├── .github └── workflows │ └── build.yml ├── .gitignore ├── Makefile ├── README.md ├── cmd └── main.go ├── go.mod ├── go.sum ├── images ├── image-20221213143603327.png ├── image-20221213212521373.png └── image-20221215162315622.png ├── pkg ├── db │ ├── blacklist.go │ ├── db.go │ ├── project.go │ ├── record.go │ └── vul.go ├── logging │ ├── formatter.go │ └── logger.go ├── runner │ ├── clnoe.go │ ├── codeql.go │ ├── config.go │ ├── cyclic.go │ ├── default.go │ ├── github.go │ ├── newRules.go │ ├── options.go │ ├── retry.go │ └── runner.go ├── utils │ ├── file.go │ ├── paginator.go │ ├── request.go │ └── util.go └── web │ ├── data.go │ ├── router.go │ ├── static │ ├── jquery.json-viewer.css │ ├── jquery.json-viewer.js │ └── record.css │ └── templates │ ├── about.tmpl │ ├── footer.tmpl │ ├── index.tmpl │ ├── record.tmpl │ ├── search.tmpl │ ├── vulHandled.tmpl │ └── vulUnHandled.tmpl └── test ├── codeql_test.go ├── db_test.go ├── file_test.go └── github_test.go /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | name: 🎉 Build Binary 2 | on: 3 | create: 4 | tags: 5 | - v* 6 | workflow_dispatch: 7 | jobs: 8 | 9 | build: 10 | name: Build 11 | runs-on: ${{ matrix.os }} 12 | strategy: 13 | matrix: 14 | os: 15 | - ubuntu-latest 16 | - macos-latest 17 | - windows-latest 18 | steps: 19 | - name: Set up Go 1.19 20 | uses: actions/setup-go@v2 21 | with: 22 | go-version: 1.19 23 | id: go 24 | 25 | - name: Check out code into the Go module directory 26 | uses: actions/checkout@v2 27 | 28 | - name: Get dependencies 29 | run: go mod download 30 | 31 | - name: Build On Linux 32 | run: | 33 | go build -ldflags "-s -w" -o Yi-Linux-x64 cmd/main.go 34 | chmod +x Yi-Linux-x64 35 | if: matrix.os == 'ubuntu-latest' 36 | - name: Build On Darwin 37 | run: | 38 | go build -ldflags "-s -w" -o Yi-Darwin-x64 cmd/main.go 39 | chmod +x Yi-Darwin-x64 40 | if: matrix.os == 'macos-latest' 41 | - name: Build On Windows 42 | run: | 43 | go build -ldflags "-s -w" -o Yi-Windows-x64.exe cmd/main.go 44 | if: matrix.os == 'windows-latest' 45 | env: 46 | GOOS: windows 47 | GOENABLE: 1 48 | - name: Release 49 | uses: softprops/action-gh-release@master 50 | with: 51 | files: Yi-* 52 | env: 53 | GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.db 3 | .idea 4 | data 5 | logs 6 | test 7 | .DS_Store 8 | # Test binary, built with `go test -c` 9 | *.test 10 | 11 | # Output of the go coverage tool, specifically when used with LiteIDE 12 | *.out 13 | 1.txt -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | DIR=data 2 | $(shell mkdir -p ${DIR}) 3 | 4 | # Go build flags 5 | LDFLAGS=-ldflags "-s -w" 6 | 7 | default: 8 | go build ${LDFLAGS} -o ${DIR}/Yi cmd/main.go 9 | 10 | # Compile Server - Windows x64 11 | windows: 12 | export GOOS=windows;export GOARCH=amd64;go build ${LDFLAGS} -o ${DIR}/Yi.exe cmd/main.go 13 | 14 | # Compile Server - Linux x64 15 | linux: 16 | export GOOS=linux;export GOARCH=amd64;go build ${LDFLAGS} -o ${DIR}/Yi-linux cmd/main.go 17 | 18 | # Compile Server - Darwin x64 19 | darwin: 20 | export GOOS=darwin;export GOARCH=amd64;go build ${LDFLAGS} -o ${DIR}/Yi-darwin cmd/main.go 21 | 22 | # clean 23 | clean: 24 | rm -rf ${DIR} -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 弈 2 | 以有算无 3 | 4 | > [lgtm](https://lgtm.com/) 要关闭了,就搞了一个自己的监控工具。也方便自己编写好规则后,自动化批量扫描, 高效捡洞。 5 | 6 | 每天检查 github 项目是否更新,自动获取/生成数据库查询,自动运行 CodeQL 规则查询,高效捡洞. 7 | 8 | 默认 web 页面开放在8888端口, 用户名,密码如果没有指定,用户名默认为 yhy, 密码为随机的,会输出到控制台 9 | 10 | 注:因为使用了 go-sqlite3,每个平台需要单独编译 11 | 12 | ```go 13 | ./Yi -token githubToken -pwd 密码 -f 1.txt -user 用户名 -path /Users/yhy/CodeQL/codeql 14 | ``` 15 | 16 | 考虑到监控的项目有点多,所以需要 github token,防止访问被限制. 17 | 18 | **-path** 必须要指定,指 codeql 各种语言规则库的顶级目录 19 | 20 | ![image-20221213212521373](images/image-20221213212521373.png) 21 | 22 | 其它参数 23 | 24 | ```go 25 | -p 代理 26 | -t 运行时监控一个项目 27 | -f 运行后要监控的项目, 每行一个github项目地址 url 28 | -port web 访问端口,默认 8888 端口 29 | -thread 扫描协程数,默认 5 个 30 | 31 | -t -f 指定一个即可,或者都不使用,通过 Web 界面的新增按钮,慢慢添加 32 | ``` 33 | 34 | 运行后,会自动在当前目录下生成相关文件夹(下载、生成的数据库,clone的仓库)和 ql 规则配置文件。 35 | 36 | 37 | 注: 运行该程序的机器上要安装好 **Codeql**(加入环境变量)、**Git**、**Docker**、**Go** 38 | 39 | **Java**、**Maven**、**Gradle**(如果要监控 Java 项目的话,不然会导致数据库生成失败) 40 | 41 | 如果你需要其他语言,修改代码后,最好也安装好语言对应的编译工具。 emmmm 有没有各种语言都安装好的 docker 42 | 43 | 还有就是最好使用 `root` 执行, 监控项目中使用 `makefile` 时,可能会有一些工具,机器上没有,导致数据库失败,比如: 44 | 45 | ```go 46 | [2022-12-14 16:34:26] [build-stdout] INFO: yq was not found, installing it 47 | [2022-12-14 16:34:30] [build-stderr] make: go: 权限不够 48 | [2022-12-14 16:34:30] [build-stderr] make: go: 权限不够 49 | ``` 50 | 51 | # 安全隐患 52 | `codeql` 生成数据库时,会执行项目下的类似`makefile`的构建流程,这里存在安全隐患。 53 | 54 | 所以一定要对 **可信** **可信** **可信** 的项目进行监控,**别被弹了 shell**。 55 | 56 | **造成的一切损失与本项目及其作者无关** 57 | 58 | **造成的一切损失与本项目及其作者无关** 59 | 60 | **造成的一切损失与本项目及其作者无关** 61 | 62 | # 功能 63 | 64 | ![image-20221213143603327](images/image-20221213143603327.png) 65 | 66 | ![image-20221215162315622](images/image-20221215162315622.png) 67 | 68 | - [x] 每天监控项目是否是否更新,更新则获取/生成数据库,进行 Codeql 扫描 69 | - [x] 监控配置文件更新,新增 ql 规则从数据库中获取进行扫描 70 | - [x] 黑名单,有的规则会误报,看的时候将该扫描结果拉黑,以后再次扫描时该结果就不会在界面显示 71 | 72 | 73 | # TODO 74 | 75 | - [ ] 现在只是适配 Go,Java 语言,后期尽量适配主流语言,也可以修改项目中存在"Go","Java"的地方自己添加其他语言 76 | - [ ] codeql 创建数据库时 指定 --[no-]db-cluster 会自动创建所有语言的数据库, 如果不指定--language ,需要指定 github token 来 自动分析 --github-auth-stdin 77 | - [ ] 生成数据库可以下载 78 | - [ ] Docker 封装好各种语言及其编译工具 79 | - [ ] 读取本地 codeql 数据库,方便一些闭源或者私有项目 80 | 81 | # 已知问题 82 | 83 | - [x] http 请求时,时不时的出现 `EOF` 解决方案:限制 github 访问速率 84 | 85 | 86 | # 🌟 Star 87 | 88 | [![Stargazers over time](https://starchart.cc/ZhuriLab/Yi.svg)](https://starchart.cc/ZhuriLab/Yi) 89 | 90 | # 📄 免责声明 91 | 92 | 本工具仅面向合法授权的企业安全建设行为,在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。 93 | 94 | 如您在使用本工具的过程中存在任何非法行为或造成的一切损失,您需**自行承担相应后果, 本项目及其作者将不承担任何法律及连带责任**。 95 | 96 | 在使用本工具前,请您务必审慎阅读、充分理解各条款内容,限制、免责条款或者其他涉及您重大权益的条款可能会以加粗、加下划线等形式提示您重点注意。 除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。 -------------------------------------------------------------------------------- /cmd/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "Yi/pkg/runner" 5 | "Yi/pkg/web" 6 | ) 7 | 8 | /** 9 | @author: yhy 10 | @since: 2022/10/13 11 | @desc: //TODO 12 | **/ 13 | 14 | func main() { 15 | runner.ParseArguments() 16 | go runner.Cyclic() 17 | go runner.Run() 18 | go runner.Retry() 19 | 20 | web.Init() 21 | } 22 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module Yi 2 | 3 | go 1.19 4 | 5 | require ( 6 | github.com/corpix/uarand v0.2.0 7 | github.com/dustin/go-humanize v1.0.1 8 | github.com/fsnotify/fsnotify v1.6.0 9 | github.com/gin-contrib/pprof v1.4.0 10 | github.com/gin-gonic/gin v1.9.0 11 | github.com/json-iterator/go v1.1.12 12 | github.com/lestrrat-go/file-rotatelogs v2.4.0+incompatible 13 | github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d 14 | github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5 15 | github.com/sirupsen/logrus v1.9.0 16 | github.com/spf13/viper v1.15.0 17 | github.com/thoas/go-funk v0.9.3 18 | go.uber.org/ratelimit v0.2.0 19 | golang.org/x/crypto v0.8.0 20 | gorm.io/datatypes v1.2.0 21 | gorm.io/driver/sqlite v1.5.0 22 | gorm.io/gorm v1.25.0 23 | ) 24 | 25 | require ( 26 | github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 // indirect 27 | github.com/bytedance/sonic v1.8.7 // indirect 28 | github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect 29 | github.com/gin-contrib/sse v0.1.0 // indirect 30 | github.com/go-playground/locales v0.14.1 // indirect 31 | github.com/go-playground/universal-translator v0.18.1 // indirect 32 | github.com/go-playground/validator/v10 v10.12.0 // indirect 33 | github.com/go-sql-driver/mysql v1.7.0 // indirect 34 | github.com/goccy/go-json v0.10.2 // indirect 35 | github.com/hashicorp/hcl v1.0.0 // indirect 36 | github.com/jinzhu/inflection v1.0.0 // indirect 37 | github.com/jinzhu/now v1.1.5 // indirect 38 | github.com/jonboulle/clockwork v0.3.0 // indirect 39 | github.com/klauspost/cpuid/v2 v2.2.4 // indirect 40 | github.com/leodido/go-urn v1.2.3 // indirect 41 | github.com/lestrrat-go/strftime v1.0.6 // indirect 42 | github.com/magiconair/properties v1.8.7 // indirect 43 | github.com/mattn/go-colorable v0.1.13 // indirect 44 | github.com/mattn/go-isatty v0.0.18 // indirect 45 | github.com/mattn/go-sqlite3 v1.14.16 // indirect 46 | github.com/mitchellh/mapstructure v1.5.0 // indirect 47 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect 48 | github.com/modern-go/reflect2 v1.0.2 // indirect 49 | github.com/pelletier/go-toml/v2 v2.0.7 // indirect 50 | github.com/pkg/errors v0.9.1 // indirect 51 | github.com/spf13/afero v1.9.5 // indirect 52 | github.com/spf13/cast v1.5.0 // indirect 53 | github.com/spf13/jwalterweatherman v1.1.0 // indirect 54 | github.com/spf13/pflag v1.0.5 // indirect 55 | github.com/subosito/gotenv v1.4.2 // indirect 56 | github.com/twitchyliquid64/golang-asm v0.15.1 // indirect 57 | github.com/ugorji/go/codec v1.2.11 // indirect 58 | golang.org/x/arch v0.3.0 // indirect 59 | golang.org/x/net v0.9.0 // indirect 60 | golang.org/x/sys v0.7.0 // indirect 61 | golang.org/x/term v0.7.0 // indirect 62 | golang.org/x/text v0.9.0 // indirect 63 | google.golang.org/protobuf v1.30.0 // indirect 64 | gopkg.in/ini.v1 v1.67.0 // indirect 65 | gopkg.in/yaml.v3 v3.0.1 // indirect 66 | gorm.io/driver/mysql v1.5.0 // indirect 67 | ) 68 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= 2 | cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= 3 | cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= 4 | cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= 5 | cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= 6 | cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= 7 | cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= 8 | cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= 9 | cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= 10 | cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= 11 | cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= 12 | cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= 13 | cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= 14 | cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= 15 | cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= 16 | cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= 17 | cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= 18 | cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= 19 | cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= 20 | cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= 21 | cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= 22 | cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= 23 | cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= 24 | cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= 25 | cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= 26 | cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= 27 | cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= 28 | cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= 29 | cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= 30 | cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= 31 | cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= 32 | cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= 33 | cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= 34 | cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= 35 | cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= 36 | cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= 37 | cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= 38 | dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= 39 | github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= 40 | github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= 41 | github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129 h1:MzBOUgng9orim59UnfUTLRjMpd09C5uEVQ6RPGeCaVI= 42 | github.com/andres-erbsen/clock v0.0.0-20160526145045-9e14626cd129/go.mod h1:rFgpPQZYZ8vdbc+48xibu8ALc3yeyd64IhHS+PU6Yyg= 43 | github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM= 44 | github.com/bytedance/sonic v1.8.7 h1:d3sry5vGgVq/OpgozRUNP6xBsSo0mtNdwliApw+SAMQ= 45 | github.com/bytedance/sonic v1.8.7/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U= 46 | github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= 47 | github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY= 48 | github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams= 49 | github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk= 50 | github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= 51 | github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= 52 | github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= 53 | github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= 54 | github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= 55 | github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= 56 | github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= 57 | github.com/corpix/uarand v0.2.0 h1:U98xXwud/AVuCpkpgfPF7J5TQgr7R5tqT8VZP5KWbzE= 58 | github.com/corpix/uarand v0.2.0/go.mod h1:/3Z1QIqWkDIhf6XWn/08/uMHoQ8JUoTIKc2iPchBOmM= 59 | github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= 60 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 61 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 62 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 63 | github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= 64 | github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= 65 | github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= 66 | github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= 67 | github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= 68 | github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= 69 | github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= 70 | github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= 71 | github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= 72 | github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= 73 | github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= 74 | github.com/gin-contrib/pprof v1.4.0 h1:XxiBSf5jWZ5i16lNOPbMTVdgHBdhfGRD5PZ1LWazzvg= 75 | github.com/gin-contrib/pprof v1.4.0/go.mod h1:RrehPJasUVBPK6yTUwOl8/NP6i0vbUgmxtis+Z5KE90= 76 | github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= 77 | github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= 78 | github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk= 79 | github.com/gin-gonic/gin v1.9.0 h1:OjyFBKICoexlu99ctXNR2gg+c5pKrKMuyjgARg9qeY8= 80 | github.com/gin-gonic/gin v1.9.0/go.mod h1:W1Me9+hsUSyj3CePGrd1/QrKJMSJ1Tu/0hFEH89961k= 81 | github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= 82 | github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= 83 | github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= 84 | github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= 85 | github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= 86 | github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs= 87 | github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= 88 | github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= 89 | github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA= 90 | github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= 91 | github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= 92 | github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos= 93 | github.com/go-playground/validator/v10 v10.12.0 h1:E4gtWgxWxp8YSxExrQFv5BpCahla0PVF2oTTEYaWQGI= 94 | github.com/go-playground/validator/v10 v10.12.0/go.mod h1:hCAPuzYvKdP33pxWa+2+6AIKXEKqjIUyqsNCtbsSJrA= 95 | github.com/go-sql-driver/mysql v1.7.0 h1:ueSltNNllEqE3qcWBTD0iQd3IpL/6U+mJxLkazJ7YPc= 96 | github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= 97 | github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= 98 | github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= 99 | github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= 100 | github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0ktxqI+Sida1w446QrXBRJ0nee3SNZlA= 101 | github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A= 102 | github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= 103 | github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 104 | github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 105 | github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= 106 | github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= 107 | github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= 108 | github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= 109 | github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= 110 | github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= 111 | github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= 112 | github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= 113 | github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 114 | github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 115 | github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= 116 | github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= 117 | github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= 118 | github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= 119 | github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= 120 | github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= 121 | github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= 122 | github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= 123 | github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= 124 | github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= 125 | github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= 126 | github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= 127 | github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= 128 | github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= 129 | github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= 130 | github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= 131 | github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= 132 | github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= 133 | github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 134 | github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 135 | github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 136 | github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 137 | github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 138 | github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 139 | github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= 140 | github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= 141 | github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= 142 | github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= 143 | github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= 144 | github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= 145 | github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= 146 | github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= 147 | github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 148 | github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 149 | github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 150 | github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 151 | github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= 152 | github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= 153 | github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= 154 | github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= 155 | github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= 156 | github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 157 | github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= 158 | github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= 159 | github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= 160 | github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= 161 | github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= 162 | github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= 163 | github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= 164 | github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= 165 | github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= 166 | github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= 167 | github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk= 168 | github.com/jackc/pgx/v5 v5.3.0 h1:/NQi8KHMpKWHInxXesC8yD4DhkXPrVhmnwYkjp9AmBA= 169 | github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E= 170 | github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc= 171 | github.com/jinzhu/now v1.1.5 h1:/o9tlHleP7gOFmsnYNz3RGnqzefHA47wQpKrrdTIwXQ= 172 | github.com/jinzhu/now v1.1.5/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8= 173 | github.com/jonboulle/clockwork v0.3.0 h1:9BSCMi8C+0qdApAp4auwX0RkLGUjs956h0EkuQymUhg= 174 | github.com/jonboulle/clockwork v0.3.