Merge pull request #29 from HXSecurity/develop

Develop

Author: Bidaya0

.github/workflows/build_and_upload_package.yaml

@@ -37,8 +37,19 @@ jobs:
           key-secret: ${{ secrets.OSS_KEY_SECRET }}
           region: oss-cn-beijing
           bucket: huoqi-public
-          asset-path: ./dist/dongtai-0.1.0.tar.gz
-          target-path: /iast/dongtai-test-0.1.0.tar.gz
+          asset-path: ./dist/dongtai-1.0.3.tar.gz
+          target-path: /iast/dongtai-test-1.0.3.tar.gz
+
+      - name: Upload to oss latest
+        id: upload_to_oss_latest
+        uses: tvrcgo/upload-to-oss@master
+        with:
+          key-id: ${{ secrets.OSS_KEY_ID }}
+          key-secret: ${{ secrets.OSS_KEY_SECRET }}
+          region: oss-cn-beijing
+          bucket: huoqi-public
+          asset-path: ./dist/dongtai-1.0.3.tar.gz
+          target-path: /iast/dongtai-test-latest.tar.gz
 
       - name: finish build
         uses: joelwmale/webhook-action@master

dongtai/endpoint/__init__.py

@@ -17,7 +17,7 @@
 from rest_framework.authentication import SessionAuthentication, TokenAuthentication
 from rest_framework.views import APIView
 from rest_framework import status, exceptions
-
+from django.core.paginator import PageNotAnInteger, EmptyPage
 from dongtai.permissions import UserPermission, ScopedPermission, SystemAdminPermission, TalentAdminPermission
 from dongtai.utils import const
 
@@ -140,19 +140,29 @@ def parse_args(self, request):
         pass
 
     @staticmethod
-    def get_paginator(queryset, page=1, page_size=20):
+    def get_paginator(queryset, page: int = 1, page_size: int = 20):
         """
         根据模型集合、页号、每页大小获取分页数据
         :param queryset:
         :param page:
+            It is recommended to set the pagesize below 50,
+            if it exceeds 50, it will be changed to 50
         :param page_size:
         :return:
         """
-        if int(page_size) > 50:
-            page_size = 50
+        page_size = min(50, int(page_size))
+        page = int(page)
         page_info = Paginator(queryset, per_page=page_size)
-        page_summary = {"alltotal": page_info.count, "num_pages": page_info.num_pages, "page_size": page_size}
-        return page_summary, page_info.get_page(page).object_list if page != 0 else []
+        page_summary = {
+            "alltotal": page_info.count,
+            "num_pages": page_info.num_pages,
+            "page_size": page_size
+        }
+        try:
+            page_info.validate_number(page)
+        except (EmptyPage, PageNotAnInteger):
+            return page_summary, []
+        return page_summary, page_info.get_page(page).object_list
 
     @staticmethod
     def get_auth_users(user):

dongtai/models/__init__.py

@@ -6,3 +6,4 @@
 # project: dongtai-models
 
 from .user import User
+from . import api_route

dongtai/models/agent.py

@@ -9,7 +9,7 @@
 
 from dongtai.models import User
 from dongtai.models.server import IastServer
-
+from dongtai.utils.settings import get_managed
 
 class IastAgent(models.Model):
     token = models.CharField(max_length=255, blank=True, null=True)
@@ -34,5 +34,5 @@ class IastAgent(models.Model):
     language = models.CharField(max_length=10, blank=True, null=True)
 
     class Meta:
-        managed = False
+        managed = get_managed()
         db_table = 'iast_agent'

dongtai/models/agent_method_pool.py

@@ -9,16 +9,18 @@
 
 from dongtai.models.agent import IastAgent
 from dongtai.models.hook_strategy import HookStrategy
+from dongtai.utils.settings import get_managed
 
 
 class MethodPool(models.Model):
     agent = models.ForeignKey(IastAgent,
                               models.DO_NOTHING,
                               blank=True,
-                              null=True)
+                              null=True,
+                              db_constraint=False)
     url = models.CharField(max_length=2000, blank=True, null=True)
     uri = models.CharField(max_length=2000, blank=True, null=True)
-    http_method = models.CharField(max_length=10, blank=True, null=True)
+    http_method = models.CharField(max_length=10, blank=True, default='')
     http_scheme = models.CharField(max_length=20, blank=True, null=True)
     http_protocol = models.CharField(max_length=255, blank=True, null=True)
     req_header = models.CharField(max_length=2000, blank=True, null=True)
@@ -32,10 +34,17 @@ class MethodPool(models.Model):
     context_path = models.CharField(max_length=255, blank=True, null=True)
     method_pool = models.TextField(blank=True,
                                    null=True)  # This field type is a guess.
-    pool_sign = models.CharField(unique=True, max_length=40, blank=True, null=True)  # This field type is a guess.
+    pool_sign = models.CharField(unique=True,
+                                 max_length=40,
+                                 blank=True,
+                                 null=True)  # This field type is a guess.
     clent_ip = models.CharField(max_length=255, blank=True, null=True)
     create_time = models.IntegerField(blank=True, null=True)
     update_time = models.IntegerField(blank=True, null=True)
+    uri_sha1 = models.CharField(max_length=40,
+                                blank=True,
+                                default='',
+                                db_index=True)
     sinks = models.ManyToManyField(
         HookStrategy,
         verbose_name=_('sinks'),
@@ -45,5 +54,6 @@ class MethodPool(models.Model):
     )
 
     class Meta:
-        managed = False
+        managed = get_managed()
         db_table = 'iast_agent_method_pool'
+        indexes = [models.Index(fields=['uri_sha1', 'http_method', 'agent'])]

