Merge pull request #2058 from yaklang/yj/feature/audit-code-scan-done

Yj/feature/audit code scan done
yaklang · Oct 25, 2024 · 179fe82 · 179fe82
2 parents d28e347 + 275e6df
commit 179fe82
Show file tree

Hide file tree

Showing 129 changed files with 13,856 additions and 96 deletions.
diff --git a/app/main/handlers/syntaxFlow.js b/app/main/handlers/syntaxFlow.js
@@ -0,0 +1,66 @@
+const {ipcMain} = require("electron");
+
+module.exports = (win, getClient) => {
+    const asyncQuerySyntaxFlowRuleGroup = (params) => {
+        return new Promise((resolve, reject) => {
+            getClient().QuerySyntaxFlowRuleGroup(params, (err, data) => {
+                if (err) {
+                    reject(err)
+                    return
+                }
+                resolve(data)
+            })
+        })
+    }
+    // 获取规则组数据
+    ipcMain.handle("QuerySyntaxFlowRuleGroup", async (e, params) => {
+        return await asyncQuerySyntaxFlowRuleGroup(params)
+    })
+
+    const asyncQuerySyntaxFlowRule = (params) => {
+        return new Promise((resolve, reject) => {
+            getClient().QuerySyntaxFlowRule(params, (err, data) => {
+                if (err) {
+                    reject(err)
+                    return
+                }
+                resolve(data)
+            })
+        })
+    }
+    // 获取规则组所含规则
+    ipcMain.handle("QuerySyntaxFlowRule", async (e, params) => {
+        return await asyncQuerySyntaxFlowRule(params)
+    })
+
+    // 规则执行
+    const handlerHelper = require("./handleStreamWithContext");
+    const streamSyntaxFlowScanMap = new Map();
+    ipcMain.handle("cancel-SyntaxFlowScan", handlerHelper.cancelHandler(streamSyntaxFlowScanMap));
+    ipcMain.handle("SyntaxFlowScan", (e, params, token) => {
+        let stream = streamSyntaxFlowScanMap.get(token)
+        if (stream) {
+            stream.write(params)
+            return
+        }
+        stream = getClient().SyntaxFlowScan();
+        stream.write(params)
+        handlerHelper.registerHandler(win, stream, streamSyntaxFlowScanMap, token)
+    })
+
+    const asyncQuerySyntaxFlowResult = (params) => {
+        return new Promise((resolve, reject) => {
+            getClient().QuerySyntaxFlowResult(params, (err, data) => {
+                if (err) {
+                    reject(err)
+                    return
+                }
+                resolve(data)
+            })
+        })
+    }
+    // 获取审计结果
+    ipcMain.handle("QuerySyntaxFlowResult", async (e, params) => {
+        return await asyncQuerySyntaxFlowResult(params)
+    })
+}
diff --git a/app/main/ipc.js b/app/main/ipc.js
@@ -184,6 +184,7 @@ module.exports = {
         require("./handlers/portScan")(win, getClient)
         require("./handlers/startBrute")(win, getClient)
         require("./handlers/webshell")(win, getClient)
+        require("./handlers/syntaxFlow")(win, getClient)
 
         // start chrome manager
         try {

diff --git a/app/protos/grpc.proto b/app/protos/grpc.proto
@@ -718,6 +718,11 @@ service Yak {
   rpc UpdateSyntaxFlowRule(UpdateSyntaxFlowRuleRequest) returns (DbOperateMessage);
   rpc DeleteSyntaxFlowRule(DeleteSyntaxFlowRuleRequest) returns (DbOperateMessage);
   rpc QuerySyntaxFlowRuleGroup(QuerySyntaxFlowRuleGroupRequest)returns (QuerySyntaxFlowRuleGroupResponse);
+
+  // syntaxflow scan 
+  rpc SyntaxFlowScan(stream SyntaxFlowScanRequest) returns (stream SyntaxFlowScanResponse);
+  // query result 
+  rpc QuerySyntaxFlowResult (QuerySyntaxFlowResultRequest) returns (QuerySyntaxFlowResultResponse);
 }
 message GetSpaceEngineAccountStatusRequest {
   string Type = 1;
@@ -2992,6 +2997,10 @@ message Risk {
   string TaskName = 26;
   string Tags = 27;
   bool IsRead = 28;
+
+  uint64 ResultID = 30;
+  string SyntaxFlowVariable = 31;
+  string ProgramName  = 32;
 }
 
