From ede6fdcb140df7fc26834329d0053a4bf86b4c5b Mon Sep 17 00:00:00 2001
From: 40huo <git@40huo.cn>
Date: Mon, 14 Aug 2017 11:10:09 +0800
Subject: [PATCH 1/3] refine result page and docs

---
 cobra/templates/asset/js/report.js |  2 +-
 docs/api.md                        | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/cobra/templates/asset/js/report.js b/cobra/templates/asset/js/report.js
index dc406405..3e1cd3d7 100644
--- a/cobra/templates/asset/js/report.js
+++ b/cobra/templates/asset/js/report.js
@@ -60,7 +60,7 @@ $(function () {
                 // panel
                 $('.v-path').text(data.file_path + ':' + data.line_number);
                 $('.v-id').text('MVE-' + vid);
-                $('.v-language').text(data.lang);
+                $('.v-language').text(data.language);
                 // widget
                 function init_widget() {
                     var lis = $('.widget-trigger li');
diff --git a/docs/api.md b/docs/api.md
index 164b0fbd..6e757be3 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -22,4 +22,16 @@ curl -H "Content-Type: application/json" -X POST -d '{"key":"your_secret_key","s
 ## 查询扫描报告
 ```bash
 curl -H "Content-Type: application/json" -X POST -d '{"key":"your_secret_key","task_id": "your_task_id"}' http://127.0.0.1/api/report
+```
+
+# Web 报告页
+
+## 任务汇总报告
+```
+http://127.0.0.1/?sid=afbe69p7dxva
+```
+
+## 扫描详情报告
+```
+http://127.0.0.1/report/afbe69p7dxva/sfbe69plo5qs
 ```
\ No newline at end of file

From df0767b3e0b4649c824aa8661c19d0b6ae2a3a9a Mon Sep 17 00:00:00 2001
From: 40huo <git@40huo.cn>
Date: Mon, 14 Aug 2017 14:38:14 +0800
Subject: [PATCH 2/3] add vulnerability rank in result page and refine widget

---
 cobra/templates/asset/js/report.js | 12 ++++++++++--
 cobra/templates/result.html        |  9 +--------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/cobra/templates/asset/js/report.js b/cobra/templates/asset/js/report.js
index 3e1cd3d7..1e7f19fd 100644
--- a/cobra/templates/asset/js/report.js
+++ b/cobra/templates/asset/js/report.js
@@ -66,9 +66,17 @@ $(function () {
                     var lis = $('.widget-trigger li');
                     $('.commit-author').text('@' + data.commit_author);
                     $('.commit-time').text('@' + data.commit_time);
-                    $('.v-level').text(data.level);
+                    if (9<= data.level && data.level<= 10) {
+                        $('.v-level').text('Critical');
+                    } else if (6 <= data.level && data.level <= 8) {
+                        $('.v-level').text('High');
+                    } else if (3 <= data.level && data.level <= 5) {
+                        $('.v-level').text('Medium');
+                    } else if (1 <= data.level && data.level <= 2) {
+                        $('.v-level').text('Low');
+                    }
                     $('.v-type').text(data.rule_name);
-                    $('.v-rule').text(data.match_result);
+                    // $('.v-rule').text(data.match_result);
                 }
 
                 init_widget();
diff --git a/cobra/templates/result.html b/cobra/templates/result.html
index a9d3b60d..e18c0be1 100644
--- a/cobra/templates/result.html
+++ b/cobra/templates/result.html
@@ -123,14 +123,7 @@ <h2>Cobra</h2>
                                                        alt="Commit Time"> <span class="commit-time"></span>
             </li>
             <li>
-                Status: <span class="v-status"></span> (<span class="v-repair"></span>)
-            </li>
-            <li>
-                Level: <span class="v-level"></span> <span class="v-type"></span> - <span class="v-rule"></span> By
-                <span class="v-rule-author"></span>
-            </li>
-            <li>
-                Repair AT: <span class="v-repair-time"></span> Repair: <span class="v-repair-description"></span>
+                Level: <span class="v-level"></span> <span class="v-type"></span><span class="v-rule"></span>
             </li>
             <li class="hidden">
                 Score: <span></span> CWE: <span></span> OWASP Top10: <span></span> SANA 25 Rank: <span></span> Bounty:

