Пример #1
0
  /**
   * Frame 修改归并窗这个不涉及到权限 所以方法名称特殊点
   *
   * @param mapping
   * @param form
   * @param request
   * @param response
   * @return
   * @throws Exception
   */
  public ActionForward alertSorUfusion(
      ActionMapping mapping,
      ActionForm form,
      HttpServletRequest request,
      HttpServletResponse response)
      throws Exception {

    try {
      init();
      AlertFusionRuleBO entityAlertFusionRuleBO = new AlertFusionRuleBO();
      String fusionTime = request.getParameter("fusionTime");
      if (fusionTime != null) {
        entityAlertFusionRuleBO.setFusionTime(Integer.parseInt(fusionTime));
      }
      alertFusionRuleServices.saveOrUpdateAlertFusionRuleServices(entityAlertFusionRuleBO);
      log.setUsername(username);
      log.setRoleName(rolenames);
      log.setTime(new Timestamp(new Date().getTime()));
      log.setModuleName(SystemModelInfo.MOD_AIM);
      log.setOperationDesc("修改归并时间");
      log.setControl("成功");
      systemlogService.saveSystemLog(log);
      return this.getListPageAlertAction(mapping, form, request, response);
    } catch (Exception e) {
      log.setUsername(username);
      log.setRoleName(rolenames);
      log.setTime(new Timestamp(new Date().getTime()));
      log.setModuleName(SystemModelInfo.MOD_AIM);
      log.setOperationDesc("修改归并时间");
      log.setControl("失败");
      systemlogService.saveSystemLog(log);
      return null;
    }
  }
Пример #2
0
  /**
   * 查询所有的告警类型信息
   *
   * @param mapping
   * @param form
   * @param request
   * @param response
   * @return
   * @throws Exception
   */
  public ActionForward getListAlertType(
      ActionMapping mapping,
      ActionForm form,
      HttpServletRequest request,
      HttpServletResponse response)
      throws Exception {

    try {
      init();
      List<AlertTypeBO> alertTypelist = alertTypeService.getLisByAlertTypeService();
      request.getSession().setAttribute("altypeList", alertTypelist);
      log.setUsername(username);
      log.setRoleName(rolenames);
      log.setTime(new Timestamp(new Date().getTime()));
      log.setModuleName(SystemModelInfo.MOD_AIM);
      log.setOperationDesc("查询所有的告警类型信息");
      log.setControl("成功");
      systemlogService.saveSystemLog(log);
      return this.getListPageAlertAction(mapping, form, request, response);
    } catch (Exception e) {
      log.setUsername(username);
      log.setRoleName(rolenames);
      log.setTime(new Timestamp(new Date().getTime()));
      log.setModuleName(SystemModelInfo.MOD_AIM);
      log.setOperationDesc("查询所有的告警类型信息");
      log.setControl("失败");
      systemlogService.saveSystemLog(log);
      return null;
    }
  }
Пример #3
0
  public ActionForward saveorupdate(
      ActionMapping mapping,
      ActionForm form,
      HttpServletRequest request,
      HttpServletResponse response) {
    boolean flag = false;
    System.out.println("~~~~增加或更新打印信息~~~~~");
    FilePrintFrom fileform = (FilePrintFrom) form;
    RespFilePrint file = new RespFilePrint();
    System.out.println("id===" + fileform.getId());
    System.out.println("content===" + fileform.getPrintcontent());
    System.out.println("procid===" + fileform.getSelectresp());
    request.setAttribute("printres", fileform.getPrintcontent());
    request.setAttribute("selectid", fileform.getSelectresp());
    if (fileform.getId() == 0) {
      flag = true;
      file.setId(null);
    } else {
      file.setId(fileform.getId());
    }
    file.setContent(fileform.getPrintcontent());
    file.setRespInfo(respInfoService.findrespInfoById(fileform.getSelectresp()));
    respInfoService.saveorupdate(file);

    // 添加日志
    OperatorDetails user = SecurityUserHolder.getCurrentUser();
    SystemLog log = new SystemLog();
    log.setUsername(user.getUsername());
    List<Role> list = user.getRoleList();
    String roles = "";
    for (Role role : list) {
      roles += role.getRole() + ",";
    }
    log.setRoleName(roles.substring(0, roles.length() - 1));
    log.setTime(new Timestamp(new Date().getTime()));
    log.setModuleName(SystemModelInfo.MOD_ERM);
    if (flag) {
      log.setOperationDesc(
          "应急响应模块文件打印,新增打印信息,ID为:" + file.getId() + ",所属预案名称为:" + file.getRespInfo().getName());
    } else {
      log.setOperationDesc(
          "应急响应模块文件打印,修改打印信息,ID为:" + file.getId() + ",所属预案名称为:" + file.getRespInfo().getName());
    }
    log.setControl("成功");
    logService.saveSystemLog(log);
    request.setAttribute("respMenu", "fp");
    return mapping.findForward("filecount");
  }
Пример #4
0
  /** 动态威胁与动态脆弱点关联 */
  @SuppressWarnings("unchecked")
  public ActionForward relateToVuln(
      ActionMapping mapping,
      ActionForm form,
      HttpServletRequest request,
      HttpServletResponse response)
      throws Exception {