 message QueryRisksRequest {
@@ -3987,7 +3996,6 @@ message SaveYakScriptToOnlineRequest {
   string Token = 2;
   bool IsPrivate = 3;
   bool All = 4;
-  string PluginSupplement= 5;
 }
 
 message SaveYakScriptToOnlineResponse {
@@ -5474,6 +5482,7 @@ message QuerySyntaxFlowRuleResponse{
   Paging Pagination = 1;
   DbOperateMessage DbMessage= 2;
   repeated SyntaxFlowRule Rule = 3;
+  uint64 Total = 4;
 }
 
 message DeleteSyntaxFlowRuleRequest{
@@ -5497,3 +5506,77 @@ message QuerySyntaxFlowRuleGroupRequest{
 message QuerySyntaxFlowRuleGroupResponse{
   repeated SyntaxFlowGroup Group = 1;
 }
+
+message SyntaxFlowScanRequest{
+  string ControlMode = 1; // 控制模式 "start" "pause" "resume" "status"
+
+  // 启动扫描任务
+  SyntaxFlowRuleFilter Filter = 2; // 用于指定扫描的规则
+  repeated string ProgramName = 3; // 用于指定扫描的程序 
+}
+
+message SyntaxFlowScanResponse{
+  string TaskID = 1;
+  // 扫描状态
+  string Status = 2; // "executing" | "done" | "paused" | "error"
+
+  ExecResult ExecResult = 3;
+
+  // result 
+  SyntaxFlowResult Result = 4;
+  repeated Risk risks = 5;
+}
+
+
+message SyntaxFlowResultFilter {
+  repeated string TaskIDs = 1; 
+  repeated string ResultIDs = 2; 
+  repeated string RuleNames = 3;
+  repeated string ProgramNames = 4;
+
+  string Keyword = 5;
+
+
+  bool OnlyRisk = 6;
+
+  int64 AfterID = 7; 
+  int64 BeforeID = 8;
+
+  repeated string Severity = 9;  //  "info", "low", "middle", "critical", "high"
+}
+
+message QuerySyntaxFlowResultRequest{
+  Paging Pagination = 2;
+  SyntaxFlowResultFilter Filter = 1;
+}
+
+message QuerySyntaxFlowResultResponse{
+  Paging Pagination = 1;
+  DbOperateMessage DbMessage= 2;
+  repeated SyntaxFlowResult Results = 3;
+  uint64 Total = 4; 
+}
+
+
+message SyntaxFlowResult {
+  // result ID for yakurl(syntaxflow://)
+  uint64 ResultID  = 1; 
+  string TaskID = 2;
+
+  // rule info 
+  string RuleName = 3;
+  string Title = 4;
+  string TitleZh = 5;
+  string Description = 6;
+  string Severity = 7; //  "info", "low", "middle", "critical", "high"
+  string Purpose = 8;
+
+  // target info 
+  string ProgramName = 9;
+  string Language = 10; 
+
+  // runtime info 
+  uint64 RiskCount = 11; 
+
+  string RuleContent = 12;
+}
diff --git a/app/renderer/src/main/src/assets/icon/outline.tsx b/app/renderer/src/main/src/assets/icon/outline.tsx
@@ -5458,7 +5458,6 @@ export const OutlileHistoryIcon = (props: Partial<IconProps>) => {
     return <Icon component={OutlileHistory} {...props} />
 }
 
