hxsecurity / dongtai-webapi Goto Github PK

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.0

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Additional Information

No response

Logs

No response

问题：
由于国内的网络问题，git被墙拉不下来代码，本地部署难度增高；

解决方案：
上传构建好的镜像到公共镜像服务，供社区下载试用

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.3

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.0

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Inconsistent statistics due to multiple versions of the project.

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.2

Installation Type

Official Docker Compose

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.2

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

HXSecurity/DongTai#358

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

• The back-end service accesses openapi through the intranet alias

Proposed Solution

• The back-end service accesses openapi through the intranet alias

Alternatives Considered

No response

Additional Information

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.2

Installation Type

Official Docker Compose

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.2

Installation Type

Official Docker Compose

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Verification of agent_id during project creation may cause errors

Additional Information

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.3

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

VulSummary Inappropriate sql query causes API timeout

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.0

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

The corresponding strategy was not created at the same time when the dangerous rule was created

Additional Information

solution

• When creating a strategy, create the corresponding risk type and filter type at the same time
• Remove the interface for creating dangerous types and filtering types

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

• Project adds vulnerability verification switch

Proposed Solution

• Added vulnerability verification switch field

Alternatives Considered

No response

Additional Information

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.0

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Unreasonable escaping causes the text to display incorrectly

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

• Sensitive information rule configuration

Proposed Solution

• Add API for obtaining sensitive information rule list
• Added new sensitive information rule API
• Add sensitive information rule status modification API
• Add sensitive information rule editing API
• Add sensitive information rule deleted API
• Add sensitive information pattern type list API

Noted:

• When policy created, the corresponding sensitive information type are automatically created
• When modifying the name, modify the corresponding type at the same time
• When creating a rule, at the same time check whether the rule conforms to the type it belongs to, for example, check whether the regex conforms to REGEX POSIX 1003.2
• When deleting a rule, only the status bit of the rule is modified without actually deleting the data

Alternatives Considered

Additional Information

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

The amount of code is too much, there is no reasonable modularization, it is difficult to expand and secondary development

Proposed Solution

• Split the logic of importing the app
• Establish a patch mechanism to modify the existing code according to the version

Alternatives Considered

No response

Additional Information

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.2

Installation Type

Official Docker Compose

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

When adding items, the operation is non-atomic, and an error occurs but partially saved

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

In some interfaces, the detail field of the list is inconsistent with the detail field
For example：

This leads to some difficulties in coupling Dongtai to other systems

Proposed Solution

Uniform field

Alternatives Considered

No response

Additional Information

No response

污点参数位置不存在导致数据查询失败

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.3

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

Administrators need to manage custom rules in batches

Proposed Solution

Add api to change the status of custom rules in bulk

Alternatives Considered

No response

Additional Information

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

Add some interface support get detail with id list,for example,

get project list with id list
get agent list with id list
get sca list with id list
...

Proposed Solution

Add some interface support get detail with id list,for example,

get project list with id list
get agent list with id list
get sca list with id list
...