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= 175 | github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= 176 | github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= 177 | github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= 178 | github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= 179 | github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= 180 | github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= 181 | github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk= 182 | github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= 183 | github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= 184 | github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= 185 | github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= 186 | github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= 187 | github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= 188 | github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= 189 | github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= 190 | github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= 191 | github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= 192 | github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= 193 | github.com/leodido/go-urn v1.2.3 h1:6BE2vPT0lqoz3fmOesHZiaiFh7889ssCo2GMvLCfiuA= 194 | github.com/leodido/go-urn v1.2.3/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4= 195 | github.com/lestrrat-go/envload v0.0.0-20180220234015-a3eb8ddeffcc h1:RKf14vYWi2ttpEmkA4aQ3j4u9dStX2t4M8UM6qqNsG8= 196 | github.com/lestrrat-go/envload v0.0.0-20180220234015-a3eb8ddeffcc/go.mod h1:kopuH9ugFRkIXf3YoqHKyrJ9YfUFsckUU9S7B+XP+is= 197 | github.com/lestrrat-go/file-rotatelogs v2.4.0+incompatible h1:Y6sqxHMyB1D2YSzWkLibYKgg+SwmyFU9dF2hn6MdTj4= 198 | github.com/lestrrat-go/file-rotatelogs v2.4.0+incompatible/go.mod h1:ZQnN8lSECaebrkQytbHj4xNgtg8CR7RYXnPok8e0EHA= 199 | github.com/lestrrat-go/strftime v1.0.6 h1:CFGsDEt1pOpFNU+TJB0nhz9jl+K0hZSLE205AhTIGQQ= 200 | github.com/lestrrat-go/strftime v1.0.6/go.mod h1:f7jQKgV5nnJpYgdEasS+/y7EsTb8ykN2z68n3TtcTaw= 201 | github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= 202 | github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= 203 | github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= 204 | github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= 205 | github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= 206 | github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= 207 | github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98= 208 | github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= 209 | github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= 210 | github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y= 211 | github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg= 212 | github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI= 213 | github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= 214 | github.com/microsoft/go-mssqldb v0.17.0 h1:Fto83dMZPnYv1Zwx5vHHxpNraeEaUlQ/hhHLgZiaenE= 215 | github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= 216 | github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= 217 | github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 218 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= 219 | github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= 220 | github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= 221 | github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= 222 | github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo= 223 | github.com/pelletier/go-toml/v2 v2.0.7 h1:muncTPStnKRos5dpVKULv2FVd4bMOhNePj9CjgDb8Us= 224 | github.com/pelletier/go-toml/v2 v2.0.7/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek= 225 | github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= 226 | github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= 227 | github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= 228 | github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= 229 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 230 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 231 | github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= 232 | github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5 h1:mZHayPoR0lNmnHyvtYjDeq0zlVHn9K/ZXoy17ylucdo= 233 | github.com/rifflock/lfshook v0.0.0-20180920164130-b9218ef580f5/go.mod h1:GEXHk5HgEKCvEIIrSpFI3ozzG5xOKA2DVlEX/gGnewM= 234 | github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= 235 | github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= 236 | github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= 237 | github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= 238 | github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= 239 | github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= 240 | github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM= 241 | github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= 242 | github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= 243 | github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= 244 | github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk= 245 | github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo= 246 | github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= 247 | github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= 248 | github.com/spf13/viper v1.15.0 h1:js3yy885G8xwJa6iOISGFwd+qlUo5AvyXb7CiihdtiU= 249 | github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jHOQLA= 250 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 251 | github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= 252 | github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= 253 | github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= 254 | github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= 255 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= 256 | github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= 257 | github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 258 | github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 259 | github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 260 | github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= 261 | github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= 262 | github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= 263 | github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= 264 | github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= 265 | github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= 266 | github.com/thoas/go-funk v0.9.3 h1:7+nAEx3kn5ZJcnDm2Bh23N2yOtweO14bi//dvRtgLpw= 267 | github.com/thoas/go-funk v0.9.3/go.mod h1:+IWnUfUmFO1+WVYQWQtIJHeRRdaIyyYglZN7xzUPe4Q= 268 | github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI= 269 | github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= 270 | github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M= 271 | github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY= 272 | github.com/ugorji/go/codec v1.2.11 h1:BMaWp1Bb6fHwEtbplGBGJ498wD+LKlNSl25MjdZY4dU= 273 | github.com/ugorji/go/codec v1.2.11/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= 274 | github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 275 | github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 276 | github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 277 | github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= 278 | go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= 279 | go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= 280 | go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= 281 | go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= 282 | go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= 283 | go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= 284 | go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= 285 | go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= 286 | go.uber.org/ratelimit v0.2.0 h1:UQE2Bgi7p2B85uP5dC2bbRtig0C+OeNRnNEafLjsLPA= 287 | go.uber.org/ratelimit v0.2.0/go.mod h1:YYBV4e4naJvhpitQrWJu1vCpgB7CboMe0qhltKt6mUg= 288 | golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= 289 | golang.org/x/arch v0.3.0 h1:02VY4/ZcO/gBOH6PUaoiptASxtXU10jazRCP865E97k= 290 | golang.org/x/arch v0.3.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= 291 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 292 | golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 293 | golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 294 | golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= 295 | golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= 296 | golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= 297 | golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= 298 | golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= 299 | golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ= 300 | golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= 301 | golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= 302 | golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= 303 | golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= 304 | golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= 305 | golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= 306 | golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= 307 | golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= 308 | golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= 309 | golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= 310 | golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= 311 | golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= 312 | golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= 313 | golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= 314 | golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= 315 | golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= 316 | golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 317 | golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 318 | golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 319 | golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= 320 | golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= 321 | golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= 322 | golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= 323 | golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= 324 | golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= 325 | golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= 326 | golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= 327 | golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= 328 | golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= 329 | golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= 330 | golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 331 | golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 332 | golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 333 | golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= 334 | golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 335 | golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 336 | golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 337 | golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= 338 | golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 339 | golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 340 | golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 341 | golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= 342 | golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= 343 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 344 | golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 345 | golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 346 | golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 347 | golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 348 | golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 349 | golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 350 | golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 351 | golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 352 | golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 353 | golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 354 | golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 355 | golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 356 | golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= 357 | golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= 358 | golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= 359 | golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= 360 | golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= 361 | golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= 362 | golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= 363 | golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= 364 | golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= 365 | golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= 366 | golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= 367 | golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= 368 | golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= 369 | golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 370 | golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 371 | golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 372 | golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= 373 | golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= 374 | golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= 375 | golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= 376 | golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= 377 | golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 378 | golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 379 | golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 380 | golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 381 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 382 | golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 383 | golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 384 | golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 385 | golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 386 | golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 387 | golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 388 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 389 | golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 390 | golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 391 | golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 392 | golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 393 | golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 394 | golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 395 | golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 396 | golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 397 | golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 398 | golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 399 | golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 400 | golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 401 | golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 402 | golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 403 | golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 404 | golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 405 | golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 406 | golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 407 | golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 408 | golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 409 | golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 410 | golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 411 | golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 412 | golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 413 | golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 414 | golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 415 | golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 416 | golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 417 | golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 418 | golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 419 | golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 420 | golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 421 | golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 422 | golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 423 | golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 424 | golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 425 | golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 426 | golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 427 | golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 428 | golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 429 | golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= 430 | golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 431 | golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 432 | golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ= 433 | golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= 434 | golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 435 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 436 | golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 437 | golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= 438 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 439 | golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 440 | golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 441 | golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= 442 | golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= 443 | golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= 444 | golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 445 | golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 446 | golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= 447 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 448 | golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 449 | golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= 450 | golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 451 | golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 452 | golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= 453 | golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 454 | golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 455 | golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= 456 | golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 457 | golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 458 | golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= 459 | golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 460 | golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 461 | golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 462 | golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 463 | golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 464 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 465 | golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 466 | golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 467 | golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 468 | golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 469 | golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 470 | golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 471 | golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 472 | golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 473 | golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 474 | golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 475 | golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 476 | golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= 477 | golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= 478 | golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= 479 | golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= 480 | golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 481 | golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 482 | golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 