/** 往session中加载本次测评项目信息 */ private AsseInfoProj loadAsseInfoproj(HttpServletRequest request) { AsseInfoProj asseInfoProj = null; if (request.getSession().getAttribute("asseInfoProj") == null) { String projId = request.getParameter("projId"); if (projId != null && !"".equals(projId.trim())) { Integer projCode = new Integer(projId); asseInfoProj = projectService.find(projCode); System.out.println("find asseInfoProj:" + asseInfoProj.toString()); } request.getSession().setAttribute("asseInfoProj", asseInfoProj); } else { asseInfoProj = (AsseInfoProj) request.getSession().getAttribute("asseInfoProj"); } return asseInfoProj; }
/** * 批量保存/更新动态脆弱点 * * @param paraMaps 参数Map * @param asseInfoProj 测评项目 */ public void batchSaveOrUpdate(Map paraMaps, AsseInfoProj asseInfoProj) { List<AsseKnowDynaVuln> dynaVulnPoints = new ArrayList<AsseKnowDynaVuln>(); String[] dynaVulnPoinIds = (String[]) paraMaps.get("dynaVulnPoinIds"); String assetCode = (String) paraMaps.get("assetCode"); AsseInfoAsse asseInfoAsse = assetDao.find(assetCode); for (int i = 0; i < dynaVulnPoinIds.length; i++) { AsseKnowDynaVuln dynaVulnPoint = vulnAnalDao.find(new Integer(dynaVulnPoinIds[i])); dynaVulnPoint.setAsseInfoProjId(asseInfoProj.getId()); dynaVulnPoint.setAsse(asseInfoAsse); dynaVulnPoint.setAsseInfoBusiId(asseInfoAsse.getAsseInfoBusiId()); dynaVulnPoints.add(dynaVulnPoint); } vulnAnalDao.batchSaveOrUpdate(dynaVulnPoints); }
/** 脆弱点威胁关联分页 */ @SuppressWarnings("unchecked") public ActionForward showVulnThre( ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { AsseInfoProj asseInfoProj = loadAsseInfoproj(request); asseInfoProj.setProgress("prog10"); projectService.saveOrUpdate(asseInfoProj); request.getSession().setAttribute("asseInfoProj", asseInfoProj); String vulnKindIdSelect = request.getParameter("vulnKindIdSelect"); if (vulnKindIdSelect == null) { vulnKindIdSelect = (String) request.getAttribute("vulnKindIdSelect"); } String vulnIdSelect = request.getParameter("vulnIdSelect"); if (vulnIdSelect == null) { vulnIdSelect = (String) request.getAttribute("vulnIdSelect"); } AsseKnowDynaVuln vulnPoint = null; if (vulnKindIdSelect != null) { request.setAttribute("vulnKindSelect", vulnKindIdSelect); } if (vulnIdSelect != null && !"".equals(vulnIdSelect)) { vulnPoint = vulnAnalService.find(new Integer(vulnIdSelect)); request.setAttribute("vulnSelect", vulnIdSelect); request.setAttribute("vulnPoint", vulnPoint); } // 返回动态威胁列表 int currPage = 1; Double totalPage = 0d; int totalNum = 0; int startResult = 0; int maxResult = 5; try { // 分页定义的相关的基本信息 String cp = (request.getParameter("currPage") == null) ? "1" : request.getParameter("currPage"); if (cp != null && !cp.equals("")) { currPage = Integer.parseInt(cp); } startResult = (currPage - 1) * maxResult; if (startResult < 0) { startResult = 0; } // 分页定义的相关的基本信息 totalNum = threAnalService.getCount(asseInfoProj, vulnIdSelect); totalPage = Math.ceil((double) totalNum / maxResult); if (totalPage > 0 && currPage <= 0) { currPage = 1; } if (currPage > totalPage) { currPage = totalPage.intValue(); startResult = (currPage - 1) * maxResult; if (startResult < 0) { startResult = 0; } } // 数据相关的基本信息 List<AsseKnowDynaThre> vulnThreAnalList = new ArrayList<AsseKnowDynaThre>(); vulnThreAnalList = threAnalService.listAllByVuln(startResult, maxResult, asseInfoProj, vulnIdSelect); request.setAttribute("vulnThreAnalList", vulnThreAnalList); request.setAttribute("currPage", currPage); request.setAttribute("totalPage", totalPage.intValue()); // 返回可选资产列表 List assertList = assetService.find(asseInfoProj.getDomain(), null); request.setAttribute("assertList", assertList); // 返回所有静态威胁类别列表 List statThreKindList = statThreKindService.listAllStatThreKind(); request.setAttribute("statThreKindList", statThreKindList); // 返回所有静态威胁列表 List statThreList = statThreService.listAllStatThre(); request.setAttribute("statThreList", statThreList); // 返回所有静态漏洞威胁列表 String cveIdScale = "0"; List<String> cveIdList = leakScanService.listCVEId(asseInfoProj); System.out.println("cveIdList:" + cveIdList); List statCveThreList = null; statCveThreList = statCVEThreService.listStatCVEThreByCVEIdScale(cveIdList); request.setAttribute("statCveThreList", statCveThreList); System.out.println(statCveThreList.size()); // 返回所有静态脆弱点类别列表 List statVulnKindList = statVulnKindService.listAllStatVulnKinds(); request.setAttribute("statVulnKindList", statVulnKindList); List dicSecuLeveList = dicSecuLeveService.findAll(); request.setAttribute("dicSecuLeveList", dicSecuLeveList); // 返回所有动态脆弱点列表 List dynaVulnList = vulnAnalService.listDynaVulnPoint(asseInfoProj.getId().toString()); request.setAttribute("dynaVulnList", dynaVulnList); // 返回漏洞扫描发现的IP列表 List ipList = leakScanService.listIP(asseInfoProj); System.out.println("ipList.size:" + ipList.size()); request.setAttribute("ipList", ipList); // 返回漏洞威胁列表 String ip = request.getParameter("ip"); List<AsseInfoAsse> asseInfo = null; if (ip == null) { ip = (String) request.getAttribute("ip"); } if (ip != null && !"".equals(ip)) { request.setAttribute("ipAddress", ip); asseInfo = assetService.findByIP(ip); } int currPage1 = 1; Double totalPage1 = 0d; int totalNum1 = 0; int startResult1 = 0; int maxResult1 = 5; // 分页定义的相关的基本信息 String cp1 = (request.getParameter("currPage1") == null) ? "1" : request.getParameter("currPage1"); if (cp1 != null && !cp1.equals("")) { currPage1 = Integer.parseInt(cp1); } startResult1 = (currPage1 - 1) * maxResult1; if (startResult1 < 0) { startResult1 = 0; } // 数据相关的基本信息 List<AsseKnowDynaLeakThre> leakThreList = new ArrayList<AsseKnowDynaLeakThre>(); leakThreList = dynaLeakThreService.listDynaLeak(startResult1, maxResult1, asseInfoProj, asseInfo); // 分页定义的相关的基本信息 totalNum1 = dynaLeakThreService.getCount(asseInfoProj, asseInfo); totalPage1 = Math.ceil((double) totalNum1 / maxResult1); if (totalPage1 > 0 && currPage1 <= 0) { currPage1 = 1; } request.getSession().setAttribute("leakThreList", leakThreList); request.setAttribute("currPage1", currPage1); request.setAttribute("totalPage1", totalPage1.intValue()); } catch (Exception e) { logger.debug("风险评估--脆弱性威胁关联--访问出错啦!"); e.printStackTrace(); } return mapping.findForward("dynaVuln"); }
/** * 检查是否已存在该脆弱点 * * @param asseInfoProj 测评项目 * @param statVulnPoinId 脆弱点Id * @return 是否已存在 */ public boolean checkExitDynaVulnPoint( AsseInfoProj asseInfoProj, String assetCode, Integer statVulnPoinId) { AsseInfoAsse asseInfoAsse = assetDao.find(assetCode); return vulnAnalDao.checkExitDynaVulnPoint(asseInfoProj.getId(), asseInfoAsse, statVulnPoinId); }