Skip to content
This repository was archived by the owner on Nov 28, 2023. It is now read-only.

Commit e61b64e

Browse files
40huo40huo
committed
refine filter in result page
1 parent df0767b commit e61b64e

File tree

3 files changed

+110
-74
lines changed

3 files changed

+110
-74
lines changed

cobra/api.py

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -188,7 +188,7 @@ def summary():
188188
total_targets_number = len(scan_list)
189189
total_vul_number, critical_vul_number, high_vul_number , medium_vul_number, low_vul_number = 0, 0, 0, 0, 0
190190
rule_filter = dict()
191-
for s_sid in scan_list:
191+
for s_sid in scan_list.keys():
192192
s_sid_file = os.path.join(running_path, '{sid}_data'.format(sid=s_sid))
193193
with open(s_sid_file, 'r') as f:
194194
s_sid_data = json.load(f)
@@ -236,12 +236,21 @@ def report(a_sid, s_sid):
236236
with open(scan_list_file, 'r') as f:
237237
scan_list = json.load(f).get('sids')
238238

239+
project_name = scan_list.get(s_sid).split('/')[-1].replace('.git', '')
240+
241+
rule_filter = dict()
242+
for vul in scan_data.get('vulnerabilities'):
243+
rule_filter[vul.get('id')] = vul.get('rule_name')
244+
239245
with open(os.path.join(os.path.dirname(__file__), 'templates/asset/js/report.js')) as f:
240246
report_js = f.read()
241247

242248
return render_template(template_name_or_list='result.html',
243249
scan_data=json.dumps(scan_data, ensure_ascii=False),
244-
report_js=report_js)
250+
report_js=report_js,
251+
target_filter=scan_list,
252+
project_name=project_name,
253+
rule_filter=rule_filter)
245254

246255

247256
def key_verify(data):

cobra/templates/asset/js/report.js

Lines changed: 94 additions & 69 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,8 @@ $(function () {
2727
// filter submit button
2828
$('.filter_btn').on('click', function () {
2929
vulnerabilities_list.page = 1;
30-
vulnerabilities_list.get(true);
30+
vulnerabilities_list.pushState();
31+
vulnerabilities_list.get();
3132
vulnerabilities_list.trigger_filter();
3233
});
3334

@@ -61,12 +62,13 @@ $(function () {
6162
$('.v-path').text(data.file_path + ':' + data.line_number);
6263
$('.v-id').text('MVE-' + vid);
6364
$('.v-language').text(data.language);
65+
6466
// widget
6567
function init_widget() {
6668
var lis = $('.widget-trigger li');
6769
$('.commit-author').text('@' + data.commit_author);
6870
$('.commit-time').text('@' + data.commit_time);
69-
if (9<= data.level && data.level<= 10) {
71+
if (9 <= data.level && data.level <= 10) {
7072
$('.v-level').text('Critical');
7173
} else if (6 <= data.level && data.level <= 8) {
7274
$('.v-level').text('High');
@@ -202,84 +204,107 @@ $(function () {
202204
evt.stopPropagation();
203205
});
204206
}
205-
if ($("input[name=need_scan]").val() !== "False") {
206-
// Search vulnerability type
207-
if (on_filter === false || typeof on_filter === 'undefined') {
208-
var svt = getParameterByName('svt');
209-
if (svt !== null && svt > 0) {
210-
$('#search_vul_type').val(svt);
211-
}
212-
// Search rule
213-
var sr = getParameterByName('sr');
214-
if (sr !== null && sr > 0) {
215-
$('#search_rule').val(sr);
216-
}
217-
// Search level
218-
var sl = getParameterByName('sl');
219-
if (sl !== null && sl > 0) {
220-
$('#search_level').val(sl);
221-
}
222-
// Search target
223-
var st = getParameterByName('st');
224-
if (st !== null && st > 0) {
225-
$('#search_task').val(st);
226-
}
227-
// Search status
228-
var ss = getParameterByName('ss');
229-
if (ss !== null && ss > 0) {
230-
$('#search_status').val(ss);
231-
}
207+
// Search vulnerability type
208+
if (on_filter === false || typeof on_filter === 'undefined') {
209+
var svt = getParameterByName('svt');
210+
if (svt !== null && svt > 0) {
211+
$('#search_vul_type').val(svt);
212+
}
213+
// Search rule
214+
var sr = getParameterByName('sr');
215+
if (sr !== null && sr > 0) {
216+
$('#search_rule').val(sr);
217+
}
218+
// Search level
219+
var sl = getParameterByName('sl');
220+
if (sl !== null && sl > 0) {
221+
$('#search_level').val(sl);
232222
}
223+
// Search target
224+
var st = getParameterByName('st');
225+
if (st !== null && st > 0) {
226+
$('#search_task').val(st);
227+
}
228+
// Search status
229+
var ss = getParameterByName('ss');
230+
if (ss !== null && ss > 0) {
231+
$('#search_status').val(ss);
232+
}
233+
}
233234

234-
vulnerabilities_list.pushState();
235+
vulnerabilities_list.pushState();
235236

236-
// load vulnerabilities list
237+
// load vulnerabilities list
237238

238-
var list = vul_list_origin.vulnerabilities;
239-
if (list.length === 0) {
240-
$(".vulnerabilities_list").html('<li><h3 style="text-align: center;margin: 200px auto;">Wow, no vulnerability was detected :)</h3></li>');
241-
} else {
242-
var list_html = '';
239+
var list = vul_list_origin.vulnerabilities;
240+
sl = Number(sl);
241+
var list_html = '';
243242

