feat/heartbeat-use-task
st1020 Sep 11, 2023
6f9e8d7
Merge pull request #1796 from st1020/fix/save-vul
st1020 Sep 11, 2023
e211537
feat: add project token
Bidaya0 Sep 11, 2023
5f81a21
feat: add project token
Bidaya0 Sep 11, 2023
cb9b8d3
Merge pull request #1798 from Bidaya0/feat/add-project-token-p2
Bidaya0 Sep 11, 2023
c29d92b
feat: add new migration
Bidaya0 Sep 12, 2023
e1a7c8e
feat: add new migration
Bidaya0 Sep 12, 2023
e9ce16e
Merge pull request #1799 from Bidaya0/feat/add-new-migration
Bidaya0 Sep 12, 2023
1a44f8b
fix: memory usage.
Bidaya0 Sep 12, 2023
63d6fc1
Merge pull request #1780 from Bidaya0/fix/memory-reduce
Bidaya0 Sep 12, 2023
2e32e82
dep: add new migration
Bidaya0 Sep 12, 2023
383c40e
Merge pull request #1800 from Bidaya0/dep/add-new-migration
Bidaya0 Sep 12, 2023
7a68866
fix: modify rule value
st1020 Sep 13, 2023
015e511
Merge pull request #1801 from st1020/fix/modify-rule-value
st1020 Sep 13, 2023
5e9a531
fix: set language
st1020 Sep 13, 2023
ccc7c14
Merge pull request #1802 from st1020/fix/set-lang
st1020 Sep 13, 2023
4ae170e
fix: modify rule value
st1020 Sep 13, 2023
f56fb84
Merge pull request #1803 from st1020/fix/modify-rule-value
st1020 Sep 13, 2023
33b1264
deps: add more itertools
Bidaya0 Sep 13, 2023
8f71f71
Merge pull request #1804 from Bidaya0/deps/add-deps
Bidaya0 Sep 13, 2023
f24ab8e
feat/project token p2
Bidaya0 Sep 13, 2023
63027b4
Merge pull request #1805 from Bidaya0/feat/project-token-p2
Bidaya0 Sep 13, 2023
a0369cf
feat/remove no risk level
Bidaya0 Sep 13, 2023
0189f30
Merge pull request #1806 from Bidaya0/feat/remove-norisk-level-in-pro…
Bidaya0 Sep 13, 2023
cf96f1a
feat/project token p2
Bidaya0 Sep 13, 2023
83c13bf
Merge pull request #1807 from Bidaya0/feat/project-token-p3
Bidaya0 Sep 13, 2023
287102d
fix: heartbeat task error
st1020 Sep 13, 2023
92316dc
feat/api route is cover.
Bidaya0 Sep 13, 2023
ccc8baa
feat/api route is cover.
Bidaya0 Sep 13, 2023
bed072b
Merge pull request #1809 from Bidaya0/feat/fix-api-route-cover-update
Bidaya0 Sep 13, 2023
443724c
Merge pull request #1808 from st1020/fix/heartbeat-task-error
Bidaya0 Sep 13, 2023
b111129
fix: heartbeat task error
st1020 Sep 13, 2023
abfba68
feat: sensitive info rule add system type
st1020 Sep 13, 2023
4fe3c08
Merge pull request #1811 from st1020/feat/sensitive-info-rule-add-sys…
Bidaya0 Sep 14, 2023
05fe77c
fix: heartbeat task error
st1020 Sep 14, 2023
b004b74
Merge pull request #1810 from st1020/fix/heartbeat-task-error
Bidaya0 Sep 14, 2023
d88f16b
fix: change to directed graph.
Bidaya0 Sep 14, 2023
b903c7d
fix: vul status const error
st1020 Sep 14, 2023
10cffe6
Merge pull request #1813 from st1020/fix/vul-status-const-error
Bidaya0 Sep 14, 2023
f94865a
Merge pull request #1812 from Bidaya0/fix/vul_engine_change_directed_…
Bidaya0 Sep 14, 2023
a3120c0
feat: add constratin in vec.
Bidaya0 Sep 14, 2023
f035716
feat: add constratin in vec.
Bidaya0 Sep 14, 2023
64285c9
Merge pull request #1814 from Bidaya0/feat/add_constrain_in_vec
Bidaya0 Sep 14, 2023
7a985ec
feat: add some doc.
Bidaya0 Sep 14, 2023
a41a7bb
feat: add some doc.
Bidaya0 Sep 14, 2023
bf67576
feat: add some doc.
Bidaya0 Sep 14, 2023
4976e47
feat: add some doc.
Bidaya0 Sep 15, 2023
10b7967
Merge pull request #1815 from Bidaya0/feat/add_doc
Bidaya0 Sep 15, 2023
a40199a
feat: update new strategy.
Bidaya0 Sep 15, 2023
cd5f1f8
Merge pull request #1816 from Bidaya0/feat/update-new-strategy
Bidaya0 Sep 15, 2023
1904c2d
fix:project_agent_download_token
Bidaya0 Sep 15, 2023
2a5866c
Merge pull request #1817 from Bidaya0/fix/project_agent_download_token
Bidaya0 Sep 15, 2023
8d97700
feat: update new strategy.
Bidaya0 Sep 15, 2023
57b3de4
feat: update new strategy.
Bidaya0 Sep 15, 2023
1e30101
feat: update new strategy.
Bidaya0 Sep 15, 2023
50996f7
feat: update new strategy.
Bidaya0 Sep 15, 2023
b0a5bac
Merge pull request #1818 from Bidaya0/feat/update-new-strategy-
Bidaya0 Sep 15, 2023
5af7bfc
feat: update new strategy.
Bidaya0 Sep 15, 2023
5a22f27
Merge pull request #1819 from Bidaya0/fix/project_agent_download_p2
Bidaya0 Sep 15, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
feat: add some doc.
  • Loading branch information
@Bidaya0
Bidaya0 committed Sep 14, 2023
commit a41a7bbcee51fcbd30be61e4430b9b0b211da7b5
70 changes: 8 additions & 62 deletions dongtai_web/aggr_vul/app_vul_list.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 13,7 @@
from dongtai_common.common.utils import make_hash
from dongtai_common.endpoint import R, UserEndPoint
from dongtai_common.models import APP_LEVEL_RISK, APP_VUL_ORDER
from dongtai_common.models.agent_method_pool import VulMethodPool
from dongtai_common.models.dast_integration import IastDastIntegrationRelation
from dongtai_common.models.vulnerablity import (
IastVulnerabilityDocument,
Expand All @@ -22,81 23,24 @@
from dongtai_common.utils.const import OPERATE_GET
from dongtai_common.utils.db import SearchLanguageMode
from dongtai_conf import settings
from dongtai_conf.patch import patch_point
from dongtai_conf.patch import patch_point, to_patch
from dongtai_conf.settings import ELASTICSEARCH_STATE
from dongtai_engine.elatic_search.data_correction import data_correction_interpetor
from dongtai_web.aggregation.aggregation_common import turnIntListOfStr
from dongtai_web.serializers.aggregation import AggregationArgsSerializer
from dongtai_web.serializers.vul import VulSerializer
from rest_framework import serializers
from dongtai_web.utils import get_response_serializer
from drf_spectacular.utils import extend_schema
from dongtai_web.utils import extend_schema_with_envcheck