From e61b64ef8b8befe0ff16e0daf8d6d257ebd3b7a0 Mon Sep 17 00:00:00 2001
From: 40huo <git@40huo.cn>
Date: Mon, 14 Aug 2017 18:46:07 +0800
Subject: [PATCH 3/3] refine filter in result page

---
 cobra/api.py                       |  13 ++-
 cobra/templates/asset/js/report.js | 163 +++++++++++++++++------------
 cobra/templates/result.html        |   8 +-
 3 files changed, 110 insertions(+), 74 deletions(-)

diff --git a/cobra/api.py b/cobra/api.py
index 1fce281a..5d6c3f07 100644
--- a/cobra/api.py
+++ b/cobra/api.py
@@ -188,7 +188,7 @@ def summary():
     total_targets_number = len(scan_list)
     total_vul_number, critical_vul_number, high_vul_number , medium_vul_number, low_vul_number = 0, 0, 0, 0, 0
     rule_filter = dict()
-    for s_sid in scan_list:
+    for s_sid in scan_list.keys():
         s_sid_file = os.path.join(running_path, '{sid}_data'.format(sid=s_sid))
         with open(s_sid_file, 'r') as f:
             s_sid_data = json.load(f)
@@ -236,12 +236,21 @@ def report(a_sid, s_sid):
     with open(scan_list_file, 'r') as f:
         scan_list = json.load(f).get('sids')
 
+    project_name = scan_list.get(s_sid).split('/')[-1].replace('.git', '')
+
+    rule_filter = dict()
+    for vul in scan_data.get('vulnerabilities'):
+        rule_filter[vul.get('id')] = vul.get('rule_name')
+
     with open(os.path.join(os.path.dirname(__file__), 'templates/asset/js/report.js')) as f:
         report_js = f.read()
 
     return render_template(template_name_or_list='result.html',
                            scan_data=json.dumps(scan_data, ensure_ascii=False),
-                           report_js=report_js)
+                           report_js=report_js,
+                           target_filter=scan_list,
+                           project_name=project_name,
+                           rule_filter=rule_filter)
 
 
 def key_verify(data):
diff --git a/cobra/templates/asset/js/report.js b/cobra/templates/asset/js/report.js
index 1e7f19fd..b570f50c 100644
--- a/cobra/templates/asset/js/report.js
+++ b/cobra/templates/asset/js/report.js
@@ -27,7 +27,8 @@ $(function () {
             // filter submit button
             $('.filter_btn').on('click', function () {
                 vulnerabilities_list.page = 1;
-                vulnerabilities_list.get(true);
+                vulnerabilities_list.pushState();
+                vulnerabilities_list.get();
                 vulnerabilities_list.trigger_filter();
             });
 
