Skip to content

Commit

Permalink
Merge pull request #207 from LoRexxar/develop
Browse files Browse the repository at this point in the history
KunLun-M 2.6.4
  • Loading branch information
LoRexxar authored Dec 23, 2021
2 parents 976d384 + 2a8aa5b commit d740ff6
Show file tree
Hide file tree
Showing 6 changed files with 80 additions and 39 deletions.
2 changes: 1 addition & 1 deletion core/__version__.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
__issue_page__ = 'https://github.com/LoRexxar/Kunlun-M/issues/new'
__python_version__ = sys.version.split()[0]
__platform__ = platform.platform()
__version__ = '2.6.3'
__version__ = '2.6.4'
__author__ = 'LoRexxar'
__author_email__ = 'LoRexxar@gmail.com'
__license__ = 'MIT License'
Expand Down
15 changes: 8 additions & 7 deletions core/vendors.py
Original file line number Diff line number Diff line change
Expand Up @@ -266,6 +266,7 @@ def check_vendor(self):
f = codecs.open(filepath, 'rb+', encoding='utf-8', errors='ignore')
filecontent = f.read()
f.seek(0, os.SEEK_SET)
savefilepath = filepath.replace(self.target_path, "").replace('\\', '/')

if filename == "requirements.txt":

Expand All @@ -280,7 +281,7 @@ def check_vendor(self):
vendor_version = None

update_and_new_project_vendor(self.project_id, name=vendor_name, version=vendor_version,
language=language)
language=language, ext=savefilepath)

get_and_save_vendor_vuls(self.task_id, vendor_name, vendor_version, language)

Expand All @@ -299,7 +300,7 @@ def check_vendor(self):
vendor_version = vendors_list[vendor].strip()

update_and_new_project_vendor(self.project_id, name=vendor_name, version=vendor_version,
language=language)
language=language, ext=savefilepath)

get_and_save_vendor_vuls(self.task_id, vendor_name, vendor_version, language)

Expand Down Expand Up @@ -328,7 +329,7 @@ def check_vendor(self):
vendor_version = vendor[-1].strip()

update_and_new_project_vendor(self.project_id, name=vendor_name, version=vendor_version,
language=language, ext=go_version)
language=language, ext=savefilepath)

get_and_save_vendor_vuls(self.task_id, vendor_name, vendor_version, language)

Expand Down Expand Up @@ -382,7 +383,7 @@ def check_vendor(self):
ext = "maven"

update_and_new_project_vendor(self.project_id, name=vendor_name, version=vendor_version,
language=language, ext=ext)
language=language, ext=savefilepath)

get_and_save_vendor_vuls(self.task_id, vendor_name, vendor_version, language, ext)

Expand Down Expand Up @@ -416,7 +417,7 @@ def check_vendor(self):

if vendor_name and vendor_version:
update_and_new_project_vendor(self.project_id, name=vendor_name, version=vendor_version,
language=language, ext=ext)
language=language, ext=savefilepath)

get_and_save_vendor_vuls(self.task_id, vendor_name, vendor_version, language, ext)
continue
Expand All @@ -436,7 +437,7 @@ def check_vendor(self):
ext = "{}.{}".format(node_version, "dependencies")

update_and_new_project_vendor(self.project_id, name=dependency, version=vendor_version,
language=language, ext=ext)
language=language, ext=savefilepath)

get_and_save_vendor_vuls(self.task_id, dependency, vendor_version, language, ext)

Expand All @@ -445,7 +446,7 @@ def check_vendor(self):
ext = "{}.{}".format(node_version, "devDependencies")

update_and_new_project_vendor(self.project_id, name=dependency, version=vendor_version,
language=language, ext=ext)
language=language, ext=savefilepath)

get_and_save_vendor_vuls(self.task_id, dependency, vendor_version, language, ext)

Expand Down
39 changes: 25 additions & 14 deletions core/vuln_apis/murphysec.py
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
#!/usr/bin/env python
# encoding: utf-8
'''
"""
@author: LoRexxar
@contact: lorexxar@gmail.com
@file: mofei.py
@time: 2021/9/27 11:47
@desc:
'''
"""

import json
import requests
Expand All @@ -25,7 +25,7 @@ def get_vulns_from_murphysec(language, package_name, version):
"version": version,
"language": language,
"filter":{
"level": "严重|高危|中危"
"level": "严重|高危"
}
}

Expand All @@ -40,37 +40,48 @@ def get_vulns_from_murphysec(language, package_name, version):
if r.status_code == 200:
data = json.loads(r.content)

if data['code'] == 400:
if data["code"] == 400:
logger.warning("[Vendor][Murphysec Scan] QPS limit.")
return result

elif data['code'] == 401:
elif data["code"] == 401:
logger.error("[Vendor][Murphysec Scan] Api Token error.")