INT_LIMIT: int = 2**64 - 1


class AppVulSerializer(serializers.ModelSerializer):
level_name = serializers.CharField()
server_type = serializers.CharField()
is_header_vul = serializers.CharField()
agent__project_name = serializers.CharField()
agent__server__container = serializers.CharField()
agent__language = serializers.CharField()
agent__bind_project_id = serializers.CharField()
header_vul_urls = serializers.ListField()
dastvul__vul_type = serializers.CharField()
dastvul_count = serializers.CharField()
dast_validation_status = serializers.CharField()
strategy__vul_name = serializers.CharField()
project__name = serializers.CharField()
server__container = serializers.CharField()
project_version__version_name = serializers.CharField()

class Meta:
model = IastVulnerabilityModel
fields = [
"id",
"uri",
"http_method",
"top_stack",
"bottom_stack",
"level_id",
"taint_position",
"status_id",
"first_time",
"latest_time",
"strategy__vul_name",
"language",
"project__name",
"server__container",
"project_id",
"strategy_id",
"project_version_id",
"project_version__version_name",
"level_name",
"server_type",
"is_header_vul",
"agent__project_name",
"agent__server__container",
"agent__language",
"agent__bind_project_id",
"header_vul_urls",
"dastvul__vul_type",
"dastvul_count",
"dast_validation_status",
]