-
 const OutlinCompile = () => (
     <svg xmlns='http://www.w3.org/2000/svg' width='20' height='20' viewBox='0 0 20 20' fill='none'>
         <path
@@ -5493,3 +5492,53 @@ const OutlinCompileTwo = () => (
 export const OutlinCompileTwoIcon = (props: Partial<IconProps>) => {
     return <Icon component={OutlinCompileTwo} {...props} />
 }
+
+const OutlineScan = () => (
+    <svg xmlns='http://www.w3.org/2000/svg' width='16' height='16' viewBox='0 0 16 16' fill='none'>
+        <path
+            d='M2.6665 5.33366V4.00033C2.6665 3.6467 2.80698 3.30756 3.05703 3.05752C3.30708 2.80747 3.64622 2.66699 3.99984 2.66699H5.33317'
+            stroke='currentColor'
+            strokeLinecap='round'
+            strokeLinejoin='round'
+        />
+        <path
+            d='M10.6665 2.66699H11.9998C12.3535 2.66699 12.6926 2.80747 12.9426 3.05752C13.1927 3.30756 13.3332 3.6467 13.3332 4.00033V5.33366'
+            stroke='currentColor'
+            strokeLinecap='round'
+            strokeLinejoin='round'
+        />
+        <path
+            d='M13.3332 10.667V12.0003C13.3332 12.3539 13.1927 12.6931 12.9426 12.9431C12.6926 13.1932 12.3535 13.3337 11.9998 13.3337H10.6665'
+            stroke='currentColor'
+            strokeLinecap='round'
+            strokeLinejoin='round'
+        />
+        <path
+            d='M5.33317 13.3337H3.99984C3.64622 13.3337 3.30708 13.1932 3.05703 12.9431C2.80698 12.6931 2.6665 12.3539 2.6665 12.0003V10.667'
+            stroke='currentColor'
+            strokeLinecap='round'
+            strokeLinejoin='round'
+        />
+        <path d='M5.3335 8L10.6668 8' stroke='currentColor' strokeLinecap='round' strokeLinejoin='round' />
+    </svg>
+)
+
+export const OutlineScanIcon = (props: Partial<IconProps>) => {
+    return <Icon component={OutlineScan} {...props} />
+}
+
+const PositionIcon = () => (
+    <svg xmlns='http://www.w3.org/2000/svg' width='24' height='24' viewBox='0 0 24 24' fill='none'>
+        <path
+            d='M2 12H6M12 2V6M18 12H22M12 18V22M20 12C20 16.4183 16.4183 20 12 20C7.58172 20 4 16.4183 4 12C4 7.58172 7.58172 4 12 4C16.4183 4 20 7.58172 20 12ZM14 12C14 13.1046 13.1046 14 12 14C10.8954 14 10 13.1046 10 12C10 10.8954 10.8954 10 12 10C13.1046 10 14 10.8954 14 12Z'
+            stroke='currentColor'
+            strokeWidth='2'
+            strokeLinecap='round'
+            strokeLinejoin='round'
+        />
+    </svg>
+)
+
+export const OutlinePositionIcon = (props: Partial<IconProps>) => {
+    return <Icon component={PositionIcon} {...props} />
+}
diff --git a/app/renderer/src/main/src/components/layout/FuncDomain.tsx b/app/renderer/src/main/src/components/layout/FuncDomain.tsx
@@ -61,7 +61,7 @@ import {DebugPluginRequest, apiDebugPlugin} from "@/pages/plugins/utils"
 import {YakExecutorParam} from "@/pages/invoker/YakExecutorParams"
 import useHoldGRPCStream from "@/hook/useHoldGRPCStream/useHoldGRPCStream"
 import {PerformanceSamplingLog, usePerformanceSampling} from "@/store/performanceSampling"
-import {YakitRiskDetails} from "@/pages/risks/YakitRiskTable/YakitRiskTable"
+import {isShowCodeScanDetail, YakitCodeScanRiskDetails, YakitRiskDetails} from "@/pages/risks/YakitRiskTable/YakitRiskTable"
 import {SolidPlayIcon} from "@/assets/icon/solid"
 import {ExecuteEnterNodeByPluginParams} from "@/pages/plugins/operator/localPluginExecuteDetailHeard/LocalPluginExecuteDetailHeard"
 import {YakParamProps} from "@/pages/plugins/pluginsType"
@@ -2109,7 +2109,9 @@ const UIOpRisk: React.FC<UIOpRiskProp> = React.memo((props) => {
                     title: "详情",
                     content: (
                         <div style={{overflow: "auto",maxHeight:'70vh'}}>
-                            <YakitRiskDetails info={res} />
+                            {
+                                isShowCodeScanDetail(res)?<YakitCodeScanRiskDetails info={res}/>:<YakitRiskDetails info={res} />
+                            }
                         </div>
                     )
                 })

