diff --git a/core/__version__.py b/core/__version__.py
index 106fa67b..28efe30c 100644
--- a/core/__version__.py
+++ b/core/__version__.py
@@ -7,7 +7,7 @@
__issue_page__ = 'https://github.com/LoRexxar/Kunlun-M/issues/new'
__python_version__ = sys.version.split()[0]
__platform__ = platform.platform()
-__version__ = '2.6.3'
+__version__ = '2.6.4'
__author__ = 'LoRexxar'
__author_email__ = 'LoRexxar@gmail.com'
__license__ = 'MIT License'
diff --git a/core/vendors.py b/core/vendors.py
index 06215b68..413dc302 100644
--- a/core/vendors.py
+++ b/core/vendors.py
@@ -266,6 +266,7 @@ def check_vendor(self):
f = codecs.open(filepath, 'rb+', encoding='utf-8', errors='ignore')
filecontent = f.read()
f.seek(0, os.SEEK_SET)
+ savefilepath = filepath.replace(self.target_path, "").replace('\\', '/')
if filename == "requirements.txt":
@@ -280,7 +281,7 @@ def check_vendor(self):
vendor_version = None
update_and_new_project_vendor(self.project_id, name=vendor_name, version=vendor_version,
- language=language)
+ language=language, ext=savefilepath)
get_and_save_vendor_vuls(self.task_id, vendor_name, vendor_version, language)
@@ -299,7 +300,7 @@ def check_vendor(self):
vendor_version = vendors_list[vendor].strip()
update_and_new_project_vendor(self.project_id, name=vendor_name, version=vendor_version,
- language=language)
+ language=language, ext=savefilepath)
get_and_save_vendor_vuls(self.task_id, vendor_name, vendor_version, language)
@@ -328,7 +329,7 @@ def check_vendor(self):
vendor_version = vendor[-1].strip()
update_and_new_project_vendor(self.project_id, name=vendor_name, version=vendor_version,
- language=language, ext=go_version)
+ language=language, ext=savefilepath)
get_and_save_vendor_vuls(self.task_id, vendor_name, vendor_version, language)
@@ -382,7 +383,7 @@ def check_vendor(self):
ext = "maven"
update_and_new_project_vendor(self.project_id, name=vendor_name, version=vendor_version,
- language=language, ext=ext)
+ language=language, ext=savefilepath)
get_and_save_vendor_vuls(self.task_id, vendor_name, vendor_version, language, ext)
@@ -416,7 +417,7 @@ def check_vendor(self):
if vendor_name and vendor_version:
update_and_new_project_vendor(self.project_id, name=vendor_name, version=vendor_version,
- language=language, ext=ext)
+ language=language, ext=savefilepath)
get_and_save_vendor_vuls(self.task_id, vendor_name, vendor_version, language, ext)
continue
@@ -436,7 +437,7 @@ def check_vendor(self):
ext = "{}.{}".format(node_version, "dependencies")
update_and_new_project_vendor(self.project_id, name=dependency, version=vendor_version,
- language=language, ext=ext)
+ language=language, ext=savefilepath)
get_and_save_vendor_vuls(self.task_id, dependency, vendor_version, language, ext)
@@ -445,7 +446,7 @@ def check_vendor(self):
ext = "{}.{}".format(node_version, "devDependencies")
update_and_new_project_vendor(self.project_id, name=dependency, version=vendor_version,
- language=language, ext=ext)
+ language=language, ext=savefilepath)
get_and_save_vendor_vuls(self.task_id, dependency, vendor_version, language, ext)
diff --git a/core/vuln_apis/murphysec.py b/core/vuln_apis/murphysec.py
index c7b29d37..e4541ec1 100644
--- a/core/vuln_apis/murphysec.py
+++ b/core/vuln_apis/murphysec.py
@@ -1,13 +1,13 @@
#!/usr/bin/env python
# encoding: utf-8
-'''
+"""
@author: LoRexxar
@contact: lorexxar@gmail.com
@file: mofei.py
@time: 2021/9/27 11:47
@desc:
-'''
+"""
import json
import requests
@@ -25,7 +25,7 @@ def get_vulns_from_murphysec(language, package_name, version):
"version": version,
"language": language,
"filter":{
- "level": "严重|高危|中危"
+ "level": "严重|高危"
}
}
@@ -40,37 +40,48 @@ def get_vulns_from_murphysec(language, package_name, version):
if r.status_code == 200:
data = json.loads(r.content)
- if data['code'] == 400:
+ if data["code"] == 400:
logger.warning("[Vendor][Murphysec Scan] QPS limit.")