483 | golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= 484 | golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= 485 | golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= 486 | golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= 487 | golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= 488 | golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 489 | golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 490 | golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 491 | golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 492 | golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= 493 | golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= 494 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 495 | golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 496 | golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 497 | golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 498 | google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= 499 | google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= 500 | google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= 501 | google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= 502 | google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= 503 | google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= 504 | google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= 505 | google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 506 | google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 507 | google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 508 | google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 509 | google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= 510 | google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= 511 | google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= 512 | google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= 513 | google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= 514 | google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= 515 | google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= 516 | google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= 517 | google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= 518 | google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= 519 | google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= 520 | google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= 521 | google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= 522 | google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= 523 | google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= 524 | google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= 525 | google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 526 | google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 527 | google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 528 | google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= 529 | google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= 530 | google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= 531 | google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= 532 | google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 533 | google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 534 | google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 535 | google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 536 | google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 537 | google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= 538 | google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= 539 | google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 540 | google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 541 | google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 542 | google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 543 | google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 544 | google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 545 | google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 546 | google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= 547 | google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= 548 | google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= 549 | google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= 550 | google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 551 | google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 552 | google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 553 | google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 554 | google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 555 | google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 556 | google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 557 | google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 558 | google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 559 | google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= 560 | google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= 561 | google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= 562 | google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= 563 | google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= 564 | google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= 565 | google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= 566 | google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= 567 | google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= 568 | google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= 569 | google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= 570 | google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= 571 | google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= 572 | google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= 573 | google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= 574 | google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= 575 | google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= 576 | google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= 577 | google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= 578 | google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= 579 | google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= 580 | google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= 581 | google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 582 | google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 583 | google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= 584 | google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= 585 | google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= 586 | google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= 587 | google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= 588 | google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= 589 | google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= 590 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 591 | gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 592 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= 593 | gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= 594 | gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= 595 | gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= 596 | gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= 597 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 598 | gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= 599 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 600 | gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 601 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= 602 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 603 | gorm.io/datatypes v1.2.0 h1:5YT+eokWdIxhJgWHdrb2zYUimyk0+TaFth+7a0ybzco= 604 | gorm.io/datatypes v1.2.0/go.mod h1:o1dh0ZvjIjhH/bngTpypG6lVRJ5chTBxE09FH/71k04= 605 | gorm.io/driver/mysql v1.5.0 h1:6hSAT5QcyIaty0jfnff0z0CLDjyRgZ8mlMHLqSt7uXM= 606 | gorm.io/driver/mysql v1.5.0/go.mod h1:FFla/fJuCvyTi7rJQd27qlNX2v3L6deTR1GgTjSOLPo= 607 | gorm.io/driver/postgres v1.5.0 h1:u2FXTy14l45qc3UeCJ7QaAXZmZfDDv0YrthvmRq1l0U= 608 | gorm.io/driver/sqlite v1.5.0 h1:zKYbzRCpBrT1bNijRnxLDJWPjVfImGEn0lSnUY5gZ+c= 609 | gorm.io/driver/sqlite v1.5.0/go.mod h1:kDMDfntV9u/vuMmz8APHtHF0b4nyBB7sfCieC6G8k8I= 610 | gorm.io/driver/sqlserver v1.4.1 h1:t4r4r6Jam5E6ejqP7N82qAJIJAht27EGT41HyPfXRw0= 611 | gorm.io/gorm v1.24.7-0.20230306060331-85eaf9eeda11/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k= 612 | gorm.io/gorm v1.25.0 h1:+KtYtb2roDz14EQe4bla8CbQlmb9dN3VejSai3lprfU= 613 | gorm.io/gorm v1.25.0/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k= 614 | honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 615 | honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 616 | honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 617 | honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= 618 | honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= 619 | honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= 620 | honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= 621 | rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= 622 | rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= 623 | rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= 624 | rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= 625 | -------------------------------------------------------------------------------- /images/image-20221213143603327.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ZhuriLab/Yi/817968bfd5c6fe836c6f4d55cc219e979c9c4d25/images/image-20221213143603327.png -------------------------------------------------------------------------------- /images/image-20221213212521373.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ZhuriLab/Yi/817968bfd5c6fe836c6f4d55cc219e979c9c4d25/images/image-20221213212521373.png -------------------------------------------------------------------------------- /images/image-20221215162315622.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ZhuriLab/Yi/817968bfd5c6fe836c6f4d55cc219e979c9c4d25/images/image-20221215162315622.png -------------------------------------------------------------------------------- /pkg/db/blacklist.go: -------------------------------------------------------------------------------- 1 | package db 2 | 3 | import ( 4 | "fmt" 5 | "gorm.io/gorm" 6 | ) 7 | 8 | /** 9 | @author: yhy 10 | @since: 2022/12/13 11 | @desc: //TODO 12 | **/ 13 | 14 | type Blacklist struct { 15 | gorm.Model 16 | Id int `gorm:"primary_key" json:"id"` 17 | Blacklist string `json:"blacklist"` 18 | } 19 | 20 | func AddBlacklist(blacklist Blacklist) { 21 | record := Record{ 22 | Color: "dark", 23 | Title: "黑名单新增", 24 | Msg: fmt.Sprintf("%s", blacklist.Blacklist), 25 | } 26 | 27 | AddRecord(record) 28 | 29 | GlobalDB.Create(&blacklist) 30 | } 31 | 32 | func ExistBlacklist(str string) bool { 33 | var blacklist Blacklist 34 | globalDBTmp := GlobalDB.Model(&Blacklist{}) 35 | globalDBTmp.Where("Blacklist = ? ", str).First(&blacklist) 36 | 37 | if blacklist.Id > 0 { 38 | return true 39 | } 40 | 41 | return false 42 | } 43 | -------------------------------------------------------------------------------- /pkg/db/db.go: -------------------------------------------------------------------------------- 1 | package db 2 | 3 | import ( 4 | "Yi/pkg/logging" 5 | "gorm.io/driver/sqlite" 6 | "gorm.io/gorm" 7 | dblogger "gorm.io/gorm/logger" 8 | ) 9 | 10 | /** 11 | @author: yhy 12 | @since: 2022/9/30 13 | @desc: //TODO 14 | **/ 15 | 16 | var GlobalDB *gorm.DB 17 | 18 | func init() { 19 | var err error 20 | GlobalDB, err = gorm.Open(sqlite.Open("CodeQLVul.db"), &gorm.Config{}) 21 | if err != nil { 22 | logging.Logger.Errorln("failed to connect database") 23 | } 24 | 25 | // Migrate the schema 26 | err = GlobalDB.AutoMigrate(&Vul{}, &Project{}, &Blacklist{}, &Record{}) 27 | if err != nil { 28 | logging.Logger.Errorf("db.Setup err: %v", err) 29 | } 30 | 31 | GlobalDB.Logger = dblogger.Default.LogMode(dblogger.Silent) 32 | } 33 | -------------------------------------------------------------------------------- /pkg/db/project.go: -------------------------------------------------------------------------------- 1 | package db 2 | 3 | import ( 4 | "fmt" 5 | "gorm.io/gorm" 6 | ) 7 | 8 | /** 9 | @author: yhy 10 | @since: 2022/12/7 11 | @desc: //TODO 12 | **/ 13 | 14 | type Project struct { 15 | gorm.Model 16 | Id int `gorm:"primary_key" json:"id"` 17 | Project string `json:"project"` 18 | Url string `json:"url"` 19 | Language string `json:"language"` 20 | Tag string `json:"tag"` 21 | DBPath string `json:"db_path"` 22 | Count int `json:"count"` 23 | PushedAt string `json:"pushed_at"` 24 | Vul int `json:"vul"` 25 | DefaultBranch string `json:"default_branch"` 26 | LastScanTime string 27 | ProgressBar string `json:"progress_bar"` 28 | } 29 | 30 | func AddProject(project Project) (int, int) { 31 | GlobalDB.Create(&project) 32 | 33 | record := Record{ 34 | Project: project.Project, 35 | Url: project.Url, 36 | Color: "success", 37 | Title: project.Project, 38 | Msg: fmt.Sprintf("%s 添加成功", project.Url), 39 | } 40 | AddRecord(record) 41 | 42 | return project.Id, project.Count 43 | } 44 | 45 | // GetProjects 查看项目信息 46 | func GetProjects(pageNum int, pageSize int, maps interface{}) (count int64, projects []Project) { 47 | globalDBTmp := GlobalDB.Model(&Project{}) 48 | query := maps.(map[string]interface{}) 49 | 50 | if query["project"] != nil { 51 | globalDBTmp = globalDBTmp.Where("project LIKE ?", "%"+query["project"].(string)+"%") 52 | } 53 | 54 | if query["language"] != nil { 55 | globalDBTmp = globalDBTmp.Where("language LIKE ?", "%"+query["language"].(string)+"%") 56 | } 57 | 58 | globalDBTmp.Count(&count) 59 | if pageNum == 0 && pageSize == 0 { 60 | globalDBTmp.Find(&projects) 61 | 62 | } else { 63 | globalDBTmp.Offset(pageNum).Limit(pageSize).Order("vul desc,count desc").Find(&projects) 64 | } 65 | return 66 | } 67 | 68 | // UpdateProjectArg 更新字段 69 | func UpdateProjectArg(id int, arg string, count int) bool { 70 | globalDBTmp := GlobalDB.Model(&Project{}) 71 | globalDBTmp.Where("id = ?", id).Update(arg, count) 72 | return true 73 | } 74 | 75 | func DeleteProject(id string) { 76 | globalDBTmp := GlobalDB.Model(&Project{}) 77 | globalDBTmp.Where("id = ?", id).Unscoped().Delete(&Project{}) 78 | } 79 | 80 | // Exist 判断数据库中ip、端口是否存在 81 | func Exist(url string) (bool, Project) { 82 | var project Project 83 | globalDBTmp := GlobalDB.Model(&Project{}) 84 | globalDBTmp.Where("url = ? ", url).Limit(1).First(&project) 85 | 86 | if project.Id > 0 { 87 | return true, project 88 | } 89 | 90 | return false, project 91 | } 92 | 93 | func UpdateProject(id int, project Project) { 94 | globalDBTmp := GlobalDB.Model(&Project{}) 95 | globalDBTmp.Where("id = ?", id).Updates(project) 96 | } 97 | -------------------------------------------------------------------------------- /pkg/db/record.go: -------------------------------------------------------------------------------- 1 | package db 2 | 3 | import ( 4 | "gorm.io/gorm" 5 | "time" 6 | ) 7 | 8 | /** 9 | @author: yhy 10 | @since: 2023/1/13 11 | @desc: //TODO 12 | **/ 13 | 14 | var Msg int 15 | 16 | type Record struct { 17 | gorm.Model 18 | Id int `gorm:"primary_key" json:"id"` 19 | Project string `json:"project"` 20 | Url string `json:"url"` 21 | Color string `json:"color"` 22 | Title string `json:"title"` 23 | CurrentTime string `json:"current_time"` 24 | Msg string `json:"msg"` 25 | } 26 | 27 | func AddRecord(record Record) { 28 | record.CurrentTime = time.Now().Format("2006-01-02 15:04:05") 29 | 30 | GlobalDB.Create(&record) 31 | 32 | Msg++ 33 | } 34 | 35 | func GetRecord() (records []Record) { 36 | globalDBTmp := GlobalDB.Model(&Record{}) 37 | globalDBTmp.Order("id desc").Find(&records) 38 | return 39 | } 40 | -------------------------------------------------------------------------------- /pkg/db/vul.go: -------------------------------------------------------------------------------- 1 | package db 2 | 3 | import ( 4 | "fmt" 5 | "gorm.io/datatypes" 6 | "gorm.io/gorm" 7 | "time" 8 | ) 9 | 10 | /** 11 | @author: yhy 12 | @since: 2022/10/18 13 | @desc: //TODO 14 | **/ 15 | 16 | type Vul struct { 17 | gorm.Model 18 | Id int `gorm:"primary_key" json:"id"` 19 | Project string `json:"project"` 20 | RuleId string `json:"rule_id"` 21 | Url string `json:"url"` 22 | DefaultBranch string `json:"default_branch"` 23 | PushedAt string `json:"pushed_at"` 24 | Location datatypes.JSON 25 | //CodeFlows string `gorm:"type:text"` 26 | ResDir string `json:"res_dir"` 27 | Handled bool `json:"handled"` 28 | } 29 | 30 | func AddVul(vul Vul) { 31 | if ExistBlacklist(vul.Location.String()) { 32 | return 33 | } 34 | 35 | record := Record{ 36 | Project: vul.Project, 37 | Url: vul.Url, 38 | Color: "danger", 39 | Title: vul.Project + " 发现漏洞", 40 | Msg: fmt.Sprintf("漏洞类型: %s", vul.RuleId), 41 | } 42 | AddRecord(record) 43 | 44 | t, _ := time.Parse(time.RFC3339, vul.PushedAt) 45 | vul.PushedAt = t.Format("2006-01-02 15:04:05") 46 | 47 | GlobalDB.Create(&vul) 48 | } 49 | 50 | // GetVulsHandled 查看漏洞信息 51 | func GetVulsHandled(pageNum int, pageSize int, maps interface{}) (count int64, vuls []Vul) { 52 | globalDBTmp := GlobalDB.Model(&Vul{}) 53 | query := maps.(map[string]interface{}) 54 | 55 | if query["project"] != nil { 56 | globalDBTmp = globalDBTmp.Where("project LIKE ?", "%"+query["project"].(string)+"%") 57 | } 58 | 59 | if query["rule_id"] != nil { 60 | globalDBTmp = globalDBTmp.Where("rule_id LIKE ?", "%"+query["rule_id"].(string)+"%") 61 | } 62 | 63 | globalDBTmp.Where("handled = 1").Count(&count) 64 | 65 | globalDBTmp.Offset(pageNum).Limit(pageSize).Order("id asc").Find(&vuls) 66 | 67 | return 68 | } 69 | 70 | func GetVulsUnHandled(pageNum int, pageSize int, maps interface{}) (count int64, vuls []Vul) { 71 | globalDBTmp := GlobalDB.Model(&Vul{}) 72 | query := maps.(map[string]interface{}) 73 | 74 | if query["project"] != nil { 75 | globalDBTmp = globalDBTmp.Where("project LIKE ?", "%"+query["project"].(string)+"%") 76 | } 77 | 78 | if query["rule_id"] != nil { 79 | globalDBTmp = globalDBTmp.Where("rule_id LIKE ?", "%"+query["rule_id"].(string)+"%") 80 | } 81 | 82 | globalDBTmp.Where("handled = ?", false).Count(&count) 83 | 84 | globalDBTmp.Offset(pageNum).Limit(pageSize).Order("id asc").Find(&vuls) 85 | 86 | return 87 | } 88 | 89 | func VulTotal() (count int64) { 90 | globalDBTmp := GlobalDB.Model(&Vul{}) 91 | globalDBTmp.Count(&count) 92 | 93 | return 94 | } 95 | 96 | func DeleteVul(id string) { 97 | globalDBTmp := GlobalDB.Model(&Vul{}) 98 | globalDBTmp.Where("id = ?", id).Unscoped().Delete(&Vul{}) 99 | } 100 | 101 | // ExistVul 判断数据库中ip、端口是否存在 102 | func ExistVul(id string) (bool, Vul) { 103 | var vul Vul 104 | globalDBTmp := GlobalDB.Model(&Vul{}) 105 | globalDBTmp.Where("id = ?", id).Limit(1).First(&vul) 106 | 107 | if vul.Id > 0 { 108 | return true, vul 109 | } 110 | 111 | return false, vul 112 | } 113 | 114 | // UpdateHandled 更新字段 115 | func UpdateHandled(id string) { 116 | globalDBTmp := GlobalDB.Model(&Vul{}) 117 | globalDBTmp.Where("id = ?", id).Update("handled", true) 118 | } 119 | -------------------------------------------------------------------------------- /pkg/logging/formatter.go: -------------------------------------------------------------------------------- 1 | package logging 2 | 3 | import ( 4 | "bytes" 5 | "fmt" 6 | "io" 7 | "os" 8 | "regexp" 9 | "sort" 10 | "strings" 11 | "sync" 12 | "time" 13 | 14 | "github.com/mgutz/ansi" 15 | "github.com/sirupsen/logrus" 16 | "golang.org/x/crypto/ssh/terminal" 17 | ) 18 | 19 | // https://github.com/x-cray/logrus-prefixed-formatter/blob/master/formatter.go 20 | const defaultTimestampFormat = time.RFC3339 21 | 22 | var ( 23 | baseTimestamp time.Time = time.Now() 24 | defaultColorScheme *ColorScheme = &ColorScheme{ 25 | InfoLevelStyle: "green", 26 | WarnLevelStyle: "yellow", 27 | ErrorLevelStyle: "red", 28 | FatalLevelStyle: "red", 29 | PanicLevelStyle: "red", 30 | DebugLevelStyle: "blue", 31 | PrefixStyle: "cyan", 32 | TimestampStyle: "black+h", 33 | } 34 | noColorsColorScheme *compiledColorScheme = &compiledColorScheme{ 35 | InfoLevelColor: ansi.ColorFunc(""), 36 | WarnLevelColor: ansi.ColorFunc(""), 37 | ErrorLevelColor: ansi.ColorFunc(""), 38 | FatalLevelColor: ansi.ColorFunc(""), 39 | PanicLevelColor: ansi.ColorFunc(""), 40 | DebugLevelColor: ansi.ColorFunc(""), 41 | PrefixColor: ansi.ColorFunc(""), 42 | TimestampColor: ansi.ColorFunc(""), 43 | } 44 | defaultCompiledColorScheme *compiledColorScheme = compileColorScheme(defaultColorScheme) 45 | ) 46 | 47 | func miniTS() int { 48 | return int(time.Since(baseTimestamp) / time.Second) 49 | } 50 | 51 | type ColorScheme struct { 52 | InfoLevelStyle string 53 | WarnLevelStyle string 54 | ErrorLevelStyle string 55 | FatalLevelStyle string 56 | PanicLevelStyle string 57 | DebugLevelStyle string 58 | PrefixStyle string 59 | TimestampStyle string 60 | } 61 | 62 | type compiledColorScheme struct { 63 | InfoLevelColor func(string) string 64 | WarnLevelColor func(string) string 65 | ErrorLevelColor func(string) string 66 | FatalLevelColor func(string) string 67 | PanicLevelColor func(string) string 68 | DebugLevelColor func(string) string 69 | PrefixColor func(string) string 70 | TimestampColor func(string) string 71 | } 72 | 73 | type TextFormatter struct { 74 | // Set to true to bypass checking for a TTY before outputting colors. 