diff --git a/cobra/api.py b/cobra/api.py index 1fce281a..5d6c3f07 100644 --- a/cobra/api.py +++ b/cobra/api.py @@ -188,7 +188,7 @@ def summary(): total_targets_number = len(scan_list) total_vul_number, critical_vul_number, high_vul_number , medium_vul_number, low_vul_number = 0, 0, 0, 0, 0 rule_filter = dict() - for s_sid in scan_list: + for s_sid in scan_list.keys(): s_sid_file = os.path.join(running_path, '{sid}_data'.format(sid=s_sid)) with open(s_sid_file, 'r') as f: s_sid_data = json.load(f) @@ -236,12 +236,21 @@ def report(a_sid, s_sid): with open(scan_list_file, 'r') as f: scan_list = json.load(f).get('sids') + project_name = scan_list.get(s_sid).split('/')[-1].replace('.git', '') + + rule_filter = dict() + for vul in scan_data.get('vulnerabilities'): + rule_filter[vul.get('id')] = vul.get('rule_name') + with open(os.path.join(os.path.dirname(__file__), 'templates/asset/js/report.js')) as f: report_js = f.read() return render_template(template_name_or_list='result.html', scan_data=json.dumps(scan_data, ensure_ascii=False), - report_js=report_js) + report_js=report_js, + target_filter=scan_list, + project_name=project_name, + rule_filter=rule_filter) def key_verify(data): diff --git a/cobra/templates/asset/js/report.js b/cobra/templates/asset/js/report.js index dc406405..b570f50c 100644 --- a/cobra/templates/asset/js/report.js +++ b/cobra/templates/asset/js/report.js @@ -27,7 +27,8 @@ $(function () { // filter submit button $('.filter_btn').on('click', function () { vulnerabilities_list.page = 1; - vulnerabilities_list.get(true); + vulnerabilities_list.pushState(); + vulnerabilities_list.get(); vulnerabilities_list.trigger_filter(); }); @@ -60,15 +61,24 @@ $(function () { // panel $('.v-path').text(data.file_path + ':' + data.line_number); $('.v-id').text('MVE-' + vid); - $('.v-language').text(data.lang); + $('.v-language').text(data.language); + // widget function init_widget() { var lis = $('.widget-trigger li'); $('.commit-author').text('@' + data.commit_author); $('.commit-time').text('@' + data.commit_time); - $('.v-level').text(data.level); + if (9 <= data.level && data.level <= 10) { + $('.v-level').text('Critical'); + } else if (6 <= data.level && data.level <= 8) { + $('.v-level').text('High'); + } else if (3 <= data.level && data.level <= 5) { + $('.v-level').text('Medium'); + } else if (1 <= data.level && data.level <= 2) { + $('.v-level').text('Low'); + } $('.v-type').text(data.rule_name); - $('.v-rule').text(data.match_result); + // $('.v-rule').text(data.match_result); } init_widget(); @@ -194,84 +204,107 @@ $(function () { evt.stopPropagation(); }); } - if ($("input[name=need_scan]").val() !== "False") { - // Search vulnerability type - if (on_filter === false || typeof on_filter === 'undefined') { - var svt = getParameterByName('svt'); - if (svt !== null && svt > 0) { - $('#search_vul_type').val(svt); - } - // Search rule - var sr = getParameterByName('sr'); - if (sr !== null && sr > 0) { - $('#search_rule').val(sr); - } - // Search level - var sl = getParameterByName('sl'); - if (sl !== null && sl > 0) { - $('#search_level').val(sl); - } - // Search target - var st = getParameterByName('st'); - if (st !== null && st > 0) { - $('#search_task').val(st); - } - // Search status - var ss = getParameterByName('ss'); - if (ss !== null && ss > 0) { - $('#search_status').val(ss); - } + // Search vulnerability type + if (on_filter === false || typeof on_filter === 'undefined') { + var svt = getParameterByName('svt'); + if (svt !== null && svt > 0) { + $('#search_vul_type').val(svt); + } + // Search rule + var sr = getParameterByName('sr'); + if (sr !== null && sr > 0) { + $('#search_rule').val(sr); } + // Search level + var sl = getParameterByName('sl'); + if (sl !== null && sl > 0) { + $('#search_level').val(sl); + } + // Search target + var st = getParameterByName('st'); + if (st !== null && st > 0) { + $('#search_task').val(st); + } + // Search status + var ss = getParameterByName('ss'); + if (ss !== null && ss > 0) { + $('#search_status').val(ss); + } + } - vulnerabilities_list.pushState(); + vulnerabilities_list.pushState(); - // load vulnerabilities list + // load vulnerabilities list - var list = vul_list_origin.vulnerabilities; - if (list.length === 0) { - $(".vulnerabilities_list").html('

