Skip to content
This repository has been archived by the owner on Sep 12, 2024. It is now read-only.

Commit

Permalink
Release 0.3.1
Browse files Browse the repository at this point in the history
  • Loading branch information
@jweny
jweny committed May 27, 2021
1 parent 72b3ab8 commit e2d50bc
Show file tree
Hide file tree
Showing 19 changed files with 415 additions and 207 deletions.
54 changes: 31 additions & 23 deletions api/routers/route.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,16 @@ package routers
import (
"github.com/gin-gonic/gin"
"github.com/jweny/pocassist/api/middleware/jwt"
"github.com/jweny/pocassist/api/routers/v1"
"github.com/jweny/pocassist/api/routers/v1/auth"
"github.com/jweny/pocassist/api/routers/v1/plugin"
"github.com/jweny/pocassist/api/routers/v1/vulnerability"
"github.com/jweny/pocassist/api/routers/v1/webapp"
"github.com/jweny/pocassist/pkg/conf"
"net/http"
)

func Setup() {
gin.SetMode(conf.GlobalConfig.ServerConfig.RunMode)

}


Expand All @@ -24,58 +26,64 @@ func InitRouter(port string) {
})

// api
router.POST("/api/v1/user/login", v1.GetAuth)
router.POST("/api/v1/user/login", auth.Login)
pluginRoutes := router.Group("/api/v1/poc")
pluginRoutes.Use(jwt.JWT())
{
// all
pluginRoutes.GET("/", v1.GetPlugins)
pluginRoutes.GET("/", plugin.Get)
// 增
pluginRoutes.POST("/", v1.CreatePlugin)
pluginRoutes.POST("/", plugin.Add)
// 改
pluginRoutes.PUT("/:id/", v1.UpdatePlugin)
pluginRoutes.PUT("/:id/", plugin.Update)
// 详情
pluginRoutes.GET("/:id/", v1.GetPlugin)
pluginRoutes.GET("/:id/", plugin.Detail)
// 删
pluginRoutes.DELETE("/:id/", v1.DeletePlugin)
// 运行
pluginRoutes.POST("/run/", v1.RunPlugin)
pluginRoutes.DELETE("/:id/", plugin.Delete)
// 测试单个poc
pluginRoutes.POST("/run/", plugin.Test)
//// 批量测试poc
//pluginRoutes.POST("/runs", plugin.RunPlugins)
}

vulRoutes := router.Group("/api/v1/vul")
vulRoutes.Use(jwt.JWT())
{
// basic
vulRoutes.GET("/basic/", v1.GetBasic)
vulRoutes.GET("/basic/", vulnerability.Basic)
// all
vulRoutes.GET("/", v1.GetVuls)
vulRoutes.GET("/", vulnerability.Get)
// 增
vulRoutes.POST("/", v1.CreateVul)
vulRoutes.POST("/", vulnerability.Create)
// 改
vulRoutes.PUT("/:id/", v1.UpdateVul)
vulRoutes.PUT("/:id/", vulnerability.Update)
// 详情
vulRoutes.GET("/:id/", v1.GetVul)
vulRoutes.GET("/:id/", vulnerability.Detail)
// 删
vulRoutes.DELETE("/:id/", v1.DeleteVul)
vulRoutes.DELETE("/:id/", vulnerability.Delete)
}

appRoutes := router.Group("/api/v1/product")
appRoutes.Use(jwt.JWT())
{
// all
appRoutes.GET("/", v1.GetWebApps)
appRoutes.GET("/", webapp.Get)
// 增
appRoutes.POST("/", v1.CreateWebApp)
appRoutes.POST("/", webapp.Create)
}



userRoutes := router.Group("/api/v1/user")
userRoutes.Use(jwt.JWT())
{
userRoutes.POST("/self/resetpwd/", v1.SelfResetPassword)
userRoutes.GET("/info", v1.SelfGetInfo)
userRoutes.GET("/logout", v1.SelfLogout)
userRoutes.POST("/self/resetpwd/", auth.Reset)
userRoutes.GET("/info", auth.Self)
userRoutes.GET("/logout", auth.Logout)
}

// todo scan add jwt
scanRoutes := router.Group("/api/vi/scan")
{
scanRoutes.POST("")
}

router.Run(":" + port)
Expand Down
10 changes: 5 additions & 5 deletions api/routers/v1/auth/auth.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package v1
package auth

import (
"github.com/gin-gonic/gin"
Expand All @@ -17,7 +17,7 @@ type ResetPwd struct {
NewPassword string `json:"newpassword"`
}

func GetAuth(c *gin.Context) {
func Login(c *gin.Context) {
login := auth{}
err := c.BindJSON(&login)
if err != nil {
Expand Down Expand Up @@ -48,7 +48,7 @@ func GetAuth(c *gin.Context) {
}
}

func SelfResetPassword(c *gin.Context) {
func Reset(c *gin.Context) {
resetPwd := ResetPwd{}
err := c.BindJSON(&resetPwd)
if err != nil {
Expand All @@ -71,7 +71,7 @@ func SelfResetPassword(c *gin.Context) {
}
}

func SelfGetInfo(c *gin.Context) {
func Self(c *gin.Context) {
token := c.Request.Header.Get("Authorization")
claims, err := util.ParseToken(token)
if err != nil || claims == nil {
Expand All @@ -84,7 +84,7 @@ func SelfGetInfo(c *gin.Context) {
return
}

func SelfLogout(c *gin.Context) {
func Logout(c *gin.Context) {
// 后端伪登出 todo:优化jwt
c.JSON(msg.SuccessResp("登出成功"))
return
Expand Down
102 changes: 13 additions & 89 deletions api/routers/v1/plugin/plugin.go
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package v1
package plugin