75 | ForceColors bool 76 | 77 | // Force disabling colors. For a TTY colors are enabled by default. 78 | DisableColors bool 79 | 80 | // Force formatted layout, even for non-TTY output. 81 | ForceFormatting bool 82 | 83 | // Disable timestamp logging. useful when output is redirected to logging 84 | // system that already adds timestamps. 85 | DisableTimestamp bool 86 | 87 | // Disable the conversion of the log levels to uppercase 88 | DisableUppercase bool 89 | 90 | // Enable logging the full timestamp when a TTY is attached instead of just 91 | // the time passed since beginning of execution. 92 | FullTimestamp bool 93 | 94 | // Timestamp format to use for display when a full timestamp is printed. 95 | TimestampFormat string 96 | 97 | // The fields are sorted by default for a consistent output. For applications 98 | // that log extremely frequently and don't use the JSON formatter this may not 99 | // be desired. 100 | DisableSorting bool 101 | 102 | // Wrap empty fields in quotes if true. 103 | QuoteEmptyFields bool 104 | 105 | // Can be set to the override the default quoting character " 106 | // with something else. For example: ', or `. 107 | QuoteCharacter string 108 | 109 | // Pad msg field with spaces on the right for display. 110 | // The value for this parameter will be the size of padding. 111 | // Its default value is zero, which means no padding will be applied for msg. 112 | SpacePadding int 113 | 114 | // Color scheme to use. 115 | colorScheme *compiledColorScheme 116 | 117 | // Whether the logger's out is to a terminal. 118 | isTerminal bool 119 | 120 | ReportCaller bool 121 | 122 | sync.Once 123 | } 124 | 125 | func getCompiledColor(main string, fallback string) func(string) string { 126 | var style string 127 | if main != "" { 128 | style = main 129 | } else { 130 | style = fallback 131 | } 132 | return ansi.ColorFunc(style) 133 | } 134 | 135 | func compileColorScheme(s *ColorScheme) *compiledColorScheme { 136 | return &compiledColorScheme{ 137 | InfoLevelColor: getCompiledColor(s.InfoLevelStyle, defaultColorScheme.InfoLevelStyle), 138 | WarnLevelColor: getCompiledColor(s.WarnLevelStyle, defaultColorScheme.WarnLevelStyle), 139 | ErrorLevelColor: getCompiledColor(s.ErrorLevelStyle, defaultColorScheme.ErrorLevelStyle), 140 | FatalLevelColor: getCompiledColor(s.FatalLevelStyle, defaultColorScheme.FatalLevelStyle), 141 | PanicLevelColor: getCompiledColor(s.PanicLevelStyle, defaultColorScheme.PanicLevelStyle), 142 | DebugLevelColor: getCompiledColor(s.DebugLevelStyle, defaultColorScheme.DebugLevelStyle), 143 | PrefixColor: getCompiledColor(s.PrefixStyle, defaultColorScheme.PrefixStyle), 144 | TimestampColor: getCompiledColor(s.TimestampStyle, defaultColorScheme.TimestampStyle), 145 | } 146 | } 147 | 148 | func (f *TextFormatter) init(entry *logrus.Entry) { 149 | if len(f.QuoteCharacter) == 0 { 150 | f.QuoteCharacter = "\"" 151 | } 152 | if entry.Logger != nil { 153 | f.isTerminal = f.checkIfTerminal(entry.Logger.Out) 154 | } 155 | } 156 | 157 | func (f *TextFormatter) checkIfTerminal(w io.Writer) bool { 158 | switch v := w.(type) { 159 | case *os.File: 160 | return terminal.IsTerminal(int(v.Fd())) 161 | default: 162 | return false 163 | } 164 | } 165 | 166 | func (f *TextFormatter) SetColorScheme(colorScheme *ColorScheme) { 167 | f.colorScheme = compileColorScheme(colorScheme) 168 | } 169 | 170 | func (f *TextFormatter) Format(entry *logrus.Entry) ([]byte, error) { 171 | var b *bytes.Buffer 172 | var keys = make([]string, 0, len(entry.Data)) 173 | for k := range entry.Data { 174 | keys = append(keys, k) 175 | } 176 | lastKeyIdx := len(keys) - 1 177 | 178 | if !f.DisableSorting { 179 | sort.Strings(keys) 180 | } 181 | if entry.Buffer != nil { 182 | b = entry.Buffer 183 | } else { 184 | b = &bytes.Buffer{} 185 | } 186 | 187 | prefixFieldClashes(entry.Data) 188 | 189 | f.Do(func() { f.init(entry) }) 190 | 191 | isFormatted := f.ForceFormatting || f.isTerminal 192 | 193 | timestampFormat := f.TimestampFormat 194 | if timestampFormat == "" { 195 | timestampFormat = defaultTimestampFormat 196 | } 197 | if isFormatted { 198 | isColored := (f.ForceColors || f.isTerminal) && !f.DisableColors 199 | var colorScheme *compiledColorScheme 200 | if isColored { 201 | if f.colorScheme == nil { 202 | colorScheme = defaultCompiledColorScheme 203 | } else { 204 | colorScheme = f.colorScheme 205 | } 206 | } else { 207 | colorScheme = noColorsColorScheme 208 | } 209 | f.printColored(b, entry, keys, timestampFormat, colorScheme) 210 | } else { 211 | if !f.DisableTimestamp { 212 | f.appendKeyValue(b, "time", entry.Time.Format(timestampFormat), true) 213 | } 214 | f.appendKeyValue(b, "level", entry.Level.String(), true) 215 | if entry.Message != "" { 216 | f.appendKeyValue(b, "msg", entry.Message, lastKeyIdx >= 0) 217 | } 218 | for i, key := range keys { 219 | f.appendKeyValue(b, key, entry.Data[key], lastKeyIdx != i) 220 | } 221 | } 222 | 223 | b.WriteByte('\n') 224 | return b.Bytes(), nil 225 | } 226 | 227 | func (f *TextFormatter) printColored(b *bytes.Buffer, entry *logrus.Entry, keys []string, timestampFormat string, colorScheme *compiledColorScheme) { 228 | var levelColor func(string) string 229 | var levelText string 230 | switch entry.Level { 231 | case logrus.InfoLevel: 232 | levelColor = colorScheme.InfoLevelColor 233 | case logrus.WarnLevel: 234 | levelColor = colorScheme.WarnLevelColor 235 | case logrus.ErrorLevel: 236 | levelColor = colorScheme.ErrorLevelColor 237 | case logrus.FatalLevel: 238 | levelColor = colorScheme.FatalLevelColor 239 | case logrus.PanicLevel: 240 | levelColor = colorScheme.PanicLevelColor 241 | default: 242 | levelColor = colorScheme.DebugLevelColor 243 | } 244 | 245 | if entry.Level != logrus.WarnLevel { 246 | levelText = entry.Level.String() 247 | } else { 248 | levelText = "warn" 249 | } 250 | 251 | if !f.DisableUppercase { 252 | levelText = strings.ToUpper(levelText) 253 | } 254 | 255 | level := levelColor(fmt.Sprintf("%5s", levelText)) 256 | prefix := "" 257 | message := entry.Message 258 | 259 | fileVal := "" 260 | if f.ReportCaller { 261 | packageName := strings.Split(SplitLast(entry.Caller.Function, "/"), ".") 262 | fileName := SplitLast(entry.Caller.File, "/") 263 | fileVal = fmt.Sprintf("[%s:%s(%s):%d]", packageName[0], fileName, packageName[1], entry.Caller.Line) 264 | } 265 | 266 | if prefixValue, ok := entry.Data["prefix"]; ok { 267 | prefix = colorScheme.PrefixColor(" " + prefixValue.(string) + ":") 268 | } else { 269 | prefixValue, trimmedMsg := extractPrefix(entry.Message) 270 | if len(prefixValue) > 0 { 271 | prefix = colorScheme.PrefixColor(" " + prefixValue + ":") 272 | message = trimmedMsg 273 | } 274 | } 275 | 276 | messageFormat := "%s" 277 | if f.SpacePadding != 0 { 278 | messageFormat = fmt.Sprintf("%%-%ds", f.SpacePadding) 279 | } 280 | 281 | if f.DisableTimestamp { 282 | fmt.Fprintf(b, "%s%s "+messageFormat, level, prefix, message) 283 | } else { 284 | var timestamp string 285 | if !f.FullTimestamp { 286 | timestamp = fmt.Sprintf("[%04d]", miniTS()) 287 | } else { 288 | timestamp = fmt.Sprintf("[%s]", entry.Time.Format(timestampFormat)) 289 | } 290 | 291 | fmt.Fprintf(b, "%s %s %s%s "+messageFormat, colorScheme.TimestampColor(timestamp), level, colorScheme.TimestampColor(fileVal), prefix, message) 292 | } 293 | for _, k := range keys { 294 | if k != "prefix" { 295 | v := entry.Data[k] 296 | fmt.Fprintf(b, " %s=%+v", levelColor(k), v) 297 | } 298 | } 299 | } 300 | 301 | func (f *TextFormatter) needsQuoting(text string) bool { 302 | if f.QuoteEmptyFields && len(text) == 0 { 303 | return true 304 | } 305 | for _, ch := range text { 306 | if !((ch >= 'a' && ch <= 'z') || 307 | (ch >= 'A' && ch <= 'Z') || 308 | (ch >= '0' && ch <= '9') || 309 | ch == '-' || ch == '.') { 310 | return true 311 | } 312 | } 313 | return false 314 | } 315 | 316 | func extractPrefix(msg string) (string, string) { 317 | prefix := "" 318 | regex := regexp.MustCompile("^\\[(.*?)\\]") 319 | if regex.MatchString(msg) { 320 | match := regex.FindString(msg) 321 | prefix, msg = match[1:len(match)-1], strings.TrimSpace(msg[len(match):]) 322 | } 323 | return prefix, msg 324 | } 325 | 326 | func (f *TextFormatter) appendKeyValue(b *bytes.Buffer, key string, value interface{}, appendSpace bool) { 327 | b.WriteString(key) 328 | b.WriteByte('=') 329 | f.appendValue(b, value) 330 | 331 | if appendSpace { 332 | b.WriteByte(' ') 333 | } 334 | } 335 | 336 | func (f *TextFormatter) appendValue(b *bytes.Buffer, value interface{}) { 337 | switch value := value.(type) { 338 | case string: 339 | if !f.needsQuoting(value) { 340 | b.WriteString(value) 341 | } else { 342 | fmt.Fprintf(b, "%s%v%s", f.QuoteCharacter, value, f.QuoteCharacter) 343 | } 344 | case error: 345 | errmsg := value.Error() 346 | if !f.needsQuoting(errmsg) { 347 | b.WriteString(errmsg) 348 | } else { 349 | fmt.Fprintf(b, "%s%v%s", f.QuoteCharacter, errmsg, f.QuoteCharacter) 350 | } 351 | default: 352 | fmt.Fprint(b, value) 353 | } 354 | } 355 | 356 | // This is to not silently overwrite `time`, `msg` and `level` fields when 357 | // dumping it. If this code wasn't there doing: 358 | // 359 | // logrus.WithField("level", 1).Info("hello") 360 | // 361 | // would just silently drop the user provided level. Instead with this code 362 | // it'll be logged as: 363 | // 364 | // {"level": "info", "fields.level": 1, "msg": "hello", "time": "..."} 365 | func prefixFieldClashes(data logrus.Fields) { 366 | if t, ok := data["time"]; ok { 367 | data["fields.time"] = t 368 | } 369 | 370 | if m, ok := data["msg"]; ok { 371 | data["fields.msg"] = m 372 | } 373 | 374 | if l, ok := data["level"]; ok { 375 | data["fields.level"] = l 376 | } 377 | } 378 | 379 | // SplitLast 字符串分割获取最后一位 380 | func SplitLast(str, sep string) string { 381 | arr := strings.Split(str, sep) 382 | return arr[len(arr)-1] 383 | } 384 | -------------------------------------------------------------------------------- /pkg/logging/logger.go: -------------------------------------------------------------------------------- 1 | package logging 2 | 3 | import ( 4 | "fmt" 5 | "github.com/rifflock/lfshook" 6 | "os" 7 | 8 | rotatelogs "github.com/lestrrat-go/file-rotatelogs" 9 | "github.com/sirupsen/logrus" 10 | ) 11 | 12 | var stdFormatter *TextFormatter // 命令行输出格式 13 | var fileFormatter *TextFormatter // 文件输出格式 14 | 15 | var Logger *logrus.Logger 16 | 17 | func init() { 18 | Logger = logrus.New() 19 | Logger.SetReportCaller(true) 20 | stdFormatter = &TextFormatter{ 21 | FullTimestamp: true, 22 | TimestampFormat: "2006-01-02.15:04:05", 23 | ForceFormatting: true, 24 | ForceColors: true, 25 | DisableColors: false, 26 | ReportCaller: true, 27 | } 28 | fileFormatter = &TextFormatter{ 29 | FullTimestamp: true, 30 | TimestampFormat: "2006-01-02.15:04:05", 31 | ForceFormatting: true, 32 | ForceColors: false, 33 | DisableColors: true, 34 | ReportCaller: true, 35 | } 36 | 37 | Logger.SetFormatter(stdFormatter) 38 | Logger.SetLevel(logrus.DebugLevel) 39 | 40 | logPath, _ := os.Getwd() 41 | logName := fmt.Sprintf("%s/logs/yi_log_", logPath) 42 | writer, _ := rotatelogs.New(logName + "%Y_%m_%d" + ".log") 43 | lfHook := lfshook.NewHook(lfshook.WriterMap{ 44 | logrus.InfoLevel: writer, 45 | logrus.WarnLevel: writer, 46 | logrus.DebugLevel: writer, 47 | logrus.ErrorLevel: writer, 48 | }, fileFormatter) 49 | Logger.SetOutput(os.Stdout) 50 | Logger.AddHook(lfHook) 51 | } 52 | -------------------------------------------------------------------------------- /pkg/runner/clnoe.go: -------------------------------------------------------------------------------- 1 | package runner 2 | 3 | import ( 4 | "Yi/pkg/logging" 5 | "bytes" 6 | "os/exec" 7 | ) 8 | 9 | /** 10 | @author: yhy 11 | @since: 2022/10/27 12 | @desc: //TODO 13 | **/ 14 | 15 | func GitClone(gurl string, name string) error { 16 | cmd := exec.Command("git", "clone", gurl, "--depth=1", DirNames.GithubDir+name) 17 | var stdout, stderr bytes.Buffer 18 | cmd.Stdout = &stdout // 标准输出 19 | cmd.Stderr = &stderr // 标准错误 20 | err := cmd.Run() 21 | _, errStr := string(stdout.Bytes()), string(stderr.Bytes()) 22 | if err != nil { 23 | logging.Logger.Errorf("GitClone(%s) cmd.Run() failed with %s -- %s\n", gurl, err, errStr) 24 | 25 | return err 26 | } 27 | return nil 28 | } 29 | -------------------------------------------------------------------------------- /pkg/runner/codeql.go: -------------------------------------------------------------------------------- 1 | package runner 2 | 3 | import ( 4 | "Yi/pkg/db" 5 | "Yi/pkg/logging" 6 | "Yi/pkg/utils" 7 | "bytes" 8 | "fmt" 9 | "os" 10 | "os/exec" 11 | "path" 12 | "path/filepath" 13 | "strings" 14 | "time" 15 | ) 16 | 17 | /** 18 | @author: yhy 19 | @since: 2022/10/13 20 | @desc: //TODO 21 | **/ 22 | 23 | func Analyze(database string, name string, language string, qls []string) map[string]string { 24 | if language == "Go" { 25 | qls = QLFiles.GoQL 26 | } else if language == "Java" { 27 | qls = QLFiles.JavaQL 28 | } 29 | 30 | if len(qls) == 0 { 31 | logging.Logger.Debugln("qls = 0") 32 | return nil 33 | } 34 | 35 | res := make(map[string]string) 36 | filePath := DirNames.ResDir + name 37 | os.MkdirAll(filePath, 0755) 38 | 39 | logging.Logger.Infof("[[%s:%s]] analyze start ...", name, database) 40 | for i, ql := range qls { 41 | fileName := fmt.Sprintf("%s/%d.json", filePath, time.Now().Unix()) 42 | cmd := exec.Command("codeql", "database", "analyze", "--rerun", database, Option.Path+ql, "--format=sarif-latest", "-o", fileName) 43 | var stdout, stderr bytes.Buffer 44 | cmd.Stdout = &stdout // 标准输出 45 | cmd.Stderr = &stderr // 标准错误 46 | err := cmd.Run() 47 | _, errStr := string(stdout.Bytes()), string(stderr.Bytes()) 48 | if err != nil { 49 | logging.Logger.Errorf("Analyze cmd.Run() failed with %s -- %s, %s %s", err, errStr, database, name) 50 | continue 51 | } 52 | 53 | lines := utils.LoadFile(fileName) 54 | 55 | if len(lines) == 0 { 56 | continue 57 | } 58 | 59 | var result string 60 | 61 | for _, line := range lines { 62 | result += line 63 | } 64 | res[fileName] = result 65 | 66 | ProgressBar[name] = float32(i+1) / float32(len(qls)) * 100 67 | } 68 | 69 | logging.Logger.Infof("[[%s:%s]] analysis completed.", name, database) 70 | record := db.Record{ 71 | Project: name, 72 | Url: name, 73 | Color: "success", 74 | Title: name, 75 | Msg: fmt.Sprintf("%s 分析完毕", name), 76 | } 77 | ProgressBar[name] = 100 78 | db.AddRecord(record) 79 | return res 80 | } 81 | 82 | // CreateDb 拉取仓库,本地创建数据库 83 | func CreateDb(gurl, languages string) string { 84 | dbName := utils.GetName(gurl) 85 | err := GitClone(gurl, dbName) 86 | 87 | if err != nil { 88 | logging.Logger.Errorln("create db err:", err) 89 | return "" 90 | } 91 | 92 | // todo 批量跑就抽风,导致有的项目无法生成数据库 "There's no CodeQL extractor named 'Go' installed." 93 | cmd := exec.Command("codeql", "database", "create", DirNames.DbDir+dbName, "-s", DirNames.GithubDir+dbName, "--language="+strings.ToLower(languages), "--overwrite") 94 | var stdout, stderr bytes.Buffer 95 | cmd.Stdout = &stdout // 标准输出 96 | cmd.Stderr = &stderr // 标准错误 97 | err = cmd.Run() 98 | out, errStr := string(stdout.Bytes()), string(stderr.Bytes()) 99 | if err != nil { 100 | logging.Logger.Errorf("CreateDb cmd.Run() failed with %s\n %s -- %s\n", err, out, errStr) 101 | return "" 102 | } 103 | 104 | // 很奇怪,有的生成数据库不是在项目目录下,而是在第二级目录下 105 | dbPath := filepath.Dir(path.Join(utils.CodeqlDb(DirNames.DbDir+dbName), "*")) 106 | logging.Logger.Debugln(gurl, " CreateDb success") 107 | return dbPath 108 | } 109 | 110 | // UpdateRule 每天拉取一下官方仓库,更新规则 111 | func UpdateRule() { 112 | if Option.Path != "" { 113 | _, err := utils.RunGitCommand(Option.Path, "git", "pull") 114 | record := db.Record{ 115 | Project: "CodeQL Rules", 116 | Url: "CodeQL Rules", 117 | Color: "success", 118 | Title: "CodeQL Rules", 119 | Msg: "CodeQL Rules 更新成功", 120 | } 121 | 122 | if err != nil { 123 | record.Color = "danger" 124 | record.Msg = fmt.Sprintf("CodeQL Rules 更新失败, %s", err.Error()) 125 | } 126 | 127 | db.AddRecord(record) 128 | } 129 | } 130 | -------------------------------------------------------------------------------- /pkg/runner/config.go: -------------------------------------------------------------------------------- 1 | package runner 2 | 3 | import ( 4 | "Yi/pkg/logging" 5 | "Yi/pkg/utils" 6 | "bytes" 7 | "github.com/fsnotify/fsnotify" 8 | "github.com/spf13/viper" 9 | "os" 10 | "path" 11 | "path/filepath" 12 | ) 13 | 14 | /** 15 | @author: yhy 16 | @since: 2022/12/12 17 | @desc: //TODO 18 | **/ 19 | 20 | type QLFile struct { 21 | GoQL []string `mapstructure:"go_ql"` 22 | JavaQL []string `mapstructure:"java_ql"` 23 | } 24 | 25 | var QLFiles *QLFile 26 | 27 | // HotConf 使用 viper 对配置热加载 28 | func HotConf() { 29 | dir, err := filepath.Abs(filepath.Dir(os.Args[0])) 30 | if err != nil { 31 | logging.Logger.Fatalf("cmd.HotConf, fail to get current path: %v", err) 32 | } 33 | // 配置文件路径 当前文件夹 + config.yaml 34 | configFile := path.Join(dir, ConfigFileName) 35 | viper.SetConfigType("yaml") 36 | viper.SetConfigFile(configFile) 37 | 38 | // watch 监控配置文件变化 39 | viper.WatchConfig() 40 | viper.OnConfigChange(func(e fsnotify.Event) { 41 | // 配置文件发生变更之后会调用的回调函数 42 | logging.Logger.Infoln("config file changed: ", e.Name) 43 | oldQls := QLFiles 44 | ReadYamlConfig(configFile) 45 | newQls := QLFiles 46 | // 规则更新时,从数据库中获取项目,用新规则跑一遍 47 | NewRules(oldQls, newQls) 48 | }) 49 | } 50 | 51 | // Init 加载配置 52 | func Init() { 53 | //配置文件路径 当前文件夹 + config.yaml 54 | configFile := path.Join(Pwd, ConfigFileName) 55 | 56 | // 检测配置文件是否存在 57 | if !utils.Exists(configFile) { 58 | WriteYamlConfig(configFile) 59 | logging.Logger.Infof("%s not find, Generate profile.", configFile) 60 | } else { 61 | logging.Logger.Infoln("Load profile ", configFile) 62 | } 63 | ReadYamlConfig(configFile) 64 | 65 | } 66 | 67 | func ReadYamlConfig(configFile string) { 68 | // 加载config 69 | viper.SetConfigType("yaml") 70 | viper.SetConfigFile(configFile) 71 | 72 | err := viper.ReadInConfig() 73 | if err != nil { 74 | logging.Logger.Fatalf("setting.Setup, fail to read 'config.yaml': %+v", err) 75 | } 76 | err = viper.Unmarshal(&QLFiles) 77 | if err != nil { 78 | logging.Logger.Fatalf("setting.Setup, fail to parse 'config.yaml', check format: %v", err) 79 | } 80 | } 81 | 82 | func WriteYamlConfig(configFile string) { 83 | // 生成默认config 84 | viper.SetConfigType("yaml") 85 | err := viper.ReadConfig(bytes.NewBuffer(defaultYamlByte)) 86 | if err != nil { 87 | logging.Logger.Fatalf("setting.Setup, fail to read default config bytes: %v", err) 88 | } 89 | // 写文件 90 | err = viper.SafeWriteConfigAs(configFile) 91 | if err != nil { 92 | logging.Logger.Fatalf("setting.Setup, fail to write 'config.yaml': %v", err) 93 | } 94 | } 95 | -------------------------------------------------------------------------------- /pkg/runner/cyclic.go: -------------------------------------------------------------------------------- 1 | package runner 2 | 3 | import ( 4 | "Yi/pkg/db" 5 | "fmt" 6 | "github.com/thoas/go-funk" 7 | "os" 8 | "sync" 9 | "time" 10 | ) 11 | 12 | /** 13 | @author: yhy 14 | @since: 2022/12/7 15 | @desc: 循环执行 16 | **/ 17 | 18 | func Cyclic() { 19 | for { 20 | // todo 不够优雅,万一监控的项目过多,导致一天还没执行完呢 21 | // 等待24小时后再循环执行 22 | if !Option.RunNow { 23 | time.Sleep(24 * 60 * time.Minute) 24 | // 开始检查更新时, 停止重试的检查 25 | IsRetry = false 26 | } 27 | 28 | Option.RunNow = false 29 | 30 | // 更新规则库 31 | UpdateRule() 32 | 33 | count := 0 34 | today := time.Now().Format("2006-01-02") + "/" 35 | DirNames = DirName{ 36 | ZipDir: Pwd + "/db/zip/" + today, 37 | ResDir: Pwd + "/db/results/" + today, 38 | DbDir: Pwd + "/db/database/" + today, 39 | GithubDir: Pwd + "/github/" + today, 40 | } 41 | os.MkdirAll(DirNames.ZipDir, 0755) 42 | os.MkdirAll(DirNames.ResDir, 0755) 43 | os.MkdirAll(DirNames.DbDir, 0755) 44 | os.MkdirAll(DirNames.GithubDir, 0755) 45 | 46 | var projects []db.Project 47 | globalDBTmp := db.GlobalDB.Model(&db.Project{}) 48 | globalDBTmp.Order("id asc").Find(&projects) 49 | 50 | var wg sync.WaitGroup 51 | limit := make(chan bool, Option.Thread) 52 | 53 | for _, p := range projects { 54 | if p.DBPath == "" || !funk.Contains(Languages, p.Language) { 55 | continue 56 | } 57 | wg.Add(1) 58 | limit <- true 