  • Wow, no vulnerability was detected :)

    • '); - } else { - var list_html = ''; + var list = vul_list_origin.vulnerabilities; + sl = Number(sl); + var list_html = ''; - var id = 0; - for (var i = 0; i < list.length; i++) { - var line = ''; - if (list[i].line_number !== 0) { - line = ':' + list[i].line_number; + var id = 0; + for (var i = 0; i < list.length; i++) { + // search rule + if (sr !== null && sr > 0) { + if (list[i].id !== sr) { + continue; + } + } + // search level + if (sl !== null && sl > 0) { + if (sl === 4) { + if (list[i].level < 9) { + console.log(sl); + continue; + } + } else if (sl === 3) { + console.log(sl); + if (list[i].level < 6 || list[i].level > 8) { + continue; + } + } else if (sl === 2) { + if (list[i].level < 3 || list[i].level > 5) { + continue; + } + } else if (sl === 1) { + if (list[i].level < 1 || list[i].level > 2) { + continue; } - list_html = list_html + '
  • ' + - 'MVE-' + (i+1) + '
    ' + list[i].file_path + line + '
    ' + - '' + - '' + - list[i].match_result + ' => ' + list[i].commit_time + - '' + - '' + - '
    • '; - } + } + var line = ''; + if (list[i].line_number !== 0) { + line = ':' + list[i].line_number; + } + list_html = list_html + '
  • ' + + 'MVE-' + (i + 1) + '
    ' + list[i].file_path + line + '
    ' + + '' + + '' + + ' => ' + list[i].commit_time + + '' + + '' + + '
    • '; + } + if (list_html.length === 0) { + $(".vulnerabilities_list").html('

  • Wow, no vulnerability was detected :)

    • '); + } else { + $('.vulnerabilities_list').html(list_html); + } - $('.vulnerabilities_list').html(list_html); - - // current vulnerability - var vid = getParameterByName('vid'); - if (vid !== null && vid > 0) { - vulnerabilities_list.detail(vid); - } + // current vulnerability + var vid = getParameterByName('vid'); + if (vid !== null && vid > 0) { + vulnerabilities_list.detail(vid); + } - // vulnerabilities list detail - $('.vulnerabilities_list li').off('click').on('click', function () { - // loading - $('.CodeMirror').prepend($('.cm-loading').show().get(0)); + // vulnerabilities list detail + $('.vulnerabilities_list li').off('click').on('click', function () { + // loading + $('.CodeMirror').prepend($('.cm-loading').show().get(0)); - vulnerabilities_list.vid = $(this).attr('data-id'); - vulnerabilities_list.pushState(); + vulnerabilities_list.vid = $(this).attr('data-id'); + vulnerabilities_list.pushState(); - vulnerabilities_list.detail(vulnerabilities_list.vid); - }); - } - } else { - $(".vulnerabilities_list").html('

  • The project is deprecated :(

    • '); - } + vulnerabilities_list.detail(vulnerabilities_list.vid); + }); }, trigger_filter: function () { if ($(".filter").is(":visible") === true) { diff --git a/cobra/templates/result.html b/cobra/templates/result.html index a9d3b60d..2e0eb1de 100644 --- a/cobra/templates/result.html +++ b/cobra/templates/result.html @@ -57,6 +57,7 @@

    Cobra

    +

    {{ project_name }}