/** 漏洞与威胁关联 */ @SuppressWarnings("unchecked") public ActionForward relateLeakToThre( ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { String vulnKindIdSelect = request.getParameter("vulnKindIdSelect"); String vulnIdSelect = request.getParameter("vulnIdSelect"); String ip = request.getParameter("ip"); request.setAttribute("ip", ip); request.setAttribute("vulnKindIdSelect", vulnKindIdSelect); request.setAttribute("vulnIdSelect", vulnIdSelect); String[] leakThreIds = request.getParameterValues("leakThreId"); for (int i = 0; i < leakThreIds.length; i++) { System.out.println("leakThreIds[" + i + "]:" + leakThreIds[i]); } int indexArray[] = new int[leakThreIds.length]; List leakThreList = (List) request.getSession().getAttribute("leakThreList"); AsseKnowDynaLeakThre dynaLeakThre = null; for (int m = 0; m < leakThreIds.length; m++) { for (int i = 0; i < leakThreList.size(); i++) { dynaLeakThre = (AsseKnowDynaLeakThre) leakThreList.get(i); if (leakThreIds[m].equals(dynaLeakThre.getId().toString())) { indexArray[m] = i; } } } for (int i = 0; i < indexArray.length; i++) { System.out.println(indexArray[i]); } String[] leakThreKindIds = request.getParameterValues("leakThreKindId"); String[] leakThreKindIds1 = new String[leakThreIds.length]; for (int i = 0; i < indexArray.length; i++) { leakThreKindIds1[i] = leakThreKindIds[indexArray[i]]; } for (int i = 0; i < leakThreKindIds1.length; i++) { System.out.println("leakThreKindIds1[" + i + "]:" + leakThreKindIds1[i]); } String[] leakCveThreIds = request.getParameterValues("leakCveThreId"); String[] leakCveThreIds1 = new String[leakThreIds.length]; for (int i = 0; i < indexArray.length; i++) { leakCveThreIds1[i] = leakCveThreIds[indexArray[i]]; } for (int i = 0; i < leakCveThreIds1.length; i++) { System.out.println("leakCveThreIds1[" + i + "]:" + leakCveThreIds1[i]); } String[] dynaLeakThreLeves = request.getParameterValues("dynaLeakThreLeve"); String[] dynaLeakThreLeves1 = new String[leakThreIds.length]; for (int i = 0; i < indexArray.length; i++) { dynaLeakThreLeves1[i] = dynaLeakThreLeves[indexArray[i]]; } for (int i = 0; i < dynaLeakThreLeves1.length; i++) { System.out.println("dynaLeakThreLeves1[" + i + "]:" + dynaLeakThreLeves1[i]); } Map paraMap = new HashMap(); paraMap.put("leakThreIds", leakThreIds); paraMap.put("leakThreKindIds", leakThreKindIds1); paraMap.put("leakCveThreIds", leakCveThreIds1); paraMap.put("dynaLeakThreLeves", dynaLeakThreLeves1); AsseInfoProj asseInfoProj = loadAsseInfoproj(request); dynaLeakThreService.relateLeakToThre(paraMap, asseInfoProj); // 添加日志 OperatorDetails user = SecurityUserHolder.getCurrentUser(); SystemLog log = new SystemLog(); log.setUsername(user.getUsername()); List<Role> list = user.getRoleList(); String roles = ""; for (Role role : list) { roles += role.getRole() + ","; } log.setRoleName(roles.substring(0, roles.length() - 1)); log.setTime(new Timestamp(new Date().getTime())); log.setModuleName(SystemModelInfo.MOD_RAM); String s = ""; for (String str : leakThreIds) { s += str + ","; } log.setOperationDesc( "风险评估模块,漏洞与威胁关联,漏洞ID为:" + s.substring(0, s.length() - 1) + ",威胁ID为:" + vulnIdSelect); log.setControl("成功"); logService.saveSystemLog(log); return showVulnThre(mapping, form, request, response); }
/** 脆弱点威胁关联分页 */ @SuppressWarnings("unchecked") public ActionForward showVulnThre( ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception { AsseInfoProj asseInfoProj = loadAsseInfoproj(request); asseInfoProj.setProgress("prog10"); projectService.saveOrUpdate(asseInfoProj); request.getSession().setAttribute("asseInfoProj", asseInfoProj); String vulnKindIdSelect = request.getParameter("vulnKindIdSelect"); if (vulnKindIdSelect == null) { vulnKindIdSelect = (String) request.getAttribute("vulnKindIdSelect"); } String vulnIdSelect = request.getParameter("vulnIdSelect"); if (vulnIdSelect == null) { vulnIdSelect = (String) request.getAttribute("vulnIdSelect"); } AsseKnowDynaVuln vulnPoint = null; if (vulnKindIdSelect != null) { request.setAttribute("vulnKindSelect", vulnKindIdSelect); } if (vulnIdSelect != null && !"".equals(vulnIdSelect)) { vulnPoint = vulnAnalService.find(new Integer(vulnIdSelect)); request.setAttribute("vulnSelect", vulnIdSelect); request.setAttribute("vulnPoint", vulnPoint); } // 返回动态威胁列表 int currPage = 1; Double totalPage = 0d; int totalNum = 0; int startResult = 0; int maxResult = 5; try { // 分页定义的相关的基本信息 String cp = (request.getParameter("currPage") == null) ? "1" : request.getParameter("currPage"); if (cp != null && !cp.equals("")) { currPage = Integer.parseInt(cp); } startResult = (currPage - 1) * maxResult; if (startResult < 0) { startResult = 0; } // 分页定义的相关的基本信息 totalNum = threAnalService.getCount(asseInfoProj, vulnIdSelect); totalPage = Math.ceil((double) totalNum / maxResult); if (totalPage > 0 && currPage <= 0) { currPage = 1; } if (currPage > totalPage) { currPage = totalPage.intValue(); startResult = (currPage - 1) * maxResult; if (startResult < 0) { startResult = 0; } } // 数据相关的基本信息 List<AsseKnowDynaThre> vulnThreAnalList = new ArrayList<AsseKnowDynaThre>(); vulnThreAnalList = threAnalService.listAllByVuln(startResult, maxResult, asseInfoProj, vulnIdSelect); request.setAttribute("vulnThreAnalList", vulnThreAnalList); request.setAttribute("currPage", currPage); request.setAttribute("totalPage", totalPage.intValue()); // 返回可选资产列表 List assertList = assetService.find(asseInfoProj.getDomain(), null); request.setAttribute("assertList", assertList); // 返回所有静态威胁类别列表 List statThreKindList = statThreKindService.listAllStatThreKind(); request.setAttribute("statThreKindList", statThreKindList); // 返回所有静态威胁列表 List statThreList = statThreService.listAllStatThre(); request.setAttribute("statThreList", statThreList); // 返回所有静态漏洞威胁列表 String cveIdScale = "0"; List<String> cveIdList = leakScanService.listCVEId(asseInfoProj); System.out.println("cveIdList:" + cveIdList); List statCveThreList = null; statCveThreList = statCVEThreService.listStatCVEThreByCVEIdScale(cveIdList); request.setAttribute("statCveThreList", statCveThreList); System.out.println(statCveThreList.size()); // 返回所有静态脆弱点类别列表 List statVulnKindList = statVulnKindService.listAllStatVulnKinds(); request.setAttribute("statVulnKindList", statVulnKindList); List dicSecuLeveList = dicSecuLeveService.findAll(); request.setAttribute("dicSecuLeveList", dicSecuLeveList); // 返回所有动态脆弱点列表 List dynaVulnList = vulnAnalService.listDynaVulnPoint(asseInfoProj.getId().toString()); request.setAttribute("dynaVulnList", dynaVulnList); // 返回漏洞扫描发现的IP列表 List ipList = leakScanService.listIP(asseInfoProj); System.out.println("ipList.size:" + ipList.size()); request.setAttribute("ipList", ipList); // 返回漏洞威胁列表 String ip = request.getParameter("ip"); List<AsseInfoAsse> asseInfo = null; if (ip == null) { ip = (String) request.getAttribute("ip"); } if (ip != null && !"".equals(ip)) { request.setAttribute("ipAddress", ip); asseInfo = assetService.findByIP(ip); } int currPage1 = 1; Double totalPage1 = 0d; int totalNum1 = 0; int startResult1 = 0; int maxResult1 = 5; // 分页定义的相关的基本信息 String cp1 = (request.getParameter("currPage1") == null) ? "1" : request.getParameter("currPage1"); if (cp1 != null && !cp1.equals("")) { currPage1 = Integer.parseInt(cp1); } startResult1 = (currPage1 - 1) * maxResult1; if (startResult1 < 0) { startResult1 = 0; } // 数据相关的基本信息 List<AsseKnowDynaLeakThre> leakThreList = new ArrayList<AsseKnowDynaLeakThre>(); leakThreList = dynaLeakThreService.listDynaLeak(startResult1, maxResult1, asseInfoProj, asseInfo); // 分页定义的相关的基本信息 totalNum1 = dynaLeakThreService.getCount(asseInfoProj, asseInfo); totalPage1 = Math.ceil((double) totalNum1 / maxResult1); if (totalPage1 > 0 && currPage1 <= 0) { currPage1 = 1; } request.getSession().setAttribute("leakThreList", leakThreList); request.setAttribute("currPage1", currPage1); request.setAttribute("totalPage1", totalPage1.intValue()); } catch (Exception e) { logger.debug("风险评估--脆弱性威胁关联--访问出错啦!"); e.printStackTrace(); } return mapping.findForward("dynaVuln"); }