import (
"bufio"
"github.com/astaxie/beego/validation"
"github.com/gin-gonic/gin"
"github.com/jweny/pocassist/api/msg"
Expand All @@ -11,16 +10,9 @@ import (
"github.com/jweny/pocassist/poc/rule"
"github.com/unknwon/com"
"gorm.io/datatypes"
"log"
)

const (
TargetUrl = "url"
TargetUrlFile = "file"
TargetUrlRaw = "raw"
)

type PluginSerializer struct {
type Serializer struct {
// 返回给前端的字段
DespName string `json:"desp_name"`
Id int `gorm:"primary_key" json:"id"`
Expand All @@ -31,23 +23,15 @@ type PluginSerializer struct {
Description int `gorm:"column:description" json:"description"`
}

type RunSinglePluginSerializer struct {
type RunSerializer struct {
// 运行单个
Target string `json:"target"`
Affects string `gorm:"column:affects" json:"affects"`
JsonPoc datatypes.JSON `gorm:"column:json_poc" json:"json_poc"`
}

type RunPluginsSerializer struct {
// 批量运行
Target string `json:"target"`
TargetType string `json:"target_type"`
RunType string `json:"run_type"`
VulIdList []string `json:"vul_id_list"`
}

//获取单个plugin
func GetPlugin(c *gin.Context) {
func Detail(c *gin.Context) {
id := com.StrTo(c.Param("id")).MustInt()
var data interface {}
valid := validation.Validation{}
Expand All @@ -68,7 +52,7 @@ func GetPlugin(c *gin.Context) {
}

//获取多个pluign
func GetPlugins(c *gin.Context) {
func Get(c *gin.Context) {
data := make(map[string]interface{})
field := db.PluginSearchField{Search: "", EnableField:-1, AffectsField:"",}
valid := validation.Validation{}
Expand All @@ -91,7 +75,7 @@ func GetPlugins(c *gin.Context) {
if ! valid.HasErrors() {
plugins := db.GetPlugins(page, pageSize, &field)

var pluginRespData []PluginSerializer
var pluginRespData []Serializer

for _, plugin := range plugins {
var despName string
Expand All @@ -101,7 +85,7 @@ func GetPlugins(c *gin.Context) {
despName = ""
}

pluginRespData = append(pluginRespData, PluginSerializer{
pluginRespData = append(pluginRespData, Serializer{
DespName: despName,
Id: plugin.Id,
VulId: plugin.VulId,
Expand All @@ -123,7 +107,7 @@ func GetPlugins(c *gin.Context) {
}

//新增
func CreatePlugin(c *gin.Context) {
func Add(c *gin.Context) {
plugin := db.Plugin{}
err := c.BindJSON(&plugin)
if err != nil {
Expand All @@ -141,7 +125,7 @@ func CreatePlugin(c *gin.Context) {
}

//修改
func UpdatePlugin(c *gin.Context) {
func Update(c *gin.Context) {
plugin := db.Plugin{}
err := c.BindJSON(&plugin)
if err != nil {
Expand All @@ -168,7 +152,7 @@ func UpdatePlugin(c *gin.Context) {
}

//删除
func DeletePlugin(c *gin.Context) {
func Delete(c *gin.Context) {
id := com.StrTo(c.Param("id")).MustInt()

valid := validation.Validation{}
Expand All @@ -190,8 +174,8 @@ func DeletePlugin(c *gin.Context) {
}

//运行单个plugin 不是从数据库提取数据,表单传数据
func RunPlugin(c *gin.Context) {
run := RunSinglePluginSerializer{}
func Test(c *gin.Context) {
run := RunSerializer{}
err := c.BindJSON(&run)
if err != nil {
c.JSON(msg.ErrResp("参数校验不通过"))
Expand Down Expand Up @@ -225,64 +209,4 @@ func RunPlugin(c *gin.Context) {
c.JSON(msg.ErrResp("检测目标、规则类型均不可为空"))
return
}
}

//批量运行plugin 从数据库提取数据,表单传数据
//前端向后端传 "vul_id_list":["poc_db_1","poc_db_2"]
func RunPlugins(c *gin.Context) {
runs := RunPluginsSerializer{}
err := c.BindJSON(&runs)
if err != nil {
c.JSON(msg.ErrResp("参数校验不通过"))
return
}
plugins, err := rule.LoadDbPlugin(runs.RunType, runs.VulIdList)

switch runs.TargetType {
case TargetUrl:
url := runs.TargetType
oreq, err := util.GenOriginalReq(url)
if err != nil {
logging.GlobalLogger.Error("[original request gen err ]", err)
c.JSON(msg.ErrResp("原始请求生成失败"))
return
}
rule.RunPlugins(oreq, plugins)
case TargetUrlFile:
//获取文件
file, header, err := c.Request.FormFile("file")
if err != nil {
logging.GlobalLogger.Error("[original request gen err ]", err)
c.JSON(msg.ErrResp("url文件上传失败"))
return
}
log.Print(header.Filename)
//content, err := ioutil.ReadAll(file)
var targets []string

scanner := bufio.NewScanner(file)
for scanner.Scan() {
val := scanner.Text()
if val == "" {
continue
}
targets = append(targets, val)
}

for _, url := range targets {
oreq, err := util.GenOriginalReq(url)
if err != nil {
logging.GlobalLogger.Error("[original request gen err ]", err)
}
logging.GlobalLogger.Info("[start check url ]", url)
rule.RunPlugins(oreq, plugins)
}
case TargetUrlRaw:
//请求报文
}
}





}
Loading

0 comments on commit e2d50bc

Please sign in to comment.