Merge pull request #1449 from Bidaya0/fix/project_id-in_recognize-ap

Bidaya0 · web-flow · commit 60686001eeba · 2023-05-12T14:58:50.000+08:00
fix: project delete in recognize api .
diff --git a/dongtai_common/utils/stack_recognize.py b/dongtai_common/utils/stack_recognize.py
@@ -89,6 +89,8 @@ def stack_scan(stack: str,
     for rule in extend_black_list:
         stack.startswith(rule)
         return {"stack": stack, "code_belong": "system"}
+    if stack.startswith("org.apache.jsp._"):
+        return {"stack": stack, "code_belong": "user"}
     if trie.prefixes(stack):
         return {"stack": stack, "code_belong": "system"}
     return {"stack": stack, "code_belong": "user"}
diff --git a/dongtai_protocol/report/handler/narmal_vul_handler.py b/dongtai_protocol/report/handler/narmal_vul_handler.py
@@ -157,56 +157,58 @@ def save(self):
             caller_message_linenumber = 0
         full_stack = [[{
             "args":
-                "",
+            "",
             "source":
-                False,
+            False,
             "invokeId":
-                1,
+            1,
             "className":
-                '.'.join(
-                    re.search('.*\\(',
-                              sink_message).group(0).strip('()').split('.')[:-1]),
+            '.'.join(
+                re.search('.*\\(',
+                          sink_message).group(0).strip('()').split('.')[:-1]),
             "signature":
-                sink_message,
+            sink_message,
             "interfaces": [],
             "methodName":
-                re.search('.*\\(',
-                          sink_message).group(0).strip('()').split('.')[-1],
+            re.search('.*\\(',
+                      sink_message).group(0).strip('()').split('.')[-1],
             "sourceHash": [],
             "targetHash": [],
             "callerClass":
-                '.'.join(
-                    re.search(
-                        '.*\\(',
-                        caller_message).group(0).strip('()').split('.')[:-1]),
+            '.'.join(
+                re.search(
+                    '.*\\(',
+                    caller_message).group(0).strip('()').split('.')[:-1]),
             "targetRange": [],
             "callerMethod":
-                re.search('.*\\(',
-                          caller_message).group(0).strip('()').split('.')[-1],
+            re.search('.*\\(',
+                      caller_message).group(0).strip('()').split('.')[-1],
             "retClassName":
-                "",
+            "",
             "sourceValues":
-                "",
+            "",
             "targetValues":
-                "",
+            "",
             "originClassName":
-                '.'.join(
-                    re.search('.*\\(',
-                              sink_message).group(0).strip('()').split('.')[:-1]),
+            '.'.join(
+                re.search('.*\\(',
+                          sink_message).group(0).strip('()').split('.')[:-1]),
             "callerLineNumber":
-                caller_message_linenumber,
+            caller_message_linenumber,
             "sourceHashForRpc": [],
             "targetHashForRpc": [],
             "sourceIsReference":
-                False,
+            False,
             "targetIsReference":
-                False,
+            False,
             "projectPropagatorClose":
-                False,
+            False,
             "tag":
-                "sink",
+            "sink",
             "code":
-                sink_message,
+            sink_message,
+            "stack":
+            self.app_caller,
         }]]
         project_agents = IastAgent.objects.filter(
             project_version_id=self.agent.project_version_id)
diff --git a/dongtai_web/project/recognize_rule.py b/dongtai_web/project/recognize_rule.py
@@ -143,6 +143,8 @@ def update(self, request, pk):
         try:
             if ser.is_valid(True):
                 pass
+            if not pk > 0:
+                return R.failure()
         except ValidationError as e:
             return R.failure(data=e.detail)
         obj = IastRecognizeRule.objects.filter(pk=pk).update(
diff --git a/dongtai_web/views/vul_details.py b/dongtai_web/views/vul_details.py
@@ -286,12 +286,16 @@ def get_vul(self, department):
                 exc_info=e)
             token = ""
 
-        extend_black_list = list(IastRecognizeRule.objects.filter(
-            project_id=project_id,
-            rule_type=RuleTypeChoices.BLACK).values('rule_detail').all())
-        extend_white_list = list(IastRecognizeRule.objects.filter(
-            project_id=project_id,
-            rule_type=RuleTypeChoices.WHITE).values('rule_detail').all())
+        extend_black_list = list(
+            IastRecognizeRule.objects.filter(
+                project_id=project_id,
+                rule_type=RuleTypeChoices.BLACK).values_list('rule_detail',
+                                                             flat=True).all())
+        extend_white_list = list(
+            IastRecognizeRule.objects.filter(
+                project_id=project_id,
+                rule_type=RuleTypeChoices.WHITE).values_list('rule_detail',
+                                                             flat=True).all())
 
         return {
             'url':
