xmirror

Author: alipaydeshui

src/main/java/com/iast/astbenchmark/analyser/factory/stategy/XmirrorCaseDataTransfer.java

@@ -0,0 +1,103 @@
+package com.iast.astbenchmark.analyser.factory.stategy;
+
+import cn.hutool.core.io.FileUtil;
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.json.JSONArray;
+import cn.hutool.json.JSONObject;
+import cn.hutool.json.JSONUtil;
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+import com.iast.astbenchmark.analyser.bean.BaseOriginalDataBean;
+import com.iast.astbenchmark.analyser.bean.CaseDataCollectResultBean;
+import com.iast.astbenchmark.analyser.bean.consts.VendorEnum;
+import com.iast.astbenchmark.analyser.factory.CaseDataTransfer;
+import com.iast.astbenchmark.analyser.factory.stategy.dongtai.DongResultBean;
+import com.iast.astbenchmark.analyser.factory.stategy.dongtai.DongTaintItemBean;
+import com.iast.astbenchmark.analyser.factory.stategy.xmirror.XmirrorRecord;
+import com.iast.astbenchmark.analyser.factory.stategy.xmirror.XmirrorRootBean;
+import com.iast.astbenchmark.analyser.service.ConfigService;
+import com.iast.astbenchmark.analyser.util.CaseResultutils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.util.CollectionUtils;
+
+import java.nio.charset.Charset;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+@Component
+public class XmirrorCaseDataTransfer implements CaseDataTransfer {
+    @Autowired
+    private ConfigService configService;
+
+    @Override
+    public VendorEnum vendor() {
+        return VendorEnum.XMIRROR;
+    }
+
+    @Override
+    public CaseDataCollectResultBean doOperation() {
+        Long time = System.currentTimeMillis();
+        CaseDataCollectResultBean resultBean = new CaseDataCollectResultBean();
+        resultBean.setVendor(vendor());
+        resultBean.setReportId(this.vendor().getDescription() + "@" + time);
+        resultBean.setCaseTime(time);
+        /**
+         *  Step1 ->获取检出结果并解析；
+         *  指定检测结果目录 以及检测标记
+         */
+        List<XmirrorRecord> taintItemBeans = getReportLogArray(configService.getDetection(this.vendor()));
+        /**
+         *  Step2 -> 抽取Tag
+         *  默认使用MethedName作为Case的tag进行标记
+         */
+        Map<String, BaseOriginalDataBean> tagMap = convertToTagMap(taintItemBeans);
+        resultBean.setCaseDetectionItems(CaseResultutils.caseAnalyse(tagMap));
+        return resultBean;
+    }
+
+    private Map<String, BaseOriginalDataBean> convertToTagMap(List<XmirrorRecord> logsBeans) {
+        if (CollectionUtils.isEmpty(logsBeans)) {
+            return Maps.newHashMap();
+        }
+        return logsBeans.stream().filter(e -> e.getSecurityLevelId()>=2
+                        && StrUtil.isNotEmpty(e.getIastParam()) && StrUtil.isNotEmpty(e.getVulUrl()))
+                .collect(Collectors.toMap(e1 -> getTagKey(e1), e2 -> e2, (k1, k2) -> k1));
+    }
+
+    private String getTagKey(XmirrorRecord baseData) {
+        String url = baseData.getVulUrl();
+        if (url.contains("case00")) {
+            url =  url.split("\\?")[0];
+            String tag = "aTaintCase00" + url.split("case00")[1].split("/")[0];
+            if (url.endsWith("/2")) {
+                tag = tag + "_2";
+            } else if (url.endsWith("/1")) {
+                tag = tag + "_1";
+            } else if (url.endsWith("/3")) {
+                tag = tag + "_3";
+            } else if (url.endsWith("/4")) {
+                tag = tag + "_4";
+            } else if (url.endsWith("/5")) {
+                tag = tag + "_5";
+            } else if (url.endsWith("/6")) {
+                tag = tag + "_6";
+            } else if (url.endsWith("/7")) {
+                tag = tag + "_7";
+            }
+            return tag;
+        }
+        return "";
+    }
+
+    private List<XmirrorRecord> getReportLogArray(String path) {
+        List<XmirrorRecord> itemBeans = Lists.newArrayList();
+        JSONArray jsonArray =JSONUtil.readJSONArray(FileUtil.file(path), Charset.forName("utf-8"));
+        for (Object o : jsonArray) {
+            XmirrorRootBean resultBean = JSONUtil.toBean(JSONUtil.toJsonStr(o), XmirrorRootBean.class);
+            itemBeans.addAll(resultBean.getData().getRecords());
+        }
+        return itemBeans;
+    }
+}

src/main/java/com/iast/astbenchmark/analyser/factory/stategy/xmirror/XmirrorData.java