59 | go func(project db.Project) { 60 | defer func() { 61 | <-limit 62 | wg.Done() 63 | }() 64 | 65 | // 说明 之前运行失败了, 再尝试一次执行 66 | if project.Count == 0 { 67 | Exec(project, nil) 68 | } else { 69 | // 更新了才会去生成数据库 70 | update, dbPath, pushedAt := CheckUpdate(project) 71 | 72 | if !update { 73 | return 74 | } 75 | 76 | count++ 77 | project.DBPath = dbPath 78 | project.PushedAt = pushedAt 79 | 80 | db.UpdateProject(project.Id, project) 81 | Exec(project, nil) 82 | } 83 | }(p) 84 | 85 | } 86 | 87 | wg.Wait() 88 | close(limit) 89 | 90 | // 全部运行完后,开始对出错的项目进行重试 91 | IsRetry = true 92 | 93 | record := db.Record{ 94 | Color: "primary", 95 | Title: "新一轮扫描", 96 | Msg: fmt.Sprintf("新一轮扫描结束, 总共扫描了 %d 个项目", count), 97 | } 98 | db.AddRecord(record) 99 | } 100 | 101 | } 102 | -------------------------------------------------------------------------------- /pkg/runner/default.go: -------------------------------------------------------------------------------- 1 | package runner 2 | 3 | /** 4 | @author: yhy 5 | @since: 2022/12/13 6 | @desc: //TODO 7 | **/ 8 | 9 | var ConfigFileName = "config.yaml" 10 | 11 | // 默认配置文件, todo 注: Codeql 不支持指定文件夹来运行规则 12 | var defaultYamlByte = []byte(` 13 | go_ql: 14 | # sql 注入 15 | - go/ql/src/Security/CWE-089/SqlInjection.ql 16 | # LDAP 注入 17 | - go/ql/src/experimental/CWE-090/LDAPInjection.ql 18 | # 登录认证绕过 19 | - go/ql/src/experimental/CWE-285/PamAuthBypass.ql 20 | # 用户控制绕过 21 | - go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql 22 | # JWT 硬编码 23 | - go/ql/src/experimental/CWE-321/HardcodedKeys.ql 24 | # SSRF 25 | - go/ql/src/experimental/CWE-918/SSRF.ql 26 | # 路径遍历 27 | - go/ql/src/Security/CWE-022/TaintedPath.ql 28 | # 解压造成的路径穿越 29 | - go/ql/src/Security/CWE-022/UnsafeUnzipSymlink.ql 30 | - go/ql/src/Security/CWE-022/ZipSlip.ql 31 | # 命令执行 32 | - go/ql/src/Security/CWE-078/CommandInjection.ql 33 | - go/ql/src/Security/CWE-078/StoredCommand.ql 34 | # xss 35 | - go/ql/src/Security/CWE-079/ReflectedXss.ql 36 | - go/ql/src/Security/CWE-079/StoredXss.ql 37 | # debug 、堆栈信息泄露 38 | - go/ql/src/Security/CWE-209/StackTraceExposure.ql 39 | # 重定向 40 | - go/ql/src/Security/CWE-601/BadRedirectCheck.ql 41 | - go/ql/src/Security/CWE-601/OpenUrlRedirect.ql 42 | # Xpath 注入 43 | - go/ql/src/Security/CWE-643/XPathInjection.ql 44 | # 硬编码认证信息 45 | - go/ql/src/Security/CWE-798/HardcodedCredentials.ql 46 | # 自定义规则 47 | - go/ql/src/myRules/ 48 | java_ql: 49 | # 路径问题 50 | - java/ql/src/Security/CWE/CWE-022/TaintedPath.ql 51 | - java/ql/src/Security/CWE/CWE-022/TaintedPathLocal.ql 52 | - java/ql/src/Security/CWE/CWE-022/ZipSlip.ql 53 | # JNDI 54 | - java/ql/src/Security/CWE/CWE-074/JndiInjection.ql 55 | - java/ql/src/Security/CWE/CWE-074/XsltInjection.ql 56 | # 命令执行 57 | - java/ql/src/Security/CWE/CWE-078/ExecRelative.ql 58 | - java/ql/src/Security/CWE/CWE-078/ExecTainted.ql 59 | - java/ql/src/Security/CWE/CWE-078/ExecTaintedLocal.ql 60 | - java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql 61 | # xss 62 | - java/ql/src/Security/CWE/CWE-079/XSS.ql 63 | - java/ql/src/Security/CWE/CWE-079/XSSLocal.ql 64 | # sql 注入 65 | - java/ql/src/Security/CWE/CWE-089/SqlTainted.ql 66 | - java/ql/src/Security/CWE/CWE-089/SqlTaintedLocal.ql 67 | - java/ql/src/Security/CWE/CWE-089/SqlUnescaped.ql 68 | # LDAP 69 | - java/ql/src/Security/CWE/CWE-090/LdapInjection.ql 70 | # injection 71 | - java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql 72 | - java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql 73 | - java/ql/src/Security/CWE/CWE-094/JexlInjection.ql 74 | - java/ql/src/Security/CWE/CWE-094/MvelInjection.ql 75 | - java/ql/src/Security/CWE/CWE-094/SpelInjection.ql 76 | - java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql 77 | # debug 、堆栈信息泄露 78 | - java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql 79 | # CVE-2019-16303 80 | - java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql 81 | # JWT 82 | - java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql 83 | # 反序列化 84 | - java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql 85 | # 敏感信息写入日志 86 | - java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql 87 | # XXE 88 | - java/ql/src/Security/CWE/CWE-611/XXE.ql 89 | # XPATH 90 | - java/ql/src/Security/CWE/CWE-643/XPathInjection.ql 91 | # Dos 92 | - java/ql/src/Security/CWE/CWE-730/ReDoS.ql 93 | # 硬编码 94 | - java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql 95 | - java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql 96 | - java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql 97 | - java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql 98 | # 用户权限绕过 99 | - java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql 100 | - java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql 101 | # OGNL 102 | - java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql 103 | # spring boot 104 | - java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql 105 | - java/ql/src/experimental/Security/CWE/CWE-016/SpringBootActuators.ql 106 | # log4j 107 | - java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql 108 | # file 109 | - java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql 110 | # 命令执行 111 | - java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql 112 | # MyBatis sql 113 | - java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql 114 | - java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql 115 | # injection 116 | - java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql 117 | - java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql 118 | - java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql 119 | - java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql 120 | - java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql 121 | - java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql 122 | - java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql 123 | - java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql 124 | # JWT 125 | - java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.ql 126 | # Jsonp 127 | - java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql 128 | # 反射 129 | - java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql 130 | # 反序列化 131 | - java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.ql 132 | - java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql 133 | - java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql 134 | # 目录 135 | - java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql 136 | - java/ql/src/experimental/Security/CWE/CWE-552/UnsafeUrlForward.ql 137 | # debug 138 | - java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql 139 | # 重定向 140 | - java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql 141 | # XXE 142 | - java/ql/src/experimental/Security/CWE/CWE-611/XXE.ql 143 | - java/ql/src/experimental/Security/CWE/CWE-611/XXELocal.ql 144 | # 正则导致的权限绕过问题 145 | - java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegex.ql 146 | # 注入 147 | - java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql 148 | # RMI 149 | - java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql 150 | # Dos 151 | - java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql 152 | `) 153 | -------------------------------------------------------------------------------- /pkg/runner/github.go: -------------------------------------------------------------------------------- 1 | package runner 2 | 3 | import ( 4 | "Yi/pkg/db" 5 | "Yi/pkg/logging" 6 | "Yi/pkg/utils" 7 | "encoding/json" 8 | "errors" 9 | "fmt" 10 | "github.com/corpix/uarand" 11 | jsoniter "github.com/json-iterator/go" 12 | "github.com/thoas/go-funk" 13 | "io" 14 | "io/ioutil" 15 | "net/http" 16 | "os" 17 | "path" 18 | "path/filepath" 19 | "strings" 20 | ) 21 | 22 | /** 23 | @author: yhy 24 | @since: 2022/12/7 25 | @desc: //TODO 26 | **/ 27 | 28 | type GithubRes struct { 29 | Language string `json:"language"` 30 | PushedAt string `json:"pushed_at"` 31 | DefaultBranch string `json:"default_branch"` 32 | } 33 | 34 | // ProError 项目数据库获取错误的,进行重试 35 | type ProError struct { 36 | Url string 37 | Code int 38 | } 39 | 40 | var RetryProject = make(map[string]ProError) 41 | 42 | // GetRepos 从 github 下载构建好的数据库 43 | func GetRepos(url_tmp string) (error, string, GithubRes) { 44 | // https://github.com/prometheus/prometheus -> https://api.github.com/repos/prometheus/prometheus 45 | guri := strings.ReplaceAll(url_tmp, "github.com", "api.github.com/repos") 46 | 47 | res := GetTimeBran(guri, url_tmp) 48 | // https://api.github.com/repos/grafana/grafana 这里只会显示项目中使用最多的语言,但并不一定是项目的主语言,比如这个显示TypeScript,但其实用了 Go 写的 49 | 50 | var flag bool 51 | // repos 中的语言只是占比最多的语言种类,有可能 go 写的 typescript 占比最多 52 | res.Language, flag = GetLanguage(guri, url_tmp) // todo 现在只是适配 Go,java 语言,后期尽量适配主流语言是,目前主力只看 Go 项目 53 | 54 | if flag { 55 | guri = fmt.Sprintf("%s/code-scanning/codeql/databases/%s", guri, res.Language) 56 | } else { 57 | return errors.New("language does not support"), "", res 58 | } 59 | 60 | err, dbPath, code := GetDb(guri, url_tmp, res.Language) 61 | if code != 0 { // 没有生成对应的数据库 62 | RetryProject[url_tmp] = ProError{ 63 | Url: url_tmp, 64 | Code: code, 65 | } 66 | } 67 | return err, dbPath, res 68 | } 69 | 70 | // GetTimeBran 获取项目的更新时间和主分支 https://api.github.com/repos/prometheus/prometheus 71 | func GetTimeBran(guri, url_tmp string) GithubRes { 72 | req, _ := http.NewRequest("GET", guri, nil) 73 | req.Header.Set("Accept", "application/vnd.github.v3.text-match+json") 74 | if Option.Token != "" { 75 | req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", Option.Token)) 76 | } 77 | req.Header.Set("User-Agent", uarand.GetRandom()) 78 | res := GithubRes{} 79 | 80 | req.Close = true 81 | Option.Session.RateLimiter.Take() 82 | resp, err := Option.Session.Client.Do(req) 83 | 84 | if err != nil { 85 | logging.Logger.Errorln("GetRepos client.Do(req) err:", err) 86 | // 网络错误导致的,需要重试 87 | RetryProject[url_tmp] = ProError{ 88 | Url: url_tmp, 89 | Code: 1, 90 | } 91 | res.Language = "" 92 | return res 93 | } 94 | defer resp.Body.Close() 95 | 96 | if resp.Body != nil { 97 | result, _ := ioutil.ReadAll(resp.Body) 98 | json.Unmarshal(result, &res) 99 | } 100 | return res 101 | } 102 | 103 | // GetLanguage 获取项目的代码语言 https://api.github.com/repos/prometheus/prometheus/languages 104 | func GetLanguage(guri, url_tmp string) (string, bool) { 105 | req, _ := http.NewRequest("GET", guri+"/languages", nil) 106 | req.Header.Set("Accept", "application/vnd.github.v3.text-match+json") 107 | if Option.Token != "" { 108 | req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", Option.Token)) 109 | } 110 | req.Header.Set("User-Agent", uarand.GetRandom()) 111 | req.Close = true 112 | Option.Session.RateLimiter.Take() 113 | resp, err := Option.Session.Client.Do(req) 114 | 115 | if err != nil { 116 | logging.Logger.Errorln("GetLanguage client.Do(req) err:", err) 117 | // 网络错误导致的,需要重试 118 | RetryProject[url_tmp] = ProError{ 119 | Url: url_tmp, 120 | Code: 1, 121 | } 122 | return "", false 123 | } 124 | 125 | defer resp.Body.Close() 126 | var language string 127 | if resp.Body != nil { 128 | body, err := ioutil.ReadAll(resp.Body) 129 | 130 | if err != nil { 131 | return "", false 132 | } 133 | 134 | var m float64 = 1 135 | 136 | // 去除 HTML,TypeScript,JavaScript,CSS,SCSS 这些玩意,之后,该项目的编写语言就是使用最多的语言 137 | for k, v := range jsoniter.Get(body).GetInterface().(map[string]interface{}) { 138 | if funk.Contains(k, "HTML") || funk.Contains(k, "TypeScript") || funk.Contains(k, "JavaScript") || funk.Contains(k, "CSS") || funk.Contains(k, "SCSS") { 139 | continue 140 | } 141 | 142 | switch v.(type) { 143 | case float64: 144 | if v.(float64) > m { 145 | language = k 146 | m = v.(float64) 147 | } 148 | default: 149 | language = k 150 | logging.Logger.Errorf("GetLanguage err %s %s", guri, body) 151 | } 152 | } 153 | if funk.Contains(Languages, language) { 154 | return language, true 155 | } 156 | } 157 | 158 | return language, false 159 | } 160 | 161 | // GetDb 下载/生成 数据库 https://api.github.com/repos/prometheus/prometheus/code-scanning/codeql/databases/{languages} 162 | /* 163 | 0 : 成功 164 | 1 : 网络或文件创建错误 165 | 2 : github上没有生成对应的数据库 166 | */ 167 | func GetDb(guri, url, languages string) (error, string, int) { 168 | req, _ := http.NewRequest("GET", guri, nil) 169 | req.Header.Set("Accept", "application/zip") 170 | req.Header.Set("Accept-Encoding", "identity") 171 | req.Header.Set("Content-Type", "application/octet-stream") 172 | if Option.Token != "" { 173 | req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", Option.Token)) 174 | } 175 | req.Header.Set("User-Agent", uarand.GetRandom()) 176 | req.Close = true 177 | 178 | Option.Session.RateLimiter.Take() 179 | resp, err := Option.Session.Client.Do(req) 180 | 181 | if err != nil { 182 | logging.Logger.Errorln(guri, "HttpRequest Do err: ", err) 183 | return err, "", 1 184 | } 185 | defer resp.Body.Close() 186 | 187 | name := utils.GetName(url) 188 | filePath := DirNames.ZipDir + name + ".zip" 189 | 190 | var dbPath string 191 | if resp != nil && resp.StatusCode == 200 { 192 | out, err := os.Create(filePath) 193 | defer out.Close() 194 | if err != nil { 195 | logging.Logger.Errorln("os.Create(filePath) err:", err) 196 | return err, "", 1 197 | } 198 | 199 | if _, err = io.Copy(out, resp.Body); err != nil { 200 | logging.Logger.Errorln(url, " HttpRequest io.Copy err: ", err) 201 | return err, "", 1 202 | } 203 | } else { // 说明 该项目没有在 github配置 codeql 扫描(404),或者项目所有者配置了访问需要权限(403) 204 | dbPath = CreateDb(url, languages) 205 | if dbPath == "" { 206 | return err, "", 2 207 | } else { 208 | return nil, dbPath, 0 209 | } 210 | } 211 | 212 | err = utils.DeCompress(filePath, DirNames.DbDir+name+"/") 213 | if err != nil { 214 | logging.Logger.Errorln("DeCompress err:", err) 215 | return err, "", 1 216 | } 217 | 218 | dbPath = filepath.Dir(path.Join(utils.CodeqlDb(DirNames.DbDir+name), "*")) 219 | logging.Logger.Debugln(url, " downloadDb success.") 220 | return nil, dbPath, 0 221 | } 222 | 223 | // CheckUpdate 检查项目是否更新 224 | func CheckUpdate(project db.Project) (bool, string, string) { 225 | guri := strings.ReplaceAll(project.Url, "github.com", "api.github.com/repos") 226 | 227 | res := GetTimeBran(guri, project.Url) 228 | 229 | var ( 230 | dbPath string 231 | code int 232 | ) 233 | 234 | if project.PushedAt < res.PushedAt { // 说明更新了 235 | 236 | guri = fmt.Sprintf("%s/code-scanning/codeql/databases/%s", guri, project.Language) 237 | 238 | _, dbPath, code = GetDb(guri, project.Url, project.Language) 239 | 240 | if code != 0 { // 没有生成对应的数据库 241 | RetryProject[project.Url] = ProError{ 242 | Url: project.Url, 243 | Code: code, 244 | } 245 | } else { 246 | // 是否在重试列表中 247 | delete(RetryProject, project.Url) 248 | } 249 | } 250 | 251 | if dbPath != "" { 252 | logging.Logger.Debugln(project.Url, " update, start a new scan.", dbPath) 253 | record := db.Record{ 254 | Project: project.Project, 255 | Url: project.Url, 256 | Color: "warning", 257 | Title: project.Project + " 更新", 258 | Msg: fmt.Sprintf("%s 项目更新, 重新生成Codeql数据库", project.Url), 259 | } 260 | db.AddRecord(record) 261 | 262 | return true, dbPath, res.PushedAt 263 | } 264 | 265 | return false, "", "" 266 | } 267 | -------------------------------------------------------------------------------- /pkg/runner/newRules.go: -------------------------------------------------------------------------------- 1 | package runner 2 | 3 | import ( 4 | "Yi/pkg/db" 5 | "Yi/pkg/utils" 6 | "sync" 7 | ) 8 | 9 | /** 10 | @author: yhy 11 | @since: 2022/12/13 12 | @desc: //TODO 13 | **/ 14 | 15 | // NewRules 规则更新时,从数据库中获取项目,用新规则跑一遍 16 | func NewRules(oldQls *QLFile, newQls *QLFile) { 17 | goQLs := utils.Difference(oldQls.GoQL, newQls.GoQL) 18 | javaQls := utils.Difference(oldQls.JavaQL, newQls.JavaQL) 19 | 20 | globalDBTmp := db.GlobalDB.Model(&db.Project{}) 21 | 22 | if len(goQLs) != 0 { 23 | var projects []db.Project 24 | globalDBTmp.Where("language = Go").Order("id asc").Find(&projects) 25 | scan(projects, goQLs) 26 | } 27 | 28 | if len(javaQls) != 0 { 29 | var projects []db.Project 30 | globalDBTmp.Where("language = Java").Order("id asc").Find(&projects) 31 | scan(projects, javaQls) 32 | } 33 | 34 | } 35 | 36 | func scan(projects []db.Project, qls []string) { 37 | var wg sync.WaitGroup 38 | limit := make(chan bool, Option.Thread) 39 | 40 | for _, project := range projects { 41 | if project.DBPath == "" { 42 | continue 43 | } 44 | wg.Add(1) 45 | limit <- true 46 | Exec(project, qls) 47 | <-limit 48 | wg.Done() 49 | } 50 | 51 | wg.Wait() 52 | close(limit) 53 | } 54 | -------------------------------------------------------------------------------- /pkg/runner/options.go: -------------------------------------------------------------------------------- 1 | package runner 2 | 3 | import ( 4 | "Yi/pkg/logging" 5 | "Yi/pkg/utils" 6 | "flag" 7 | "fmt" 8 | "os" 9 | "path/filepath" 10 | "strings" 11 | "time" 12 | ) 13 | 14 | /** 15 | @author: yhy 16 | @since: 2022/10/13 17 | @desc: //TODO 18 | **/ 19 | 20 | type Options struct { 21 | Target string 22 | Targets string 23 | Token string 24 | Proxy string 25 | UserName string 26 | Pwd string 27 | Path string 28 | Port string 29 | Thread int 30 | Session *utils.Session 31 | RunNow bool 32 | } 33 | 34 | var Option Options 35 | 36 | type DirName struct { 37 | ZipDir string 38 | DbDir string 39 | GithubDir string 40 | ResDir string 41 | } 42 | 43 | var DirNames DirName 44 | 45 | var Pwd string 46 | 47 | var ProgressBar map[string]float32 48 | 49 | // Languages Codeql支持的语言,这里要根据机器上的配置,若要支持其他语言,请自行安装语言,以及指定对应语言的 codeql 规则 50 | var Languages = []string{"Go", "Java"} 51 | 52 | func ParseArguments() { 53 | 54 | flag.StringVar(&Option.Target, "t", "", "target") 55 | flag.StringVar(&Option.Targets, "f", "", "target file") 56 | flag.StringVar(&Option.Token, "token", "", "github personal access token") 57 | flag.StringVar(&Option.Proxy, "p", "", "http(s) proxy. eg: http://127.0.0.1:8080") 58 | flag.StringVar(&Option.UserName, "user", "yhy", "http username") 59 | flag.StringVar(&Option.Pwd, "pwd", "", "http pwd") 60 | flag.StringVar(&Option.Path, "path", "", "codeql path") 61 | flag.StringVar(&Option.Port, "port", "8888", "web port(default: 8888)") 62 | flag.BoolVar(&Option.RunNow, "run", false, "The loop scan does not wait 24 hours and is executed immediately.(default: false)") 63 | flag.IntVar(&Option.Thread, "thread", 5, "thread") 64 | flag.Parse() 65 | 66 | flag.Usage = func() { 67 | fmt.Printf("Usage of %s:\n", os.Args[0]) 68 | flag.PrintDefaults() 69 | } 70 | 71 | if flag.NFlag() == 0 { 72 | flag.Usage() 73 | os.Exit(1) 74 | } 75 | 76 | if Option.Path == "" { 77 | logging.Logger.Errorln("Please specify the rule base address of codeql.