/** 往session中加载本次测评项目信息 */
private AsseInfoProj loadAsseInfoproj(HttpServletRequest request) {
AsseInfoProj asseInfoProj = null;
if (request.getSession().getAttribute("asseInfoProj") == null) {
String projId = request.getParameter("projId");
if (projId != null && !"".equals(projId.trim())) {
Integer projCode = new Integer(projId);
asseInfoProj = projectService.find(projCode);
System.out.println("find asseInfoProj:" + asseInfoProj.toString());
}
request.getSession().setAttribute("asseInfoProj", asseInfoProj);
} else {
asseInfoProj = (AsseInfoProj) request.getSession().getAttribute("asseInfoProj");
}
return asseInfoProj;
}
/**
* 批量保存/更新动态脆弱点
*
* @param paraMaps 参数Map
* @param asseInfoProj 测评项目
*/
public void batchSaveOrUpdate(Map paraMaps, AsseInfoProj asseInfoProj) {
List<AsseKnowDynaVuln> dynaVulnPoints = new ArrayList<AsseKnowDynaVuln>();
String[] dynaVulnPoinIds = (String[]) paraMaps.get("dynaVulnPoinIds");
String assetCode = (String) paraMaps.get("assetCode");
AsseInfoAsse asseInfoAsse = assetDao.find(assetCode);
for (int i = 0; i < dynaVulnPoinIds.length; i++) {
AsseKnowDynaVuln dynaVulnPoint = vulnAnalDao.find(new Integer(dynaVulnPoinIds[i]));
dynaVulnPoint.setAsseInfoProjId(asseInfoProj.getId());
dynaVulnPoint.setAsse(asseInfoAsse);
dynaVulnPoint.setAsseInfoBusiId(asseInfoAsse.getAsseInfoBusiId());
dynaVulnPoints.add(dynaVulnPoint);
}
vulnAnalDao.batchSaveOrUpdate(dynaVulnPoints);
}
/** 脆弱点威胁关联分页 */
@SuppressWarnings("unchecked")
public ActionForward showVulnThre(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
AsseInfoProj asseInfoProj = loadAsseInfoproj(request);
asseInfoProj.setProgress("prog10");
projectService.saveOrUpdate(asseInfoProj);
request.getSession().setAttribute("asseInfoProj", asseInfoProj);
String vulnKindIdSelect = request.getParameter("vulnKindIdSelect");
if (vulnKindIdSelect == null) {
vulnKindIdSelect = (String) request.getAttribute("vulnKindIdSelect");
}
String vulnIdSelect = request.getParameter("vulnIdSelect");
if (vulnIdSelect == null) {
vulnIdSelect = (String) request.getAttribute("vulnIdSelect");
}
AsseKnowDynaVuln vulnPoint = null;
if (vulnKindIdSelect != null) {
request.setAttribute("vulnKindSelect", vulnKindIdSelect);
}
if (vulnIdSelect != null && !"".equals(vulnIdSelect)) {
vulnPoint = vulnAnalService.find(new Integer(vulnIdSelect));
request.setAttribute("vulnSelect", vulnIdSelect);
request.setAttribute("vulnPoint", vulnPoint);
}
// 返回动态威胁列表
int currPage = 1;
Double totalPage = 0d;
int totalNum = 0;
int startResult = 0;
int maxResult = 5;
try {
// 分页定义的相关的基本信息
String cp =
(request.getParameter("currPage") == null) ? "1" : request.getParameter("currPage");
if (cp != null && !cp.equals("")) {
currPage = Integer.parseInt(cp);
}
startResult = (currPage - 1) * maxResult;
if (startResult < 0) {
startResult = 0;
}
// 分页定义的相关的基本信息
totalNum = threAnalService.getCount(asseInfoProj, vulnIdSelect);
totalPage = Math.ceil((double) totalNum / maxResult);
if (totalPage > 0 && currPage <= 0) {
currPage = 1;
}
if (currPage > totalPage) {
currPage = totalPage.intValue();
startResult = (currPage - 1) * maxResult;
if (startResult < 0) {
startResult = 0;
}
}
// 数据相关的基本信息
List<AsseKnowDynaThre> vulnThreAnalList = new ArrayList<AsseKnowDynaThre>();
vulnThreAnalList =
