Merge pull request #332 from HXSecurity/beta

Release 1.10.0

Author: Bidaya0

src/config/lang/en.ts

@@ -213,6 +213,11 @@ export default {
       entryNamePlaceholder: 'Please enter the project name',
       projectTemplate: 'Template',
       projectTemplatePlaceholder: 'Please Select',
+      openLog: 'Open Log',
+      openLogPlaceholder: 'Please Select',
+      logLevel: 'Log Level',
+      logLevelPlaceholder: 'Please Select',
+      addLogSet: 'Add Log Set',
       projectVersion: 'Version',
       department: 'Department',
       begin: 'Select a language and start the installation',
@@ -455,6 +460,8 @@ export default {
       dangerType: 'Sink Rules',
       enterType: 'Entry Method Rules',
       searchDesc: 'Find rule details',
+      ignoreInternal: 'Ignore Internal',
+      ignoreBlacklist: 'Ignore Blacklist'
     },
     login: {
       title: 'User login',
@@ -928,6 +935,7 @@ export default {
       token: 'Access Token',
       department: 'Department',
       departmentPlaceholder: 'Please select a department',
+      templatePlaceholder: 'Please select a template',
       tokenDesc:
         'Configure the access credentials of the current project for permission processing in the automatic scanning function',
       tokenPlaceholder: 'Place enter the access token',

src/config/lang/zh_cn.ts

@@ -224,6 +224,11 @@ export default {
       entryNamePlaceholder: '请输入项目名称',
       projectTemplate: '项目模版',
       projectTemplatePlaceholder: '请选择',
+      openLog: '打开日志',
+      openLogPlaceholder: '请选择',
+      logLevel: '日志级别',
+      logLevelPlaceholder: '请选择',
+      addLogSet: '添加设置',
       projectVersion: '项目版本',
       department: '部门',
       begin: '选择一种语言，开始安装',
@@ -458,6 +463,8 @@ export default {
       dangerType: '危险方法规则',
       enterType: '入口方法规则',
       searchDesc: '查找规则详情',
+      ignoreInternal: '忽略内部实现',
+      ignoreBlacklist: '白名单'
     },
     login: {
       title: '用户登录',
@@ -929,6 +936,7 @@ export default {
       token: '访问凭证',
       department: '部门',
       departmentPlaceholder: '请选择部门',
+      templatePlaceholder: '请选择项目配置',
       tokenDesc: '配置当前项目的访问凭证，用于自动扫描功能中的权限处理',
       tokenPlaceholder: '请输入访问凭证',
       appAddress: '项目地址',

src/services/setting.ts

@@ -68,6 +68,23 @@ export default () =>
     dataCleanTask(params: any): Promise<iResponse> {
       return request.post('/systemmonitor/data_clean/task', params)
     }
+    
+    //获取交叉验证配置
+    getCrossValid(params: any): Promise<iResponse> {
+      return request.get('/dastvul/settings', {
+        params,
+      })
+    }
+    
+    // 更新交叉验证配置
+    updateCrossValid(params: any): Promise<iResponse> {
+      return request.post('/dastvul/settings', params)
+    }
+
+    // 扫描器文档
+    getDocuments(params: any): Promise<iResponse> {
+      return request.get(`/dastvul/settings/doc`, {params})
+    }
 
     agentUninstall(params: any): Promise<iResponse> {
       return request.post('/agent/uninstall', params)
@@ -224,7 +241,9 @@ export default () =>
       rule_target: string
       inherit: string
       track: string
-      language_id: number
+      language_id: number,
+      ignore_blacklist?: boolean,
+      ignore_internal?: boolean
     }): Promise<iResponse> {
       return request.post('/engine/hook/rule/add', params)
     }
@@ -236,7 +255,9 @@ export default () =>
       rule_target: string
       inherit: string
       track: string
-      language_id: number
+      language_id: number,
+      ignore_blacklist?: boolean,
+      ignore_internal?: boolean
     }): Promise<iResponse> {
       return request.post('/engine/hook/rule/modify', params)
     }