\neg: -path /Users/yhy/CodeQL/codeql") 78 | os.Exit(1) 79 | } 80 | 81 | if !strings.HasSuffix(Option.Path, "/") && !strings.HasSuffix(Option.Path, "\\") { 82 | if os.Getenv("GOOS") == "windows" { 83 | Option.Path += "\\" 84 | } else { 85 | Option.Path += "/" 86 | } 87 | } 88 | 89 | if Option.Pwd == "" { 90 | Option.Pwd = utils.RandStr() 91 | logging.Logger.Infof("Web access account password:%s/%s", Option.UserName, Option.Pwd) 92 | } 93 | 94 | Pwd, _ = filepath.Abs(filepath.Dir(os.Args[0])) 95 | today := time.Now().Format("2006-01-02") + "/" 96 | DirNames = DirName{ 97 | ZipDir: Pwd + "/db/zip/" + today, 98 | ResDir: Pwd + "/db/results/" + today, 99 | DbDir: Pwd + "/db/database/" + today, 100 | GithubDir: Pwd + "/github/" + today, 101 | } 102 | 103 | os.MkdirAll(DirNames.ZipDir, 0755) 104 | os.MkdirAll(DirNames.ResDir, 0755) 105 | os.MkdirAll(DirNames.DbDir, 0755) 106 | os.MkdirAll(DirNames.GithubDir, 0755) 107 | 108 | Option.Session = utils.NewSession(Option.Proxy) 109 | 110 | // 生成配置文件,并监控更改 111 | Init() 112 | HotConf() 113 | 114 | ProgressBar = make(map[string]float32) 115 | } 116 | -------------------------------------------------------------------------------- /pkg/runner/retry.go: -------------------------------------------------------------------------------- 1 | package runner 2 | 3 | import ( 4 | "Yi/pkg/db" 5 | "Yi/pkg/logging" 6 | "sync" 7 | "time" 8 | ) 9 | 10 | /** 11 | @author: yhy 12 | @since: 2023/2/16 13 | @desc: 数据库生成错误的进行重试 14 | **/ 15 | 16 | var IsRetry bool 17 | 18 | // Retry todo 不优雅 19 | func Retry() { 20 | var wg sync.WaitGroup 21 | limit := make(chan bool, Option.Thread) 22 | 23 | for { 24 | if IsRetry { // 运行完再进行重试, 就不用协程了,一个个跑 25 | for _, perr := range RetryProject { 26 | if !IsRetry { 27 | break 28 | } 29 | wg.Add(1) 30 | limit <- true 31 | delete(RetryProject, perr.Url) 32 | 33 | go func(p ProError) { 34 | defer func() { 35 | <-limit 36 | wg.Done() 37 | }() 38 | logging.Logger.Printf("项目(%s)重试", p.Url) 39 | 40 | _, project := db.Exist(p.Url) 41 | 42 | if p.Code == 1 { 43 | // 从 github 获取 44 | _, dbPath, res := GetRepos(p.Url) 45 | project.DBPath = dbPath 46 | project.Language = res.Language 47 | project.PushedAt = res.PushedAt 48 | project.DefaultBranch = res.DefaultBranch 49 | } else if p.Code == 2 { // 手动生成 50 | project.DBPath = CreateDb(p.Url, project.Language) 51 | } 52 | 53 | db.UpdateProject(project.Id, project) 54 | if project.DBPath != "" { 55 | Exec(project, nil) 56 | } 57 | }(perr) 58 | 59 | } 60 | } 61 | time.Sleep(time.Minute) 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /pkg/runner/runner.go: -------------------------------------------------------------------------------- 1 | package runner 2 | 3 | import ( 4 | "Yi/pkg/db" 5 | "Yi/pkg/logging" 6 | "Yi/pkg/utils" 7 | "fmt" 8 | jsoniter "github.com/json-iterator/go" 9 | "github.com/thoas/go-funk" 10 | "os" 11 | "strings" 12 | "sync" 13 | ) 14 | 15 | /** 16 | @author: yhy 17 | @since: 2022/10/13 18 | @desc: //TODO 19 | **/ 20 | 21 | func Run() { 22 | logging.Logger.Infoln("Yi Starting ... ") 23 | 24 | projects := make(chan db.Project, 100) 25 | 26 | go func() { 27 | if Option.Target != "" { 28 | Option.Target = strings.TrimRight(Option.Target, "/") 29 | exist, project := db.Exist(Option.Target) 30 | if exist { 31 | projects <- project 32 | return 33 | } 34 | name := utils.GetName(Option.Target) 35 | err, dbPath, res := GetRepos(Option.Target) 36 | 37 | project = db.Project{ 38 | Project: name, 39 | Url: Option.Target, 40 | Language: res.Language, 41 | DBPath: dbPath, 42 | PushedAt: res.PushedAt, 43 | Count: 0, 44 | DefaultBranch: res.DefaultBranch, 45 | } 46 | 47 | if err != nil { 48 | db.AddProject(project) 49 | return 50 | } 51 | 52 | projects <- project 53 | 54 | } else if Option.Targets != "" { 55 | targets := utils.LoadFile(Option.Targets) 56 | limit := make(chan bool, Option.Thread) 57 | var wg sync.WaitGroup 58 | 59 | for _, target := range targets { 60 | target = strings.TrimRight(target, "/") 61 | limit <- true 62 | wg.Add(1) 63 | go func(target string) { 64 | defer func() { 65 | wg.Done() 66 | <-limit 67 | }() 68 | 69 | exist, project := db.Exist(target) 70 | if exist { 71 | projects <- project 72 | return 73 | } 74 | name := utils.GetName(target) 75 | err, dbPath, res := GetRepos(target) 76 | 77 | project = db.Project{ 78 | Project: name, 79 | Url: target, 80 | Language: res.Language, 81 | Count: 0, 82 | } 83 | 84 | if err != nil { 85 | logging.Logger.Errorf("Add err(%s[%s]):%v", target, res.Language, err) 86 | db.AddProject(project) 87 | return 88 | } 89 | 90 | project.DBPath = dbPath 91 | project.PushedAt = res.PushedAt 92 | project.DefaultBranch = res.DefaultBranch 93 | projects <- project 94 | 95 | }(target) 96 | } 97 | wg.Wait() 98 | close(limit) 99 | } 100 | 101 | close(projects) 102 | }() 103 | 104 | limit := make(chan bool, Option.Thread) 105 | var wg sync.WaitGroup 106 | 107 | for project := range projects { 108 | if project.DBPath == "" { 109 | continue 110 | } 111 | wg.Add(1) 112 | limit <- true 113 | go WgExec(project, &wg, limit) 114 | } 115 | 116 | wg.Wait() 117 | close(limit) 118 | 119 | // 全部运行完后,开始对出错的项目进行重试 120 | IsRetry = true 121 | } 122 | 123 | func WgExec(project db.Project, wg *sync.WaitGroup, limit chan bool) { 124 | exist, p := db.Exist(project.Url) 125 | 126 | if exist { 127 | project.Id = p.Id 128 | project.Count = p.Count 129 | } else { 130 | id, count := db.AddProject(project) 131 | project.Id = id 132 | project.Count = count 133 | } 134 | 135 | Exec(project, nil) 136 | 137 | <-limit 138 | wg.Done() 139 | } 140 | 141 | var LocationMaps = make(map[string]bool) 142 | 143 | func Exec(project db.Project, qls []string) { 144 | if !funk.Contains(Languages, project.Language) || project.DBPath == "" { 145 | logging.Logger.Debugf("(%s)当前语言不支持(%s)/数据库为空(%s)", project.Project, project.Language, project.DBPath) 146 | return 147 | } 148 | 149 | logging.Logger.Debugln("start exec project: ", project.Project) 150 | 151 | analyze := Analyze(project.DBPath, project.Project, project.Language, qls) 152 | 153 | for fileName, res := range analyze { 154 | results := jsoniter.Get([]byte(res), "runs", 0, "results") 155 | 156 | if results.Size() > 0 { 157 | for i := 0; i < results.Size(); i++ { 158 | location := "{" 159 | 160 | msg := "ruleId: " + results.Get(i).Get("ruleId").ToString() + "\t " 161 | if results.Get(i).Get("locations").Size() > 0 { 162 | for j := 0; j < results.Get(i).Get("locations").Size(); j++ { 163 | msg += "locations: " + results.Get(i).Get("locations").Get(j).Get("physicalLocation", "artifactLocation", "uri").ToString() + "\t startLine: " + results.Get(i).Get("locations").Get(j).Get("physicalLocation", "region", "startLine").ToString() + "\t | " 164 | 165 | line := results.Get(i).Get("locations").Get(j).Get("physicalLocation", "region", "startLine").ToString() 166 | location += fmt.Sprintf("\"%s#L%s\":\"%s\",", results.Get(i).Get("locations").Get(j).Get("physicalLocation", "artifactLocation", "uri").ToString(), line, line) 167 | } 168 | } 169 | 170 | if results.Get(i).Get("relatedLocations").Size() > 0 { 171 | for j := 0; j < results.Get(i).Get("relatedLocations").Size(); j++ { 172 | msg += "relatedLocations: " + results.Get(i).Get("relatedLocations").Get(j).Get("physicalLocation", "artifactLocation", "uri").ToString() + "\t startLine: " + results.Get(i).Get("relatedLocations").Get(j).Get("physicalLocation", "region", "startLine").ToString() + "\t | " 173 | 174 | line := results.Get(i).Get("relatedLocations").Get(j).Get("physicalLocation", "region", "startLine").ToString() 175 | location += fmt.Sprintf("\"%s#L%s\":\"%s\",", results.Get(i).Get("relatedLocations").Get(j).Get("physicalLocation", "artifactLocation", "uri").ToString(), line, line) 176 | } 177 | } 178 | 179 | location += "}" 180 | 181 | if _, ok := LocationMaps[location]; ok { 182 | continue 183 | } 184 | 185 | vul := db.Vul{ 186 | Project: project.Project, 187 | RuleId: results.Get(i).Get("ruleId").ToString(), 188 | Location: []byte(location), 189 | //CodeFlows: results.Get(i).Get("codeFlows").ToString(), 190 | Url: project.Url, 191 | ResDir: fileName, 192 | PushedAt: project.PushedAt, 193 | DefaultBranch: project.DefaultBranch, 194 | } 195 | 196 | db.AddVul(vul) 197 | 198 | db.UpdateProjectArg(project.Id, "vul", 1) 199 | logging.Logger.Infof("%s(%s) Found: %s", project.Project, fileName, results.Get(i).Get("ruleId").ToString()) 200 | } 201 | } else { 202 | err := os.Remove(fileName) //删除文件 203 | 204 | if err != nil { 205 | logging.Logger.Infof("file remove Error! %s\n", err) 206 | } 207 | } 208 | } 209 | db.UpdateProjectArg(project.Id, "count", project.Count+1) 210 | } 211 | 212 | func ApiAdd(target, tag string) { 213 | var exist bool 214 | var project db.Project 215 | exist, project = db.Exist(target) 216 | if !exist { 217 | name := utils.GetName(target) 218 | err, dbPath, res := GetRepos(target) 219 | if err != nil { 220 | record := db.Record{ 221 | Project: target, 222 | Url: target, 223 | Color: "danger", 224 | Title: target, 225 | Msg: fmt.Sprintf("%s 添加失败 %v", target, err), 226 | } 227 | db.AddRecord(record) 228 | return 229 | } 230 | project = db.Project{ 231 | Project: name, 232 | DBPath: dbPath, 233 | Url: target, 234 | Tag: tag, 235 | Language: res.Language, 236 | PushedAt: res.PushedAt, 237 | DefaultBranch: res.DefaultBranch, 238 | Count: 0, 239 | } 240 | id, _ := db.AddProject(project) 241 | project.Id = id 242 | } else { 243 | project.Count += 1 244 | 245 | record := db.Record{ 246 | Project: project.Project, 247 | Url: project.Url, 248 | Color: "success", 249 | Title: project.Project, 250 | Msg: fmt.Sprintf("%s 已存在,重新运行", project.Url), 251 | } 252 | db.AddRecord(record) 253 | } 254 | 255 | Exec(project, nil) 256 | } 257 | -------------------------------------------------------------------------------- /pkg/utils/file.go: -------------------------------------------------------------------------------- 1 | package utils 2 | 3 | import ( 4 | "archive/zip" 5 | "bufio" 6 | "fmt" 7 | "io" 8 | "io/ioutil" 9 | "log" 10 | "os" 11 | "path" 12 | "path/filepath" 13 | ) 14 | 15 | /** 16 | @author: yhy 17 | @since: 2022/10/9 18 | @desc: //TODO 19 | **/ 20 | 21 | func WriteFile(fileName string, fileData string) { 22 | file, err := os.OpenFile(fileName, os.O_WRONLY|os.O_CREATE, 0666) 23 | if err != nil { 24 | fmt.Println("文件打开失败", err) 25 | } 26 | //及时关闭file句柄 27 | defer file.Close() 28 | //写入文件时,使用带缓存的 *Writer 29 | write := bufio.NewWriter(file) 30 | write.WriteString(fileData) 31 | //Flush将缓存的文件真正写入到文件中 32 | write.Flush() 33 | } 34 | 35 | // LoadFile content to slice 36 | func LoadFile(filename string) (lines []string) { 37 | f, err := os.Open(filename) 38 | if err != nil { 39 | log.Println("LoadFile err, ", err) 40 | return 41 | } 42 | defer f.Close() //nolint 43 | s := bufio.NewScanner(f) 44 | for s.Scan() { 45 | if s.Text() != "" { 46 | lines = append(lines, s.Text()) 47 | } 48 | } 49 | return 50 | } 51 | 52 | func SaveFile(path string, data []byte) (err error) { 53 | // Remove file if exist 54 | _, err = os.Stat(path) 55 | if err == nil { 56 | err = os.Remove(path) 57 | if err != nil { 58 | log.Println("旧文件删除失败", err.Error()) 59 | } 60 | } 61 | 62 | // save file 63 | return ioutil.WriteFile(path, data, 0644) 64 | } 65 | 66 | // DeCompress 解压 67 | func DeCompress(zipFile, dest string) error { 68 | reader, err := zip.OpenReader(zipFile) 69 | if err != nil { 70 | return err 71 | } 72 | defer reader.Close() 73 | for _, file := range reader.File { 74 | rc, err := file.Open() 75 | if err != nil { 76 | return err 77 | } 78 | defer rc.Close() 79 | filename := dest + file.Name 80 | err = os.MkdirAll(getDir(filename), 0755) 81 | if err != nil { 82 | return err 83 | } 84 | w, err := os.Create(filename) 85 | if err != nil { 86 | return err 87 | } 88 | defer w.Close() 89 | _, err = io.Copy(w, rc) 90 | if err != nil { 91 | return err 92 | } 93 | w.Close() 94 | rc.Close() 95 | } 96 | return nil 97 | } 98 | 99 | // RemoveDir 删除 ./github 下所有的项目 100 | func RemoveDir() { 101 | Pwd, _ := filepath.Abs(filepath.Dir(os.Args[0])) 102 | dir, _ := ioutil.ReadDir(Pwd + "/github") 103 | for _, d := range dir { 104 | os.RemoveAll(path.Join([]string{"github", d.Name()}...)) 105 | } 106 | } 107 | 108 | // Exists 判断所给路径文件/文件夹是否存在 109 | func Exists(path string) bool { 110 | _, err := os.Stat(path) //os.Stat获取文件信息 111 | if err != nil { 112 | if os.IsExist(err) { 113 | return true 114 | } 115 | return false 116 | } 117 | return true 118 | } 119 | -------------------------------------------------------------------------------- /pkg/utils/paginator.go: -------------------------------------------------------------------------------- 1 | package utils 2 | 3 | import ( 4 | "fmt" 5 | "math" 6 | "net/http" 7 | "net/url" 8 | "reflect" 9 | "strconv" 10 | ) 11 | 12 | type Paginator struct { 13 | Request *http.Request 14 | PerPageNums int 15 | MaxPages int 16 | 17 | nums int64 18 | pageRange []int 19 | pageNums int 20 | page int 21 | } 22 | 23 | func (p *Paginator) PageNums() int { 24 | if p.pageNums != 0 { 25 | return p.pageNums 26 | } 27 | pageNums := math.Ceil(float64(p.nums) / float64(p.PerPageNums)) 28 | if p.MaxPages > 0 { 29 | pageNums = math.Min(pageNums, float64(p.MaxPages)) 30 | } 31 | p.pageNums = int(pageNums) 32 | return p.pageNums 33 | } 34 | 35 | func (p *Paginator) Nums() int64 { 36 | return p.nums 37 | } 38 | 39 | func (p *Paginator) SetNums(nums interface{}) { 40 | p.nums, _ = ToInt64(nums) 41 | } 42 | 43 | func (p *Paginator) Page() int { 44 | if p.page != 0 { 45 | return p.page 46 | } 47 | if p.Request.Form == nil { 48 | p.Request.ParseForm() 49 | } 50 | p.page, _ = strconv.Atoi(p.Request.Form.Get("current")) 51 | if p.page > p.PageNums() { 52 | p.page = p.PageNums() 53 | } 54 | if p.page <= 0 { 55 | p.page = 1 56 | } 57 | return p.page 58 | } 59 | 60 | func (p *Paginator) Pages() []int { 61 | if p.pageRange == nil && p.nums > 0 { 62 | var pages []int 63 | pageNums := p.PageNums() 64 | page := p.Page() 65 | switch { 66 | case page >= pageNums-4 && pageNums > 9: 67 | start := pageNums - 9 + 1 68 | pages = make([]int, 9) 69 | for i, _ := range pages { 70 | pages[i] = start + i 71 | } 72 | case page >= 5 && pageNums > 9: 73 | start := page - 5 + 1 74 | pages = make([]int, int(math.Min(9, float64(page+4+1)))) 75 | for i, _ := range pages { 76 | pages[i] = start + i 77 | } 78 | default: 79 | pages = make([]int, int(math.Min(9, float64(pageNums)))) 80 | for i, _ := range pages { 81 | pages[i] = i + 1 82 | } 83 | } 84 | p.pageRange = pages 85 | } 86 | return p.pageRange 87 | } 88 | 89 | func (p *Paginator) PageLink(page int) string { 90 | link, _ := url.ParseRequestURI(p.Request.RequestURI) 91 | values := link.Query() 92 | if page == 1 { 93 | values.Del("current") 94 | } else { 95 | values.Set("current", strconv.Itoa(page)) 96 | } 97 | link.RawQuery = values.Encode() 98 | return link.String() 99 | } 100 | 101 | func (p *Paginator) PageLinkPrev() (link string) { 102 | if p.HasPrev() { 103 | link = p.PageLink(p.Page() - 1) 104 | } 105 | return 106 | } 107 | 108 | func (p *Paginator) PageLinkNext() (link string) { 109 | if p.HasNext() { 110 | link = p.PageLink(p.Page() + 1) 111 | } 112 | return 113 | } 114 | 115 | func (p *Paginator) PageLinkFirst() (link string) { 116 | return p.PageLink(1) 117 | } 118 | 119 | func (p *Paginator) PageLinkLast() (link string) { 120 | return p.PageLink(p.PageNums()) 121 | } 122 | 123 | func (p *Paginator) HasPrev() bool { 124 | return p.Page() > 1 125 | } 126 | 127 | func (p *Paginator) HasNext() bool { 128 | return p.Page() < p.PageNums() 129 | } 130 | 131 | func (p *Paginator) IsActive(page int) bool { 132 | return p.Page() == page 133 | } 134 | 135 | func (p *Paginator) Offset() int { 136 | return (p.Page() - 1) * p.PerPageNums 137 | } 138 | 139 | func (p *Paginator) HasPages() bool { 140 | return p.PageNums() > 1 141 | } 142 | 143 | func NewPaginator(req *http.Request, per int, nums int64) *Paginator { 144 | p := Paginator{} 145 | p.Request = req 146 | p.PerPageNums = per 147 | p.nums = nums 148 | return &p 149 | } 150 | 151 | // ToInt64 convert any numeric value to int64 152 | func ToInt64(value interface{}) (d int64, err error) { 153 | val := reflect.ValueOf(value) 154 | switch value.(type) { 155 | case int, int8, int16, int32, int64: 156 | d = val.Int() 157 | case uint, uint8, uint16, uint32, uint64: 158 | d = int64(val.Uint()) 159 | default: 160 | err = fmt.Errorf("ToInt64 need numeric not `%T`", value) 161 | } 162 | return 163 | } 164 | -------------------------------------------------------------------------------- /pkg/utils/request.go: -------------------------------------------------------------------------------- 1 | package utils 2 | 3 | import ( 4 | "Yi/pkg/logging" 5 | "crypto/tls" 6 | "go.uber.org/ratelimit" 7 | "net/http" 8 | "net/url" 9 | ) 10 | 11 | /** 12 | @author: yhy 13 | @since: 2023/1/12 14 | @desc: //TODO 15 | **/ 16 | 17 | type Session struct { 18 | // Client is the current http client 19 | Client *http.Client 20 | // Rate limit instance 21 | RateLimiter ratelimit.Limiter // 每秒请求速率限制 22 | } 23 | 24 | func NewSession(proxy string) *Session { 25 | Transport := &http.Transport{ 26 | MaxIdleConns: 100, 27 | MaxIdleConnsPerHost: 100, 28 | DisableKeepAlives: true, 29 | TLSClientConfig: &tls.Config{ 30 | InsecureSkipVerify: true, 31 | }, 32 | } 33 | 34 | // Add proxy 35 | if proxy != "" { 36 | proxyURL, _ := url.Parse(proxy) 37 | if isSupportedProtocol(proxyURL.Scheme) { 38 | Transport.Proxy = http.ProxyURL(proxyURL) 39 | } else { 40 | logging.Logger.Warnln("Unsupported proxy protocol: %s", proxyURL.Scheme) 41 | } 42 | } 43 | 44 | client := &http.Client{ 45 | Transport: Transport, 46 | } 47 | session := &Session{ 48 | Client: client, 49 | } 50 | 51 | // github api 访问加上 token 的访问速率为每小时 5000 次,平均下来每秒一次多,这里限制为每秒访问一次 github 52 | session.RateLimiter = ratelimit.New(1) 53 | 54 | return session 55 | 56 | } 57 | -------------------------------------------------------------------------------- /pkg/utils/util.go: -------------------------------------------------------------------------------- 1 | package utils 2 | 3 | import ( 4 | "fmt" 5 | "github.com/dustin/go-humanize" 6 | "github.com/thoas/go-funk" 7 | "math/rand" 8 | "os" 9 | "os/exec" 10 | "path/filepath" 11 | "sort" 12 | "strings" 13 | "time" 14 | ) 15 | 16 | /** 17 | @author: yhy 18 | @since: 2022/10/13 19 | @desc: //TODO 20 | **/ 21 | 22 | func getDir(path string) string { 23 | return subString(path, 0, strings.LastIndex(path, "/")) 24 | } 25 | 26 | func subString(str string, start, end int) string { 27 | rs := []rune(str) 28 | length := len(rs) 29 | 30 | if start < 0 || start > length { 31 | panic("start is wrong") 32 | } 33 | 34 | if end < start || end > length { 35 | panic("end is wrong") 36 | } 37 | 38 | return string(rs[start:end]) 39 | } 40 | 41 | func GetName(path string) string { 42 | if strings.HasSuffix(path, "/") { 43 | path = strings.TrimRight(path, "/") 44 | } 45 | 46 | ss := strings.Split(path, "/") 47 | 48 | return ss[len(ss)-1] 49 | } 50 | 51 | // WriteCounter 下载进度条 52 | type WriteCounter struct { 53 | Total uint64 54 | FileName string 55 | } 56 | 57 | func (wc *WriteCounter) Write(p []byte) (int, error) { 58 | n := len(p) 59 | wc.Total += uint64(n) 60 | wc.PrintProgress() 61 | return n, nil 62 | } 63 | 64 | func (wc WriteCounter) PrintProgress() { 65 | fmt.Printf("\r%s", strings.Repeat(" ", 35)) 66 | fmt.Printf("\rDownloading [%s] ... %s complete", wc.FileName, humanize.Bytes(wc.Total)) 67 | } 68 | 69 | func RandStr() string { 70 | str := "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ%*.!@" 71 | bytes := []byte(str) 72 | result := []byte{} 73 | rand.Seed(time.Now().UnixNano() + int64(rand.Intn(100))) 74 | for i := 0; i < 10; i++ { 75 | result = append(result, bytes[rand.Intn(len(bytes))]) 76 | } 77 | return string(result) 78 | } 79 | 80 | // CodeqlDb 获取文件夹下 codeql-database.yml 的上级目录路径 81 | func CodeqlDb(dir string) string { 82 | var filePath string 83 | var walkFunc = func(path string, info os.FileInfo, err error) error { 84 | if !info.IsDir() { 85 | if strings.Contains(path, "codeql-database.yml") { 86 | filePath = path 87 | return nil 88 | } 89 | } 90 | return nil 91 | } 92 | filepath.Walk(dir, walkFunc) 93 | return filepath.Dir(filePath) 94 | } 95 | 96 | func StringInSlice(s string, slice []string) bool { 97 | if slice == nil { 98 | return false 99 | } 100 | sort.Strings(slice) 101 | index := sort.SearchStrings(slice, s) 102 | if index < len(slice) && strings.ToLower(slice[index]) == strings.ToLower(s) { 103 | return true 104 | } 105 | return false 106 | } 107 | 108 | // isSupportedProtocol checks given protocols are supported 109 | func isSupportedProtocol(value string) bool { 110 | return value == "http" || value == "https" || value == "socks5" 111 | } 112 | 113 | // Difference 找出更改的规则,如果是新增了,则运行该规则,删除则不运行 114 | func Difference(old, new []string) []string { 115 | _, s2 := funk.Difference(old, new) 116 | 117 | // {"1", "2", "5"} {"3", "5"} 结果 [1 2] [3] 118 | // {"1", "2", "3", "4"} {"1", "2", "3"} 结果 [4] [] 119 | 120 | return s2.([]string) 121 | } 122 | 123 | // RunGitCommand 执行任意Git命令的封装 124 | func RunGitCommand(path, name string, arg ...string) (string, error) { 125 | gitpath := path // 从配置文件中获取当前git仓库的路径 126 | 127 | cmd := exec.Command(name, arg...) 128 | cmd.Dir = gitpath // 指定工作目录为git仓库目录 129 | msg, err := cmd.CombinedOutput() // 混合输出stdout+stderr 130 | err = cmd.Run() 131 | if err != nil { 132 | return "", err 133 | } 134 | 135 | // 报错时 exit status 1 136 | return string(msg), err 137 | } 138 | -------------------------------------------------------------------------------- /pkg/web/data.go: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright 2020 gRPC authors. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | * 16 | */ 17 | 18 | // Package web provides convenience routines to access files in the data 19 | // directory. 20 | package web 21 | 22 | import ( 23 | "path/filepath" 24 | "runtime" 25 | ) 26 | 27 | // basePath is the root directory of this package. 28 | var basePath string 29 | 30 | func init() { 31 | _, currentFile, _, _ := runtime.Caller(0) 32 | basePath = filepath.Dir(currentFile) 33 | } 34 | 35 | // Path returns the absolute path the given relative file or directory path, 36 | // relative to the google.golang.org/grpc/examples/data directory in the 37 | // user's GOPATH. If rel is already absolute, it is returned unmodified. 