hxsecurity / dongtai-webapi Goto Github PK
View Code? Open in Web Editor NEWDongTai-WebAPI is the server part of the management tool of DongTai-IAST
License: Apache License 2.0
DongTai-WebAPI is the server part of the management tool of DongTai-IAST
License: Apache License 2.0
1.1.0
Official SaaS Service
DongTai-WebAPI
No response
No response
问题:
由于国内的网络问题,git被墙拉不下来代码,本地部署难度增高;
解决方案:
上传构建好的镜像到公共镜像服务,供社区下载试用
1.1.3
Official SaaS Service
DongTai-WebAPI
No response
No response
1.1.0
Official SaaS Service
DongTai-WebAPI
Inconsistent statistics due to multiple versions of the project.
No response
No response
1.1.2
Official Docker Compose
DongTai-WebAPI
No response
No response
1.1.2
Official SaaS Service
DongTai-WebAPI
No response
No response
No response
No response
1.1.2
Official Docker Compose
DongTai-WebAPI
No response
No response
1.1.2
Official Docker Compose
DongTai-WebAPI
Verification of agent_id during project creation may cause errors
No response
1.1.3
Official SaaS Service
DongTai-WebAPI
VulSummary Inappropriate sql query causes API timeout
No response
No response
1.1.0
Official SaaS Service
DongTai-WebAPI
The corresponding strategy was not created at the same time when the dangerous rule was created
solution
No response
No response
No response
1.1.0
Official SaaS Service
DongTai-WebAPI
Unreasonable escaping causes the text to display incorrectly
No response
No response
Noted:
No response
The amount of code is too much, there is no reasonable modularization, it is difficult to expand and secondary development
No response
No response
1.1.2
Official Docker Compose
DongTai-WebAPI
When adding items, the operation is non-atomic, and an error occurs but partially saved
No response
No response
In some interfaces, the detail field of the list is inconsistent with the detail field
For example:
This leads to some difficulties in coupling Dongtai to other systems
Uniform field
No response
No response
污点参数位置不存在导致数据查询失败
1.1.3
Official SaaS Service
DongTai-WebAPI
No response
No response
Administrators need to manage custom rules in batches
Add api to change the status of custom rules in bulk
No response
No response
Add some interface support get detail with id list,for example,
get project list with id list
get agent list with id list
get sca list with id list
...
Add some interface support get detail with id list,for example,
get project list with id list
get agent list with id list
get sca list with id list
...
No response
No response
测试数据
aG9zdDpsb2NhbGhvc3Q6ODA4MApjb25uZWN0aW9uOmtlZXAtYWxpdmUKc2VjLWNoLXVhOiIgTm90
IEE7QnJhbmQiO3Y9Ijk5IiwgIkNocm9taXVtIjt2PSI5MCIsICJHb29nbGUgQ2hyb21lIjt2PSI5
MCIKc2VjLWNoLXVhLW1vYmlsZTo/MAp1cGdyYWRlLWluc2VjdXJlLXJlcXVlc3RzOjEKdXNlci1h
Z2VudDpNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktp
dC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTAuMC40NDMwLjIxMiBTYWZhcmkv
NTM3LjM2CmFjY2VwdDp0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9u
L3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBw
bGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkKc2VjLWZldGNoLXNpdGU6c2FtZS1v
cmlnaW4Kc2VjLWZldGNoLW1vZGU6bmF2aWdhdGUKc2VjLWZldGNoLXVzZXI6PzEKc2VjLWZldGNo
LWRlc3Q6ZG9jdW1lbnQKcmVmZXJlcjpodHRwOi8vbG9jYWxob3N0OjgwODAvdnVsbnMvMDIxLW5p
by1maWxlLmpzcAphY2NlcHQtZW5jb2Rpbmc6Z3ppcCwgZGVmbGF0ZSwgYnIKYWNjZXB0LWxhbmd1
YWdlOnpoLUNOLHpoO3E9MC45CmNvb2tpZTpKU0VTU0lPTklEPTZBRUI4NEM4NTM4MzNGNDg1REEx
RDhDNDVDRjVFNjQwOyByZW1lbWJlck1lPTlMampKU1RXZVZDMFMzVm53S3Q1WTRBUkhSaEo0ZndS
SS9ZRituMVlqN2kzYzBJVlRlTGJteTFvOXE2a1VZQit0eDhyRlhNaTRhTEgvNnNJUzVyWURVczhM
enZjUVhSQ0RRcDI0UnR5K2pWN3dMSU9KejI3dm1DemFqbnFaaVNCSTAvQXdnR1VIZG8xWGV6TlU3
OTRheTM5aGl4SmdxWGN4WnRma1pCNFl4bFFUNDQvazlvakR1dWs1YXZDR3lDV3VPODZUSEg5aVlI
ZGozNkc1SWYwN2JOUksyNW1hNVVYeXpVL3RPcktwSmhOMHFBbXExRjRwaTA4OWpQYWRrSkV0WEZw
TWV0eCtRanJPSmJJTksrN2pLTjlEaGtQVFdEMitlT3pEWEFvMEp2cG51Qlk2UzBaNGlCeVROWGRF
MmVwVEh4N3NnamRpcXo2L3dwTW5NNU9aSTFDbFVnSGpEMHBZTWsxdjNxbGN3STVSNjZXbjFIc1lC
QThMZGVqQzAzeGlvVEhDT3dmK21FZG42UjZBUEtpMDYveVIxdnB6TXcvazhMTW43c3RCY2RSZW12
OGxtUVRrY0s4dUFRYXlyREdKRkUwN2liN1ZnRk1HaGJPcXllcVlueWtzTng5UVJxY25WNkl5MTVU
V2N3bTlPR1FIaU1Fc28xeWx5VElXMU13ZXVCSzBQcHI5SGJBYlJFVXBVYm94THRNSjQyeE1xdHZs
MjArS1FKSU9qSVUrVzcyV3crRVRjOVFVbkRHQ0lxcUI0V2lvTlhid0E4aktaaG84VmNJeDNsS3Nn
RnpPYzJhQ1B3TytldGFvRlM0ZEpMbm1CTjVmVDdLTHpXOEdtVFB6bGhFWURjSmtIZXQ3N1dOZjQw
OFhDY3VVT0pXc2RYNGJnTGpJVmRTdDRtOFJ2bVVaVDJqamFneXN0ODlUNHNBTElaOER0N0ZaZUZ4
clZvQUtBclNGaHRHMFlVQmVpTDFXL1I3L2ZVa25nRHdaZ0dDTVBGbFNtRHhTOC9RcHUzVzdTR2x
Base64 Decode实现
import base64
header = """xxxx
xxxx
"""
base64.b64decode(header.encode("utf-8")).decode("utf-8")
Remove the entry of filter rules and dangerous rules, which are created when the policy is created.