diff --git a/app/renderer/src/main/src/components/layout/UILayout.tsx b/app/renderer/src/main/src/components/layout/UILayout.tsx
@@ -77,7 +77,7 @@ import {OutlineExitIcon, OutlineRefreshIcon} from "@/assets/icon/outline"
 import {CopyComponents} from "../yakitUI/YakitTag/YakitTag"
 import {Tooltip} from "antd"
 import {openABSFileLocated} from "@/utils/openWebsite"
-import {clearTerminalMap, getMapAllTerminalKey} from "@/pages/YakRunner/BottomEditorDetails/TerminalBox/TerminalMap"
+import {clearTerminalMap, getMapAllTerminalKey} from "@/pages/yakRunner/BottomEditorDetails/TerminalBox/TerminalMap"
 import {grpcFetchLatestYakVersion, grpcFetchYakInstallResult} from "@/apiUtils/grpc"
 import {NetWorkApi} from "@/services/fetch"
 import {API} from "@/services/swagger/resposeType"

diff --git a/app/renderer/src/main/src/components/yakitUI/YakitEditor/YakitEditorType.ts b/app/renderer/src/main/src/components/yakitUI/YakitEditor/YakitEditorType.ts
@@ -3,7 +3,7 @@ import * as monacoEditor from "monaco-editor/esm/vs/editor/editor.api"
 import { EditorMenuItemType } from "./EditorMenu"
 import { EditorDetailInfoProps } from "@/pages/fuzzer/HTTPFuzzerEditorMenu"
 import { HighLightText } from "@/components/HTTPFlowDetail"
-import { Selection } from "@/pages/YakRunner/RunnerTabs/RunnerTabsType";
+import { Selection } from "@/pages/yakRunner/RunnerTabs/RunnerTabsType";
 
 /** monaco-editor 相关接口 */
 export type YakitSelection = monacoEditor.Selection

diff --git a/app/renderer/src/main/src/components/yakitUI/YakitTextArea/YakitTextArea.tsx b/app/renderer/src/main/src/components/yakitUI/YakitTextArea/YakitTextArea.tsx
@@ -139,6 +139,8 @@ export interface YakitTextAreaProps extends TextAreaProps {
     submitTxt?: string
     rows?: number
     isAlwaysShow?: boolean
+    // 是否不允许提交
+    noSubmit?: boolean
 }
 export const YakitTextArea: React.FC<YakitTextAreaProps> = (props) => {
     const {
@@ -156,6 +158,7 @@ export const YakitTextArea: React.FC<YakitTextAreaProps> = (props) => {
         submitTxt = "发布评论",
         rows = 4,
         isAlwaysShow,
+        noSubmit = false,
         ...resProps
     } = props
     const [filesLoading, setFilesLoading] = useState<boolean>(false)
@@ -365,6 +368,7 @@ export const YakitTextArea: React.FC<YakitTextAreaProps> = (props) => {
                                                 onClick={() => {
                                                     onSubmit && onSubmit()
                                                 }}
+                                                disabled={noSubmit}
                                             >
                                                 {submitTxt || "确认"}
                                             </YakitButton>

diff --git a/app/renderer/src/main/src/defaultConstants/CodeScan.ts b/app/renderer/src/main/src/defaultConstants/CodeScan.ts
@@ -0,0 +1,4 @@
+import {CodeScanPageInfoProps} from "@/store/pageInfo"
+
+export const defaultCodeScanPageInfo: CodeScanPageInfoProps = {
+}
diff --git a/app/renderer/src/main/src/enums/yakitRoute.ts b/app/renderer/src/main/src/enums/yakitRoute.ts
@@ -81,5 +81,9 @@ export enum YakitRoute {
     // 数据统计
     Data_Statistics = "data_statistics",
     /**空间引擎 */
-    Space_Engine = "space-engine"
+    Space_Engine = "space-engine",
+    // YakRunner代码扫描
+    YakRunner_Code_Scan = "yakrunner-code-scan",
+    // YakRunner代码审计
+    YakRunner_Audit_Code = "yakrunner-audit-code"
 }