@@ -61,12 +62,13 @@ $(function () {
                 $('.v-path').text(data.file_path + ':' + data.line_number);
                 $('.v-id').text('MVE-' + vid);
                 $('.v-language').text(data.language);
+
                 // widget
                 function init_widget() {
                     var lis = $('.widget-trigger li');
                     $('.commit-author').text('@' + data.commit_author);
                     $('.commit-time').text('@' + data.commit_time);
-                    if (9<= data.level && data.level<= 10) {
+                    if (9 <= data.level && data.level <= 10) {
                         $('.v-level').text('Critical');
                     } else if (6 <= data.level && data.level <= 8) {
                         $('.v-level').text('High');
@@ -202,84 +204,107 @@ $(function () {
                     evt.stopPropagation();
                 });
             }
-            if ($("input[name=need_scan]").val() !== "False") {
-                // Search vulnerability type
-                if (on_filter === false || typeof on_filter === 'undefined') {
-                    var svt = getParameterByName('svt');
-                    if (svt !== null && svt > 0) {
-                        $('#search_vul_type').val(svt);
-                    }
-                    // Search rule
-                    var sr = getParameterByName('sr');
-                    if (sr !== null && sr > 0) {
-                        $('#search_rule').val(sr);
-                    }
-                    // Search level
-                    var sl = getParameterByName('sl');
-                    if (sl !== null && sl > 0) {
-                        $('#search_level').val(sl);
-                    }
-                    // Search target
-                    var st = getParameterByName('st');
-                    if (st !== null && st > 0) {
-                        $('#search_task').val(st);
-                    }
-                    // Search status
-                    var ss = getParameterByName('ss');
-                    if (ss !== null && ss > 0) {
-                        $('#search_status').val(ss);
-                    }
+            // Search vulnerability type
+            if (on_filter === false || typeof on_filter === 'undefined') {
+                var svt = getParameterByName('svt');
+                if (svt !== null && svt > 0) {
+                    $('#search_vul_type').val(svt);
+                }
+                // Search rule
+                var sr = getParameterByName('sr');
+                if (sr !== null && sr > 0) {
+                    $('#search_rule').val(sr);
+                }
+                // Search level
+                var sl = getParameterByName('sl');
+                if (sl !== null && sl > 0) {
+                    $('#search_level').val(sl);
                 }
+                // Search target
+                var st = getParameterByName('st');
+                if (st !== null && st > 0) {
+                    $('#search_task').val(st);
+                }
+                // Search status
+                var ss = getParameterByName('ss');
+                if (ss !== null && ss > 0) {
+                    $('#search_status').val(ss);
+                }
+            }
 
-                vulnerabilities_list.pushState();
+            vulnerabilities_list.pushState();
 
-                // load vulnerabilities list
+            // load vulnerabilities list
 
-                var list = vul_list_origin.vulnerabilities;
-                if (list.length === 0) {
-                    $(".vulnerabilities_list").html('<li><h3 style="text-align: center;margin: 200px auto;">Wow, no vulnerability was detected :)</h3></li>');
-                } else {
-                    var list_html = '';
+            var list = vul_list_origin.vulnerabilities;
+            sl = Number(sl);
+            var list_html = '';
 
-                    var id = 0;
-                    for (var i = 0; i < list.length; i++) {
-                        var line = '';
-                        if (list[i].line_number !== 0) {
-                            line = ':' + list[i].line_number;
+            var id = 0;
+            for (var i = 0; i < list.length; i++) {
+                // search rule
+                if (sr !== null && sr > 0) {
+                    if (list[i].id !== sr) {
+                        continue;
+                    }
+                }
+                // search level
+                if (sl !== null && sl > 0) {
+                    if (sl === 4) {
+                        if (list[i].level < 9) {
+                            console.log(sl);
+                            continue;
+                        }
+                    } else if (sl === 3) {
+                        console.log(sl);
+                        if (list[i].level < 6 || list[i].level > 8) {
+                            continue;
+                        }
+                    } else if (sl === 2) {
+                        if (list[i].level < 3 || list[i].level > 5) {
+                            continue;
+                        }
+                    } else if (sl === 1) {
+                        if (list[i].level < 1 || list[i].level > 2) {
+                            continue;
                         }
-                        list_html = list_html + '<li data-id="' + (i+1) + '" class=" " data-start="1" data-line="1">' +
-                            '<strong>MVE-' + (i+1) + '</strong><br><span>' + list[i].file_path + line + '</span><br>' +
-                            '<span class="issue-information">' +
-                            '<small>' +
-                            list[i].match_result + ' => ' + list[i].commit_time +
-                            '</small>' +
-                            '</span>' +
-                            '</li>';
-
                     }
+                }
+                var line = '';
+                if (list[i].line_number !== 0) {
+                    line = ':' + list[i].line_number;
+                }
+                list_html = list_html + '<li data-id="' + (i + 1) + '" class=" " data-start="1" data-line="1">' +
+                    '<strong>MVE-' + (i + 1) + '</strong><br><span>' + list[i].file_path + line + '</span><br>' +
+                    '<span class="issue-information">' +
+                    '<small>' +
+                    ' => ' + list[i].commit_time +
+                    '</small>' +
+                    '</span>' +
+                    '</li>';
+            }
+            if (list_html.length === 0) {
+                $(".vulnerabilities_list").html('<li><h3 style="text-align: center;margin: 200px auto;">Wow, no vulnerability was detected :)</h3></li>');
+            } else {
+                $('.vulnerabilities_list').html(list_html);
+            }
 
