Skip to content
This repository was archived by the owner on Nov 28, 2023. It is now read-only.

Commit 51327a9

Browse files
FeeiCNFeeiCN
authored
Merge pull request #452 from 40huo/master
refine filter in result page
2 parents 316c891 + efa5e6a commit 51327a9

File tree

4 files changed

+133
-84
lines changed

4 files changed

+133
-84
lines changed

cobra/api.py

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -188,7 +188,7 @@ def summary():
188188
total_targets_number = len(scan_list)
189189
total_vul_number, critical_vul_number, high_vul_number , medium_vul_number, low_vul_number = 0, 0, 0, 0, 0
190190
rule_filter = dict()
191-
for s_sid in scan_list:
191+
for s_sid in scan_list.keys():
192192
s_sid_file = os.path.join(running_path, '{sid}_data'.format(sid=s_sid))
193193
with open(s_sid_file, 'r') as f:
194194
s_sid_data = json.load(f)
@@ -236,12 +236,21 @@ def report(a_sid, s_sid):
236236
with open(scan_list_file, 'r') as f:
237237
scan_list = json.load(f).get('sids')
238238

239+
project_name = scan_list.get(s_sid).split('/')[-1].replace('.git', '')
240+
241+
rule_filter = dict()
242+
for vul in scan_data.get('vulnerabilities'):
243+
rule_filter[vul.get('id')] = vul.get('rule_name')
244+
239245
with open(os.path.join(os.path.dirname(__file__), 'templates/asset/js/report.js')) as f:
240246
report_js = f.read()
241247

242248
return render_template(template_name_or_list='result.html',
243249
scan_data=json.dumps(scan_data, ensure_ascii=False),
244-
report_js=report_js)
250+
report_js=report_js,
251+
target_filter=scan_list,
252+
project_name=project_name,
253+
rule_filter=rule_filter)
245254

246255

247256
def key_verify(data):

cobra/templates/asset/js/report.js

Lines changed: 104 additions & 71 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,8 @@ $(function () {
2727
// filter submit button
2828
$('.filter_btn').on('click', function () {
2929
vulnerabilities_list.page = 1;
30-
vulnerabilities_list.get(true);
30+
vulnerabilities_list.pushState();
31+
vulnerabilities_list.get();
3132
vulnerabilities_list.trigger_filter();
3233
});
3334

@@ -60,15 +61,24 @@ $(function () {
6061
// panel
6162
$('.v-path').text(data.file_path + ':' + data.line_number);
6263
$('.v-id').text('MVE-' + vid);
63-
$('.v-language').text(data.lang);
64+
$('.v-language').text(data.language);
65+
6466
// widget
6567
function init_widget() {
6668
var lis = $('.widget-trigger li');
6769
$('.commit-author').text('@' + data.commit_author);
6870
$('.commit-time').text('@' + data.commit_time);
69-
$('.v-level').text(data.level);
71+
if (9 <= data.level && data.level <= 10) {
72+
$('.v-level').text('Critical');
73+
} else if (6 <= data.level && data.level <= 8) {
74+
$('.v-level').text('High');
75+
} else if (3 <= data.level && data.level <= 5) {
76+
$('.v-level').text('Medium');
77+
} else if (1 <= data.level && data.level <= 2) {
78+
$('.v-level').text('Low');
79+
}
7080
$('.v-type').text(data.rule_name);
71-
$('.v-rule').text(data.match_result);
81+
// $('.v-rule').text(data.match_result);
7282
}
7383

7484
init_widget();
@@ -194,84 +204,107 @@ $(function () {
194204
evt.stopPropagation();
195205
});
196206
}
197-
if ($("input[name=need_scan]").val() !== "False") {
198-
// Search vulnerability type
199-
if (on_filter === false || typeof on_filter === 'undefined') {
200-
var svt = getParameterByName('svt');
201-
if (svt !== null && svt > 0) {
202-
$('#search_vul_type').val(svt);
203-
}
204-
// Search rule
205-
var sr = getParameterByName('sr');
206-
if (sr !== null && sr > 0) {
207-
$('#search_rule').val(sr);
208-
}
209-
// Search level
210-
var sl = getParameterByName('sl');
211-
if (sl !== null && sl > 0) {
212-
$('#search_level').val(sl);
213-
}
214-
// Search target
215-
var st = getParameterByName('st');
216-
if (st !== null && st > 0) {
217-
$('#search_task').val(st);
218-
}
219-
// Search status
220-
var ss = getParameterByName('ss');
221-
if (ss !== null && ss > 0) {
222-
$('#search_status').val(ss);
223-
}
207+
// Search vulnerability type
208+
if (on_filter === false || typeof on_filter === 'undefined') {
209+
var svt = getParameterByName('svt');
210+
if (svt !== null && svt > 0) {
211+
$('#search_vul_type').val(svt);
212+
}
213+
// Search rule
214+
var sr = getParameterByName('sr');
215+
if (sr !== null && sr > 0) {
216+
$('#search_rule').val(sr);
224217
}
218+
// Search level
219+
var sl = getParameterByName('sl');
220+
if (sl !== null && sl > 0) {
221+
$('#search_level').val(sl);
222+
}
223+
// Search target
224+
var st = getParameterByName('st');
225+
if (st !== null && st > 0) {
226+
$('#search_task').val(st);
227+
}
228+
// Search status
229+
var ss = getParameterByName('ss');
230+
if (ss !== null && ss > 0) {
231+
$('#search_status').val(ss);
232+
}
233+
}
225234