    String vulnKindIdSelect = request.getParameter("vulnKindIdSelect");
    String vulnIdSelect = request.getParameter("vulnIdSelect");
    String ip = request.getParameter("ip");
    request.setAttribute("ip", ip);
    request.setAttribute("vulnKindIdSelect", vulnKindIdSelect);
    request.setAttribute("vulnIdSelect", vulnIdSelect);
    AsseKnowDynaThreForm asseKnowDynaThreForm = (AsseKnowDynaThreForm) form;
    String[] dynaThreIds = asseKnowDynaThreForm.getDynaThreIds();
    Map paraMaps = new HashMap();
    paraMaps.put("dynaThreIds", dynaThreIds);
    paraMaps.put("vulnId", vulnIdSelect);
    AsseInfoProj asseInfoProj = loadAsseInfoproj(request);
    threAnalService.relateToVuln(paraMaps, asseInfoProj);

    // 添加日志
    OperatorDetails user = SecurityUserHolder.getCurrentUser();
    SystemLog log = new SystemLog();
    log.setUsername(user.getUsername());
    List<Role> list = user.getRoleList();
    String roles = "";
    for (Role role : list) {
      roles += role.getRole() + ",";
    }
    log.setRoleName(roles.substring(0, roles.length() - 1));
    log.setTime(new Timestamp(new Date().getTime()));
    log.setModuleName(SystemModelInfo.MOD_RAM);
    String s = "";
    for (String str : dynaThreIds) {
      s += str + ",";
    }
    log.setOperationDesc(
        "风险评估模块,动态威胁与动态脆弱点关联,动态威胁ID为:"
            + s.substring(0, s.length() - 1)
            + "动态脆弱点ID为:"
            + vulnIdSelect);
    log.setControl("成功");
    logService.saveSystemLog(log);
    return showVulnThre(mapping, form, request, response);
  }
Пример #5
0
  /**
   * Frame 跳转专用
   *
   * @param mapping
   * @param form
   * @param request
   * @param response
   * @return
   * @throws Exception
   */
  public ActionForward alertRuleFwd(
      ActionMapping mapping,
      ActionForm form,
      HttpServletRequest request,
      HttpServletResponse response)
      throws Exception {
    String alertId = request.getParameter("alertId");