Alternatives Considered

No response

Additional Information

No response

测试数据

aG9zdDpsb2NhbGhvc3Q6ODA4MApjb25uZWN0aW9uOmtlZXAtYWxpdmUKc2VjLWNoLXVhOiIgTm90
IEE7QnJhbmQiO3Y9Ijk5IiwgIkNocm9taXVtIjt2PSI5MCIsICJHb29nbGUgQ2hyb21lIjt2PSI5
MCIKc2VjLWNoLXVhLW1vYmlsZTo/MAp1cGdyYWRlLWluc2VjdXJlLXJlcXVlc3RzOjEKdXNlci1h
Z2VudDpNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktp
dC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTAuMC40NDMwLjIxMiBTYWZhcmkv
NTM3LjM2CmFjY2VwdDp0ZXh0L2h0bWwsYXBwbGljYXRpb24veGh0bWwreG1sLGFwcGxpY2F0aW9u
L3htbDtxPTAuOSxpbWFnZS9hdmlmLGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgsYXBw
bGljYXRpb24vc2lnbmVkLWV4Y2hhbmdlO3Y9YjM7cT0wLjkKc2VjLWZldGNoLXNpdGU6c2FtZS1v
cmlnaW4Kc2VjLWZldGNoLW1vZGU6bmF2aWdhdGUKc2VjLWZldGNoLXVzZXI6PzEKc2VjLWZldGNo
LWRlc3Q6ZG9jdW1lbnQKcmVmZXJlcjpodHRwOi8vbG9jYWxob3N0OjgwODAvdnVsbnMvMDIxLW5p
by1maWxlLmpzcAphY2NlcHQtZW5jb2Rpbmc6Z3ppcCwgZGVmbGF0ZSwgYnIKYWNjZXB0LWxhbmd1
YWdlOnpoLUNOLHpoO3E9MC45CmNvb2tpZTpKU0VTU0lPTklEPTZBRUI4NEM4NTM4MzNGNDg1REEx
RDhDNDVDRjVFNjQwOyByZW1lbWJlck1lPTlMampKU1RXZVZDMFMzVm53S3Q1WTRBUkhSaEo0ZndS
SS9ZRituMVlqN2kzYzBJVlRlTGJteTFvOXE2a1VZQit0eDhyRlhNaTRhTEgvNnNJUzVyWURVczhM
enZjUVhSQ0RRcDI0UnR5K2pWN3dMSU9KejI3dm1DemFqbnFaaVNCSTAvQXdnR1VIZG8xWGV6TlU3
OTRheTM5aGl4SmdxWGN4WnRma1pCNFl4bFFUNDQvazlvakR1dWs1YXZDR3lDV3VPODZUSEg5aVlI
ZGozNkc1SWYwN2JOUksyNW1hNVVYeXpVL3RPcktwSmhOMHFBbXExRjRwaTA4OWpQYWRrSkV0WEZw
TWV0eCtRanJPSmJJTksrN2pLTjlEaGtQVFdEMitlT3pEWEFvMEp2cG51Qlk2UzBaNGlCeVROWGRF
MmVwVEh4N3NnamRpcXo2L3dwTW5NNU9aSTFDbFVnSGpEMHBZTWsxdjNxbGN3STVSNjZXbjFIc1lC
QThMZGVqQzAzeGlvVEhDT3dmK21FZG42UjZBUEtpMDYveVIxdnB6TXcvazhMTW43c3RCY2RSZW12
OGxtUVRrY0s4dUFRYXlyREdKRkUwN2liN1ZnRk1HaGJPcXllcVlueWtzTng5UVJxY25WNkl5MTVU
V2N3bTlPR1FIaU1Fc28xeWx5VElXMU13ZXVCSzBQcHI5SGJBYlJFVXBVYm94THRNSjQyeE1xdHZs
MjArS1FKSU9qSVUrVzcyV3crRVRjOVFVbkRHQ0lxcUI0V2lvTlhid0E4aktaaG84VmNJeDNsS3Nn
RnpPYzJhQ1B3TytldGFvRlM0ZEpMbm1CTjVmVDdLTHpXOEdtVFB6bGhFWURjSmtIZXQ3N1dOZjQw
OFhDY3VVT0pXc2RYNGJnTGpJVmRTdDRtOFJ2bVVaVDJqamFneXN0ODlUNHNBTElaOER0N0ZaZUZ4
clZvQUtBclNGaHRHMFlVQmVpTDFXL1I3L2ZVa25nRHdaZ0dDTVBGbFNtRHhTOC9RcHUzVzdTR2x

Base64 Decode实现

import base64

header = """xxxx
xxxx
"""
base64.b64decode(header.encode("utf-8")).decode("utf-8")

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

Remove the entry of filter rules and dangerous rules, which are created when the policy is created.

Proposed Solution

Remove the entry of filter rules and dangerous rules, which are created when the policy is created.

