Merge pull request #1844 from HXSecurity/beta

Beta

Author: Bidaya0

deploy/commands/management/commands/load_hook_strategy.py

@@ -26,7 +26,7 @@ def handle(self, *args, **options):
         with open(os.path.join(POLICY_DIR, "vul_strategy.json")) as fp:
             full_strategies = json.load(fp, object_pairs_hook=OrderedDict)
         if os.path.exists(os.path.join(POLICY_DIR, "sensitive_info_strategy.json")):
-            with open(os.path.exists(os.path.join(POLICY_DIR, "sensitive_info_strategy.json"))) as fp:
+            with open(os.path.join(POLICY_DIR, "sensitive_info_strategy.json")) as fp:
                 full_strategies.extend(json.load(fp, object_pairs_hook=OrderedDict))
         strategy_dict = {}
         for strategy in full_strategies:
@@ -115,6 +115,8 @@ def handle(self, *args, **options):
                 hooktype_obj.save()
                 hooktype_dict[f"{hook_type['value']}-{hook_type['type']}"] = hooktype_obj
 
+            HookStrategy.objects.filter(language_id=v, system_type=1, modified=False).delete()
+            HookStrategy.objects.filter(language_id=v, system_type=1).update(system_type=0)
             with open(os.path.join(POLICY_DIR, f"{k.lower()}_full_policy.json")) as fp:
                 full_policy = json.load(fp, object_pairs_hook=OrderedDict)
             for policy in full_policy:
@@ -124,18 +126,16 @@ def handle(self, *args, **options):
                     policy_strategy = strategy_dict[policy["value"]]
                     for hook_strategy in policy["details"]:
                         if HookStrategy.objects.filter(
-                            value=hook_strategy["value"], type=hook_strategy["type"], language_id=v, system_type=1
-                        ).exists():
-                            # 如果已经存在规则,跳过创建
-                            continue
-                        if HookStrategy.objects.filter(
-                            value=hook_strategy["value"], type=hook_strategy["type"], language_id=v, system_type=0
+                            value=hook_strategy["value"], type=hook_strategy["type"], language_id=v
                         ):
-                            # 如果已经存在用户自定义规则,设置为系统规则,跳过创建
+                            # 如果已经存在规则,设置为系统规则,跳过创建
                             hook_strategy_obj = HookStrategy.objects.filter(
-                                value=hook_strategy["value"], type=hook_strategy["type"], language_id=v, system_type=0
+                                value=hook_strategy["value"],
+                                type=hook_strategy["type"],
+                                language_id=v,
                             ).get()
                             hook_strategy_obj.system_type = 1
+                            hook_strategy_obj.modified = True
                             hook_strategy_obj.save()
                             continue
                         del hook_strategy["language"]
@@ -147,18 +147,16 @@ def handle(self, *args, **options):
                     policy_hook_type = hooktype_dict[f"{policy['value']}-{policy['type']}"]
                     for hook_strategy in policy["details"]:
                         if HookStrategy.objects.filter(
-                            value=hook_strategy["value"], type=hook_strategy["type"], language_id=v, system_type=1
-                        ).exists():
-                            # 如果已经存在规则,跳过创建
-                            continue
-                        if HookStrategy.objects.filter(
-                            value=hook_strategy["value"], type=hook_strategy["type"], language_id=v, system_type=0
+                            value=hook_strategy["value"],
+                            type=hook_strategy["type"],
+                            language_id=v,
                         ):
-                            # 如果已经存在用户自定义规则,设置为系统规则,跳过创建
+                            # 如果已经存在规则,设置为系统规则,跳过创建
                             hook_strategy_obj = HookStrategy.objects.filter(
-                                value=hook_strategy["value"], type=hook_strategy["type"], language_id=v, system_type=0
+                                value=hook_strategy["value"], type=hook_strategy["type"], language_id=v
                             ).get()
                             hook_strategy_obj.system_type = 1
+                            hook_strategy_obj.modified = True
                             hook_strategy_obj.save()
                             continue
                         del hook_strategy["language"]

