/** 保存/更新动态威胁 */ @SuppressWarnings("null") public ActionForward saveOrUpdateThre( ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { boolean flag = true; AsseKnowDynaThreForm asseKnowDynaThreForm = (AsseKnowDynaThreForm) form; AsseKnowDynaThre asseKnowDynaThre = new AsseKnowDynaThre(); asseKnowDynaThre.setAsseInfoProjId(asseKnowDynaThreForm.getAsseInfoProjId()); asseKnowDynaThre.setAsseKnowStatThreId(asseKnowDynaThreForm.getAsseKnowStatThreId()); asseKnowDynaThre.setAsseKnowStatThreKindId(asseKnowDynaThreForm.getAsseKnowStatThreKindId()); asseKnowDynaThre.setPossibility(asseKnowDynaThreForm.getPossibility()); asseKnowDynaThre.setThreCode(asseKnowDynaThreForm.getThreCode()); AsseInfoAsse asseInfoAsse = assetService.findByAssetCode(asseKnowDynaThreForm.getAssetCode()); Integer asseDynaVulnPoinId = asseKnowDynaThreForm.getAsseDynaVulnPoinId(); if (asseDynaVulnPoinId != null && !"".equals(asseDynaVulnPoinId)) { AsseKnowDynaVuln asseKnowDynaVuln = vulnAnalService.find(asseDynaVulnPoinId); asseKnowDynaThre.setAsse(asseKnowDynaVuln.getAsse()); asseKnowDynaThre.setDynaVuln(asseKnowDynaVuln); } if (asseKnowDynaThreForm.getId() != null && asseKnowDynaThreForm.getId() > 0) { flag = false; asseKnowDynaThre.setId(asseKnowDynaThreForm.getId()); threAnalService.saveOrUpdate(asseKnowDynaThre); } else { if (!threAnalService.checkExitDynaVulnPoint( asseKnowDynaThreForm.getAsseInfoProjId(), asseInfoAsse, asseKnowDynaThreForm.getAsseKnowStatThreKindId(), asseKnowDynaThreForm.getAsseKnowStatThreId())) { asseKnowDynaThre.setId(null); threAnalService.saveOrUpdate(asseKnowDynaThre); } else { // 该资产关联的脆弱点已存在 ActionErrors errors = new ActionErrors(); errors.add("repeatDynaThre", new ActionMessage("asse.err.dynaThre.repeat")); saveErrors(request, errors); } } // 添加日志 OperatorDetails user = SecurityUserHolder.getCurrentUser(); SystemLog log = new SystemLog(); log.setUsername(user.getUsername()); List<Role> list = user.getRoleList(); String roles = ""; for (Role role : list) { roles += role.getRole() + ","; } log.setRoleName(roles.substring(0, roles.length() - 1)); log.setTime(new Timestamp(new Date().getTime())); log.setModuleName(SystemModelInfo.MOD_RAM); if (flag) { log.setOperationDesc( "风险评估模块,新增动态威胁,ID为:" + asseKnowDynaThre.getId() + ",所属项目ID:" + asseKnowDynaThre.getAsseInfoProjId()); } else { log.setOperationDesc( "风险评估模块,修改动态威胁,ID为:" + asseKnowDynaThre.getId() + ",所属项目ID:" + asseKnowDynaThre.getAsseInfoProjId()); } log.setControl("成功"); logService.saveSystemLog(log); request.setAttribute("asseKnowDynaThre", asseKnowDynaThre); return showVulnThre(mapping, form, request, response); }
/** 脆弱点威胁关联分页 */ @SuppressWarnings("unchecked") public ActionForward showVulnThre( ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { AsseInfoProj asseInfoProj = loadAsseInfoproj(request); asseInfoProj.setProgress("prog10"); projectService.saveOrUpdate(asseInfoProj); request.getSession().setAttribute("asseInfoProj", asseInfoProj); String vulnKindIdSelect = request.getParameter("vulnKindIdSelect"); if (vulnKindIdSelect == null) { vulnKindIdSelect = (String) request.getAttribute("vulnKindIdSelect"); } String vulnIdSelect = request.getParameter("vulnIdSelect"); if (vulnIdSelect == null) { vulnIdSelect = (String) request.getAttribute("vulnIdSelect"); } AsseKnowDynaVuln vulnPoint = null; if (vulnKindIdSelect != null) { request.setAttribute("vulnKindSelect", vulnKindIdSelect); } if (vulnIdSelect != null && !"".equals(vulnIdSelect)) { vulnPoint = vulnAnalService.find(new Integer(vulnIdSelect)); request.setAttribute("vulnSelect", vulnIdSelect); request.setAttribute("vulnPoint", vulnPoint); } // 返回动态威胁列表 int currPage = 1; Double totalPage = 0d; int