Skip to content

Commit

Permalink
Merge pull request #178 from LoRexxar/develop
Browse files Browse the repository at this point in the history 
update 2.5.0
  • Loading branch information
@LoRexxar
LoRexxar committed Aug 9, 2021
2 parents 94141bb + dd3c0c0 commit 38318fe
Show file tree
Hide file tree
Showing 27 changed files with 779 additions and 165 deletions.
17 changes: 16 additions & 1 deletion Kunlun_M/const.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@
mm_regex_return_regex = 'regex-return-regex'
sp_crx_keyword_match = 'special-crx-keyword-match' # crx特殊匹配
file_path_regex_match = 'file-path-regex-match' # 文件名或者路径匹配
vendor_source_match = 'vendor_source_match' # sca


match_modes = [
mm_regex_only_match,
Expand All @@ -27,6 +29,7 @@
mm_regex_return_regex,
sp_crx_keyword_match,
file_path_regex_match,
vendor_source_match,
]


Expand Down Expand Up @@ -72,7 +75,7 @@
default_black_list = ['.crx_files', 'vendor']
IGNORE_LIST = []

VUL_LEVEL = ['low', 'low', 'low', 'low', 'medium', 'medium', 'medium', 'medium', 'high', 'high', 'high']
VUL_LEVEL = ['low', 'low', 'low', 'low', 'medium', 'medium', 'medium', 'medium', 'high', 'high', 'critical']

VENDOR_FILE_DICT = {
"java": ['pom.xml', 'build.gradle'],
Expand All @@ -82,6 +85,18 @@
'nodejs': ['package.json'],
}

VENDOR_ECOSYSTEM = {
"java": {"depsdev": "maven"},
'golang': {"depsdev": "go"},
'python': {"ossindex": "pypi"},
'php': {"ossindex": "composer"},
'nodejs': {"depsdev": "npm"},
}

VENDOR_VUL_LEVEL = ['None', 'low', 'low', 'low', 'medium', 'medium', 'medium', 'medium', 'high', 'high', 'high']

VENDOR_CVIID = 9999

# base result class


Expand Down
4 changes: 4 additions & 0 deletions Kunlun_M/settings.py.bak
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,3 +202,7 @@ API_TOKEN = "secret_api_token"
IS_OPEN_REMOTE_SERVER = False
REMOTE_URL = "http://127.0.0.1:9999"
REMOTE_URL_APITOKEN = "secret_api_token_in_server"

# vendor vuln scan
WITH_VENDOR = True
ACTIVE_SCA_SYSTEM = ['depsdev', 'ossindex']
13 changes: 13 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -307,8 +307,21 @@ KunLun-M 是 404Team [星链计划](https://github.com/knownsec/404StarLink-Proj
## Contributors

感谢如下贡献者对本工具发展过程中的贡献:

核心开发者:

![](docs/lorexxar.jpg)
- Knownsec 404 Team [LoRexxar](https://github.com/LoRexxar)

重要贡献者:

![](docs/luckycat.jpg)
- Vidar-Team [LuckC4t](https://github.com/LuckyC4t)

![](docs/sissel.jpg)
- Dubhe [Sissel](https://github.com/boke1208)

次要贡献者:
- Dubhe [Sndav](https://github.com/Sndav)
- [#jax777](https://github.com/jax777)
- [akkuman](https://github.com/akkuman)
38 changes: 36 additions & 2 deletions core/__init__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@
from core.console import KunlunInterpreter
from web.index.models import ScanTask

from Kunlun_M.settings import LOGS_PATH, IS_OPEN_REMOTE_SERVER, REMOTE_URL, REMOTE_URL_APITOKEN
from Kunlun_M.settings import LOGS_PATH, IS_OPEN_REMOTE_SERVER

from . import plugins

Expand All @@ -56,12 +56,14 @@ def main():

subparsers = parser.add_subparsers()

# init
parser_group_init = subparsers.add_parser('init', help='Kunlun-M init before use.')
parser_group_init.add_argument('init', choices=['initialize', 'checksql'], default='init', help='check and migrate SQL')
parser_group_init.add_argument('appname', choices=['index', 'dashboard', 'backend', 'api'], nargs='?', default='index',
help='Check App name')
parser_group_init.add_argument('migrationname', default='migrationname', nargs='?', help='Check migration name')

