Merge pull request #282 from HXSecurity/header

feature:Add Response header vulnerability merge

Author: Bidaya0

.env

@@ -8,8 +8,8 @@ VUE_APP_ATOM_API = '/atom-webapi'
 
 # target host
 
-# VUE_TARGET_HOST = 'http://192.168.0.64:8000'
-VUE_TARGET_HOST = 'https://iast-test.huoxian.cn'
+VUE_TARGET_HOST = 'http://192.168.0.64:8000'
+# VUE_TARGET_HOST = 'https://iast-test.huoxian.cn'
 # VUE_TARGET_HOST = 'http://52.81.92.214:30485'
 # VUE_TARGET_HOST = 'http://iast.huoxian.cn'
 

src/services/vuln.ts

@@ -148,4 +148,12 @@ export default () =>
     getConfig(type: any): Promise<iResponse> {
       return request.get(`/integration/config/` + type)
     }
+
+    getHeaderVul(params: any): Promise<iResponse> {
+      return request.get(`/header_vul`, { params })
+    }
+
+    deleteHeaderVul(id: any): Promise<iResponse> {
+      return request.delete(`/header_vul/${id}`)
+    }
   })()

src/views/vuln/VulnDetail.vue

@@ -192,7 +192,26 @@
         </div>
         <div class="split-line"></div>
       </template>
-
+      <div class="url-list">
+        <UrlComponent
+          v-for="(url, index) in urls"
+          :key="index"
+          :url="url"
+        ></UrlComponent>
+        <div class="pagination-box">
+          <el-pagination
+            :current-page="headerPage"
+            background
+            :page-sizes="[10, 20, 50, 100]"
+            :page-size="headerPageSize"
+            layout=" prev, pager, next, jumper, sizes, total"
+            :total="total"
+            @size-change="handleSizeChange"
+            @current-change="handleCurrentChange"
+          >
+          </el-pagination>
+        </div>
+      </div>
       <!-- Stain flow vul-->
       <div v-if="vulnObj.graphs.length" class="module-title">污点流图</div>
       <div v-if="vulnObj.graphs.length">
@@ -293,13 +312,16 @@ import qs from 'qs'
 import LinkList from './components/linkList.vue'
 import StacksList from './components/stacksList.vue'
 import Sync from './components/sync.vue'
+import UrlComponent from './components/urlComponent.vue'
+import emitter from '../taint/Emitter'
 
 @Component({
   name: 'VulnDetail',
   components: {
     LinkList,
     StacksList,
     Sync,
+    UrlComponent,
   },
 })
 export default class VulnDetail extends VueBase {
@@ -461,14 +483,20 @@ export default class VulnDetail extends VueBase {
     this.cardIndex = 0
     await this.getStatus()
     await this.getVulnDetail()
+    await this.getUrls()
     this.syncInfo = {
       id: this.$route.params.id,
     }
   }
   async created() {
+    emitter.on('getUrls', this.getUrls)
     this.init()
   }
 
+  async beforeDestroy() {
+    emitter.off('getUrls', this.getUrls)
+  }
+
   private goToPoolDetail() {
     if (this.vulnObj.vul.method_pool_id) {
       const { href } = this.$router.resolve({
@@ -913,6 +941,33 @@ export default class VulnDetail extends VueBase {
     return className
   }
 
+  private urls: any = []
+  private headerPage = 1
+  private headerPageSize = 10
+  async getUrls() {
+    const res = await this.services.vuln.getHeaderVul({
+      page: this.headerPage,
+      page_size: this.headerPageSize,
+      vul_id: this.selectedId,
+    })
+    if (res.status === 201) {
+      this.urls = res.data
+      this.total = res.page.alltotal
+    } else {
+      this.$message.error(res.msg)
+    }
+  }
+
+  handleSizeChange(val: number) {
+    this.headerPageSize = val
+    this.getUrls()
+  }
+
+  handleCurrentChange(val: number) {
+    this.headerPage = val
+    this.getUrls()
+  }
+
   // exportVul() {
   //   var projectName = this.vulnObj.vul.project_name
   //   request
@@ -990,6 +1045,12 @@ export default class VulnDetail extends VueBase {
   font-size: 14px;
 }
 