dongtai/models/agent_properties.py

@@ -5,6 +5,7 @@
 # software: PyCharm
 # project: dongtai-models
 from django.db import models
+from dongtai.utils.settings import get_managed
 
 from dongtai.models.agent import IastAgent
 
@@ -18,5 +19,5 @@ class IastAgentProperties(models.Model):
     agent = models.ForeignKey(IastAgent, models.DO_NOTHING, blank=True, null=True)
 
     class Meta:
-        managed = False
+        managed = get_managed()
         db_table = 'iast_agent_properties'

dongtai/models/api_route.py

@@ -0,0 +1,104 @@
+######################################################################
+# @author      : bidaya0 (bidaya0@$HOSTNAME)
+# @file        : api_route
+# @created     : Tuesday Aug 17, 2021 17:43:27 CST
+#
+# @description :
+######################################################################
+
+from django.db import models
+from dongtai.utils.settings import get_managed
+from dongtai.models.agent import IastAgent
+
+
+class HttpMethod(models.Model):
+    method = models.CharField(max_length=100, blank=True)
+
+    class Meta:
+        managed = get_managed()
+        db_table = 'iast_http_method'
+
+
+class IastApiMethod(models.Model):
+    method = models.CharField(max_length=100, blank=True)
+    http_method = models.ManyToManyField(
+        HttpMethod, blank=True, through='IastApiMethodHttpMethodRelation')
+
+    class Meta:
+        managed = get_managed()
+        db_table = 'iast_api_methods'
+
+
+class IastApiMethodHttpMethodRelation(models.Model):
+    api_method = models.ForeignKey(IastApiMethod,
+                                   on_delete=models.CASCADE,
+                                   db_constraint=False,
+                                   db_column='api_method_id')
+    http_method = models.ForeignKey(HttpMethod,
+                                    on_delete=models.CASCADE,
+                                    db_constraint=False,
+                                    db_column='http_method_id')
+
+    class Meta:
+        managed = get_managed()
+        db_table = 'iast_http_method_relation'
+        unique_together = ['api_method_id', 'http_method_id']
+
+
+class IastApiRoute(models.Model):
+    path = models.CharField(max_length=255, blank=True)
+    code_class = models.CharField(max_length=255,
+                                  blank=True,
+                                  db_column='code_class')
+    description = models.CharField(max_length=500, blank=True)
+    method = models.ForeignKey(IastApiMethod,
+                               on_delete=models.DO_NOTHING,
+                               db_constraint=False,
+                               db_index=True,
+                               db_column='method_id')
+    code_file = models.CharField(max_length=500,
+                                 blank=True,
+                                 db_column='code_file')
+    controller = models.CharField(max_length=100, blank=True)
+    agent = models.ForeignKey(IastAgent,
+                              on_delete=models.CASCADE,
+                              db_constraint=False,
+                              db_index=True,
+                              db_column='agent_id')
+
+    class Meta:
+        managed = get_managed()
+        db_table = 'iast_api_route'
+        unique_together = ['path', 'method']
+
+
+class IastApiParameter(models.Model):
+    name = models.CharField(max_length=100, blank=True)
+    parameter_type = models.CharField(max_length=100,
+                                      blank=True,
+                                      db_column='type')
+    annotation = models.CharField(max_length=500, blank=True)
+    route = models.ForeignKey(IastApiRoute,
+                              on_delete=models.CASCADE,
+                              db_constraint=False,
+                              db_index=True,
+                              db_column='route_id')
+
+    class Meta:
+        managed = get_managed()
+        db_table = 'iast_api_parameter'
+        unique_together = ['name', 'route_id']
+
+
+class IastApiResponse(models.Model):
+    return_type = models.CharField(max_length=100, blank=True)
+    route = models.ForeignKey(IastApiRoute,
+                              on_delete=models.CASCADE,
+                              db_constraint=False,
+                              db_index=True,
+                              db_column='route_id')
+
+    class Meta:
+        managed = get_managed()
+        db_table = 'iast_api_response'
+        unique_together = ['return_type', 'route_id']

dongtai/models/application.py

@@ -5,6 +5,7 @@
 # software: PyCharm
 # project: dongtai-models
 from django.db import models
+from dongtai.utils.settings import get_managed
 
 from dongtai.models import User
 
@@ -19,6 +20,6 @@ class IastApplicationModel(models.Model):
     dt = models.IntegerField(blank=True, null=True)
 
     class Meta:
-        managed = False
+        managed = get_managed()
         db_table = 'iast_application'
         unique_together = (('name', 'path'),)

dongtai/models/asset.py

@@ -10,6 +10,7 @@
 
 from dongtai.models.agent import IastAgent
 from dongtai.models.vul_level import IastVulLevel
+from dongtai.utils.settings import get_managed
 
 
 class Asset(models.Model):
@@ -32,5 +33,5 @@ class Asset(models.Model):
     )
 
     class Meta:
-        managed = False
+        managed = get_managed()
         db_table = 'iast_asset'

dongtai/models/authorization.py

@@ -5,6 +5,7 @@
 # software: PyCharm
 # project: dongtai-models
 from django.db import models
+from dongtai.utils.settings import get_managed
 
 
 class IastAuthorization(models.Model):
@@ -15,5 +16,5 @@ class IastAuthorization(models.Model):
     dt = models.IntegerField(blank=True, null=True)
 
     class Meta:
-        managed = False
-        db_table = 'iast_authorization'
+        managed = get_managed()
+        db_table = 'iast_authorization'