src/services/vuln.ts

@@ -122,6 +122,30 @@ export default () =>
       })
     }
 
+    // 获取关联数据
+    getRelationList(params: any): Promise<iResponse>{
+      return request.post(`/dastvul/relationlist`, params)
+    }
+
+    // 获取漏洞类型
+    getVulType(params: any): Promise<iResponse>{
+      return request.get(`/dastvul/vultype`,{
+        params
+      })
+    }
+
+    // 删除关联
+    deleteRelation(params: any): Promise<iResponse> {
+      return request.delete(`/dastvul/relation`, {
+        data: params
+      })
+    }
+
+    // 创建关联
+    addRelation(params: any): Promise<iResponse>{
+      return request.post(`/dastvul/relation`, params)
+    }
+
     // 漏洞删除
     vulnDelete(id: number): Promise<iResponse> {
       return request.post(`/vuln/delete/${id}`)

src/views/project/ProjectEdit.vue

@@ -66,6 +66,39 @@
                 </el-select>
               </div>
             </el-form-item>
+            <el-form-item
+              :label="$t('views.deploy.projectTemplate')"
+              prop="template_id"
+            >
+              <el-select
+                v-model="submitForm.template_id"
+                class="addUserInput"
+                clearable
+                style="width: 390px"
+              >
+                <el-option
+                  v-for="(item, index) in projectList"
+                  :key="index"
+                  :label="item.template_name"
+                  :value="item.id"
+                ></el-option>
+              </el-select>
+            </el-form-item>
+            <el-form-item :label="$t('views.deploy.openLog')" prop="enable_log">
+              <el-select v-model="submitForm.enable_log" clearable :placeholder="$t('views.deploy.openLogPlaceholder')">
+                <el-option label="yes" :value="true" />
+                <el-option label="no" :value="false" />
+              </el-select>
+            </el-form-item>
+            <el-form-item :label="$t('views.deploy.logLevel')" prop="log_level">
+              <el-select v-model="submitForm.log_level" clearable :placeholder="$t('views.deploy.logLevelPlaceholder')">
+                <el-option label="TRACE" value="TRACE" />
+                <el-option label="INFO" value="INFO" />
+                <el-option label="DEBUG" value="DEBUG" />
+                <el-option label="WARN" value="WARN" />
+                <el-option label="ERROR" value="ERROR" />
+              </el-select>
+            </el-form-item>
             <template v-if="!advanced">
               <el-form-item>
                 <span class="advancedSetting" @click="advanced = true">
@@ -242,6 +275,8 @@ import { Form } from 'element-ui'
 export default class ProjectEdit extends VueBase {
   private advanced = false
   private departmentList = []
+  private projectList = []
+  private radio = ''
   private submitForm: {
     name: string
     mode: string
@@ -253,7 +288,10 @@ export default class ProjectEdit extends VueBase {
     base_url: string
     test_req_header_key: string
     test_req_header_value: string
-    department_id: any
+    department_id: any,
+    template_id: any,
+    log_level: any,
+    enable_log: any,
   } = {
     name: '',
     mode: this.$t('views.projectEdit.mode1') as string,
@@ -266,6 +304,9 @@ export default class ProjectEdit extends VueBase {
     test_req_header_key: '',
     test_req_header_value: '',
     department_id: '',
+    template_id: '',
+    log_level: '',
+    enable_log: '',
   }
   private engineList: Array<{
     id: number
@@ -309,6 +350,13 @@ export default class ProjectEdit extends VueBase {
         trigger: 'change',
       },
     ],
+    template_id: [
+      {
+        required: true,
+        message: this.$t('views.projectEdit.templatePlaceholder'),
+        trigger: 'change',
+      },
+    ],
   }
 