Alternatives Considered

No response

Additional Information

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.3

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

The management interface lacks the ability to create a new strategy

problem:
After adding the sensitive information function, from how to distribute the new policy to the hook rule or the sensitive information rule, or to display them in the newly created hook rule and the sensitive rule at the same time, and distribute it by creating specific rules
Noted:
When policy created, the corresponding sensitive information type are automatically created

Proposed Solution

• Add strategy add interface

Alternatives Considered

No response

Additional Information

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.2

Installation Type

Official Docker Compose

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

HXSecurity/DongTai#357

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

Added policy template to select all and patch to change status

Proposed Solution

Added policy template to select all and patch to change status

Alternatives Considered

No response

Additional Information

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.3

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

KeyError at /api/v1/vuln/summary
'GO'

Request Method: GET
Request URL: https://dongtai-webapi-svc/api/v1/vuln/summary?language=&level=&type=&project_name=&url=&order=&status_id=&project_id=
Django Version: 3.0.3
Python Executable: /usr/local/bin/uwsgi
Python Version: 3.7.7
Python Path: ['.', '', '/usr/local/lib/python37.zip', '/usr/local/lib/python3.7', '/usr/local/lib/python3.7/lib-dynload', '/usr/local/lib/python3.7/site-packages']
Server time: Wed, 8 Dec 2021 12:12:19 +0800

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

The existing sorting is sorted according to the modification project setting time.

Proposed Solution

• Option One:
  WebApi calculates the vulnerability or component data recently acquired by the project when viewing the project list
  The update time is used as a calculated attribute.
  Pro:
  The area of the change is smaller and will not be affected by the agent-related data, such as deleting the agent and replacing the agent
  Con:
  Increase the query time of this interface of webapi

• Option II:
  OpenApi processes the update time of the project while receiving the reported data
  The update time is used as a storage attributes.
  Pro:
  Compared with solution 1, the time impact on the user side is less.
  Con:
  The field used to store item attribute changes is invalid.

Alternatives Considered

No response

Additional Information

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

Existing scan policy templates can only be created and queried, but cannot be modified or deleted.

Proposed Solution

Specific work:

• Add a single strategy acquisition interface
• The existing list interface adds functions such as search and sorting
• Configure the corresponding permission policy
• Increase deletion, consider whether to adopt false deletion
• Add modify interface

Points to consider:

• Existing queries and additions are available to each user, and policy changes may require changes to existing business logic
• Existing new creation is also available for all users
• Need to consider existing interactions after new permission settings
• When the scanning strategy is deleted, how to deal with the items that select the strategy

Alternatives Considered

No response

Additional Information

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.3

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

1. change the password
2. change success
3. redriect to default page
4. 403

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.2

Installation Type

Official Docker Compose

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.2

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.4

Installation Type

Official Docker Compose

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

history_data vul detected missing after vul_type modify

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.2

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

this API has a disemancy field.
Causes the following problems:
The client mishandled the replay type for which the return field was returned

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.3

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.0

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

• add the corresponding creation strategy logic

Additional Information

No response

Logs

No response

随着数据量的增加，性能问题逐渐出来，需要进行优化

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.2

Installation Type

Official Docker Compose

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.2

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

• When adding a policy, there is no check for the existence of the scanning policy
• Empty when scanning strategy does not exist

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.4

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

Increase the type of hard-coded vulnerabilities

Proposed Solution

Increase the type of hard-coded vulnerabilities

Alternatives Considered

No response

Additional Information

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

The existing component list is missing component path information.

Proposed Solution

Add component path when displaying

• Asset.package_path

Alternatives Considered

No response

Additional Information

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.0

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

1. The status of the replay settings is incorrect
2. Unhandled exception in query during batch replay

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

The agent information in the project agent and project details interface can only return an ID field, and the details can be loaded through the agent interface

Proposed Solution

The agent information in the project agent and project details interface can only return an ID field, and the details can be loaded through the agent interface

Alternatives Considered

No response

Additional Information

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.1.0

Installation Type

Official SaaS Service

Service Name

DongTai-WebAPI

Describe the details of the bug and the steps to reproduce it

CSRF Failed: Referer checking failed - https://dev-iast.huoxian.cn:1024/taint/search does not match any trusted origins.

Additional Information

No response

Logs

No response

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.

Problem Description

Modify the default testrunner of django and add a regression test process

Proposed Solution

• Modify the default testrunner
• Add regression tests to fixed bugs

Alternatives Considered

No response

Additional Information

No response