226-
vulnerabilities_list.pushState();
235+
vulnerabilities_list.pushState();
227236

228-
// load vulnerabilities list
237+
// load vulnerabilities list
229238

230-
var list = vul_list_origin.vulnerabilities;
231-
if (list.length === 0) {
232-
$(".vulnerabilities_list").html('<li><h3 style="text-align: center;margin: 200px auto;">Wow, no vulnerability was detected :)</h3></li>');
233-
} else {
234-
var list_html = '';
239+
var list = vul_list_origin.vulnerabilities;
240+
sl = Number(sl);
241+
var list_html = '';
235242

236-
var id = 0;
237-
for (var i = 0; i < list.length; i++) {
238-
var line = '';
239-
if (list[i].line_number !== 0) {
240-
line = ':' + list[i].line_number;
243+
var id = 0;
244+
for (var i = 0; i < list.length; i++) {
245+
// search rule
246+
if (sr !== null && sr > 0) {
247+
if (list[i].id !== sr) {
248+
continue;
249+
}
250+
}
251+
// search level
252+
if (sl !== null && sl > 0) {
253+
if (sl === 4) {
254+
if (list[i].level < 9) {
255+
console.log(sl);
256+
continue;
257+
}
258+
} else if (sl === 3) {
259+
console.log(sl);
260+
if (list[i].level < 6 || list[i].level > 8) {
261+
continue;
262+
}
263+
} else if (sl === 2) {
264+
if (list[i].level < 3 || list[i].level > 5) {
265+
continue;
266+
}
267+
} else if (sl === 1) {
268+
if (list[i].level < 1 || list[i].level > 2) {
269+
continue;
241270
}
242-
list_html = list_html + '<li data-id="' + (i+1) + '" class=" " data-start="1" data-line="1">' +
243-
'<strong>MVE-' + (i+1) + '</strong><br><span>' + list[i].file_path + line + '</span><br>' +
244-
'<span class="issue-information">' +
245-
'<small>' +
246-
list[i].match_result + ' => ' + list[i].commit_time +
247-
'</small>' +
248-
'</span>' +
249-
'</li>';
250-
251271
}
272+
}
273+
var line = '';
274+
if (list[i].line_number !== 0) {
275+
line = ':' + list[i].line_number;
276+
}
277+
list_html = list_html + '<li data-id="' + (i + 1) + '" class=" " data-start="1" data-line="1">' +
278+
'<strong>MVE-' + (i + 1) + '</strong><br><span>' + list[i].file_path + line + '</span><br>' +
279+
'<span class="issue-information">' +
280+
'<small>' +
281+
' => ' + list[i].commit_time +
282+
'</small>' +
283+
'</span>' +
284+
'</li>';
285+
}
286+
if (list_html.length === 0) {
287+
$(".vulnerabilities_list").html('<li><h3 style="text-align: center;margin: 200px auto;">Wow, no vulnerability was detected :)</h3></li>');
288+
} else {
289+
$('.vulnerabilities_list').html(list_html);
290+
}
252291

253-
$('.vulnerabilities_list').html(list_html);
254-
255-
// current vulnerability
256-
var vid = getParameterByName('vid');
257-
if (vid !== null && vid > 0) {
258-
vulnerabilities_list.detail(vid);
259-
}
292+
// current vulnerability
293+
var vid = getParameterByName('vid');
294+
if (vid !== null && vid > 0) {
295+
vulnerabilities_list.detail(vid);
296+
}
260297