+.pagination-box {
+  padding-top: 12px;
+  display: flex;
+  justify-content: flex-end;
+}
+
 .fixed-warp {
   position: fixed;
   top: 0;
@@ -1121,7 +1182,7 @@ export default class VulnDetail extends VueBase {
     border: 1px solid #e6e9ec;
     border-radius: 2px;
     background: #fff;
-    ::v-deeptt {
+    ::v-deep(tt) {
       color: red !important;
       font-style: normal !important;
     }

src/views/vuln/components/urlComponent.vue

@@ -0,0 +1,177 @@
+<template>
+  <div class="url">
+    <div class="top">
+      <div class="title">
+        {{ url.url }}
+      </div>
+      <div class="btn">
+        <span>
+          <i class="el-icon-delete-solid" @click="deleteHeaderVul"></i>
+        </span>
+        <span v-if="show" @click="show = !show">
+          <span>
+            <i class="el-icon-caret-top"></i>
+          </span>
+        </span>
+        <span v-else @click="show = !show">
+          <span>
+            <i class="el-icon-caret-bottom"></i>
+          </span>
+        </span>
+      </div>
+    </div>
+    <div v-show="show" class="bottom">
+      <div class="selectForm">
+        <div>
+          <div
+            v-for="item in httpOptions"
+            :key="item.value"
+            class="select-item"
+            :class="item.value === state && 'active'"
+            @click="state = item.value"
+          >
+            {{ item.label }}
+          </div>
+        </div>
+
+        <div class="replay-box">
+          <!-- <div class="replay-btn" @click="goToPoolDetail">
+            <i class="iconfont icon" style="margin-right: 4px; font-size: 12px"
+              >&#xe6b3;</i
+            >请求重放
+          </div> -->
+          <el-select
+            v-model="requsetIndex"
+            class="request-select"
+            size="small"
+            @change="changeRequest"
+          >
+            <el-option
+              v-for="(request, key) in url.details"
+              :key="key"
+              :value="key"
+              :label="request.agent_name"
+            ></el-option>
+          </el-select>
+        </div>
+      </div>
+      <div v-show="state === 1" class="markdownContent httpRequest">
+        <MyMarkdownIt :content="req_md" style="color: #747c8c"></MyMarkdownIt>
+      </div>
+      <div v-show="state === 0" class="markdownContent httpRequest">
+        <MyMarkdownIt :content="res_md" style="color: #747c8c"></MyMarkdownIt>
+      </div>
+    </div>
+  </div>
+</template>
+
+<script lang="ts">
+import { Prop, Component } from 'vue-property-decorator'
+import VueBase from '@/VueBase'
+import emitter from '@/views/taint/Emitter'
+
+@Component({ name: 'UrlComponent' })
+export default class LinkList extends VueBase {
+  @Prop() url: any
+
+  private state = 1
+  private httpOptions = [
+    { value: 1, label: '请求' },
+    { value: 0, label: '响应' },
+  ]
+
+  private requsetIndex = 0
+  private req_md = ''
+  private res_md = ''
+
+  private changeRequest(e: any) {
+    this.requsetIndex = e
+    this.req_md = this.url.details[e].req_header
+    this.res_md = this.url.details[e].res_header
+  }
+
+  private show = false
+
+  private async deleteHeaderVul() {
+    this.$confirm('确定删除该URL吗？', '提示', {
+      confirmButtonText: '确定',
+      cancelButtonText: '取消',
+      type: 'warning',
+    })
+      .then(async () => {
+        const res = await this.services.vuln.deleteHeaderVul(this.url.id)
+        if (res.status === 201) {
+          this.$message.success('删除成功')
+          emitter.emit('getUrls')
+        } else {
+          this.$message.error('删除失败')
+        }
+      })
+      .catch(() => {
+        return false
+      })
+  }
+
+  created() {
+    this.req_md = this.url.details[this.requsetIndex].req_header
+    this.res_md = this.url.details[this.requsetIndex].res_header
+  }
+}
+</script>
+
+<style scoped lang="scss">
+.url {
+  .top {
+    padding: 12px 8px;
+    border-top: 1px solid #e6e9ec;
+    display: flex;
+    justify-content: space-between;
+    .btn {
+      span {
+        margin-left: 8px;
+        cursor: pointer;
+      }
+    }
+  }
+  .bottom {
+    .selectForm {
+      display: flex;
+      padding: 16px 0 0 0;
+      justify-content: space-between;
+      .select-item {
+        display: inline-block;
+        font-size: 14px;
+        font-weight: 500;
+        color: #959fb4;
+        text-align: center;
+        line-height: 32px;
+        cursor: pointer;
+        width: 60px;
+        height: 32px;
+        border-radius: 32px;
+      }
+      .select-item.active {
+        color: #1a80f2;
+        background: #f6f8fa;
+      }
+      .request-select {
+        width: 364px;
+      }
+    }
+    .markdownContent {
+      height: 196px;
+      overflow-y: auto;
+      margin-top: 16px;
+      padding: 6px;
+      /* 分隔线 */
+      border: 1px solid #e6e9ec;
+      border-radius: 2px;
+      background: #fff;
+      ::v-deep(tt) {
+        color: red !important;
+        font-style: normal !important;
+      }
+    }
+  }
+}
+</style>