_NewResponseSerializer = get_response_serializer(AppVulSerializer(many=True))


class GetAppVulsList(UserEndPoint):
@extend_schema(
@extend_schema_with_envcheck(
request=AggregationArgsSerializer,
tags=[_("Vulnerability"), OPERATE_GET, "集成"],
tags=[_("Vulnerability"), OPERATE_GET],
summary="应用漏洞列表",
responses={200: _NewResponseSerializer},
)
@to_patch
def post(self, request):
"""
:param request:
Expand Down Expand Up @@ -234,6 178,7 @@ def post(self, request):
lambda: 0,
{item["iastvul_id"]: item["dastvul_count"] for item in dastvul_rel_count_res},
)
has_vul_method_pool_set = set(VulMethodPool.objects.filter(vul_id__in=vul_ids).values_list("vul_id", flat=True))
if vul_data:
for item in vul_data:
item["level_name"] = APP_LEVEL_RISK.get(str(item["level_id"]), "")
Expand All @@ -247,6 192,7 @@ def post(self, request):
item["dastvul__vul_type"] = dast_vul_types_dict[item["id"]]
item["dastvul_count"] = dastvul_rel_count_res_dict[item["id"]]
item["dast_validation_status"] = bool(dastvul_rel_count_res_dict[item["id"]])
item["has_vul_method_pool"] = item["id"] in has_vul_method_pool_set
end["data"].append(item)
# all Iast Vulnerability Status
status = IastVulnerabilityStatus.objects.all()
Expand Down
29 changes: 11 additions & 18 deletions dongtai_web/dongtai_sca/views/newpackage.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,22 17,14 @@
class PackageListArgsSerializer(serializers.Serializer):
page_size = serializers.IntegerField(default=20, help_text=_("Number per page"))
page = serializers.IntegerField(default=1, help_text=_("Page index"))
language_ids = serializers.ListField(
required=False,
child=serializers.IntegerField(help_text=_("language")),
help_text="筛选语言id: 1 Java 2 Python 3 PHP 4 Go",
)
license_ids = serializers.ListField(
required=False, child=serializers.IntegerField(help_text=_("license")), help_text="筛选, 许可证id, 该id范围可在组件概况获取"
)
level_ids = serializers.ListField(
required=False, child=serializers.IntegerField(help_text=_("level")), help_text="筛选, 危险等级id"
)
project_id = serializers.IntegerField(required=False, help_text="项目id")
project_version_id = serializers.IntegerField(required=False, help_text="项目版本id")
keyword = serializers.CharField(required=False, help_text="搜索关键字")
order_field = serializers.ChoiceField(["vul_count", "level"], default="vul_count", help_text="排序字段")
order = serializers.ChoiceField(["desc", "asc"], default="desc", help_text="排序方式")
language_ids = serializers.ListField(required=False, child=serializers.IntegerField(help_text=_("language")))
license_ids = serializers.ListField(required=False, child=serializers.IntegerField(help_text=_("license")))
level_ids = serializers.ListField(required=False, child=serializers.IntegerField(help_text=_("level")))
project_id = serializers.IntegerField(required=False, help_text=_("Page index"))
project_version_id = serializers.IntegerField(required=False, help_text=_("Page index"))
keyword = serializers.CharField(required=False, help_text=_("search_keyword"))
order_field = serializers.ChoiceField(["vul_count", "level"], default="vul_count")
order = serializers.ChoiceField(["desc", "asc"], default="desc")


class PackeageScaAssetSerializer(PackeageScaAssetDetailSerializer):
Expand All @@ -57,6 49,7 @@ class Meta:
"language_id",
"aql",
"vul_count_groupby_level",
"is_focus",
]


Expand All @@ -66,7 59,7 @@ class Meta:
class PackageList(UserEndPoint):
@extend_schema_with_envcheck_v2(
request=PackageListArgsSerializer,
tags=[_("Component"), OPERATE_GET, "集成"],
tags=[_("Component"), OPERATE_GET],
summary=_("Component List"),
responses={200: _NewResponseSerializer},
)
Expand All @@ -92,7 85,7 @@ def post(self, request):
q = q & Q(aql__contains=ser.validated_data["keyword"])
order = ("-" if ser.validated_data["order"] == "desc" else "") ser.validated_data["order_field"]
page_info, data = self.get_paginator(
AssetV2Global.objects.filter(q).order_by(order).all(),
AssetV2Global.objects.filter(q).order_by("-is_focus", order).all(),
ser.validated_data["page"],
ser.validated_data["page_size"],
)
Expand Down
69 changes: 6 additions & 63 deletions dongtai_web/views/vul_details.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 9,7 @@
from rest_framework import serializers

from dongtai_common.endpoint import R, UserEndPoint
from dongtai_common.models.agent_method_pool import VulMethodPool
from dongtai_common.models.hook_type import HookType
from dongtai_common.models.project import IastProject
from dongtai_common.models.project_version import IastProjectVersion
Expand Down Expand Up @@ -116,8 117,8 @@ def get_server(self):
"command": "",
}