threAnalService.listAllByVuln(startResult, maxResult, asseInfoProj, vulnIdSelect);
request.setAttribute("vulnThreAnalList", vulnThreAnalList);
request.setAttribute("currPage", currPage);
request.setAttribute("totalPage", totalPage.intValue());
// 返回可选资产列表
List assertList = assetService.find(asseInfoProj.getDomain(), null);
request.setAttribute("assertList", assertList);
// 返回所有静态威胁类别列表
List statThreKindList = statThreKindService.listAllStatThreKind();
request.setAttribute("statThreKindList", statThreKindList);
// 返回所有静态威胁列表
List statThreList = statThreService.listAllStatThre();
request.setAttribute("statThreList", statThreList);
// 返回所有静态漏洞威胁列表
String cveIdScale = "0";
List<String> cveIdList = leakScanService.listCVEId(asseInfoProj);
System.out.println("cveIdList:" + cveIdList);
List statCveThreList = null;
statCveThreList = statCVEThreService.listStatCVEThreByCVEIdScale(cveIdList);
request.setAttribute("statCveThreList", statCveThreList);
System.out.println(statCveThreList.size());
// 返回所有静态脆弱点类别列表
List statVulnKindList = statVulnKindService.listAllStatVulnKinds();
request.setAttribute("statVulnKindList", statVulnKindList);
List dicSecuLeveList = dicSecuLeveService.findAll();
request.setAttribute("dicSecuLeveList", dicSecuLeveList);
// 返回所有动态脆弱点列表
List dynaVulnList = vulnAnalService.listDynaVulnPoint(asseInfoProj.getId().toString());
request.setAttribute("dynaVulnList", dynaVulnList);
// 返回漏洞扫描发现的IP列表
List ipList = leakScanService.listIP(asseInfoProj);
System.out.println("ipList.size:" + ipList.size());
request.setAttribute("ipList", ipList);
// 返回漏洞威胁列表
String ip = request.getParameter("ip");
List<AsseInfoAsse> asseInfo = null;
if (ip == null) {
ip = (String) request.getAttribute("ip");
}
if (ip != null && !"".equals(ip)) {
request.setAttribute("ipAddress", ip);
asseInfo = assetService.findByIP(ip);
}
int currPage1 = 1;
Double totalPage1 = 0d;
int totalNum1 = 0;
int startResult1 = 0;
int maxResult1 = 5;
// 分页定义的相关的基本信息
String cp1 =
(request.getParameter("currPage1") == null) ? "1" : request.getParameter("currPage1");
if (cp1 != null && !cp1.equals("")) {
currPage1 = Integer.parseInt(cp1);
}
startResult1 = (currPage1 - 1) * maxResult1;
if (startResult1 < 0) {
startResult1 = 0;
}
// 数据相关的基本信息
List<AsseKnowDynaLeakThre> leakThreList = new ArrayList<AsseKnowDynaLeakThre>();
leakThreList =
dynaLeakThreService.listDynaLeak(startResult1, maxResult1, asseInfoProj, asseInfo);
// 分页定义的相关的基本信息
totalNum1 = dynaLeakThreService.getCount(asseInfoProj, asseInfo);
totalPage1 = Math.ceil((double) totalNum1 / maxResult1);
if (totalPage1 > 0 && currPage1 <= 0) {
currPage1 = 1;
}
request.getSession().setAttribute("leakThreList", leakThreList);
request.setAttribute("currPage1", currPage1);
request.setAttribute("totalPage1", totalPage1.intValue());
} catch (Exception e) {
logger.debug("风险评估--脆弱性威胁关联--访问出错啦!");
e.printStackTrace();
}
return mapping.findForward("dynaVuln");
}
/**
* 检查是否已存在该脆弱点
*
* @param asseInfoProj 测评项目
* @param statVulnPoinId 脆弱点Id
* @return 是否已存在
*/
public boolean checkExitDynaVulnPoint(
AsseInfoProj asseInfoProj, String assetCode, Integer statVulnPoinId) {
AsseInfoAsse asseInfoAsse = assetDao.find(assetCode);
return vulnAnalDao.checkExitDynaVulnPoint(asseInfoProj.getId(), asseInfoAsse, statVulnPoinId);
}