    try {
      init();
      if (alertId != null && (!alertId.equals(""))) {
        AlertInfoBO alertInfobo = alertService.getByIdAlertService(Integer.parseInt(alertId));
        if (alertInfobo != null) {
          request.setAttribute("alertInfobo", alertInfobo);
          String fusion = alertInfobo.getFusioin();
          int fusionCount = 0;
          List fustionTimeList = new ArrayList();
          if (fusion != null && fusion.trim().length() > 0) {
            String strs[] = fusion.split(",");
            if (strs != null && strs.length > 0) {
              fusionCount = strs.length;
              for (String string : strs) {
                fustionTimeList.add(string);
              }
            }
          }
          request.setAttribute("fusionCount", fusionCount);
          request.setAttribute("fustionTimeAll", fustionTimeList);
          if (alertInfobo.getStatus() != null && alertInfobo.getStatus() == 1) {
            // 如果状态是未读  就更新状态为只读
            alertInfobo.setStatus(0);
            alertService.updateAlertService(alertInfobo);
          }
          if (alertInfobo.getIfnew() != null && alertInfobo.getIfnew() == 1) {
            alertInfobo.setIfnew(0);
            alertService.updateAlertService(alertInfobo);
          }
          if (alertInfobo != null && alertInfobo.getDomain_id() != null) {
            Integer domain_id = alertInfobo.getDomain_id();
            Domain domain = domainService.findById(domain_id);
            request.setAttribute("department", domain);
          }
          // 触发规则列表
          List alertRuleList = new ArrayList();
          if (alertInfobo.getRule() != null && alertInfobo.getRule().trim().length() != 0) {
            String strs[] = alertInfobo.getRule().split(",");
            for (int i = 0; i < strs.length; i++) {
              AlertRuleBO rule =
                  alertRuleService.getByIdAlertRuleService(Integer.parseInt(strs[i]));
              alertRuleList.add(rule);
            }
          }
          request.setAttribute("alertruleList", alertRuleList);
        }
      }
      log.setUsername(username);
      log.setRoleName(rolenames);
      log.setTime(new Timestamp(new Date().getTime()));
      log.setModuleName(SystemModelInfo.MOD_AIM);
      log.setOperationDesc("查询告警类型信息详情");
      log.setControl("成功");
      systemlogService.saveSystemLog(log);
      return mapping.findForward("alertLinkage");
    } catch (Exception e) {
      log.setUsername(username);
      log.setRoleName(rolenames);
      log.setTime(new Timestamp(new Date().getTime()));
      log.setModuleName(SystemModelInfo.MOD_AIM);
      log.setOperationDesc("查询告警类型信息详情");
      log.setControl("失败");
      systemlogService.saveSystemLog(log);
      return null;
    }
  }
Пример #6
0
  /**
   * 多条件查询告警信息 并且分页显示
   *
   * @param mapping
   * @param form
   * @param request
   * @param response
   * @return
   * @throws Exception
   */
  public ActionForward getListPageAlertAction(
      ActionMapping mapping,
      ActionForm form,
      HttpServletRequest request,
      HttpServletResponse response)
      throws Exception {
    AlertForm alertForm = (AlertForm) form;
    HttpSession session = request.getSession();
    Page page = new Page();
    request.setAttribute("alertinfoQuery", alertForm.getAlertquer());
    try {
      init();
      log.setUsername(username);
      log.setRoleName(rolenames);
      log.setTime(new Timestamp(new Date().getTime()));
      log.setModuleName(SystemModelInfo.MOD_AIM);
      log.setOperationDesc("多条件查询告警信息 并且分页显示");
      log.setControl("成功");
      systemlogService.saveSystemLog(log);
      // 根据类型查找子类型
      List<AlertTypeBO> subTypeList = new ArrayList();
      if (alertForm.getAlertquer().getAlertType() != null
          && alertForm.getAlertquer().getAlertType().trim().length() > 0) {
        subTypeList =
            alertDwrService.getSubTypeByNameService(alertForm.getAlertquer().getAlertType());
      }
      request.setAttribute("subTypeList", subTypeList);

      // 获得当前页
      String curpage =
          request.getParameter("curpage") != null && (!request.getParameter("curpage").equals(""))
              ? request.getParameter("curpage")
              : "1";
      if (request.getParameter("pageSize") != null
          && (!request.getParameter("pageSize").equals(""))) {
        int pagesize = Integer.parseInt(request.getParameter("pageSize"));
        request.setAttribute("pageSize", request.getParameter("pageSize"));
        page.setEveryPage(pagesize);
      } else {
        page.setEveryPage(10);
      }
      // 如果第一次进来就初始化条件为NULL

      if (request.getParameter("first") != null) {
        alertForm.setAlertquer(new AlertQueryVO());
        request.setAttribute("subTypeList", null);
        request.setAttribute("alertinfoQuery", null);
      }
      // 设置当前页跟开始位置
      page.setCurrentPage(Integer.parseInt(curpage));
      page.setBeginIndex((page.getCurrentPage() - 1) * page.getEveryPage());
      OperatorDetails user = SecurityUserHolder.getCurrentUser();
      if (user.getUsername().equals("admin")) {
        PageResult result = alertService.getListPageAlertService(page, alertForm.getAlertquer());
        request.setAttribute("page", result.getPage());
        request.setAttribute("list", result.getPageList());
      } else {
        List<Domain> listDomain = user.getDomainList();
        PageResult result =
            alertService.getListPageAlertService(page, alertForm.getAlertquer(), listDomain);
        if (result != null) {
          request.setAttribute("page", result.getPage());
          request.setAttribute("list", result.getPageList());
        }
      }
      // 告警浏览
      if (request.getParameter("home") != null && request.getParameter("home").trim().equals("1")) {
        AlertFusionRuleBO alertFusionRuleBO = alertFusionRuleServices.getAlertFusionRuleServices();
        request.setAttribute("alertFusionRuleBO", alertFusionRuleBO);
        session.setAttribute("topcss", "alertIndex");
        return mapping.findForward("alertHome");
      }
      // 弹出告警监控 小窗口
      if (request.getParameter("MinWindow") != null) {
        if (request.getSession().getAttribute("altypeList") == null) {
          this.getListAlertType(mapping, alertForm, request, response);
        }
        AlertFusionRuleBO alertFusionRuleBO = alertFusionRuleServices.getAlertFusionRuleServices();
        request.setAttribute("alertFusionRuleBO", alertFusionRuleBO);
        request.setAttribute("monitorTime", new Timestamp(System.currentTimeMillis()));
        return mapping.findForward("AlertMinWindow");
      }
      session.setAttribute("topcss", "alertIndex");
      return mapping.findForward("alertIndex");
    } catch (Exception e) {
      log.setUsername(username);
      log.setRoleName(rolenames);
      log.setTime(new Timestamp(new Date().getTime()));
      log.setModuleName(SystemModelInfo.MOD_AIM);
      log.setOperationDesc("多条件查询告警信息 并且分页显示");
      log.setControl("失败");
      systemlogService.saveSystemLog(log);
      return null;
    }
  }
Пример #7
0
  /** 漏洞与威胁关联 */
  @SuppressWarnings("unchecked")
  public ActionForward relateLeakToThre(
      ActionMapping mapping,
      ActionForm form,
      HttpServletRequest request,
      HttpServletResponse response)
      throws Exception {

