/** 漏洞与威胁关联 */
@SuppressWarnings("unchecked")
public ActionForward relateLeakToThre(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
String vulnKindIdSelect = request.getParameter("vulnKindIdSelect");
String vulnIdSelect = request.getParameter("vulnIdSelect");
String ip = request.getParameter("ip");
request.setAttribute("ip", ip);
request.setAttribute("vulnKindIdSelect", vulnKindIdSelect);
request.setAttribute("vulnIdSelect", vulnIdSelect);
String[] leakThreIds = request.getParameterValues("leakThreId");
for (int i = 0; i < leakThreIds.length; i++) {
System.out.println("leakThreIds[" + i + "]:" + leakThreIds[i]);
}
int indexArray[] = new int[leakThreIds.length];
List leakThreList = (List) request.getSession().getAttribute("leakThreList");
AsseKnowDynaLeakThre dynaLeakThre = null;
for (int m = 0; m < leakThreIds.length; m++) {
for (int i = 0; i < leakThreList.size(); i++) {
dynaLeakThre = (AsseKnowDynaLeakThre) leakThreList.get(i);
if (leakThreIds[m].equals(dynaLeakThre.getId().toString())) {
indexArray[m] = i;
}
}
}
for (int i = 0; i < indexArray.length; i++) {
System.out.println(indexArray[i]);
}
String[] leakThreKindIds = request.getParameterValues("leakThreKindId");
String[] leakThreKindIds1 = new String[leakThreIds.length];
for (int i = 0; i < indexArray.length; i++) {
leakThreKindIds1[i] = leakThreKindIds[indexArray[i]];
}
for (int i = 0; i < leakThreKindIds1.length; i++) {
System.out.println("leakThreKindIds1[" + i + "]:" + leakThreKindIds1[i]);
}
String[] leakCveThreIds = request.getParameterValues("leakCveThreId");
String[] leakCveThreIds1 = new String[leakThreIds.length];
for (int i = 0; i < indexArray.length; i++) {
leakCveThreIds1[i] = leakCveThreIds[indexArray[i]];
}
for (int i = 0; i < leakCveThreIds1.length; i++) {
System.out.println("leakCveThreIds1[" + i + "]:" + leakCveThreIds1[i]);
}
String[] dynaLeakThreLeves = request.getParameterValues("dynaLeakThreLeve");
String[] dynaLeakThreLeves1 = new String[leakThreIds.length];
for (int i = 0; i < indexArray.length; i++) {
dynaLeakThreLeves1[i] = dynaLeakThreLeves[indexArray[i]];
}
for (int i = 0; i < dynaLeakThreLeves1.length; i++) {
System.out.println("dynaLeakThreLeves1[" + i + "]:" + dynaLeakThreLeves1[i]);
}
Map paraMap = new HashMap();
paraMap.put("leakThreIds", leakThreIds);
paraMap.put("leakThreKindIds", leakThreKindIds1);
paraMap.put("leakCveThreIds", leakCveThreIds1);
paraMap.put("dynaLeakThreLeves", dynaLeakThreLeves1);
AsseInfoProj asseInfoProj = loadAsseInfoproj(request);
dynaLeakThreService.relateLeakToThre(paraMap, asseInfoProj);
// 添加日志
OperatorDetails user = SecurityUserHolder.getCurrentUser();
SystemLog log = new SystemLog();
log.setUsername(user.getUsername());
List<Role> list = user.getRoleList();
String roles = "";
for (Role role : list) {
roles += role.getRole() + ",";
}
log.setRoleName(roles.substring(0, roles.length() - 1));
log.setTime(new Timestamp(new Date().getTime()));
log.setModuleName(SystemModelInfo.MOD_RAM);
String s = "";
for (String str : leakThreIds) {
s += str + ",";
}
log.setOperationDesc(
"风险评估模块,漏洞与威胁关联,漏洞ID为:" + s.substring(0, s.length() - 1) + ",威胁ID为:" + vulnIdSelect);
log.setControl("成功");
logService.saveSystemLog(log);
return showVulnThre(mapping, form, request, response);
}
/** 脆弱点威胁关联分页 */
@SuppressWarnings("unchecked")
public ActionForward showVulnThre(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
AsseInfoProj asseInfoProj = loadAsseInfoproj(request);
asseInfoProj.setProgress("prog10");
projectService.saveOrUpdate(asseInfoProj);
request.getSession().setAttribute("asseInfoProj", asseInfoProj);
String vulnKindIdSelect = request.getParameter("vulnKindIdSelect");
if (vulnKindIdSelect == null) {
vulnKindIdSelect = (String) request.getAttribute("vulnKindIdSelect");
}
String vulnIdSelect = request.getParameter("vulnIdSelect");
if (vulnIdSelect == null) {
vulnIdSelect = (String) request.getAttribute("vulnIdSelect");
}
AsseKnowDynaVuln vulnPoint = null;
if (vulnKindIdSelect != null) {