-                    $('.vulnerabilities_list').html(list_html);
-
-                    // current vulnerability
-                    var vid = getParameterByName('vid');
-                    if (vid !== null && vid > 0) {
-                        vulnerabilities_list.detail(vid);
-                    }
+            // current vulnerability
+            var vid = getParameterByName('vid');
+            if (vid !== null && vid > 0) {
+                vulnerabilities_list.detail(vid);
+            }
 
-                    // vulnerabilities list detail
-                    $('.vulnerabilities_list li').off('click').on('click', function () {
-                        // loading
-                        $('.CodeMirror').prepend($('.cm-loading').show().get(0));
+            // vulnerabilities list detail
+            $('.vulnerabilities_list li').off('click').on('click', function () {
+                // loading
+                $('.CodeMirror').prepend($('.cm-loading').show().get(0));
 
-                        vulnerabilities_list.vid = $(this).attr('data-id');
-                        vulnerabilities_list.pushState();
+                vulnerabilities_list.vid = $(this).attr('data-id');
+                vulnerabilities_list.pushState();
 
-                        vulnerabilities_list.detail(vulnerabilities_list.vid);
-                    });
-                }
-            } else {
-                $(".vulnerabilities_list").html('<li><h3 style="text-align: center;margin: 200px auto;">The project is deprecated :(</h3></li>');
-            }
+                vulnerabilities_list.detail(vulnerabilities_list.vid);
+            });
         },
         trigger_filter: function () {
             if ($(".filter").is(":visible") === true) {
diff --git a/cobra/templates/result.html b/cobra/templates/result.html
index e18c0be1..2e0eb1de 100644
--- a/cobra/templates/result.html
+++ b/cobra/templates/result.html
@@ -57,6 +57,7 @@
         <div class="col-xs-12">
             <div class="invoice-title">
                 <h2>Cobra</h2>
+                <h3 class="pull-right">{{ project_name }}</h3>
             </div>
             <hr>
             <ul class="nav nav-tabs">
@@ -73,10 +74,10 @@ <h2>Cobra</h2>
                             <div class="filter">
                                 <div class="col-md-12" style="margin-top: 10px">
                                     <label for="search_target" style="color: #aaaaaa;">Target</label>
-                                    <select id="search_target" class="form-control" style="height: 30px;">
+                                    <select id="search_target" class="form-control" style="height: 30px;" onchange="self.location.href=options[selectedIndex].value">
                                         <option value="all">All</option>
                                         {% for target in target_filter %}
-                                            <option value="{{ target }}">{{ target }}</option>
+                                            <option value="./{{ target }}">{{ target_filter.get(target) }}</option>
                                         {% endfor %}
                                     </select>
                                 </div>
@@ -85,7 +86,7 @@ <h2>Cobra</h2>
                                     <select id="search_rule" class="form-control" style="height: 30px;">
                                         <option value="all">All</option>
                                         {% for rule in rule_filter %}
-                                            <option value="{{ rule }}">{{ rule }}</option>
+                                            <option value="{{ rule }}">{{ rule_filter.get(rule) }}</option>
                                         {% endfor %}
                                     </select>
                                 </div>
@@ -93,6 +94,7 @@ <h2>Cobra</h2>
                                     <label for="search_level" style="color: #aaaaaa;">Level</label>
                                     <select id="search_level" class="form-control" style="height: 30px;">
                                         <option value="all">All</option>
+                                        <option value="4">Critical</option>
                                         <option value="3">High</option>
                                         <option value="2">Medium</option>
                                         <option value="1">Low</option>