    String vulnKindIdSelect = request.getParameter("vulnKindIdSelect");
    String vulnIdSelect = request.getParameter("vulnIdSelect");
    String ip = request.getParameter("ip");
    request.setAttribute("ip", ip);
    request.setAttribute("vulnKindIdSelect", vulnKindIdSelect);
    request.setAttribute("vulnIdSelect", vulnIdSelect);
    String[] leakThreIds = request.getParameterValues("leakThreId");
    for (int i = 0; i < leakThreIds.length; i++) {
      System.out.println("leakThreIds[" + i + "]:" + leakThreIds[i]);
    }
    int indexArray[] = new int[leakThreIds.length];
    List leakThreList = (List) request.getSession().getAttribute("leakThreList");
    AsseKnowDynaLeakThre dynaLeakThre = null;
    for (int m = 0; m < leakThreIds.length; m++) {
      for (int i = 0; i < leakThreList.size(); i++) {
        dynaLeakThre = (AsseKnowDynaLeakThre) leakThreList.get(i);
        if (leakThreIds[m].equals(dynaLeakThre.getId().toString())) {
          indexArray[m] = i;
        }
      }
    }

    for (int i = 0; i < indexArray.length; i++) {
      System.out.println(indexArray[i]);
    }

    String[] leakThreKindIds = request.getParameterValues("leakThreKindId");
    String[] leakThreKindIds1 = new String[leakThreIds.length];
    for (int i = 0; i < indexArray.length; i++) {
      leakThreKindIds1[i] = leakThreKindIds[indexArray[i]];
    }
    for (int i = 0; i < leakThreKindIds1.length; i++) {
      System.out.println("leakThreKindIds1[" + i + "]:" + leakThreKindIds1[i]);
    }

    String[] leakCveThreIds = request.getParameterValues("leakCveThreId");
    String[] leakCveThreIds1 = new String[leakThreIds.length];
    for (int i = 0; i < indexArray.length; i++) {
      leakCveThreIds1[i] = leakCveThreIds[indexArray[i]];
    }
    for (int i = 0; i < leakCveThreIds1.length; i++) {
      System.out.println("leakCveThreIds1[" + i + "]:" + leakCveThreIds1[i]);
    }

    String[] dynaLeakThreLeves = request.getParameterValues("dynaLeakThreLeve");
    String[] dynaLeakThreLeves1 = new String[leakThreIds.length];
    for (int i = 0; i < indexArray.length; i++) {
      dynaLeakThreLeves1[i] = dynaLeakThreLeves[indexArray[i]];
    }
    for (int i = 0; i < dynaLeakThreLeves1.length; i++) {
      System.out.println("dynaLeakThreLeves1[" + i + "]:" + dynaLeakThreLeves1[i]);
    }

    Map paraMap = new HashMap();
    paraMap.put("leakThreIds", leakThreIds);
    paraMap.put("leakThreKindIds", leakThreKindIds1);
    paraMap.put("leakCveThreIds", leakCveThreIds1);
    paraMap.put("dynaLeakThreLeves", dynaLeakThreLeves1);
    AsseInfoProj asseInfoProj = loadAsseInfoproj(request);
    dynaLeakThreService.relateLeakToThre(paraMap, asseInfoProj);