totalNum = 0; int startResult = 0; int maxResult = 5; try { // 分页定义的相关的基本信息 String cp = (request.getParameter("currPage") == null) ? "1" : request.getParameter("currPage"); if (cp != null && !cp.equals("")) { currPage = Integer.parseInt(cp); } startResult = (currPage - 1) * maxResult; if (startResult < 0) { startResult = 0; } // 分页定义的相关的基本信息 totalNum = threAnalService.getCount(asseInfoProj, vulnIdSelect); totalPage = Math.ceil((double) totalNum / maxResult); if (totalPage > 0 && currPage <= 0) { currPage = 1; } if (currPage > totalPage) { currPage = totalPage.intValue(); startResult = (currPage - 1) * maxResult; if (startResult < 0) { startResult = 0; } } // 数据相关的基本信息 List<AsseKnowDynaThre> vulnThreAnalList = new ArrayList<AsseKnowDynaThre>(); vulnThreAnalList = threAnalService.listAllByVuln(startResult, maxResult, asseInfoProj, vulnIdSelect); request.setAttribute("vulnThreAnalList", vulnThreAnalList); request.setAttribute("currPage", currPage); request.setAttribute("totalPage", totalPage.intValue()); // 返回可选资产列表 List assertList = assetService.find(asseInfoProj.getDomain(), null); request.setAttribute("assertList", assertList); // 返回所有静态威胁类别列表 List statThreKindList = statThreKindService.listAllStatThreKind(); request.setAttribute("statThreKindList", statThreKindList); // 返回所有静态威胁列表 List statThreList = statThreService.listAllStatThre(); request.setAttribute("statThreList", statThreList); // 返回所有静态漏洞威胁列表 String cveIdScale = "0"; List<String> cveIdList = leakScanService.listCVEId(asseInfoProj); System.out.println("cveIdList:" + cveIdList); List statCveThreList = null; statCveThreList = statCVEThreService.listStatCVEThreByCVEIdScale(cveIdList); request.setAttribute("statCveThreList", statCveThreList); System.out.println(statCveThreList.size()); // 返回所有静态脆弱点类别列表 List statVulnKindList = statVulnKindService.listAllStatVulnKinds(); request.setAttribute("statVulnKindList", statVulnKindList); List dicSecuLeveList = dicSecuLeveService.findAll(); request.setAttribute("dicSecuLeveList", dicSecuLeveList); // 返回所有动态脆弱点列表 List dynaVulnList = vulnAnalService.listDynaVulnPoint(asseInfoProj.getId().toString()); request.setAttribute("dynaVulnList", dynaVulnList); // 返回漏洞扫描发现的IP列表 List ipList = leakScanService.listIP(asseInfoProj); System.out.println("ipList.size:" + ipList.size()); request.setAttribute("ipList", ipList); // 返回漏洞威胁列表 String ip = request.getParameter("ip"); List<AsseInfoAsse> asseInfo = null; if (ip == null) { ip = (String) request.getAttribute("ip"); } if (ip != null && !"".equals(ip)) { request.setAttribute("ipAddress", ip); asseInfo = assetService.findByIP(ip); } int currPage1 = 1; Double totalPage1 = 0d; int totalNum1 = 0; int startResult1 = 0; int maxResult1 = 5; // 分页定义的相关的基本信息 String cp1 = (request.getParameter("currPage1") == null) ? "1" : request.getParameter("currPage1"); if (cp1 != null && !cp1.equals("")) { currPage1 = Integer.parseInt(cp1); } startResult1 = (currPage1 - 1) * maxResult1; if (startResult1 < 0) { startResult1 = 0; } // 数据相关的基本信息 List<AsseKnowDynaLeakThre> leakThreList = new ArrayList<AsseKnowDynaLeakThre>(); leakThreList = dynaLeakThreService.listDynaLeak(startResult1, maxResult1, asseInfoProj, asseInfo); // 分页定义的相关的基本信息 totalNum1 = dynaLeakThreService.getCount(asseInfoProj, asseInfo); totalPage1 = Math.ceil((double) totalNum1 / maxResult1); if (totalPage1 > 0 && currPage1 <= 0) { currPage1 = 1; } request.getSession().setAttribute("leakThreList", leakThreList); request.setAttribute("currPage1", currPage1); request.setAttribute("totalPage1", totalPage1.intValue()); } catch (Exception e) { logger.debug("风险评估--脆弱性威胁关联--访问出错啦!"); e.printStackTrace(); } return mapping.findForward("dynaVuln"); }