request.setAttribute("vulnKindSelect", vulnKindIdSelect);
}
if (vulnIdSelect != null && !"".equals(vulnIdSelect)) {
vulnPoint = vulnAnalService.find(new Integer(vulnIdSelect));
request.setAttribute("vulnSelect", vulnIdSelect);
request.setAttribute("vulnPoint", vulnPoint);
}
// 返回动态威胁列表
int currPage = 1;
Double totalPage = 0d;
int totalNum = 0;
int startResult = 0;
int maxResult = 5;
try {
// 分页定义的相关的基本信息
String cp =
(request.getParameter("currPage") == null) ? "1" : request.getParameter("currPage");
if (cp != null && !cp.equals("")) {
currPage = Integer.parseInt(cp);
}
startResult = (currPage - 1) * maxResult;
if (startResult < 0) {
startResult = 0;
}
// 分页定义的相关的基本信息
totalNum = threAnalService.getCount(asseInfoProj, vulnIdSelect);
totalPage = Math.ceil((double) totalNum / maxResult);
if (totalPage > 0 && currPage <= 0) {
currPage = 1;
}
if (currPage > totalPage) {
currPage = totalPage.intValue();
startResult = (currPage - 1) * maxResult;
if (startResult < 0) {
startResult = 0;
}
}
// 数据相关的基本信息
List<AsseKnowDynaThre> vulnThreAnalList = new ArrayList<AsseKnowDynaThre>();
vulnThreAnalList =
threAnalService.listAllByVuln(startResult, maxResult, asseInfoProj, vulnIdSelect);
request.setAttribute("vulnThreAnalList", vulnThreAnalList);
request.setAttribute("currPage", currPage);
request.setAttribute("totalPage", totalPage.intValue());
// 返回可选资产列表
List assertList = assetService.find(asseInfoProj.getDomain(), null);
request.setAttribute("assertList", assertList);
// 返回所有静态威胁类别列表
List statThreKindList = statThreKindService.listAllStatThreKind();
request.setAttribute("statThreKindList", statThreKindList);
// 返回所有静态威胁列表
List statThreList = statThreService.listAllStatThre();
request.setAttribute("statThreList", statThreList);
// 返回所有静态漏洞威胁列表
String cveIdScale = "0";
List<String> cveIdList = leakScanService.listCVEId(asseInfoProj);
System.out.println("cveIdList:" + cveIdList);
List statCveThreList = null;
statCveThreList = statCVEThreService.listStatCVEThreByCVEIdScale(cveIdList);
request.setAttribute("statCveThreList", statCveThreList);
System.out.println(statCveThreList.size());
// 返回所有静态脆弱点类别列表
List statVulnKindList = statVulnKindService.listAllStatVulnKinds();
request.setAttribute("statVulnKindList", statVulnKindList);
List dicSecuLeveList = dicSecuLeveService.findAll();
request.setAttribute("dicSecuLeveList", dicSecuLeveList);
// 返回所有动态脆弱点列表
List dynaVulnList = vulnAnalService.listDynaVulnPoint(asseInfoProj.getId().toString());
request.setAttribute("dynaVulnList", dynaVulnList);
// 返回漏洞扫描发现的IP列表
List ipList = leakScanService.listIP(asseInfoProj);
System.out.println("ipList.size:" + ipList.size());
request.setAttribute("ipList", ipList);
// 返回漏洞威胁列表
String ip = request.getParameter("ip");
List<AsseInfoAsse> asseInfo = null;
if (ip == null) {
ip = (String) request.getAttribute("ip");
}
if (ip != null && !"".equals(ip)) {
request.setAttribute("ipAddress", ip);
asseInfo = assetService.findByIP(ip);
}
int currPage1 = 1;
Double totalPage1 = 0d;
int totalNum1 = 0;
int startResult1 = 0;
int maxResult1 = 5;
// 分页定义的相关的基本信息
String cp1 =
(request.getParameter("currPage1") == null) ? "1" : request.getParameter("currPage1");
if (cp1 != null && !cp1.equals("")) {
currPage1 = Integer.parseInt(cp1);
}
startResult1 = (currPage1 - 1) * maxResult1;
if (startResult1 < 0) {
startResult1 = 0;
}
// 数据相关的基本信息
List<AsseKnowDynaLeakThre> leakThreList = new ArrayList<AsseKnowDynaLeakThre>();
leakThreList =
dynaLeakThreService.listDynaLeak(startResult1, maxResult1, asseInfoProj, asseInfo);
// 分页定义的相关的基本信息
totalNum1 = dynaLeakThreService.getCount(asseInfoProj, asseInfo);
totalPage1 = Math.ceil((double) totalNum1 / maxResult1);
if (totalPage1 > 0 && currPage1 <= 0) {
currPage1 = 1;
}
request.getSession().setAttribute("leakThreList", leakThreList);
request.setAttribute("currPage1", currPage1);
request.setAttribute("totalPage1", totalPage1.intValue());
} catch (Exception e) {
logger.debug("风险评估--脆弱性威胁关联--访问出错啦!");
e.printStackTrace();
}
return mapping.findForward("dynaVuln");
}