Skip to content
This repository has been archived by the owner on Nov 28, 2023. It is now read-only.

Commit

Permalink
Merge pull request #452 from 40huo/master
Browse files Browse the repository at this point in the history
refine filter in result page
  • Loading branch information
FeeiCN authored Aug 14, 2017
2 parents 316c891 + efa5e6a commit 51327a9
Show file tree
Hide file tree
Showing 4 changed files with 133 additions and 84 deletions.
13 changes: 11 additions & 2 deletions cobra/api.py
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ def summary():
total_targets_number = len(scan_list)
total_vul_number, critical_vul_number, high_vul_number , medium_vul_number, low_vul_number = 0, 0, 0, 0, 0
rule_filter = dict()
for s_sid in scan_list:
for s_sid in scan_list.keys():
s_sid_file = os.path.join(running_path, '{sid}_data'.format(sid=s_sid))
with open(s_sid_file, 'r') as f:
s_sid_data = json.load(f)
Expand Down Expand Up @@ -236,12 +236,21 @@ def report(a_sid, s_sid):
with open(scan_list_file, 'r') as f:
scan_list = json.load(f).get('sids')

project_name = scan_list.get(s_sid).split('/')[-1].replace('.git', '')

rule_filter = dict()
for vul in scan_data.get('vulnerabilities'):
rule_filter[vul.get('id')] = vul.get('rule_name')

with open(os.path.join(os.path.dirname(__file__), 'templates/asset/js/report.js')) as f:
report_js = f.read()

return render_template(template_name_or_list='result.html',
scan_data=json.dumps(scan_data, ensure_ascii=False),
report_js=report_js)
report_js=report_js,
target_filter=scan_list,
project_name=project_name,
rule_filter=rule_filter)


def key_verify(data):
Expand Down
175 changes: 104 additions & 71 deletions cobra/templates/asset/js/report.js
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ $(function () {
// filter submit button
$('.filter_btn').on('click', function () {
vulnerabilities_list.page = 1;
vulnerabilities_list.get(true);
vulnerabilities_list.pushState();
vulnerabilities_list.get();
vulnerabilities_list.trigger_filter();
});

Expand Down Expand Up @@ -60,15 +61,24 @@ $(function () {
// panel
$('.v-path').text(data.file_path + ':' + data.line_number);
$('.v-id').text('MVE-' + vid);
$('.v-language').text(data.lang);
$('.v-language').text(data.language);

// widget
function init_widget() {
var lis = $('.widget-trigger li');
$('.commit-author').text('@' + data.commit_author);
$('.commit-time').text('@' + data.commit_time);
$('.v-level').text(data.level);
if (9 <= data.level && data.level <= 10) {
$('.v-level').text('Critical');
} else if (6 <= data.level && data.level <= 8) {
$('.v-level').text('High');
} else if (3 <= data.level && data.level <= 5) {
$('.v-level').text('Medium');
} else if (1 <= data.level && data.level <= 2) {
$('.v-level').text('Low');
}
$('.v-type').text(data.rule_name);
$('.v-rule').text(data.match_result);
// $('.v-rule').text(data.match_result);
}

init_widget();
Expand Down Expand Up @@ -194,84 +204,107 @@ $(function () {
evt.stopPropagation();
});
}
if ($("input[name=need_scan]").val() !== "False") {
// Search vulnerability type
if (on_filter === false || typeof on_filter === 'undefined') {
var svt = getParameterByName('svt');
if (svt !== null && svt > 0) {
$('#search_vul_type').val(svt);
}
// Search rule
var sr = getParameterByName('sr');
if (sr !== null && sr > 0) {
$('#search_rule').val(sr);
}
// Search level
var sl = getParameterByName('sl');
if (sl !== null && sl > 0) {
$('#search_level').val(sl);
}
// Search target
var st = getParameterByName('st');
if (st !== null && st > 0) {
$('#search_task').val(st);
}
// Search status
var ss = getParameterByName('ss');
if (ss !== null && ss > 0) {
$('#search_status').val(ss);
}
// Search vulnerability type
if (on_filter === false || typeof on_filter === 'undefined') {
var svt = getParameterByName('svt');
if (svt !== null && svt > 0) {
$('#search_vul_type').val(svt);
}
// Search rule
var sr = getParameterByName('sr');
if (sr !== null && sr > 0) {
$('#search_rule').val(sr);
}
// Search level
var sl = getParameterByName('sl');
if (sl !== null && sl > 0) {
$('#search_level').val(sl);
}
// Search target
var st = getParameterByName('st');
if (st !== null && st > 0) {
$('#search_task').val(st);
}
// Search status
var ss = getParameterByName('ss');
if (ss !== null && ss > 0) {
$('#search_status').val(ss);
}
}

vulnerabilities_list.pushState();
vulnerabilities_list.pushState();

// load vulnerabilities list
// load vulnerabilities list

var list = vul_list_origin.vulnerabilities;
if (list.length === 0) {
$(".vulnerabilities_list").html('<li><h3 style="text-align: center;margin: 200px auto;">Wow, no vulnerability was detected :)</h3></li>');
} else {
var list_html = '';
var list = vul_list_origin.vulnerabilities;
sl = Number(sl);
var list_html = '';

var id = 0;
for (var i = 0; i < list.length; i++) {
var line = '';
if (list[i].line_number !== 0) {
line = ':' + list[i].line_number;
var id = 0;
for (var i = 0; i < list.length; i++) {
// search rule
if (sr !== null && sr > 0) {
if (list[i].id !== sr) {
continue;
}
}
// search level
if (sl !== null && sl > 0) {
if (sl === 4) {
if (list[i].level < 9) {
console.log(sl);
continue;
}
} else if (sl === 3) {
console.log(sl);
if (list[i].level < 6 || list[i].level > 8) {
continue;
}
} else if (sl === 2) {
if (list[i].level < 3 || list[i].level > 5) {
continue;
}
} else if (sl === 1) {
if (list[i].level < 1 || list[i].level > 2) {
continue;
}
list_html = list_html + '<li data-id="' + (i+1) + '" class=" " data-start="1" data-line="1">' +
'<strong>MVE-' + (i+1) + '</strong><br><span>' + list[i].file_path + line + '</span><br>' +
'<span class="issue-information">' +
'<small>' +
list[i].match_result + ' => ' + list[i].commit_time +
'</small>' +
'</span>' +
'</li>';