    // 添加日志
    OperatorDetails user = SecurityUserHolder.getCurrentUser();
    SystemLog log = new SystemLog();
    log.setUsername(user.getUsername());
    List<Role> list = user.getRoleList();
    String roles = "";
    for (Role role : list) {
      roles += role.getRole() + ",";
    }
    log.setRoleName(roles.substring(0, roles.length() - 1));
    log.setTime(new Timestamp(new Date().getTime()));
    log.setModuleName(SystemModelInfo.MOD_RAM);
    String s = "";
    for (String str : leakThreIds) {
      s += str + ",";
    }
    log.setOperationDesc(
        "风险评估模块,漏洞与威胁关联,漏洞ID为:" + s.substring(0, s.length() - 1) + ",威胁ID为:" + vulnIdSelect);
    log.setControl("成功");
    logService.saveSystemLog(log);

    return showVulnThre(mapping, form, request, response);
  }
Пример #8
0
  /** 保存/更新动态威胁 */
  @SuppressWarnings("null")
  public ActionForward saveOrUpdateThre(
      ActionMapping mapping,
      ActionForm form,
      HttpServletRequest request,
      HttpServletResponse response)
      throws Exception {
    boolean flag = true;
    AsseKnowDynaThreForm asseKnowDynaThreForm = (AsseKnowDynaThreForm) form;
    AsseKnowDynaThre asseKnowDynaThre = new AsseKnowDynaThre();
    asseKnowDynaThre.setAsseInfoProjId(asseKnowDynaThreForm.getAsseInfoProjId());
    asseKnowDynaThre.setAsseKnowStatThreId(asseKnowDynaThreForm.getAsseKnowStatThreId());
    asseKnowDynaThre.setAsseKnowStatThreKindId(asseKnowDynaThreForm.getAsseKnowStatThreKindId());
    asseKnowDynaThre.setPossibility(asseKnowDynaThreForm.getPossibility());
    asseKnowDynaThre.setThreCode(asseKnowDynaThreForm.getThreCode());
    AsseInfoAsse asseInfoAsse = assetService.findByAssetCode(asseKnowDynaThreForm.getAssetCode());
    Integer asseDynaVulnPoinId = asseKnowDynaThreForm.getAsseDynaVulnPoinId();
    if (asseDynaVulnPoinId != null && !"".equals(asseDynaVulnPoinId)) {
      AsseKnowDynaVuln asseKnowDynaVuln = vulnAnalService.find(asseDynaVulnPoinId);
      asseKnowDynaThre.setAsse(asseKnowDynaVuln.getAsse());
      asseKnowDynaThre.setDynaVuln(asseKnowDynaVuln);
    }

    if (asseKnowDynaThreForm.getId() != null && asseKnowDynaThreForm.getId() > 0) {
      flag = false;
      asseKnowDynaThre.setId(asseKnowDynaThreForm.getId());
      threAnalService.saveOrUpdate(asseKnowDynaThre);
    } else {
      if (!threAnalService.checkExitDynaVulnPoint(
          asseKnowDynaThreForm.getAsseInfoProjId(),
          asseInfoAsse,
          asseKnowDynaThreForm.getAsseKnowStatThreKindId(),
          asseKnowDynaThreForm.getAsseKnowStatThreId())) {
        asseKnowDynaThre.setId(null);
        threAnalService.saveOrUpdate(asseKnowDynaThre);
      } else {
        // 该资产关联的脆弱点已存在
        ActionErrors errors = new ActionErrors();
        errors.add("repeatDynaThre", new ActionMessage("asse.err.dynaThre.repeat"));
        saveErrors(request, errors);
      }
    }

    // 添加日志
    OperatorDetails user = SecurityUserHolder.getCurrentUser();
    SystemLog log = new SystemLog();
    log.setUsername(user.getUsername());
    List<Role> list = user.getRoleList();
    String roles = "";
    for (Role role : list) {
      roles += role.getRole() + ",";
    }
    log.setRoleName(roles.substring(0, roles.length() - 1));
    log.setTime(new Timestamp(new Date().getTime()));
    log.setModuleName(SystemModelInfo.MOD_RAM);
    if (flag) {
      log.setOperationDesc(
          "风险评估模块,新增动态威胁,ID为:"
              + asseKnowDynaThre.getId()
              + ",所属项目ID:"
              + asseKnowDynaThre.getAsseInfoProjId());
    } else {
      log.setOperationDesc(
          "风险评估模块,修改动态威胁,ID为:"
              + asseKnowDynaThre.getId()
              + ",所属项目ID:"
              + asseKnowDynaThre.getAsseInfoProjId());
    }
    log.setControl("成功");
    logService.saveSystemLog(log);
    request.setAttribute("asseKnowDynaThre", asseKnowDynaThre);
    return showVulnThre(mapping, form, request, response);
  }