public ActionForward saveorupdate(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response) {
boolean flag = false;
System.out.println("~~~~增加或更新打印信息~~~~~");
FilePrintFrom fileform = (FilePrintFrom) form;
RespFilePrint file = new RespFilePrint();
System.out.println("id===" + fileform.getId());
System.out.println("content===" + fileform.getPrintcontent());
System.out.println("procid===" + fileform.getSelectresp());
request.setAttribute("printres", fileform.getPrintcontent());
request.setAttribute("selectid", fileform.getSelectresp());
if (fileform.getId() == 0) {
flag = true;
file.setId(null);
} else {
file.setId(fileform.getId());
}
file.setContent(fileform.getPrintcontent());
file.setRespInfo(respInfoService.findrespInfoById(fileform.getSelectresp()));
respInfoService.saveorupdate(file);
// 添加日志
OperatorDetails user = SecurityUserHolder.getCurrentUser();
SystemLog log = new SystemLog();
log.setUsername(user.getUsername());
List<Role> list = user.getRoleList();
String roles = "";
for (Role role : list) {
roles += role.getRole() + ",";
}
log.setRoleName(roles.substring(0, roles.length() - 1));
log.setTime(new Timestamp(new Date().getTime()));
log.setModuleName(SystemModelInfo.MOD_ERM);
if (flag) {
log.setOperationDesc(
"应急响应模块文件打印,新增打印信息,ID为:" + file.getId() + ",所属预案名称为:" + file.getRespInfo().getName());
} else {
log.setOperationDesc(
"应急响应模块文件打印,修改打印信息,ID为:" + file.getId() + ",所属预案名称为:" + file.getRespInfo().getName());
}
log.setControl("成功");
logService.saveSystemLog(log);
request.setAttribute("respMenu", "fp");
return mapping.findForward("filecount");
}
/** 动态威胁与动态脆弱点关联 */
@SuppressWarnings("unchecked")
public ActionForward relateToVuln(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
String vulnKindIdSelect = request.getParameter("vulnKindIdSelect");
String vulnIdSelect = request.getParameter("vulnIdSelect");
String ip = request.getParameter("ip");
request.setAttribute("ip", ip);
request.setAttribute("vulnKindIdSelect", vulnKindIdSelect);
request.setAttribute("vulnIdSelect", vulnIdSelect);
AsseKnowDynaThreForm asseKnowDynaThreForm = (AsseKnowDynaThreForm) form;
String[] dynaThreIds = asseKnowDynaThreForm.getDynaThreIds();
Map paraMaps = new HashMap();
paraMaps.put("dynaThreIds", dynaThreIds);
paraMaps.put("vulnId", vulnIdSelect);
AsseInfoProj asseInfoProj = loadAsseInfoproj(request);
threAnalService.relateToVuln(paraMaps, asseInfoProj);
// 添加日志
OperatorDetails user = SecurityUserHolder.getCurrentUser();
SystemLog log = new SystemLog();
log.setUsername(user.getUsername());
List<Role> list = user.getRoleList();
String roles = "";
for (Role role : list) {
roles += role.getRole() + ",";
}
log.setRoleName(roles.substring(0, roles.length() - 1));
log.setTime(new Timestamp(new Date().getTime()));
log.setModuleName(SystemModelInfo.MOD_RAM);
String s = "";
for (String str : dynaThreIds) {
s += str + ",";
}
log.setOperationDesc(
"风险评估模块,动态威胁与动态脆弱点关联,动态威胁ID为:"
+ s.substring(0, s.length() - 1)
+ "动态脆弱点ID为:"
+ vulnIdSelect);
log.setControl("成功");
logService.saveSystemLog(log);
return showVulnThre(mapping, form, request, response);
}
/**
* 查询所有的告警类型信息
*
* @param mapping
* @param form
* @param request
* @param response
* @return
* @throws Exception
*/
public ActionForward getListAlertType(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
try {
init();
List<AlertTypeBO> alertTypelist = alertTypeService.getLisByAlertTypeService();