return result
- elif data['code'] == 401:
+ elif data["code"] == 401:
logger.error("[Vendor][Murphysec Scan] Api Token error.")
else:
- vuls = data['data']['vuln_info']
+ vuls = data["data"]["vuln_info"]
for vul in vuls:
vuln = {}
- vuln["vuln_id"] = vul['no']
- vuln["title"] = vul['title']
+ vuln["vuln_id"] = vul["no"]
+ vuln["title"] = vul["title"]
# reference
urls = []
- for u in vul['references']:
+ for u in vul["references"]:
urls.append(u["url"])
vuln["reference"] = json.dumps(urls)
- vuln["description"] = vul['description']
+ vuln["description"] = """{}
+
+受影响的版本范围: {}
+存在危害的相关代码片段:\n {}
+""".format(vul["description"], vul["effect"][0]["affected_version"], vul["vuln_code_usage"])
+
# get cve
- cves = [vul['cve_id'], vul['cnvd_id']]
+ cves = [vul["cve_id"], vul["cnvd_id"]]
vuln["cves"] = json.dumps(cves)
# get severity
- vuln["severity"] = int(vul['cvss'])
+
+ # 如果非强烈建议修复,则减3分
+ severity = int(vul["cvss"])
+ if vul["suggest"] != "强烈建议修复":
+ severity -= 3
+
+ vuln["severity"] = severity
# affected_versions
# affected_versions = []
- # for av in vul['effect']:
- # affected_versions.append(av['version_end_excluding'])
+ # for av in vul["effect"]:
+ # affected_versions.append(av["version_end_excluding"])
vuln["affected_versions"] = [version]
diff --git a/docs/changelog.md b/docs/changelog.md
index e8ca283c..6591d9fd 100644
--- a/docs/changelog.md
+++ b/docs/changelog.md
@@ -279,4 +279,12 @@
- 修复了在处理同一漏洞多结果的忽略问题
- 修复了deps api的bug @raul17 #192
- 组件扫描添加了墨非api
- - 添加了组件搜索功能并完善了相应页面显示内容
\ No newline at end of file
+ - 添加了组件搜索功能并完善了相应页面显示内容
+- 2021-12-23
+ - KunLun-M 2.6.4
+ - 添加了组件相关数据、数据流相关数据api
+ - 修复了部分静态页面的显示bug
+ - 修复了墨非api的部分使用问题
+ - 删除了tasklog中无意义的数据显示,优化使用体验
+ - 在组件数据中加入数据来源路径便于检查
+ - 修复了部分bug#197 #199 #200
\ No newline at end of file
diff --git a/templates/backend/tasklog.html b/templates/backend/tasklog.html
index 67bd21a3..951b6551 100644
--- a/templates/backend/tasklog.html
+++ b/templates/backend/tasklog.html
@@ -43,6 +43,7 @@ Vulnerabilities
Source |
Type |
Is Confirm |
+ Operate |
{% for taskresult in taskresults %}
@@ -62,6 +63,7 @@ Vulnerabilities
{{ taskresult.is_unconfirm }}
{% endif %}
+ |
@@ -163,21 +165,30 @@ New Evil Functions
diff --git a/web/backend/views.py b/web/backend/views.py
index 6ada9e2d..18b57c12 100644
--- a/web/backend/views.py
+++ b/web/backend/views.py
@@ -43,7 +43,7 @@ def tasklog(req, task_id):
project_id = get_and_check_scantask_project_id(task_id)
- srts = get_and_check_scanresult(task_id).objects.filter(scan_project_id=project_id)
+ srts = get_and_check_scanresult(task_id).objects.filter(scan_project_id=project_id, is_active=1)
nefs = NewEvilFunc.objects.filter(project_id=project_id)
ResultFlow = get_resultflow_class(task_id)
@@ -53,6 +53,16 @@ def tasklog(req, task_id):
resultflowdict = {}
for rf in rfs:
+
+ # 加入漏洞有效检查,可能已被删除或处理
+ # 组件漏洞不显示
+ if rf.node_type == "sca_scan":
+ continue
+
+ r = get_and_check_scanresult(task_id).objects.filter(id=rf.vul_id, is_active=1).first()
+ if not r:
+ continue
+
if rf.vul_id not in resultflowdict:
resultflowdict[rf.vul_id] = {
'id': rf.vul_id,