38 | func Path(rel string) string { 39 | if filepath.IsAbs(rel) { 40 | return rel 41 | } 42 | 43 | return filepath.Join(basePath, rel) 44 | } 45 | -------------------------------------------------------------------------------- /pkg/web/router.go: -------------------------------------------------------------------------------- 1 | package web 2 | 3 | /** 4 | @author: yhy 5 | @since: 2022/12/6 6 | @desc: //TODO 7 | **/ 8 | 9 | import ( 10 | "Yi/pkg/db" 11 | "Yi/pkg/runner" 12 | "Yi/pkg/utils" 13 | "embed" 14 | "fmt" 15 | "github.com/gin-contrib/pprof" 16 | "github.com/gin-gonic/gin" 17 | jsoniter "github.com/json-iterator/go" 18 | "github.com/thoas/go-funk" 19 | "html/template" 20 | "io/fs" 21 | "net/http" 22 | "os" 23 | "strconv" 24 | "strings" 25 | "time" 26 | ) 27 | 28 | type Vul struct { 29 | Id int 30 | Project string 31 | RuleId string 32 | Url string 33 | Location map[string]string 34 | PushedAt string 35 | ResDir string 36 | } 37 | 38 | //go:embed static 39 | var static embed.FS 40 | 41 | //go:embed templates 42 | var templates embed.FS 43 | 44 | func Init() { 45 | gin.SetMode("release") 46 | router := gin.Default() 47 | 48 | router.Static("/db/results/", "./db/results/") 49 | 50 | // 静态资源加载 51 | router.StaticFS("/static", mustFS()) 52 | 53 | // 设置模板资源 54 | router.SetHTMLTemplate(template.Must(template.New("").ParseFS(templates, "templates/*"))) 55 | 56 | // basic 认证 57 | authorized := router.Group("/", gin.BasicAuth(gin.Accounts{ 58 | runner.Option.UserName: runner.Option.Pwd, 59 | })) 60 | 61 | authorized.GET("/", func(c *gin.Context) { 62 | c.Redirect(302, "/index") 63 | }) 64 | 65 | authorized.GET("/index", func(c *gin.Context) { 66 | search := c.Query("search") 67 | 68 | maps := make(map[string]interface{}) 69 | 70 | if search != "" { 71 | if funk.Contains(search, "l:") { 72 | language := strings.Split(search, "l:") 73 | if len(language) > 1 { 74 | maps["language"] = strings.TrimSpace(language[1]) 75 | } 76 | } else { 77 | maps["project"] = strings.TrimSpace(search) 78 | } 79 | } 80 | 81 | pageSize, _ := strconv.Atoi(c.Query("pageSize")) 82 | 83 | if pageSize == 0 { 84 | pageSize = 20 85 | } 86 | 87 | result := 0 88 | page, _ := strconv.Atoi(c.Query("current")) 89 | if page == 0 { 90 | page = 1 91 | } else if page > 0 { 92 | result = (page - 1) * pageSize 93 | } 94 | 95 | total, data := db.GetProjects(result, pageSize, maps) 96 | 97 | for i, pro := range data { 98 | t, _ := time.Parse(time.RFC3339, pro.PushedAt) 99 | data[i].PushedAt = t.Format("2006-01-02 15:04:05") 100 | data[i].LastScanTime = data[i].UpdatedAt.Format("2006-01-02 15:04:05") 101 | probar := runner.ProgressBar[pro.Project] 102 | if probar != 0 { 103 | data[i].ProgressBar = fmt.Sprintf("%.f", probar) + "%" 104 | } else { 105 | data[i].ProgressBar = fmt.Sprintf("%.f", probar) 106 | } 107 | 108 | } 109 | 110 | p := utils.NewPaginator(c.Request, pageSize, total) 111 | 112 | c.HTML(http.StatusOK, "index.tmpl", gin.H{ 113 | "total": total, 114 | "projects": data, 115 | "paginator": p, 116 | "year": time.Now().Year(), 117 | "msg": db.Msg, 118 | }) 119 | }) 120 | 121 | authorized.GET("/addProject", func(c *gin.Context) { 122 | url := c.Query("url") 123 | tag := c.Query("tag") 124 | if url != "" { 125 | url = strings.TrimRight(url, "/") 126 | record := db.Record{ 127 | Project: url, 128 | Url: url, 129 | Color: "success", 130 | Title: url, 131 | Msg: fmt.Sprintf("%s 添加成功, 正在生成数据库...", url), 132 | } 133 | db.AddRecord(record) 134 | 135 | go runner.ApiAdd(url, tag) 136 | c.Redirect(302, "/index") 137 | } 138 | 139 | }) 140 | 141 | authorized.GET("/about", func(c *gin.Context) { 142 | c.HTML(http.StatusOK, "about.tmpl", gin.H{ 143 | "year": time.Now().Year(), 144 | "msg": db.Msg, 145 | }) 146 | }) 147 | 148 | authorized.GET("/record", func(c *gin.Context) { 149 | records := db.GetRecord() 150 | 151 | db.Msg = 0 152 | c.HTML(http.StatusOK, "record.tmpl", gin.H{ 153 | "records": records, 154 | "year": time.Now().Year(), 155 | "msg": db.Msg, 156 | }) 157 | }) 158 | 159 | authorized.GET("/unhandled", func(c *gin.Context) { 160 | search := c.Query("search") 161 | maps := make(map[string]interface{}) 162 | 163 | if search != "" { 164 | if funk.Contains(search, "r:") { 165 | rule := strings.Split(search, "r:") 166 | if len(rule) > 1 { 167 | maps["rule_id"] = strings.TrimSpace(rule[1]) 168 | } 169 | } else { 170 | maps["project"] = strings.TrimSpace(search) 171 | } 172 | } 173 | 174 | pageSize, _ := strconv.Atoi(c.Query("pageSize")) 175 | 176 | if pageSize == 0 { 177 | pageSize = 10 178 | } 179 | 180 | result := 0 181 | page, _ := strconv.Atoi(c.Query("current")) 182 | if page == 0 { 183 | page = 1 184 | } else if page > 0 { 185 | result = (page - 1) * pageSize 186 | } 187 | 188 | t1, data := db.GetVulsUnHandled(result, pageSize, maps) 189 | 190 | total := db.VulTotal() 191 | 192 | var vuls []Vul 193 | for _, vul := range data { 194 | location := make(map[string]string) 195 | for _, k := range jsoniter.Get(vul.Location).Keys() { 196 | location[k] = fmt.Sprintf("%s/blob/%s/%s", strings.ReplaceAll(vul.Url, "https://github.com/", "https://github.dev/"), vul.DefaultBranch, k) 197 | } 198 | vuls = append(vuls, Vul{ 199 | Id: vul.Id, 200 | Project: vul.Project, 201 | RuleId: vul.RuleId, 202 | Url: vul.Url, 203 | Location: location, 204 | PushedAt: vul.PushedAt, 205 | ResDir: vul.ResDir, 206 | }) 207 | } 208 | 209 | p := utils.NewPaginator(c.Request, pageSize, t1) 210 | 211 | c.HTML(http.StatusOK, "vulUnHandled.tmpl", gin.H{ 212 | "total": total, 213 | "vuls": vuls, 214 | "paginator": p, 215 | "year": time.Now().Year(), 216 | "msg": db.Msg, 217 | }) 218 | }) 219 | 220 | authorized.GET("/handled", func(c *gin.Context) { 221 | search := c.Query("search") 222 | 223 | maps := make(map[string]interface{}) 224 | 225 | if search != "" { 226 | if funk.Contains(search, "r:") { 227 | rule := strings.Split(search, "r:") 228 | if len(rule) > 1 { 229 | maps["rule_id"] = strings.TrimSpace(rule[1]) 230 | } 231 | } else { 232 | maps["project"] = strings.TrimSpace(search) 233 | } 234 | } 235 | 236 | pageSize, _ := strconv.Atoi(c.Query("pageSize")) 237 | 238 | if pageSize == 0 { 239 | pageSize = 10 240 | } 241 | 242 | result := 0 243 | page, _ := strconv.Atoi(c.Query("current")) 244 | if page == 0 { 245 | page = 1 246 | } else if page > 0 { 247 | result = (page - 1) * pageSize 248 | } 249 | 250 | t1, data := db.GetVulsHandled(result, pageSize, maps) 251 | 252 | total := db.VulTotal() 253 | 254 | var vuls []Vul 255 | for _, vul := range data { 256 | location := make(map[string]string) 257 | for _, k := range jsoniter.Get(vul.Location).Keys() { 258 | location[k] = fmt.Sprintf("%s/blob/%s/%s", strings.ReplaceAll(vul.Url, "https://github.com/", "https://github.dev/"), vul.DefaultBranch, k) 259 | } 260 | vuls = append(vuls, Vul{ 261 | Id: vul.Id, 262 | Project: vul.Project, 263 | RuleId: vul.RuleId, 264 | Url: vul.Url, 265 | Location: location, 266 | PushedAt: vul.PushedAt, 267 | ResDir: vul.ResDir, 268 | }) 269 | } 270 | 271 | p := utils.NewPaginator(c.Request, pageSize, t1) 272 | 273 | c.HTML(http.StatusOK, "vulHandled.tmpl", gin.H{ 274 | "total": total, 275 | "vuls": vuls, 276 | "paginator": p, 277 | "year": time.Now().Year(), 278 | "msg": db.Msg, 279 | }) 280 | }) 281 | 282 | authorized.GET("/setHandled", func(c *gin.Context) { 283 | id := c.Query("id") 284 | db.UpdateHandled(id) 285 | c.Redirect(302, "/unhandled") 286 | }) 287 | 288 | authorized.GET("/blacklist", func(c *gin.Context) { 289 | id := c.Query("id") 290 | 291 | exist, vul := db.ExistVul(id) 292 | if exist { 293 | db.DeleteVul(id) 294 | db.AddBlacklist(db.Blacklist{Blacklist: vul.Location.String()}) 295 | } 296 | 297 | c.Redirect(302, "/unhandled") 298 | }) 299 | 300 | authorized.GET("/del", func(c *gin.Context) { 301 | id := c.Query("id") 302 | db.DeleteVul(id) 303 | c.Redirect(302, "/unhandled") 304 | }) 305 | 306 | authorized.GET("/download", func(c *gin.Context) { 307 | fileDir := c.Query("fileDir") 308 | 309 | f := strings.Split(fileDir, "/") 310 | 311 | fileName := f[len(f)-1] 312 | //打开文件 313 | _, errByOpenFile := os.Open(fileDir) 314 | //非空处理 315 | if errByOpenFile != nil { 316 | c.Redirect(http.StatusFound, "/404") 317 | return 318 | } 319 | c.Header("Content-Type", "application/octet-stream") 320 | c.Header("Content-Disposition", "attachment; filename="+fileName) 321 | c.Header("Content-Transfer-Encoding", "binary") 322 | c.File(fileDir) 323 | return 324 | }) 325 | 326 | pprof.Register(router) 327 | router.Run(":" + runner.Option.Port) 328 | } 329 | 330 | func mustFS() http.FileSystem { 331 | sub, err := fs.Sub(static, "static") 332 | 333 | if err != nil { 334 | panic(err) 335 | } 336 | 337 | return http.FS(sub) 338 | } 339 | -------------------------------------------------------------------------------- /pkg/web/static/jquery.json-viewer.css: -------------------------------------------------------------------------------- 1 | /* Root element */ 2 | .json-document { 3 | padding: 1em 2em; 4 | } 5 | 6 | /* Syntax highlighting for JSON objects */ 7 | ul.json-dict, ol.json-array { 8 | list-style-type: none; 9 | margin: 0 0 0 1px; 10 | border-left: 1px dotted #ccc; 11 | padding-left: 2em; 12 | } 13 | .json-string { 14 | color: #0B7500; 15 | } 16 | .json-literal { 17 | color: #1A01CC; 18 | font-weight: bold; 19 | } 20 | 21 | /* Toggle button */ 22 | a.json-toggle { 23 | position: relative; 24 | color: inherit; 25 | text-decoration: none; 26 | } 27 | a.json-toggle:focus { 28 | outline: none; 29 | } 30 | a.json-toggle:before { 31 | font-size: 1.1em; 32 | color: #c0c0c0; 33 | content: "\25BC"; /* down arrow */ 34 | position: absolute; 35 | display: inline-block; 36 | width: 1em; 37 | text-align: center; 38 | line-height: 1em; 39 | left: -1.2em; 40 | } 41 | a.json-toggle:hover:before { 42 | color: #aaa; 43 | } 44 | a.json-toggle.collapsed:before { 45 | /* Use rotated down arrow, prevents right arrow appearing smaller than down arrow in some browsers */ 46 | transform: rotate(-90deg); 47 | } 48 | 49 | /* Collapsable placeholder links */ 50 | a.json-placeholder { 51 | color: #aaa; 52 | padding: 0 1em; 53 | text-decoration: none; 54 | } 55 | a.json-placeholder:hover { 56 | text-decoration: underline; 57 | } 58 | -------------------------------------------------------------------------------- /pkg/web/static/jquery.json-viewer.js: -------------------------------------------------------------------------------- 1 | /** 2 | * jQuery json-viewer 3 | * @author: Alexandre Bodelot 4 | * @link: https://github.com/abodelot/jquery.json-viewer 5 | */ 6 | (function($) { 7 | 8 | /** 9 | * Check if arg is either an array with at least 1 element, or a dict with at least 1 key 10 | * @return boolean 11 | */ 12 | function isCollapsable(arg) { 13 | return arg instanceof Object && Object.keys(arg).length > 0; 14 | } 15 | 16 | /** 17 | * Check if a string looks like a URL, based on protocol 18 | * This doesn't attempt to validate URLs, there's no use and syntax can be too complex 19 | * @return boolean 20 | */ 21 | function isUrl(string) { 22 | var protocols = ['http', 'https', 'ftp', 'ftps']; 23 | for (var i = 0; i < protocols.length; ++i) { 24 | if (string.startsWith(protocols[i] + '://')) { 25 | return true; 26 | } 27 | } 28 | return false; 29 | } 30 | 31 | /** 32 | * Return the input string html escaped 33 | * @return string 34 | */ 35 | function htmlEscape(s) { 36 | return s.replace(/&/g, '&') 37 | .replace(//g, '>') 39 | .replace(/'/g, ''') 40 | .replace(/"/g, '"'); 41 | } 42 | 43 | /** 44 | * Transform a json object into html representation 45 | * @return string 46 | */ 47 | function json2html(json, options) { 48 | var html = ''; 49 | if (typeof json === 'string') { 50 | // Escape tags and quotes 51 | json = htmlEscape(json); 52 | 53 | if (options.withLinks && isUrl(json)) { 54 | html += '' + json + ''; 55 | } else { 56 | // Escape double quotes in the rendered non-URL string. 57 | json = json.replace(/"/g, '\\"'); 58 | html += '"' + json + '"'; 59 | } 60 | } else if (typeof json === 'number' || typeof json === 'bigint') { 61 | html += '' + json + ''; 62 | } else if (typeof json === 'boolean') { 63 | html += '' + json + ''; 64 | } else if (json === null) { 65 | html += 'null'; 66 | } else if (json instanceof Array) { 67 | if (json.length > 0) { 68 | html += '[
    '; 69 | for (var i = 0; i < json.length; ++i) { 70 | html += '
  1. '; 71 | // Add toggle button if item is collapsable 72 | if (isCollapsable(json[i])) { 73 | html += ''; 74 | } 75 | html += json2html(json[i], options); 76 | // Add comma if item is not last 77 | if (i < json.length - 1) { 78 | html += ','; 79 | } 80 | html += '
    2. '; 81 | } 82 | html += '
]'; 83 | } else { 84 | html += '[]'; 85 | } 86 | } else if (typeof json === 'object') { 87 | // Optional support different libraries for big numbers 88 | // json.isLosslessNumber: package lossless-json 89 | // json.toExponential(): packages bignumber.js, big.js, decimal.js, decimal.js-light, others? 90 | if (options.bigNumbers && (typeof json.toExponential === 'function' || json.isLosslessNumber)) { 91 | html += '' + json.toString() + ''; 92 | } else { 93 | var keyCount = Object.keys(json).length; 94 | if (keyCount > 0) { 95 | html += '{}'; 120 | } else { 121 | html += '{}'; 122 | } 123 | } 124 | } 125 | return html; 126 | } 127 | 128 | /** 129 | * jQuery plugin method 130 | * @param json: a javascript object 131 | * @param options: an optional options hash 132 | */ 133 | $.fn.jsonViewer = function(json, options) { 134 | // Merge user options with default options 135 | options = Object.assign({}, { 136 | collapsed: false, 137 | rootCollapsable: true, 138 | withQuotes: false, 139 | withLinks: true, 140 | bigNumbers: false 141 | }, options); 142 | 143 | // jQuery chaining 144 | return this.each(function() { 145 | 146 | // Transform to HTML 147 | var html = json2html(json, options); 148 | if (options.rootCollapsable && isCollapsable(json)) { 149 | html = '' + html; 150 | } 151 | 152 | // Insert HTML in target DOM element 153 | $(this).html(html); 154 | $(this).addClass('json-document'); 155 | 156 | // Bind click on toggle buttons 157 | $(this).off('click'); 158 | $(this).on('click', 'a.json-toggle', function() { 159 | var target = $(this).toggleClass('collapsed').siblings('ul.json-dict, ol.json-array'); 160 | target.toggle(); 161 | if (target.is(':visible')) { 162 | target.siblings('.json-placeholder').remove(); 163 | } else { 164 | var count = target.children('li').length; 165 | var placeholder = count + (count > 1 ? ' items' : ' item'); 166 | target.after('' + placeholder + ''); 167 | } 168 | return false; 169 | }); 170 | 171 | // Simulate click on toggle button when placeholder is clicked 172 | $(this).on('click', 'a.json-placeholder', function() { 173 | $(this).siblings('a.json-toggle').click(); 174 | return false; 175 | }); 176 | 177 | if (options.collapsed == true) { 178 | // Trigger click to collapse all nodes 179 | $(this).find('a.json-toggle').click(); 180 | } 181 | }); 182 | }; 183 | })(jQuery); 184 | -------------------------------------------------------------------------------- /pkg/web/static/record.css: -------------------------------------------------------------------------------- 1 | .scrollbar { 2 | height: 800px; 3 | overflow-y: scroll; 4 | overflow-x: hidden; 5 | } 6 | 7 | 8 | .mb-70{ 9 | margin-bottom: 70px; 10 | } 11 | 12 | .card { 13 | box-shadow: 0 0.46875rem 2.1875rem rgba(4,9,20,0.03), 0 0.9375rem 1.40625rem rgba(4,9,20,0.03), 0 0.25rem 0.53125rem rgba(4,9,20,0.05), 0 0.125rem 0.1875rem rgba(4,9,20,0.03); 14 | border-width: 0; 15 | transition: all .2s; 16 | } 17 | 18 | .card { 19 | position: relative; 20 | display: flex; 21 | flex-direction: column; 22 | min-width: 0; 23 | word-wrap: break-word; 24 | background-color: #fff; 25 | background-clip: border-box; 26 | border: 1px solid rgba(26,54,126,0.125); 27 | border-radius: .25rem; 28 | } 29 | 30 | .card-body { 31 | flex: 1 1 auto; 32 | padding: 1.25rem; 33 | } 34 | .vertical-timeline { 35 | width: 100%; 36 | position: relative; 37 | padding: 1.5rem 0 1rem; 38 | } 39 | 40 | .vertical-timeline::before { 41 | content: ''; 42 | position: absolute; 43 | top: 0; 44 | left: 143px; 45 | height: 100%; 46 | width: 4px; 47 | background: #e9ecef; 48 | border-radius: .25rem; 49 | } 50 | 51 | .vertical-timeline-element { 52 | position: relative; 53 | margin: 0 0 1rem; 54 | } 55 | 56 | .vertical-timeline--animate .vertical-timeline-element-icon.bounce-in { 57 | visibility: visible; 58 | animation: cd-bounce-1 .8s; 59 | } 60 | .vertical-timeline-element-icon { 61 | position: absolute; 62 | top: 0; 63 | left: 135px; 64 | } 65 | 66 | .vertical-timeline-element-icon .badge-dot-xl { 67 | box-shadow: 0 0 0 5px #fff; 68 | } 69 | 70 | .badge-dot-xl { 71 | width: 18px; 72 | height: 18px; 73 | position: relative; 74 | } 75 | .badge:empty { 76 | display: none; 77 | } 78 | 79 | 80 | .badge-dot-xl::before { 81 | content: ''; 82 | width: 10px; 83 | height: 10px; 84 | border-radius: .25rem; 85 | position: absolute; 86 | left: 50%; 87 | top: 50%; 88 | margin: -5px 0 0 -5px; 89 | background: #fff; 90 | } 91 | 92 | .vertical-timeline-element-content { 93 | position: relative; 94 | margin-left: 90px; 95 | font-size: 1rem; 96 | } 97 | 98 | .vertical-timeline-element-content .timeline-msg { 99 | padding: 2px 75px 0; 100 | } 101 | 102 | .vertical-timeline-element-content .timeline-title { 103 | font-size: 1.1rem; 104 | text-transform: uppercase; 105 | margin: 0 0 .5rem; 106 | padding: 0px 75px 0; 107 | font-weight: bold; 108 | } 109 | 110 | .vertical-timeline-element-content .vertical-timeline-element-date { 111 | display: block; 112 | position: absolute; 113 | left: -90px; 114 | top: 0; 115 | padding-right: 10px; 116 | text-align: right; 117 | color: #adb5bd; 118 | font-size: .7619rem; 119 | white-space: nowrap; 120 | } 121 | 122 | .vertical-timeline-element-content:after { 123 | content: ""; 124 | display: table; 125 | clear: both; 126 | } 127 | 128 | .badge { 129 | display:inline-block; 130 | padding:.25em .4em; 131 | font-size:75%; 132 | font-weight:700; 133 | line-height:1; 134 | text-align:center; 135 | white-space:nowrap; 136 | vertical-align:baseline; 137 | border-radius:.25rem; 138 | transition:color .15s ease-in-out, background-color .15s ease-in-out, border-color .15s ease-in-out, box-shadow .15s ease-in-out 139 | } 140 | @media (prefers-reduced-motion:reduce) { 141 | .badge { 142 | transition:none 143 | } 144 | } 145 | a.badge:focus, a.badge:hover { 146 | text-decoration:none 147 | } 148 | .badge:empty { 149 | display:none 150 | } 151 | .btn .badge { 152 | position:relative; 153 | top:-1px 154 | } 155 | .badge-pill { 156 | padding-right:.6em; 157 | padding-left:.6em; 158 | border-radius:10rem 159 | } 160 | .badge-primary { 161 | color:#fff; 162 | background-color:#007bff 163 | } 164 | a.badge-primary:focus, a.badge-primary:hover { 165 | color:#fff; 166 | background-color:#0062cc 167 | } 168 | a.badge-primary.focus, a.badge-primary:focus { 169 | outline:0; 170 | box-shadow:0 0 0 .2rem rgba(0, 123, 255, .5) 171 | } 172 | .badge-secondary { 173 | color:#fff; 174 | background-color:#6c757d 175 | } 176 | a.badge-secondary:focus, a.badge-secondary:hover { 177 | color:#fff; 178 | background-color:#545b62 179 | } 180 | a.badge-secondary.focus, a.badge-secondary:focus { 181 | outline:0; 182 | box-shadow:0 0 0 .2rem rgba(108, 117, 125, .5) 183 | } 184 | .badge-success { 185 | color:#fff; 186 | background-color:#28a745 187 | } 188 | a.badge-success:focus, a.badge-success:hover { 189 | color:#fff; 190 | background-color:#1e7e34 191 | } 192 | a.badge-success.focus, a.badge-success:focus { 193 | outline:0; 194 | box-shadow:0 0 0 .2rem rgba(40, 167, 69, .5) 195 | } 196 | .badge-info { 197 | color:#fff; 198 | background-color:#17a2b8 199 | } 200 | a.badge-info:focus, a.badge-info:hover { 201 | color:#fff; 202 | background-color:#117a8b 203 | } 204 | a.badge-info.focus, a.badge-info:focus { 205 | outline:0; 206 | box-shadow:0 0 0 .2rem rgba(23, 162, 184, .5) 207 | } 208 | .badge-warning { 209 | color:#212529; 210 | background-color:#ffc107 211 | } 212 | a.badge-warning:focus, a.badge-warning:hover { 213 | color:#212529; 214 | background-color:#d39e00 215 | } 216 | a.badge-warning.focus, a.badge-warning:focus { 217 | outline:0; 218 | box-shadow:0 0 0 .2rem rgba(255, 193, 7, .5) 219 | } 220 | .badge-danger { 221 | color:#fff; 222 | background-color:#dc3545 223 | } 224 | a.badge-danger:focus, a.badge-danger:hover { 225 | color:#fff; 226 | background-color:#bd2130 227 | } 228 | a.badge-danger.focus, a.badge-danger:focus { 229 | outline:0; 230 | box-shadow:0 0 0 .2rem rgba(220, 53, 69, .5) 231 | } 232 | .badge-light { 233 | color:#212529; 234 | background-color:#f8f9fa 235 | } 236 | a.badge-light:focus, a.badge-light:hover { 237 | color:#212529; 238 | background-color:#dae0e5 239 | } 240 | a.badge-light.focus, a.badge-light:focus { 241 | outline:0; 242 | box-shadow:0 0 0 .2rem rgba(248, 249, 250, .5) 243 | } 244 | .badge-dark { 245 | color:#fff; 246 | background-color:#343a40 247 | } 248 | a.badge-dark:focus, a.badge-dark:hover { 249 | color:#fff; 250 | background-color:#1d2124 251 | } 252 | a.badge-dark.focus, a.badge-dark:focus { 253 | outline:0; 254 | box-shadow:0 0 0 .2rem rgba(52, 58, 64, .5) 255 | } -------------------------------------------------------------------------------- /pkg/web/templates/about.tmpl: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 弈 以有算无 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 |
23 |
24 |
25 | 26 | 27 | 弈 以有算无 28 | 29 | 30 | 47 |
48 |
49 | 50 |
51 | 52 | 53 |
54 |
55 |