dongtai_common/migrations/0026_auto_20230918_1413.py

@@ -0,0 +1,98 @@
+# Generated by Django 3.2.20 on 2023-09-18 14:13
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("dongtai_common", "0025_alter_iastagentrequestchainstopographvec_unique_together"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="affected_versions",
+            field=models.JSONField(help_text="影响版本"),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="change_time",
+            field=models.IntegerField(help_text="修改时间"),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="create_time",
+            field=models.IntegerField(help_text="创建时间"),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="level",
+            field=models.IntegerField(
+                blank=True,
+                choices=[(4, "严重"), (3, "高危"), (2, "中危"), (1, "低危"), (0, "无风险")],
+                db_column="level_id",
+                default=1,
+                help_text="漏洞等级",
+            ),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="published_time",
+            field=models.IntegerField(help_text="发布时间"),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="references",
+            field=models.JSONField(default=list, help_text="引用文章"),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="unaffected_versions",
+            field=models.JSONField(help_text="不影响版本"),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="update_time",
+            field=models.IntegerField(help_text="更新时间"),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="vul_codes",
+            field=models.JSONField(help_text="漏洞编号"),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="vul_detail",
+            field=models.TextField(help_text="漏洞详情"),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="vul_detail_zh",
+            field=models.TextField(blank=True, help_text="漏洞详情(中文)"),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="vul_id",
+            field=models.CharField(blank=True, help_text="漏洞id", max_length=255, unique=True),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="vul_name",
+            field=models.CharField(blank=True, help_text="漏洞名", max_length=255),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="vul_name_zh",
+            field=models.CharField(blank=True, help_text="漏洞名(中文)", max_length=255),
+        ),
+        migrations.AlterField(
+            model_name="iastassetvulv2",
+            name="vul_type",
+            field=models.JSONField(help_text="漏洞类型"),
+        ),
+        migrations.AlterField(
+            model_name="iastsensitiveinforule",
+            name="pattern",
+            field=models.TextField(default=""),
+        ),
+    ]