261-
// vulnerabilities list detail
262-
$('.vulnerabilities_list li').off('click').on('click', function () {
263-
// loading
264-
$('.CodeMirror').prepend($('.cm-loading').show().get(0));
298+
// vulnerabilities list detail
299+
$('.vulnerabilities_list li').off('click').on('click', function () {
300+
// loading
301+
$('.CodeMirror').prepend($('.cm-loading').show().get(0));
265302

266-
vulnerabilities_list.vid = $(this).attr('data-id');
267-
vulnerabilities_list.pushState();
303+
vulnerabilities_list.vid = $(this).attr('data-id');
304+
vulnerabilities_list.pushState();
268305

269-
vulnerabilities_list.detail(vulnerabilities_list.vid);
270-
});
271-
}
272-
} else {
273-
$(".vulnerabilities_list").html('<li><h3 style="text-align: center;margin: 200px auto;">The project is deprecated :(</h3></li>');
274-
}
306+
vulnerabilities_list.detail(vulnerabilities_list.vid);
307+
});
275308
},
276309
trigger_filter: function () {
277310
if ($(".filter").is(":visible") === true) {

cobra/templates/result.html

Lines changed: 6 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@
5757
<div class="col-xs-12">
5858
<div class="invoice-title">
5959
<h2>Cobra</h2>
60+
<h3 class="pull-right">{{ project_name }}</h3>
6061
</div>
6162
<hr>
6263
<ul class="nav nav-tabs">
@@ -73,10 +74,10 @@ <h2>Cobra</h2>
7374
<div class="filter">
7475
<div class="col-md-12" style="margin-top: 10px">
7576
<label for="search_target" style="color: #aaaaaa;">Target</label>
76-
<select id="search_target" class="form-control" style="height: 30px;">
77+
<select id="search_target" class="form-control" style="height: 30px;" onchange="self.location.href=options[selectedIndex].value">
7778
<option value="all">All</option>
7879
{% for target in target_filter %}
79-
<option value="{{ target }}">{{ target }}</option>
80+
<option value="./{{ target }}">{{ target_filter.get(target) }}</option>
8081
{% endfor %}
8182
</select>
8283
</div>
@@ -85,14 +86,15 @@ <h2>Cobra</h2>
8586
<select id="search_rule" class="form-control" style="height: 30px;">
8687
<option value="all">All</option>
8788
{% for rule in rule_filter %}
88-
<option value="{{ rule }}">{{ rule }}</option>
89+
<option value="{{ rule }}">{{ rule_filter.get(rule) }}</option>
8990
{% endfor %}
9091
</select>
9192
</div>
9293
<div class="col-md-12" style="margin-top: 10px;">
9394
<label for="search_level" style="color: #aaaaaa;">Level</label>
9495
<select id="search_level" class="form-control" style="height: 30px;">
9596
<option value="all">All</option>
97+
<option value="4">Critical</option>
9698
<option value="3">High</option>
9799
<option value="2">Medium</option>
98100
<option value="1">Low</option>
@@ -123,14 +125,7 @@ <h2>Cobra</h2>
123125
alt="Commit Time"> <span class="commit-time"></span>
124126
</li>
125127
<li>
126-
Status: <span class="v-status"></span> (<span class="v-repair"></span>)
127-
</li>
128-
<li>
129-
Level: <span class="v-level"></span> <span class="v-type"></span> - <span class="v-rule"></span> By
130-
<span class="v-rule-author"></span>
131-
</li>
132-
<li>
133-
Repair AT: <span class="v-repair-time"></span> Repair: <span class="v-repair-description"></span>
128+
Level: <span class="v-level"></span> <span class="v-type"></span><span class="v-rule"></span>
134129
</li>
135130
<li class="hidden">
136131
Score: <span></span> CWE: <span></span> OWASP Top10: <span></span> SANA 25 Rank: <span></span> Bounty:

docs/api.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,4 +22,16 @@ curl -H "Content-Type: application/json" -X POST -d '{"key":"your_secret_key","s
2222
## 查询扫描报告
2323
```bash
2424
curl -H "Content-Type: application/json" -X POST -d '{"key":"your_secret_key","task_id": "your_task_id"}' http://127.0.0.1/api/report
25+
```
26+
27+
# Web 报告页
28+
29+
## 任务汇总报告
30+
```
31+
http://127.0.0.1/?sid=afbe69p7dxva
32+
```
33+
34+
## 扫描详情报告
35+
```
36+
http://127.0.0.1/report/afbe69p7dxva/sfbe69plo5qs
2537
```

0 commit comments

Comments
 (0)