@staticmethod
def parse_graphy(
self,
graphy,
extend_black_list: list | None = None,
extend_white_list: list | None = None,
Expand All @@ -135,7 136,7 @@ def parse_graphy(

results = []
try:
if graphy is None:
if not graphy:
return results
method_note_pool = json.loads(graphy)[0]
method_counts = len(method_note_pool)
Expand Down Expand Up @@ -327,6 328,7 @@ def get_vul(self, projects):
"method_pool_id": vul.method_pool_id,
"project_id": project_id,
"is_need_http_detail": is_need_http_detail(strategy_name),
"has_vul_method_pool": VulMethodPool.objects.filter(vul_id=vul.id).exists(),
}

def get_strategy(self):
Expand Down Expand Up @@ -454,68 456,9 @@ def get_graph_and_headers(self, data):
]
return res

@extend_schema_with_envcheck(
response_bodys=[
{
"name": _("Get data sample"),
"description": _(
"The aggregation results are programming language, risk level, vulnerability type, project"
),
"value": {
"status": 201,
"msg": "success",
"data": {
"vul": {
"url": "http://localhost:81/captcha/captchaImage",
"uri": "/captcha/captchaImage",
"agent_name": "Mac OS X-localhost-v1.0.0-d24bf703ca62499ebdd12770708296f5",
"http_method": "GET",
"type": "Weak Random Number Generation",
"taint_position": None,
"first_time": 1631089870,
"latest_time": 1631089961,
"project_name": "demo-4.6.1",
"project_version": "V1.0",
"language": "JAVA",
"level": "LOW",
"level_type": 3,
"counts": 6,
"req_header": 'GET /captcha/captchaImage?type=math HTTP/1.1\nhost:localhost:81\nconnection:keep-alive\nsec-ch-ua:"Google Chrome";v="93", " Not;A Brand";v="99", "Chromium";v="93"\nsec-ch-ua-mobile:?0\nuser-agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36\nsec-ch-ua-platform:"macOS"\naccept:image/avif,image/webp,image/apng,image/svg xml,image/*,*/*;q=0.8\nsec-fetch-site:same-origin\nsec-fetch-mode:no-cors\nsec-fetch-dest:image\nreferer:http://localhost:81/login\naccept-encoding:gzip, deflate, br\naccept-language:zh-CN,zh;q=0.9\ncookie:JSESSIONID=4bada2e5-d848-4218-8e24-3b28f765b986\n',
"response": "None\n\nNone",
"graph": None,
"context_path": "127.0.0.1",
"client_ip": "127.0.0.1",
"status": "Confirmed",
"taint_value": None,
"param_name": {},
"method_pool_id": None,
"project_id": 69,
},
"server": {
"name": "server.name",
"hostname": "localhost",
"ip": "localhost",
"port": 81,
"container": "Apache Tomcat/9.0.41",
"server_type": "apache tomcat",
"container_path": "/Users/erzhuangniu/workspace/vul/demo-4.6.1",
"runtime": "OpenJDK Runtime Environment",
"environment": "java.runtime.name=OpenJDK Runtime Environment, spring.output.ansi.enabled=always, project.name=demo-4.6.1, sun.boot.library.path=/Users/erzhuangniu/Library/Java/JavaVirtualMachines/corretto-1.8.0_292/Contents/Home/jre/lib, java.vm.version=25.292-b10, gop",
"command": "com.ruoyi.demoApplication",
},
"strategy": {
"desc": "Verifies that weak sources of entropy are not used.",
"sample_code": "",
"repair_suggestion": None,
},
},
},
}
],
description=_("Use the corresponding id of the vulnerability to query the details of the vulnerability"),
@extend_schema(
summary="获取漏洞详情",
tags=["Vulnerability", "集成"],
response_schema=_ResponseSerializer,
tags=["Vulnerability"],
)
def get(
self,
Expand Down