request.getSession().setAttribute("altypeList", alertTypelist);
log.setUsername(username);
log.setRoleName(rolenames);
log.setTime(new Timestamp(new Date().getTime()));
log.setModuleName(SystemModelInfo.MOD_AIM);
log.setOperationDesc("查询所有的告警类型信息");
log.setControl("成功");
systemlogService.saveSystemLog(log);
return this.getListPageAlertAction(mapping, form, request, response);
} catch (Exception e) {
log.setUsername(username);
log.setRoleName(rolenames);
log.setTime(new Timestamp(new Date().getTime()));
log.setModuleName(SystemModelInfo.MOD_AIM);
log.setOperationDesc("查询所有的告警类型信息");
log.setControl("失败");
systemlogService.saveSystemLog(log);
return null;
}
}
/**
* Frame 修改归并窗这个不涉及到权限 所以方法名称特殊点
*
* @param mapping
* @param form
* @param request
* @param response
* @return
* @throws Exception
*/
public ActionForward alertSorUfusion(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
try {
init();
AlertFusionRuleBO entityAlertFusionRuleBO = new AlertFusionRuleBO();
String fusionTime = request.getParameter("fusionTime");
if (fusionTime != null) {
entityAlertFusionRuleBO.setFusionTime(Integer.parseInt(fusionTime));
}
alertFusionRuleServices.saveOrUpdateAlertFusionRuleServices(entityAlertFusionRuleBO);
log.setUsername(username);
log.setRoleName(rolenames);
log.setTime(new Timestamp(new Date().getTime()));
log.setModuleName(SystemModelInfo.MOD_AIM);
log.setOperationDesc("修改归并时间");
log.setControl("成功");
systemlogService.saveSystemLog(log);
return this.getListPageAlertAction(mapping, form, request, response);
} catch (Exception e) {
log.setUsername(username);
log.setRoleName(rolenames);
log.setTime(new Timestamp(new Date().getTime()));
log.setModuleName(SystemModelInfo.MOD_AIM);
log.setOperationDesc("修改归并时间");
log.setControl("失败");
systemlogService.saveSystemLog(log);
return null;
}
}
/**
* Frame 跳转专用
*
* @param mapping
* @param form
* @param request
* @param response
* @return
* @throws Exception
*/
public ActionForward alertRuleFwd(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
String alertId = request.getParameter("alertId");
try {
init();
if (alertId != null && (!alertId.equals(""))) {
AlertInfoBO alertInfobo = alertService.getByIdAlertService(Integer.parseInt(alertId));
if (alertInfobo != null) {
request.setAttribute("alertInfobo", alertInfobo);
String fusion = alertInfobo.getFusioin();
int fusionCount = 0;
List fustionTimeList = new ArrayList();
if (fusion != null && fusion.trim().length() > 0) {
String strs[] = fusion.split(",");
if (strs != null && strs.length > 0) {
fusionCount = strs.length;
for (String string : strs) {
fustionTimeList.add(string);
}
}
}
request.setAttribute("fusionCount", fusionCount);
request.setAttribute("fustionTimeAll", fustionTimeList);
if (alertInfobo.getStatus() != null && alertInfobo.getStatus() == 1) {
// 如果状态是未读 就更新状态为只读
alertInfobo.setStatus(0);
alertService.updateAlertService(alertInfobo);
}
if (alertInfobo.getIfnew() != null && alertInfobo.getIfnew() == 1) {
alertInfobo.setIfnew(0);
alertService.updateAlertService(alertInfobo);
}
if (alertInfobo != null && alertInfobo.getDomain_id() != null) {
Integer domain_id = alertInfobo.getDomain_id();
Domain domain = domainService.findById(domain_id);
request.setAttribute("department", domain);
}
// 触发规则列表
List alertRuleList = new ArrayList();
if (alertInfobo.getRule() != null && alertInfobo.getRule().trim().length() != 0) {
String strs[] = alertInfobo.getRule().split(",");