else:
vuls = data['data']['vuln_info']
vuls = data["data"]["vuln_info"]

for vul in vuls:
vuln = {}
vuln["vuln_id"] = vul['no']
vuln["title"] = vul['title']
vuln["vuln_id"] = vul["no"]
vuln["title"] = vul["title"]
# reference
urls = []
for u in vul['references']:
for u in vul["references"]:
urls.append(u["url"])

vuln["reference"] = json.dumps(urls)
vuln["description"] = vul['description']
vuln["description"] = """{}
受影响的版本范围: {}
存在危害的相关代码片段:\n {}
""".format(vul["description"], vul["effect"][0]["affected_version"], vul["vuln_code_usage"])

# get cve
cves = [vul['cve_id'], vul['cnvd_id']]
cves = [vul["cve_id"], vul["cnvd_id"]]
vuln["cves"] = json.dumps(cves)
# get severity
vuln["severity"] = int(vul['cvss'])

# 如果非强烈建议修复,则减3分
severity = int(vul["cvss"])
if vul["suggest"] != "强烈建议修复":
severity -= 3

vuln["severity"] = severity

# affected_versions
# affected_versions = []
# for av in vul['effect']:
# affected_versions.append(av['version_end_excluding'])
# for av in vul["effect"]:
# affected_versions.append(av["version_end_excluding"])

vuln["affected_versions"] = [version]

Expand Down
10 changes: 9 additions & 1 deletion docs/changelog.md
Original file line number Diff line number Diff line change
Expand Up @@ -279,4 +279,12 @@
- 修复了在处理同一漏洞多结果的忽略问题
- 修复了deps api的bug @raul17 #192
- 组件扫描添加了墨非api
- 添加了组件搜索功能并完善了相应页面显示内容
- 添加了组件搜索功能并完善了相应页面显示内容
- 2021-12-23
- KunLun-M 2.6.4
- 添加了组件相关数据、数据流相关数据api
- 修复了部分静态页面的显示bug
- 修复了墨非api的部分使用问题
- 删除了tasklog中无意义的数据显示,优化使用体验
- 在组件数据中加入数据来源路径便于检查
- 修复了部分bug#197 #199 #200
41 changes: 26 additions & 15 deletions templates/backend/tasklog.html
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ <h3 class="box-title">Vulnerabilities</h3>
<th>Source</th>
<th>Type</th>
<th>Is Confirm</th>
<th>Operate</th>
</tr>
{% for taskresult in taskresults %}
<tr>
Expand All @@ -62,6 +63,7 @@ <h3 class="box-title">Vulnerabilities</h3>
<span class="label label-success">{{ taskresult.is_unconfirm }}</span>
{% endif %}
</td>
<td><button id="resultdel" type="button" class="btn-shadow dropdown-toggle btn btn-danger" onclick="delVul('{{ taskresult.id }}')">Delete</button></td>

</tr>
<tr>
Expand Down Expand Up @@ -163,21 +165,30 @@ <h3 class="box-title">New Evil Functions</h3>
<script src="{% static 'js/prism.js' %}"></script>

<script>
$(document).ready(function () {
$("#dashboard").removeClass("active menu-open");
$("#dashboard").find("ul li").removeClass("active");
$("#tasks").addClass("menu-open");
$("#tasks").find("ul").find("li#task_list").addClass("active");
$("#tasks").find("ul").css("display","block");

$("button#dlog").click(function () {
location.href="{% url 'backend:debuglog' task.id %}?token={{ visit_token }}";
})

$("button#ddlog").click(function () {
location.href="{% url 'backend:downloadlog' task.id %}?token={{ visit_token }}";
})
});
function delVul(vulid){
$.get("{% url 'dashboard:vul_del' 654321 %}".replace('654321', vulid), function(data){
if(data.code == 200){
location.reload();
}else{
alert(data.message)
}
})
}
$(document).ready(function () {
$("#dashboard").removeClass("active menu-open");
$("#dashboard").find("ul li").removeClass("active");
$("#tasks").addClass("menu-open");
$("#tasks").find("ul").find("li#task_list").addClass("active");
$("#tasks").find("ul").css("display","block");

$("button#dlog").click(function () {
location.href="{% url 'backend:debuglog' task.id %}?token={{ visit_token }}";
})

$("button#ddlog").click(function () {
location.href="{% url 'backend:downloadlog' task.id %}?token={{ visit_token }}";
})
});
</script>


Expand Down
12 changes: 11 additions & 1 deletion web/backend/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ def tasklog(req, task_id):

project_id = get_and_check_scantask_project_id(task_id)

srts = get_and_check_scanresult(task_id).objects.filter(scan_project_id=project_id)
srts = get_and_check_scanresult(task_id).objects.filter(scan_project_id=project_id, is_active=1)
nefs = NewEvilFunc.objects.filter(project_id=project_id)

ResultFlow = get_resultflow_class(task_id)
Expand All @@ -53,6 +53,16 @@ def tasklog(req, task_id):
resultflowdict = {}

for rf in rfs:

# 加入漏洞有效检查,可能已被删除或处理
# 组件漏洞不显示
if rf.node_type == "sca_scan":
continue

r = get_and_check_scanresult(task_id).objects.filter(id=rf.vul_id, is_active=1).first()
if not r:
continue

if rf.vul_id not in resultflowdict:
resultflowdict[rf.vul_id] = {
'id': rf.vul_id,
Expand Down

0 comments on commit d740ff6

Please sign in to comment.