@@ -0,0 +1,87 @@
+package com.iast.astbenchmark.analyser.factory.stategy.xmirror;
+
+import java.util.List;
+
+public class XmirrorData {
+
+    private List<XmirrorRecord> records;
+    private int                 total;
+    private int size;
+    private int current;
+    private List<String> orders;
+    private boolean optimizeCountSql;
+    private boolean searchCount;
+    private String countId;
+    private String maxLimit;
+    private int pages;
+    public void setRecords(List<XmirrorRecord> records) {
+        this.records = records;
+    }
+    public List<XmirrorRecord> getRecords() {
+        return records;
+    }
+
+    public void setTotal(int total) {
+        this.total = total;
+    }
+    public int getTotal() {
+        return total;
+    }
+
+    public void setSize(int size) {
+        this.size = size;
+    }
+    public int getSize() {
+        return size;
+    }
+
+    public void setCurrent(int current) {
+        this.current = current;
+    }
+    public int getCurrent() {
+        return current;
+    }
+
+    public void setOrders(List<String> orders) {
+        this.orders = orders;
+    }
+    public List<String> getOrders() {
+        return orders;
+    }
+
+    public void setOptimizeCountSql(boolean optimizeCountSql) {
+        this.optimizeCountSql = optimizeCountSql;
+    }
+    public boolean getOptimizeCountSql() {
+        return optimizeCountSql;
+    }
+
+    public void setSearchCount(boolean searchCount) {
+        this.searchCount = searchCount;
+    }
+    public boolean getSearchCount() {
+        return searchCount;
+    }
+
+    public void setCountId(String countId) {
+        this.countId = countId;
+    }
+    public String getCountId() {
+        return countId;
+    }
+
+    public void setMaxLimit(String maxLimit) {
+        this.maxLimit = maxLimit;
+    }
+    public String getMaxLimit() {
+        return maxLimit;
+    }
+
+    public void setPages(int pages) {
+        this.pages = pages;
+    }
+    public int getPages() {
+        return pages;
+    }
+
+}

src/main/java/com/iast/astbenchmark/analyser/factory/stategy/xmirror/XmirrorRecord.java

@@ -0,0 +1,130 @@
+package com.iast.astbenchmark.analyser.factory.stategy.xmirror;
+
+import com.iast.astbenchmark.analyser.bean.BaseDetectedDataBean;
+import com.iast.astbenchmark.analyser.bean.BaseOriginalDataBean;
+
+import java.util.Date;
+
+public class XmirrorRecord extends BaseOriginalDataBean {
+
+    private String vulResultId;
+    private int    securityLevelId;
+    private String vulName;
+    private String vulSerial;
+    private String vulUrl;
+    private String vulMidTypeId;
+    private String iastParam;
+    private int    detectEngineId;
+    private int    status;
+    private String iastActiveVerify;
+    private Date   createDate;
+    private Date   firstCreateDate;
+    private String mergeCount;
+    private String assignUserId;
+    private int mergeVulCount;
+    public void setVulResultId(String vulResultId) {
+        this.vulResultId = vulResultId;
+    }
+    public String getVulResultId() {
+        return vulResultId;
+    }
+
+    public void setSecurityLevelId(int securityLevelId) {
+        this.securityLevelId = securityLevelId;
+    }
+    public int getSecurityLevelId() {
+        return securityLevelId;
+    }
+
+    public void setVulName(String vulName) {
+        this.vulName = vulName;
+    }
+    public String getVulName() {
+        return vulName;
+    }
+
+    public void setVulSerial(String vulSerial) {
+        this.vulSerial = vulSerial;
+    }
+    public String getVulSerial() {
+        return vulSerial;
+    }
+
+    public void setVulUrl(String vulUrl) {
+        this.vulUrl = vulUrl;
+    }
+    public String getVulUrl() {
+        return vulUrl;
+    }
+
+    public void setVulMidTypeId(String vulMidTypeId) {
+        this.vulMidTypeId = vulMidTypeId;
+    }
+    public String getVulMidTypeId() {
+        return vulMidTypeId;
+    }
+
+    public void setIastParam(String iastParam) {
+        this.iastParam = iastParam;
+    }
+    public String getIastParam() {
+        return iastParam;
+    }
+
+    public void setDetectEngineId(int detectEngineId) {
+        this.detectEngineId = detectEngineId;
+    }
+    public int getDetectEngineId() {
+        return detectEngineId;
+    }
+
+    public void setStatus(int status) {
+        this.status = status;
+    }
+    public int getStatus() {
+        return status;
+    }
+
+    public void setIastActiveVerify(String iastActiveVerify) {
+        this.iastActiveVerify = iastActiveVerify;
+    }
+    public String getIastActiveVerify() {
+        return iastActiveVerify;
+    }
+
+    public void setCreateDate(Date createDate) {
+        this.createDate = createDate;
+    }
+    public Date getCreateDate() {
+        return createDate;
+    }
+
+    public void setFirstCreateDate(Date firstCreateDate) {
+        this.firstCreateDate = firstCreateDate;
+    }
+    public Date getFirstCreateDate() {
+        return firstCreateDate;
+    }
+
+    public void setMergeCount(String mergeCount) {
+        this.mergeCount = mergeCount;
+    }
+    public String getMergeCount() {
+        return mergeCount;
+    }
+
+    public void setAssignUserId(String assignUserId) {
+        this.assignUserId = assignUserId;
+    }
+    public String getAssignUserId() {
+        return assignUserId;
+    }
+
+    public void setMergeVulCount(int mergeVulCount) {
+        this.mergeVulCount = mergeVulCount;
+    }
+    public int getMergeVulCount() {
+        return mergeVulCount;
+    }
+
+}

src/main/java/com/iast/astbenchmark/analyser/factory/stategy/xmirror/XmirrorRootBean.java

@@ -0,0 +1,39 @@
+package com.iast.astbenchmark.analyser.factory.stategy.xmirror;
+
+import com.iast.astbenchmark.analyser.bean.BaseOriginalDataBean;
+
+public class XmirrorRootBean extends BaseOriginalDataBean {
+
+    private int code;
+    private String      message;
+    private XmirrorData data;
+    private boolean     success;
+    public void setCode(int code) {
+        this.code = code;
+    }
+    public int getCode() {
+        return code;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+    public String getMessage() {
+        return message;
+    }
+
+    public void setData(XmirrorData data) {
+        this.data = data;
+    }
+    public XmirrorData getData() {
+        return data;
+    }
+
+    public void setSuccess(boolean success) {
+        this.success = success;
+    }
+    public boolean getSuccess() {
+        return success;
+    }
+
+}