Remove the entry of filter rules and dangerous rules, which are created when the policy is created.
No response
No response
1.1.3
Official SaaS Service
DongTai-WebAPI
No response
No response
The management interface lacks the ability to create a new strategy
problem:
After adding the sensitive information function, from how to distribute the new policy to the hook rule or the sensitive information rule, or to display them in the newly created hook rule and the sensitive rule at the same time, and distribute it by creating specific rules
Noted:
When policy created, the corresponding sensitive information type are automatically created
No response
No response
1.1.2
Official Docker Compose
DongTai-WebAPI
No response
No response
Added policy template to select all and patch to change status
Added policy template to select all and patch to change status
No response
No response
1.1.3
Official SaaS Service
DongTai-WebAPI
KeyError at /api/v1/vuln/summary
'GO'
Request Method: GET
Request URL: https://dongtai-webapi-svc/api/v1/vuln/summary?language=&level=&type=&project_name=&url=&order=&status_id=&project_id=
Django Version: 3.0.3
Python Executable: /usr/local/bin/uwsgi
Python Version: 3.7.7
Python Path: ['.', '', '/usr/local/lib/python37.zip', '/usr/local/lib/python3.7', '/usr/local/lib/python3.7/lib-dynload', '/usr/local/lib/python3.7/site-packages']
Server time: Wed, 8 Dec 2021 12:12:19 +0800
No response
No response
The existing sorting is sorted according to the modification project setting time.
Option One:
WebApi calculates the vulnerability or component data recently acquired by the project when viewing the project list
The update time is used as a calculated attribute.
Pro:
The area of the change is smaller and will not be affected by the agent-related data, such as deleting the agent and replacing the agent
Con:
Increase the query time of this interface of webapi
Option II:
OpenApi processes the update time of the project while receiving the reported data
The update time is used as a storage attributes.
Pro:
Compared with solution 1, the time impact on the user side is less.
Con:
The field used to store item attribute changes is invalid.
No response
No response
Existing scan policy templates can only be created and queried, but cannot be modified or deleted.
Specific work:
Points to consider:
No response
No response
1.1.3
Official SaaS Service
DongTai-WebAPI
No response
No response
1.1.2
Official Docker Compose
DongTai-WebAPI
No response
No response
1.1.2
Official SaaS Service
DongTai-WebAPI
No response
No response
1.1.4
Official Docker Compose
DongTai-WebAPI
history_data vul detected missing after vul_type modify
No response
No response
1.1.2
Official SaaS Service
DongTai-WebAPI
this API has a disemancy field.
Causes the following problems:
The client mishandled the replay type for which the return field was returned
No response
No response
1.1.3
Official SaaS Service
DongTai-WebAPI
No response
No response
1.1.0
Official SaaS Service
DongTai-WebAPI
No response
No response
随着数据量的增加,性能问题逐渐出来,需要进行优化
1.1.2
Official Docker Compose
DongTai-WebAPI
No response
No response
1.1.2
Official SaaS Service
DongTai-WebAPI
No response
No response
1.1.4
Official SaaS Service
DongTai-WebAPI
No response
No response
Increase the type of hard-coded vulnerabilities
Increase the type of hard-coded vulnerabilities
No response
No response
The existing component list is missing component path information.
Add component path when displaying
No response
No response
1.1.0
Official SaaS Service
DongTai-WebAPI
No response
No response
The agent information in the project agent and project details interface can only return an ID field, and the details can be loaded through the agent interface
The agent information in the project agent and project details interface can only return an ID field, and the details can be loaded through the agent interface
No response
No response
1.1.0
Official SaaS Service
DongTai-WebAPI
CSRF Failed: Referer checking failed - https://dev-iast.huoxian.cn:1024/taint/search does not match any trusted origins.
No response
No response
Modify the default testrunner of django and add a regression test process
No response
No response
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.