for (int i = 0; i < strs.length; i++) {
AlertRuleBO rule =
alertRuleService.getByIdAlertRuleService(Integer.parseInt(strs[i]));
alertRuleList.add(rule);
}
}
request.setAttribute("alertruleList", alertRuleList);
}
}
log.setUsername(username);
log.setRoleName(rolenames);
log.setTime(new Timestamp(new Date().getTime()));
log.setModuleName(SystemModelInfo.MOD_AIM);
log.setOperationDesc("查询告警类型信息详情");
log.setControl("成功");
systemlogService.saveSystemLog(log);
return mapping.findForward("alertLinkage");
} catch (Exception e) {
log.setUsername(username);
log.setRoleName(rolenames);
log.setTime(new Timestamp(new Date().getTime()));
log.setModuleName(SystemModelInfo.MOD_AIM);
log.setOperationDesc("查询告警类型信息详情");
log.setControl("失败");
systemlogService.saveSystemLog(log);
return null;
}
}
/**
* 多条件查询告警信息 并且分页显示
*
* @param mapping
* @param form
* @param request
* @param response
* @return
* @throws Exception
*/
public ActionForward getListPageAlertAction(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
AlertForm alertForm = (AlertForm) form;
HttpSession session = request.getSession();
Page page = new Page();
request.setAttribute("alertinfoQuery", alertForm.getAlertquer());
try {
init();
log.setUsername(username);
log.setRoleName(rolenames);
log.setTime(new Timestamp(new Date().getTime()));
log.setModuleName(SystemModelInfo.MOD_AIM);
log.setOperationDesc("多条件查询告警信息 并且分页显示");
log.setControl("成功");
systemlogService.saveSystemLog(log);
// 根据类型查找子类型
List<AlertTypeBO> subTypeList = new ArrayList();
if (alertForm.getAlertquer().getAlertType() != null
&& alertForm.getAlertquer().getAlertType().trim().length() > 0) {
subTypeList =
alertDwrService.getSubTypeByNameService(alertForm.getAlertquer().getAlertType());
}
request.setAttribute("subTypeList", subTypeList);
// 获得当前页
String curpage =
request.getParameter("curpage") != null && (!request.getParameter("curpage").equals(""))
? request.getParameter("curpage")
: "1";
if (request.getParameter("pageSize") != null
&& (!request.getParameter("pageSize").equals(""))) {
int pagesize = Integer.parseInt(request.getParameter("pageSize"));
request.setAttribute("pageSize", request.getParameter("pageSize"));
page.setEveryPage(pagesize);
} else {
page.setEveryPage(10);
}
// 如果第一次进来就初始化条件为NULL
if (request.getParameter("first") != null) {
alertForm.setAlertquer(new AlertQueryVO());
request.setAttribute("subTypeList", null);
request.setAttribute("alertinfoQuery", null);
}
// 设置当前页跟开始位置
page.setCurrentPage(Integer.parseInt(curpage));
page.setBeginIndex((page.getCurrentPage() - 1) * page.getEveryPage());
OperatorDetails user = SecurityUserHolder.getCurrentUser();
if (user.getUsername().equals("admin")) {
PageResult result = alertService.getListPageAlertService(page, alertForm.getAlertquer());
request.setAttribute("page", result.getPage());
request.setAttribute("list", result.getPageList());
} else {
List<Domain> listDomain = user.getDomainList();
PageResult result =
alertService.getListPageAlertService(page, alertForm.getAlertquer(), listDomain);
if (result != null) {
request.setAttribute("page", result.getPage());
request.setAttribute("list", result.getPageList());
}
}
// 告警浏览
if (request.getParameter("home") != null && request.getParameter("home").trim().equals("1")) {
AlertFusionRuleBO alertFusionRuleBO = alertFusionRuleServices.getAlertFusionRuleServices();
request.setAttribute("alertFusionRuleBO", alertFusionRuleBO);
session.setAttribute("topcss", "alertIndex");