# load config into database
parser_group_core = subparsers.add_parser('config', help='config for rule&tamper', description=__introduction__.format(detail='config for rule&tamper'), formatter_class=argparse.RawDescriptionHelpFormatter, usage=argparse.SUPPRESS, add_help=True)
parser_group_core.add_argument('load', choices=['load', 'recover', 'loadtamper', 'retamper'], default=False, help='operate for rule&tamper')

Expand Down Expand Up @@ -90,6 +92,10 @@ def main():
parser_group_scan.add_argument('-uc', '--unconfirm', dest='unconfirm', action='store_true', default=False, help='show unconfirmed vuls')
parser_group_scan.add_argument('-upc', '--unprecom', dest='unprecom', action='store_true', default=False, help='without Precompiled')

# for vendor vuln scan
parser_group_scan.add_argument('--without-vendor', dest='without_vendor', action='store_true', default=False, help='without scan vendor vuln (default open)')

# show for rule & tamper
parser_group_show = subparsers.add_parser('show', help='show rule&tamper', description=__introduction__.format(detail='show rule&tamper'), formatter_class=argparse.RawDescriptionHelpFormatter, usage=argparse.SUPPRESS, add_help=True)

parser_group_show.add_argument('list', choices=['rule', "tamper"], action='store', default=None,
Expand All @@ -98,6 +104,18 @@ def main():
parser_group_show.add_argument('-k', '--key', dest='listkey', action='store', default="all",
help='key for show rule & tamper. eg: 1001/wordpress')

# for search vendor
parser_group_search = subparsers.add_parser('search', help='search project by vendor/path/...', description=__introduction__.format(detail='search project by vendor/path/...'), formatter_class=argparse.RawDescriptionHelpFormatter, usage=argparse.SUPPRESS, add_help=True)

parser_group_search.add_argument('stype', choices=['vendor'], default='vendor', help='search type')

parser_group_search.add_argument('keyword_name', default='flask', nargs='?', help='keyword name for search')

parser_group_search.add_argument('keyword_value', default='1.0.0', nargs='?', help='keyword value for search')

parser_group_search.add_argument('--with-vuls', dest='with_vuls', action='store_true', default=False, help='with vuls scan (default False)')

# console
parser_group_console = subparsers.add_parser('console', help='enter console mode',
description=__introduction__.format(detail='enter console mode'),
formatter_class=argparse.RawDescriptionHelpFormatter,
Expand Down Expand Up @@ -198,6 +216,16 @@ def main():
parser_group_show.print_help()
exit()

if hasattr(args, "stype"):
# search and show vuls
if args.stype:
logger.info("[SEARCH] Search Project by {} in {} {}".format(args.stype, args.keyword_name, args.keyword_value))
cli.search_project(args.stype, args.keyword_name, args.keyword_value, args.with_vuls)
exit()
else:
parser_group_show.print_help()
exit()

if hasattr(args, "console"):
# check rule and tamper
logger.info("[INIT] RuleCheck start.")
Expand Down Expand Up @@ -259,6 +287,12 @@ def main():

log_add(logging.DEBUG, log_name)

if hasattr(args, "without_vendor"):
# 共享变量
import Kunlun_M.settings as settings
settings.WITH_VENDOR = False if args.without_vendor else settings.WITH_VENDOR
logger.info("[INIT] Vendor Vuls Scan Status: {}".format(settings.WITH_VENDOR))

data = {
'status': 'running',
'report': ''
Expand Down Expand Up @@ -289,4 +323,4 @@ def main():


if __name__ == '__main__':
main()
main()
2 changes: 1 addition & 1 deletion core/__version__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
__issue_page__ = 'https://github.com/LoRexxar/Kunlun-M/issues/new'
__python_version__ = sys.version.split()[0]
__platform__ = platform.platform()
__version__ = '2.5.2'
__version__ = '2.6.0'
__author__ = 'LoRexxar'
__author_email__ = 'LoRexxar@gmail.com'
__license__ = 'MIT License'
Expand Down
Loading

0 comments on commit 38318fe

Please sign in to comment.