   private scanAddDialogOpen = false
@@ -331,9 +379,21 @@ export default class ProjectEdit extends VueBase {
     }
     this.$message.error(res.msg)
   }
+  private async getListProjecttemplat() {
+    const res = await this.services.setting.listProjecttemplat({
+      page: 1,
+      page_size: 100,
+    })
+    if (res.status === 201) {
+      this.projectList = res.data
+      return
+    }
+    this.$message.error(res.msg)
+  }
   async created() {
     await this.getEngineList()
     await this.getListDepartment()
+    await this.getListProjecttemplat()
     await this.strategyUserList()
     if (this.$route.params.pid) {
       await this.projectDetail()
@@ -381,7 +441,9 @@ export default class ProjectEdit extends VueBase {
     this.submitForm.test_req_header_key = data.test_req_header_key
     this.submitForm.test_req_header_value = data.test_req_header_value
     this.submitForm.department_id = data.department_id
-
+    this.submitForm.template_id = data.template_id
+    this.submitForm.enable_log = data.enable_log
+    this.submitForm.log_level = data.log_level
     this.agentChange()
   }
 
@@ -574,7 +636,10 @@ export default class ProjectEdit extends VueBase {
           base_url: string
           test_req_header_key: string
           test_req_header_value: string
-          department_id: any
+          department_id: any,
+          template_id: any,
+          enable_log: any,
+          log_level: any
         } = {
           name: this.submitForm.name,
           mode: this.submitForm.mode,
@@ -591,6 +656,9 @@ export default class ProjectEdit extends VueBase {
           test_req_header_key: this.submitForm.test_req_header_key,
           test_req_header_value: this.submitForm.test_req_header_value,
           department_id: this.submitForm.department_id,
+          template_id: this.submitForm.template_id,
+          enable_log: this.submitForm.enable_log,
+          log_level: this.submitForm.log_level
         }
         if (this.$route.params.pid) {
           params.pid = this.$route.params.pid

src/views/project/VulListComponent.vue

@@ -740,9 +740,15 @@ export default class VulListComponent extends VueBase {
         bind_project_id: Number(this.projectId),
         project_version_id: Number(this.version),
         keywords: this.searchObj.keywords || undefined,
-        project_id: this.searchObj.project_str || undefined,
-        vul_level_id: this.searchObj.level_str || undefined,
-        vul_type: this.searchObj.hook_type_str || undefined,
+        project_id: this.searchObj.project_str.length
+          ? this.searchObj.project_str
+          : undefined,
+        vul_level_id: this.searchObj.level_str.length
+          ? this.searchObj.level_str
+          : undefined,
+        vul_type: this.searchObj.hook_type_str.length
+          ? this.searchObj.hook_type_str
+          : undefined,
         order_type_desc: sort,
       }
     } else {

src/views/sca/ScanDetail.vue

@@ -75,12 +75,18 @@
             <span class="dot">{{ assetVulDetail.dast_tag }}</span>
           </div>
         </div>
-        <!-- <div class="infoLine flex-row-space-between">
+        <div class="infoLine flex-row-space-between">
           <div v-dot class="info">
-            <span class="label"> 漏洞类型： </span>
-            <span>{{ assetVulDetail.vul_type }}</span>
+            <span class="label"> payload： </span>
+            <el-tooltip
+              effect="light"
+              :content="assetVulDetail.payload"
+              placement="top"
+            >
+              <span>{{ assetVulDetail.payload }}</span>
+            </el-tooltip>
           </div>
-        </div> -->
+        </div>
       </div>
       <div class="module-title">漏洞描述</div>
       <div class="vulnDesc">
@@ -133,7 +139,7 @@ export default class VulnDetail extends VueBase {
   fmtTime(time: any) {
     console.log('time', time)
     if (time) {
-      const data = new Date(time).getTime() / 1000
+      const data = new Date(time).getTime()
       return formatTimestamp(data)
     }
     return ''