244-
var id = 0;
245-
for (var i = 0; i < list.length; i++) {
246-
var line = '';
247-
if (list[i].line_number !== 0) {
248-
line = ':' + list[i].line_number;
243+
var id = 0;
244+
for (var i = 0; i < list.length; i++) {
245+
// search rule
246+
if (sr !== null && sr > 0) {
247+
if (list[i].id !== sr) {
248+
continue;
249+
}
250+
}
251+
// search level
252+
if (sl !== null && sl > 0) {
253+
if (sl === 4) {
254+
if (list[i].level < 9) {
255+
console.log(sl);
256+
continue;
257+
}
258+
} else if (sl === 3) {
259+
console.log(sl);
260+
if (list[i].level < 6 || list[i].level > 8) {
261+
continue;
262+
}
263+
} else if (sl === 2) {
264+
if (list[i].level < 3 || list[i].level > 5) {
265+
continue;
266+
}
267+
} else if (sl === 1) {
268+
if (list[i].level < 1 || list[i].level > 2) {
269+
continue;
249270
}
250-
list_html = list_html + '<li data-id="' + (i+1) + '" class=" " data-start="1" data-line="1">' +
251-
'<strong>MVE-' + (i+1) + '</strong><br><span>' + list[i].file_path + line + '</span><br>' +
252-
'<span class="issue-information">' +
253-
'<small>' +
254-
list[i].match_result + ' => ' + list[i].commit_time +
255-
'</small>' +
256-
'</span>' +
257-
'</li>';
258-
259271
}
272+
}
273+
var line = '';
274+
if (list[i].line_number !== 0) {
275+
line = ':' + list[i].line_number;
276+
}
277+
list_html = list_html + '<li data-id="' + (i + 1) + '" class=" " data-start="1" data-line="1">' +
278+
'<strong>MVE-' + (i + 1) + '</strong><br><span>' + list[i].file_path + line + '</span><br>' +
279+
'<span class="issue-information">' +
280+
'<small>' +
281+
' => ' + list[i].commit_time +
282+
'</small>' +
283+
'</span>' +
284+
'</li>';
285+
}
286+
if (list_html.length === 0) {
287+
$(".vulnerabilities_list").html('<li><h3 style="text-align: center;margin: 200px auto;">Wow, no vulnerability was detected :)</h3></li>');
288+
} else {
289+
$('.vulnerabilities_list').html(list_html);
290+
}
260291

261-
$('.vulnerabilities_list').html(list_html);
262-
263-
// current vulnerability
264-
var vid = getParameterByName('vid');
265-
if (vid !== null && vid > 0) {
266-
vulnerabilities_list.detail(vid);
267-
}
292+
// current vulnerability
293+
var vid = getParameterByName('vid');
294+
if (vid !== null && vid > 0) {
295+
vulnerabilities_list.detail(vid);
296+
}
268297

269-
// vulnerabilities list detail
270-
$('.vulnerabilities_list li').off('click').on('click', function () {
271-
// loading
272-
$('.CodeMirror').prepend($('.cm-loading').show().get(0));
298+
// vulnerabilities list detail
299+
$('.vulnerabilities_list li').off('click').on('click', function () {
300+
// loading
301+
$('.CodeMirror').prepend($('.cm-loading').show().get(0));
273302

274-
vulnerabilities_list.vid = $(this).attr('data-id');
275-
vulnerabilities_list.pushState();
303+
vulnerabilities_list.vid = $(this).attr('data-id');
304+
vulnerabilities_list.pushState();
276305

277-
vulnerabilities_list.detail(vulnerabilities_list.vid);
278-
});
279-
}
280-
} else {
281-
$(".vulnerabilities_list").html('<li><h3 style="text-align: center;margin: 200px auto;">The project is deprecated :(</h3></li>');
282-
}
306+
vulnerabilities_list.detail(vulnerabilities_list.vid);
307+
});
283308
},
284309
trigger_filter: function () {
285310
if ($(".filter").is(":visible") === true) {

cobra/templates/result.html

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@
5757
<div class="col-xs-12">
5858
<div class="invoice-title">
5959
<h2>Cobra</h2>
60+
<h3 class="pull-right">{{ project_name }}</h3>
6061
</div>
6162
<hr>
6263
<ul class="nav nav-tabs">
@@ -73,10 +74,10 @@ <h2>Cobra</h2>
7374
<div class="filter">
7475
<div class="col-md-12" style="margin-top: 10px">
7576
<label for="search_target" style="color: #aaaaaa;">Target</label>
76-
<select id="search_target" class="form-control" style="height: 30px;">
77+
<select id="search_target" class="form-control" style="height: 30px;" onchange="self.location.href=options[selectedIndex].value">
7778
<option value="all">All</option>
7879
{% for target in target_filter %}
79-
<option value="{{ target }}">{{ target }}</option>
80+
<option value="./{{ target }}">{{ target_filter.get(target) }}</option>
8081
{% endfor %}
8182
</select>
8283
</div>
@@ -85,14 +86,15 @@ <h2>Cobra</h2>
8586
<select id="search_rule" class="form-control" style="height: 30px;">
8687
<option value="all">All</option>
8788
{% for rule in rule_filter %}
88-
<option value="{{ rule }}">{{ rule }}</option>
89+
<option value="{{ rule }}">{{ rule_filter.get(rule) }}</option>
8990
{% endfor %}
9091
</select>
9192
</div>
9293
<div class="col-md-12" style="margin-top: 10px;">
9394
<label for="search_level" style="color: #aaaaaa;">Level</label>
9495
<select id="search_level" class="form-control" style="height: 30px;">
9596
<option value="all">All</option>
97+
<option value="4">Critical</option>
9698
<option value="3">High</option>
9799
<option value="2">Medium</option>
98100
<option value="1">Low</option>

0 commit comments

Comments
 (0)