return mapping.findForward("alertHome");
}
// 弹出告警监控 小窗口
if (request.getParameter("MinWindow") != null) {
if (request.getSession().getAttribute("altypeList") == null) {
this.getListAlertType(mapping, alertForm, request, response);
}
AlertFusionRuleBO alertFusionRuleBO = alertFusionRuleServices.getAlertFusionRuleServices();
request.setAttribute("alertFusionRuleBO", alertFusionRuleBO);
request.setAttribute("monitorTime", new Timestamp(System.currentTimeMillis()));
return mapping.findForward("AlertMinWindow");
}
session.setAttribute("topcss", "alertIndex");
return mapping.findForward("alertIndex");
} catch (Exception e) {
log.setUsername(username);
log.setRoleName(rolenames);
log.setTime(new Timestamp(new Date().getTime()));
log.setModuleName(SystemModelInfo.MOD_AIM);
log.setOperationDesc("多条件查询告警信息 并且分页显示");
log.setControl("失败");
systemlogService.saveSystemLog(log);
return null;
}
}
/** 漏洞与威胁关联 */
@SuppressWarnings("unchecked")
public ActionForward relateLeakToThre(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
String vulnKindIdSelect = request.getParameter("vulnKindIdSelect");
String vulnIdSelect = request.getParameter("vulnIdSelect");
String ip = request.getParameter("ip");
request.setAttribute("ip", ip);
request.setAttribute("vulnKindIdSelect", vulnKindIdSelect);
request.setAttribute("vulnIdSelect", vulnIdSelect);
String[] leakThreIds = request.getParameterValues("leakThreId");
for (int i = 0; i < leakThreIds.length; i++) {
System.out.println("leakThreIds[" + i + "]:" + leakThreIds[i]);
}
int indexArray[] = new int[leakThreIds.length];
List leakThreList = (List) request.getSession().getAttribute("leakThreList");
AsseKnowDynaLeakThre dynaLeakThre = null;
for (int m = 0; m < leakThreIds.length; m++) {
for (int i = 0; i < leakThreList.size(); i++) {
dynaLeakThre = (AsseKnowDynaLeakThre) leakThreList.get(i);
if (leakThreIds[m].equals(dynaLeakThre.getId().toString())) {
indexArray[m] = i;
}
}
}
for (int i = 0; i < indexArray.length; i++) {
System.out.println(indexArray[i]);
}
String[] leakThreKindIds = request.getParameterValues("leakThreKindId");
String[] leakThreKindIds1 = new String[leakThreIds.length];
for (int i = 0; i < indexArray.length; i++) {
leakThreKindIds1[i] = leakThreKindIds[indexArray[i]];
}
for (int i = 0; i < leakThreKindIds1.length; i++) {
System.out.println("leakThreKindIds1[" + i + "]:" + leakThreKindIds1[i]);
}
String[] leakCveThreIds = request.getParameterValues("leakCveThreId");
String[] leakCveThreIds1 = new String[leakThreIds.length];
for (int i = 0; i < indexArray.length; i++) {
leakCveThreIds1[i] = leakCveThreIds[indexArray[i]];
}
for (int i = 0; i < leakCveThreIds1.length; i++) {
System.out.println("leakCveThreIds1[" + i + "]:" + leakCveThreIds1[i]);
}
String[] dynaLeakThreLeves = request.getParameterValues("dynaLeakThreLeve");
String[] dynaLeakThreLeves1 = new String[leakThreIds.length];
for (int i = 0; i < indexArray.length; i++) {
dynaLeakThreLeves1[i] = dynaLeakThreLeves[indexArray[i]];
}
for (int i = 0; i < dynaLeakThreLeves1.length; i++) {
System.out.println("dynaLeakThreLeves1[" + i + "]:" + dynaLeakThreLeves1[i]);
}
Map paraMap = new HashMap();
paraMap.put("leakThreIds", leakThreIds);
paraMap.put("leakThreKindIds", leakThreKindIds1);
paraMap.put("leakCveThreIds", leakCveThreIds1);
paraMap.put("dynaLeakThreLeves", dynaLeakThreLeves1);
AsseInfoProj asseInfoProj = loadAsseInfoproj(request);