}
}
var line = '';
if (list[i].line_number !== 0) {
line = ':' + list[i].line_number;
}
list_html = list_html + '<li data-id="' + (i + 1) + '" class=" " data-start="1" data-line="1">' +
'<strong>MVE-' + (i + 1) + '</strong><br><span>' + list[i].file_path + line + '</span><br>' +
'<span class="issue-information">' +
'<small>' +
' => ' + list[i].commit_time +
'</small>' +
'</span>' +
'</li>';
}
if (list_html.length === 0) {
$(".vulnerabilities_list").html('<li><h3 style="text-align: center;margin: 200px auto;">Wow, no vulnerability was detected :)</h3></li>');
} else {
$('.vulnerabilities_list').html(list_html);
}

$('.vulnerabilities_list').html(list_html);

// current vulnerability
var vid = getParameterByName('vid');
if (vid !== null && vid > 0) {
vulnerabilities_list.detail(vid);
}
// current vulnerability
var vid = getParameterByName('vid');
if (vid !== null && vid > 0) {
vulnerabilities_list.detail(vid);
}

// vulnerabilities list detail
$('.vulnerabilities_list li').off('click').on('click', function () {
// loading
$('.CodeMirror').prepend($('.cm-loading').show().get(0));
// vulnerabilities list detail
$('.vulnerabilities_list li').off('click').on('click', function () {
// loading
$('.CodeMirror').prepend($('.cm-loading').show().get(0));

vulnerabilities_list.vid = $(this).attr('data-id');
vulnerabilities_list.pushState();
vulnerabilities_list.vid = $(this).attr('data-id');
vulnerabilities_list.pushState();

vulnerabilities_list.detail(vulnerabilities_list.vid);
});
}
} else {
$(".vulnerabilities_list").html('<li><h3 style="text-align: center;margin: 200px auto;">The project is deprecated :(</h3></li>');
}
vulnerabilities_list.detail(vulnerabilities_list.vid);
});
},
trigger_filter: function () {
if ($(".filter").is(":visible") === true) {
Expand Down
17 changes: 6 additions & 11 deletions cobra/templates/result.html
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@
<div class="col-xs-12">
<div class="invoice-title">
<h2>Cobra</h2>
<h3 class="pull-right">{{ project_name }}</h3>
</div>
<hr>
<ul class="nav nav-tabs">
Expand All @@ -73,10 +74,10 @@ <h2>Cobra</h2>
<div class="filter">
<div class="col-md-12" style="margin-top: 10px">
<label for="search_target" style="color: #aaaaaa;">Target</label>
<select id="search_target" class="form-control" style="height: 30px;">
<select id="search_target" class="form-control" style="height: 30px;" onchange="self.location.href=options[selectedIndex].value">
<option value="all">All</option>
{% for target in target_filter %}
<option value="{{ target }}">{{ target }}</option>
<option value="./{{ target }}">{{ target_filter.get(target) }}</option>
{% endfor %}
</select>
</div>
Expand All @@ -85,14 +86,15 @@ <h2>Cobra</h2>
<select id="search_rule" class="form-control" style="height: 30px;">
<option value="all">All</option>
{% for rule in rule_filter %}
<option value="{{ rule }}">{{ rule }}</option>
<option value="{{ rule }}">{{ rule_filter.get(rule) }}</option>
{% endfor %}
</select>
</div>
<div class="col-md-12" style="margin-top: 10px;">
<label for="search_level" style="color: #aaaaaa;">Level</label>
<select id="search_level" class="form-control" style="height: 30px;">
<option value="all">All</option>
<option value="4">Critical</option>
<option value="3">High</option>
<option value="2">Medium</option>
<option value="1">Low</option>
Expand Down Expand Up @@ -123,14 +125,7 @@ <h2>Cobra</h2>
alt="Commit Time"> <span class="commit-time"></span>
</li>
<li>
Status: <span class="v-status"></span> (<span class="v-repair"></span>)
</li>
<li>
Level: <span class="v-level"></span> <span class="v-type"></span> - <span class="v-rule"></span> By
<span class="v-rule-author"></span>
</li>
<li>
Repair AT: <span class="v-repair-time"></span> Repair: <span class="v-repair-description"></span>
Level: <span class="v-level"></span> <span class="v-type"></span><span class="v-rule"></span>
</li>
<li class="hidden">
Score: <span></span> CWE: <span></span> OWASP Top10: <span></span> SANA 25 Rank: <span></span> Bounty:
Expand Down
12 changes: 12 additions & 0 deletions docs/api.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,16 @@ curl -H "Content-Type: application/json" -X POST -d '{"key":"your_secret_key","s
## 查询扫描报告
```bash
curl -H "Content-Type: application/json" -X POST -d '{"key":"your_secret_key","task_id": "your_task_id"}' http://127.0.0.1/api/report
```

# Web 报告页

## 任务汇总报告
```
http://127.0.0.1/?sid=afbe69p7dxva
```

## 扫描详情报告
```
http://127.0.0.1/report/afbe69p7dxva/sfbe69plo5qs
```

0 comments on commit 51327a9

Please sign in to comment.