src/views/vuln/components/vulnCard.vue

@@ -29,18 +29,49 @@
         :get-table-data="getTableData"
         :source_type="1"
       ></Sync>
-      <div class="top-stack">
-        <i class="iconfont iconyuandianzhong"></i>
-        <span>
-          {{ item.top_stack }}
-        </span>
-      </div>
-      <div class="bottom-stack">
-        <i class="iconfont iconyuandianzhong"></i>
-        <span>
-          {{ item.bottom_stack }}
-        </span>
-      </div>
+      <template v-if="item.is_header_vul">
+        <div style="height: 120px; margin-top: 18px">
+          <div
+            v-for="(header_vul_url, index) in item.header_vul_urls.slice(0, 3)"
+            :key="index"
+            class="header-vul-url"
+          >
+            {{ header_vul_url.url }}
+          </div>
+          <el-tooltip
+            class="item"
+            effect="dark"
+            placement="top-start"
+            :disabled="item.header_vul_urls.length <= 2"
+          >
+            <template #content>
+              <div style="max-height: 200px; overflow: auto">
+                <div
+                  v-for="(header_vul_url, index) in item.header_vul_urls"
+                  :key="index"
+                >
+                  {{ header_vul_url.url }}
+                </div>
+              </div>
+            </template>
+            <span>更多</span>
+          </el-tooltip>
+        </div>
+      </template>
+      <template v-else>
+        <div class="top-stack">
+          <i class="iconfont iconyuandianzhong"></i>
+          <span>
+            {{ item.top_stack }}
+          </span>
+        </div>
+        <div class="bottom-stack">
+          <i class="iconfont iconyuandianzhong"></i>
+          <span>
+            {{ item.bottom_stack }}
+          </span>
+        </div>
+      </template>
 
       <div class="infoLine flex-row-space-between">
         <div class="flex-row-space-between" style="width: 60%">
@@ -283,6 +314,10 @@ export default class VulnList extends VueBase {
   .card-content {
     padding: 0 12px;
     position: relative;
+    .header-vul-url {
+      color: #666;
+      margin-bottom: 12px;
+    }
     .top-stack {
       margin-top: 18px;
       position: relative;