dongtai_common/migrations/0027_auto_20230919_1233.py

@@ -0,0 +1,209 @@
+# Generated by Django 3.2.20 on 2023-09-19 12:33
+
+from django.db import migrations
+
+
+def update_admin_role(apps, schema_editor):
+    IastRoleV2 = apps.get_model("dongtai_common", "IastRoleV2")
+
+    new_admin_permission = {
+        "routes": [
+            "dashboard",
+            "Dashboard",
+            "deployment",
+            "deploy",
+            "project",
+            "projectManage",
+            "vulnList",
+            "scaList",
+            "agentManage",
+            "scanList",
+            "integrationManagement",
+            "strategyBox",
+            "strategyManage",
+            "templateManage",
+            "hookRule",
+            "sensitiveManage",
+            "projectTemplate",
+            "systemSettings",
+            "search",
+            "center",
+            "reportCenter",
+            "vulnSharing",
+            "links",
+            "authority",
+            "roleSetting",
+            "team",
+            "account",
+            "license",
+            "changeLogo",
+            "logManage",
+            "about",
+        ],
+        "buttons": [
+            {"id": 1, "label": "新增项目"},
+            {"id": 2, "label": "删除项目"},
+            {"id": 3, "label": "编辑项目"},
+            {"id": 4, "label": "生成报告"},
+            {"id": 5, "label": "删除漏洞"},
+            {"id": 6, "label": "关联漏洞"},
+            {"id": 7, "label": "漏洞分享"},
+            {"id": 8, "label": "状态变更"},
+            {"id": 9, "label": "集成同步"},
+            {"id": 58, "label": "下载调用链"},
+            {"id": 59, "label": "请求重放"},
+            {"id": 10, "label": "组件分享"},
+            {"id": 11, "label": "启用"},
+            {"id": 12, "label": "暂停"},
+            {"id": 13, "label": "导出日志"},
+            {"id": 14, "label": "批量升级"},
+            {"id": 15, "label": "主动验证"},
+            {"id": 16, "label": "熔断配置"},
+            {"id": 17, "label": "IDE 插件"},
+            {"id": 18, "label": "CI/CD 集成"},
+            {"id": 19, "label": "缺陷管理"},
+            {"id": 20, "label": "消息通知"},
+            {"id": 21, "label": "其他"},
+            {"id": 22, "label": "新增策略"},
+            {"id": 23, "label": "编辑策略"},
+            {"id": 24, "label": "删除策略"},
+            {"id": 25, "label": "修改状态"},
+            {"id": 26, "label": "新增模版"},
+            {"id": 27, "label": "编辑模版"},
+            {"id": 28, "label": "删除模版"},
+            {"id": 29, "label": "修改状态"},
+            {"id": 30, "label": "添加规则类型"},
+            {"id": 31, "label": "添加规则"},
+            {"id": 32, "label": "删除规则"},
+            {"id": 33, "label": "修改状态"},
+            {"id": 34, "label": "全部启用"},
+            {"id": 35, "label": "全部禁用"},
+            {"id": 36, "label": "全部删除"},
+            {"id": 37, "label": "新增规则"},
+            {"id": 38, "label": "编辑规则"},
+            {"id": 39, "label": "删除规则"},
+            {"id": 40, "label": "修改状态"},
+            {"id": 41, "label": "新增配置"},
+            {"id": 42, "label": "编辑模版"},
+            {"id": 57, "label": "删除模版"},
+            {"id": 43, "label": "只读"},
+            {"id": 44, "label": "修改"},
+            {"id": 45, "label": "新增角色"},
+            {"id": 46, "label": "删除角色"},
+            {"id": 47, "label": "编辑角色"},
+            {"id": 48, "label": "新增项目组"},
+            {"id": 49, "label": "删除项目组"},
+            {"id": 50, "label": "编辑项目组"},
+            {"id": 51, "label": "查看详情"},
+            {"id": 52, "label": "新增账号"},
+            {"id": 53, "label": "删除账号"},
+            {"id": 54, "label": "编辑账号"},
+            {"id": 55, "label": "查看详情"},
+            {"id": 56, "label": "消息通知"},
+        ],
+    }
+    new_user_permission = {
+        "routes": [
+            "dashboard",
+            "Dashboard",
+            "deployment",
+            "deploy",
+            "project",
+            "projectManage",
+            "vulnList",
+            "scaList",
+            "agentManage",
+            "scanList",
+            "integrationManagement",
+            "strategyBox",
+            "strategyManage",
+            "templateManage",
+            "hookRule",
+            "sensitiveManage",
+            "projectTemplate",
+            "systemSettings",
+            "search",
+            "center",
+            "reportCenter",
+            "vulnSharing",
+            "links",
+            "authority",
+            "roleSetting",
+            "team",
+            "account",
+            "license",
+            "changeLogo",
+            "logManage",
+            "about",
+        ],
+        "buttons": [
+            {"id": 1, "label": "新增项目"},
+            {"id": 2, "label": "删除项目"},
+            {"id": 3, "label": "编辑项目"},
+            {"id": 4, "label": "生成报告"},
+            {"id": 5, "label": "删除漏洞"},
+            {"id": 6, "label": "关联漏洞"},
+            {"id": 7, "label": "漏洞分享"},
+            {"id": 8, "label": "状态变更"},
+            {"id": 9, "label": "集成同步"},
+            {"id": 58, "label": "下载调用链"},
+            {"id": 10, "label": "组件分享"},
+            {"id": 11, "label": "启用"},
+            {"id": 12, "label": "暂停"},
+            {"id": 13, "label": "导出日志"},
+            {"id": 14, "label": "批量升级"},
+            {"id": 15, "label": "主动验证"},
+            {"id": 16, "label": "熔断配置"},
+            {"id": 17, "label": "IDE 插件"},
+            {"id": 18, "label": "CI/CD 集成"},
+            {"id": 19, "label": "缺陷管理"},
+            {"id": 20, "label": "消息通知"},
+            {"id": 21, "label": "其他"},
+            {"id": 22, "label": "新增策略"},
+            {"id": 23, "label": "编辑策略"},
+            {"id": 24, "label": "删除策略"},
+            {"id": 25, "label": "修改状态"},
+            {"id": 26, "label": "新增模版"},
+            {"id": 27, "label": "编辑模版"},
+            {"id": 28, "label": "删除模版"},
+            {"id": 29, "label": "修改状态"},
+            {"id": 30, "label": "添加规则类型"},
+            {"id": 31, "label": "添加规则"},
+            {"id": 32, "label": "删除规则"},
+            {"id": 33, "label": "修改状态"},
+            {"id": 34, "label": "全部启用"},
+            {"id": 35, "label": "全部禁用"},
+            {"id": 36, "label": "全部删除"},
+            {"id": 37, "label": "新增规则"},
+            {"id": 38, "label": "编辑规则"},
+            {"id": 39, "label": "删除规则"},
+            {"id": 40, "label": "修改状态"},
+            {"id": 41, "label": "新增配置"},
+            {"id": 42, "label": "编辑模版"},
+            {"id": 57, "label": "删除模版"},
+            {"id": 43, "label": "只读"},
+            {"id": 44, "label": "修改"},
+            {"id": 45, "label": "新增角色"},
+            {"id": 46, "label": "删除角色"},
+            {"id": 47, "label": "编辑角色"},
+            {"id": 48, "label": "新增项目组"},
+            {"id": 49, "label": "删除项目组"},
+            {"id": 50, "label": "编辑项目组"},
+            {"id": 51, "label": "查看详情"},
+            {"id": 52, "label": "新增账号"},
+            {"id": 53, "label": "删除账号"},
+            {"id": 54, "label": "编辑账号"},
+            {"id": 55, "label": "查看详情"},
+            {"id": 56, "label": "消息通知"},
+        ],
+    }
+    IastRoleV2.object.filter(name="管理员", is_admin=True).update(permission=new_admin_permission)
+    IastRoleV2.object.filter(name="普通用户", is_admin=True).update(permission=new_user_permission)
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("dongtai_common", "0026_auto_20230918_1413"),
+    ]
+
+    operations = []

dongtai_common/migrations/0028_hookstrategy_modified.py

@@ -0,0 +1,17 @@
+# Generated by Django 3.2.20 on 2023-09-19 20:06
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("dongtai_common", "0027_auto_20230919_1233"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="hookstrategy",
+            name="modified",
+            field=models.BooleanField(default=False),
+        ),
+    ]