dynaLeakThreService.relateLeakToThre(paraMap, asseInfoProj);
// 添加日志
OperatorDetails user = SecurityUserHolder.getCurrentUser();
SystemLog log = new SystemLog();
log.setUsername(user.getUsername());
List<Role> list = user.getRoleList();
String roles = "";
for (Role role : list) {
roles += role.getRole() + ",";
}
log.setRoleName(roles.substring(0, roles.length() - 1));
log.setTime(new Timestamp(new Date().getTime()));
log.setModuleName(SystemModelInfo.MOD_RAM);
String s = "";
for (String str : leakThreIds) {
s += str + ",";
}
log.setOperationDesc(
"风险评估模块,漏洞与威胁关联,漏洞ID为:" + s.substring(0, s.length() - 1) + ",威胁ID为:" + vulnIdSelect);
log.setControl("成功");
logService.saveSystemLog(log);
return showVulnThre(mapping, form, request, response);
}
/** 保存/更新动态威胁 */
@SuppressWarnings("null")
public ActionForward saveOrUpdateThre(
ActionMapping mapping,
ActionForm form,
HttpServletRequest request,
HttpServletResponse response)
throws Exception {
boolean flag = true;
AsseKnowDynaThreForm asseKnowDynaThreForm = (AsseKnowDynaThreForm) form;
AsseKnowDynaThre asseKnowDynaThre = new AsseKnowDynaThre();
asseKnowDynaThre.setAsseInfoProjId(asseKnowDynaThreForm.getAsseInfoProjId());
asseKnowDynaThre.setAsseKnowStatThreId(asseKnowDynaThreForm.getAsseKnowStatThreId());
asseKnowDynaThre.setAsseKnowStatThreKindId(asseKnowDynaThreForm.getAsseKnowStatThreKindId());
asseKnowDynaThre.setPossibility(asseKnowDynaThreForm.getPossibility());
asseKnowDynaThre.setThreCode(asseKnowDynaThreForm.getThreCode());
AsseInfoAsse asseInfoAsse = assetService.findByAssetCode(asseKnowDynaThreForm.getAssetCode());
Integer asseDynaVulnPoinId = asseKnowDynaThreForm.getAsseDynaVulnPoinId();
if (asseDynaVulnPoinId != null && !"".equals(asseDynaVulnPoinId)) {
AsseKnowDynaVuln asseKnowDynaVuln = vulnAnalService.find(asseDynaVulnPoinId);
asseKnowDynaThre.setAsse(asseKnowDynaVuln.getAsse());
asseKnowDynaThre.setDynaVuln(asseKnowDynaVuln);
}
if (asseKnowDynaThreForm.getId() != null && asseKnowDynaThreForm.getId() > 0) {
flag = false;
asseKnowDynaThre.setId(asseKnowDynaThreForm.getId());
threAnalService.saveOrUpdate(asseKnowDynaThre);
} else {
if (!threAnalService.checkExitDynaVulnPoint(
asseKnowDynaThreForm.getAsseInfoProjId(),
asseInfoAsse,
asseKnowDynaThreForm.getAsseKnowStatThreKindId(),
asseKnowDynaThreForm.getAsseKnowStatThreId())) {
asseKnowDynaThre.setId(null);
threAnalService.saveOrUpdate(asseKnowDynaThre);
} else {
// 该资产关联的脆弱点已存在
ActionErrors errors = new ActionErrors();
errors.add("repeatDynaThre", new ActionMessage("asse.err.dynaThre.repeat"));
saveErrors(request, errors);
}
}
// 添加日志
OperatorDetails user = SecurityUserHolder.getCurrentUser();
SystemLog log = new SystemLog();
log.setUsername(user.getUsername());
List<Role> list = user.getRoleList();
String roles = "";
for (Role role : list) {
roles += role.getRole() + ",";
}
log.setRoleName(roles.substring(0, roles.length() - 1));
log.setTime(new Timestamp(new Date().getTime()));
log.setModuleName(SystemModelInfo.MOD_RAM);
if (flag) {
log.setOperationDesc(
"风险评估模块,新增动态威胁,ID为:"
+ asseKnowDynaThre.getId()
+ ",所属项目ID:"
+ asseKnowDynaThre.getAsseInfoProjId());
} else {
log.setOperationDesc(
"风险评估模块,修改动态威胁,ID为:"
+ asseKnowDynaThre.getId()
+ ",所属项目ID:"
+ asseKnowDynaThre.getAsseInfoProjId());
}
log.setControl("成功");
logService.saveSystemLog(log);
request.setAttribute("asseKnowDynaThre", asseKnowDynaThre);
return showVulnThre(mapping, form, request, response);
}