56 |

57 |

监控 Github 开源项目, 并使用 Codeql 扫描(Every day)

58 |

现支持 Go, Java

59 |

60 |

61 |
62 |

63 |
64 | 65 |
66 |
67 |
自动扫描
68 |

每天监控项目是否是否更新,更新则获取/生成数据库,进行 Codeql 扫描

69 |
70 |
71 | 72 | 73 |
74 |
75 |
规则配置监控
76 |

监控配置文件更新,新增 ql 规则从数据库中获取进行扫描

77 |
78 |
79 | 80 | 81 |
82 |
83 |
黑名单
84 |

有的规则会误报,看的时候将该扫描结果拉黑,以后再次扫描时该结果就不会在界面显示

85 |
86 |
87 | 88 |
89 |
90 | 91 | {{template "footer.tmpl"}} 92 | 93 | 94 | 95 | -------------------------------------------------------------------------------- /pkg/web/templates/footer.tmpl: -------------------------------------------------------------------------------- 1 | {{ define "footer.tmpl"}} 2 | 10 | {{end}} -------------------------------------------------------------------------------- /pkg/web/templates/index.tmpl: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 14 | 弈 以有算无 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 |
26 |
27 |
28 | 29 | 30 | 弈 以有算无 31 | 32 | 33 | 48 |
49 |
50 | 51 |
52 | 53 | 54 |
55 |
56 | {{template "search.tmpl"}} 57 |
58 |
59 |
    60 |
  • 61 |

    监控中的项目 ({{ .total }})

    62 |
    • 63 |
  • 64 | 65 |
    • 66 |
67 |
68 |
69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | {{ range $key,$value := .projects }} 84 | 85 | {{if eq $value.Vul 1}} 86 | 89 | {{ else}} 90 | 93 | {{end}} 94 | 95 | 96 | {{if eq $value.Language "Go"}} 97 | 98 | {{else if eq $value.Language "Rust"}} 99 | 100 | {{else if eq $value.Language "Java"}} 101 | 102 | {{else if eq $value.Language "Python"}} 103 | 104 | {{ else}} 105 | 106 | {{end}} 107 | 108 | 109 | 110 | {{if ge $value.Count 1}} 111 | 112 | {{else}} 113 | 114 | {{end}} 115 | 116 | 117 | 118 | 123 | 124 | {{ else }} 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | {{ end}} 136 | 137 | 138 |
ProjectUrlLanguageDBPathCountLastScanTimePushedAtProgress
87 | {{ $value.Project }} {{ $value.Tag }} 88 | 91 | {{ $value.Project }} {{ $value.Tag }} 92 | {{ $value.Url }} {{ $value.Language }}{{ $value.Language }}{{ $value.Language }}{{ $value.Language }}{{ $value.Language }}{{ $value.DBPath }}{{ $value.Count }}{{ $value.Count }}{{ $value.LastScanTime }}{{ $value.PushedAt }} 119 |
120 |
{{ $value.ProgressBar }}
121 |
122 |
139 | 140 | {{if gt .paginator.PageNums 1}} 141 | 162 | {{end}} 163 |
164 | 165 |
166 | 167 | 168 | 198 | 199 | {{template "footer.tmpl"}} 200 | 201 | -------------------------------------------------------------------------------- /pkg/web/templates/record.tmpl: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 弈 以有算无 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 |
22 |
23 | 24 | 25 | 弈 以有算无 26 | 27 | 28 | 43 |
44 |
45 | 46 |
47 | 48 | 49 |
50 |
51 |
52 |
53 |
54 |
Timeline
55 |
56 | {{ range $key,$value := .records }} 57 |
58 |
59 | 60 | 61 | 62 |
63 |

{{ $value.Title }}

64 |

{{ $value.Msg }}

65 | {{ $value.CurrentTime }} 66 |
67 |
68 |
69 | {{ end}} 70 |
71 |
72 |
73 | 74 |
75 |
76 | 77 | 78 | {{template "footer.tmpl"}} 79 | 80 | -------------------------------------------------------------------------------- /pkg/web/templates/search.tmpl: -------------------------------------------------------------------------------- 1 | {{ define "search.tmpl"}} 2 | 31 | 32 | 108 | 109 |
110 |
111 |
112 |
113 | 114 | 115 |
116 |
117 |
118 |
119 | {{end}} -------------------------------------------------------------------------------- /pkg/web/templates/vulHandled.tmpl: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 33 | 41 | 42 | 43 | 弈 以有算无 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 |
54 |
55 |
56 | 57 | 58 | 弈 以有算无 59 | 60 | 61 | 76 |
77 |
78 | 79 |
80 | 81 | 82 |
83 |
84 | {{template "search.tmpl"}} 85 |
86 |
87 |
    88 |
  • 89 |

    漏洞信息 ({{ .total }}) {{.location}}

    90 |
    • 91 |
92 |
93 | 94 | 98 | 99 |
100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | {{ range $key,$value := .vuls }} 112 |
113 |
114 | 117 | 118 | 129 | 130 | 189 | 190 | 191 | {{ else }} 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | {{ end}} 200 | 201 |
ProjectRuleIdLocationPushedAtOperation
115 | 116 | {{ $value.RuleId }} 119 |
    120 | {{ range $k,$v := $value.Location }} 121 | {{ $displayValue := $k }} 122 | {{ if gt (len $k) 30 }} 123 | {{ $displayValue = printf "%s..." (slice $k 0 27) }} 124 | {{ end }} 125 |
  • {{ $displayValue }}
    • 126 | {{ end}} 127 |
128 | 		{{ $value.PushedAt }} 131 | 132 | 133 | 157 | 158 | 159 | 160 | 186 | 187 | 下载 188 |
202 | {{if gt .paginator.PageNums 1}} 203 | 224 | {{end}} 225 |
226 |
227 | 228 | {{template "footer.tmpl"}} 229 | 230 | 231 | -------------------------------------------------------------------------------- /pkg/web/templates/vulUnHandled.tmpl: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 22 | 42 | 弈 以有算无 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 |
53 |
54 |
55 | 56 | 57 | 弈 以有算无 58 | 59 | 60 | 75 |
76 |
77 | 78 |
79 | 80 | 81 |
82 |
83 | {{template "search.tmpl"}} 84 |
85 |
86 |
    87 |
  • 88 |

    漏洞信息 ({{ .total }}) {{.location}}

    89 |
    • 90 |
91 |
92 | 93 | 97 | 98 |
99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | {{ range $key,$value := .vuls }} 111 |
112 |
113 | 116 | 117 | 128 | 129 | 196 | 197 | 198 | {{ else }} 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | {{ end}} 207 | 208 |
ProjectRuleIdLocationPushedAtOperation
114 | 115 | {{ $value.RuleId }} 118 |
    119 | {{ range $k,$v := $value.Location }} 120 | {{ $displayValue := $k }} 121 | {{ if gt (len $k) 30 }} 122 | {{ $displayValue = printf "%s..." (slice $k 0 27) }} 123 | {{ end }} 124 |
  • {{ $displayValue }}
    • 125 | {{ end}} 126 |
127 | 		{{ $value.PushedAt }} 130 | 131 | 132 | 156 | 157 | 158 | 159 | 185 | 186 |
187 | 190 | 194 |
195 |
209 | {{if gt .paginator.PageNums 1}} 210 | 231 | {{end}} 232 |
233 |
234 | 235 | {{template "footer.tmpl"}} 236 | 237 | 238 | -------------------------------------------------------------------------------- /test/codeql_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "Yi/pkg/logging" 5 | "Yi/pkg/runner" 6 | "Yi/pkg/utils" 7 | "fmt" 8 | jsoniter "github.com/json-iterator/go" 9 | "os" 10 | "testing" 11 | ) 12 | 13 | /** 14 | @author: yhy 15 | @since: 2022/12/13 16 | @desc: //TODO 17 | **/ 18 | 19 | func TestCodeql(t *testing.T) { 20 | runner.DirNames.ResDir = "./test/" 21 | runner.QLFiles = &runner.QLFile{ 22 | GoQL: []string{"/Users/yhy/CodeQL/codeql/go/ql/src/Security/CWE-020"}, 23 | } 24 | for fileName, res := range runner.Analyze("/Users/yhy/CodeQL/database/go/grafana/v8.2.6", "grafana", "go", nil) { 25 | results := jsoniter.Get([]byte(res), "runs", 0, "results") 26 | 27 | if results.Size() > 0 { 28 | maps := make(map[string]bool) 29 | for i := 0; i < results.Size(); i++ { 30 | location := "{" 31 | 32 | msg := "ruleId: " + results.Get(i).Get("ruleId").ToString() + "\t " 33 | if results.Get(i).Get("relatedLocations").Size() > 0 { 34 | for j := 0; j < results.Get(i).Get("relatedLocations").Size(); j++ { 35 | msg += "relatedLocations: " + results.Get(i).Get("relatedLocations").Get(j).Get("physicalLocation", "artifactLocation", "uri").ToString() + "\t startLine: " + results.Get(i).Get("relatedLocations").Get(j).Get("physicalLocation", "region", "startLine").ToString() + "\t | " 36 | 37 | line := results.Get(i).Get("relatedLocations").Get(j).Get("physicalLocation", "region", "startLine").ToString() 38 | location += fmt.Sprintf("\"%s#L%s\":\"%s\",", results.Get(i).Get("relatedLocations").Get(j).Get("physicalLocation", "artifactLocation", "uri").ToString(), line, line) 39 | } 40 | 41 | } else if results.Get(i).Get("locations").Size() > 0 { 42 | for j := 0; j < results.Get(i).Get("locations").Size(); j++ { 43 | msg += "locations: " + results.Get(i).Get("locations").Get(j).Get("physicalLocation", "artifactLocation", "uri").ToString() + "\t startLine: " + results.Get(i).Get("locations").Get(j).Get("physicalLocation", "region", "startLine").ToString() + "\t | " 44 | 45 | line := results.Get(i).Get("locations").Get(j).Get("physicalLocation", "region", "startLine").ToString() 46 | location += fmt.Sprintf("\"%s#L%s\":\"%s\",", results.Get(i).Get("locations").Get(j).Get("physicalLocation", "artifactLocation", "uri").ToString(), line, line) 47 | } 48 | 49 | } 50 | 51 | if _, ok := maps[location]; ok { 52 | continue 53 | } 54 | 55 | location += "}" 56 | 57 | logging.Logger.Infof("(%s) Found: %s", fileName, msg) 58 | } 59 | } else { 60 | err := os.Remove(fileName) //删除文件 61 | 62 | if err != nil { 63 | logging.Logger.Infof("file remove Error! %s\n", err) 64 | } 65 | } 66 | } 67 | } 68 | 69 | func TestRead(t *testing.T) { 70 | 71 | lines := utils.LoadFile("/Users/yhy/Desktop/2022-12-14/superedge/1671002613.json") 72 | 73 | var result string 74 | 75 | for _, i := range lines { 76 | result += i 77 | } 78 | 79 | results := jsoniter.Get([]byte(result), "runs", 0, "results") 80 | 81 | if results.Size() > 0 { 82 | maps := make(map[string]bool) 83 | 84 | for i := 0; i < results.Size(); i++ { 85 | location := "{" 86 | 87 | msg := "ruleId: " + results.Get(i).Get("ruleId").ToString() + "\t " 88 | if results.Get(i).Get("locations").Size() > 0 { 89 | for j := 0; j < results.Get(i).Get("locations").Size(); j++ { 90 | msg += "locations: " + results.Get(i).Get("locations").Get(j).Get("physicalLocation", "artifactLocation", "uri").ToString() + "\t startLine: " + results.Get(i).Get("locations").Get(j).Get("physicalLocation", "region", "startLine").ToString() + "\t | " 91 | 92 | line := results.Get(i).Get("locations").Get(j).Get("physicalLocation", "region", "startLine").ToString() 93 | location += fmt.Sprintf("\"%s#L%s\":\"%s\",", results.Get(i).Get("locations").Get(j).Get("physicalLocation", "artifactLocation", "uri").ToString(), line, line) 94 | } 95 | } 96 | if results.Get(i).Get("relatedLocations").Size() > 0 { 97 | for j := 0; j < results.Get(i).Get("relatedLocations").Size(); j++ { 98 | msg += "relatedLocations: " + results.Get(i).Get("relatedLocations").Get(j).Get("physicalLocation", "artifactLocation", "uri").ToString() + "\t startLine: " + results.Get(i).Get("relatedLocations").Get(j).Get("physicalLocation", "region", "startLine").ToString() + "\t | " 99 | 100 | line := results.Get(i).Get("relatedLocations").Get(j).Get("physicalLocation", "region", "startLine").ToString() 101 | location += fmt.Sprintf("\"%s#L%s\":\"%s\",", results.Get(i).Get("relatedLocations").Get(j).Get("physicalLocation", "artifactLocation", "uri").ToString(), line, line) 102 | } 103 | 104 | } 105 | 106 | codeFlows := results.Get(i).Get("codeFlows").ToString() 107 | 108 | fmt.Println("------------------") 109 | fmt.Println(codeFlows) 110 | location += "}" 111 | 112 | if _, ok := maps[location]; ok { 113 | continue 114 | } 115 | 116 | fmt.Println(location) 117 | 118 | logging.Logger.Infof("(%s) Found: %s", "test", msg) 119 | } 120 | } 121 | 122 | } 123 | -------------------------------------------------------------------------------- /test/db_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "Yi/pkg/db" 5 | "Yi/pkg/runner" 6 | "Yi/pkg/utils" 7 | "Yi/pkg/web" 8 | "fmt" 9 | "testing" 10 | ) 11 | 12 | /** 13 | @author: yhy 14 | @since: 2022/12/13 15 | @desc: //TODO 16 | **/ 17 | 18 | func TestDb(t *testing.T) { 19 | maps := make(map[string]interface{}) 20 | 21 | maps["language"] = "Go" 22 | 23 | aa, _ := db.GetProjects(0, 0, maps) 24 | 25 | fmt.Println(aa) 26 | } 27 | 28 | func TestWeb(t *testing.T) { 29 | runner.Option.Session = utils.NewSession("") 30 | runner.Option.UserName = "yhy" 31 | runner.Option.Pwd = "123" 32 | runner.Option.Port = "8888" 33 | web.Init() 34 | } 35 | -------------------------------------------------------------------------------- /test/file_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | "path/filepath" 7 | "strings" 8 | "testing" 9 | ) 10 | 11 | /** 12 | @author: yhy 13 | @since: 2022/12/13 14 | @desc: //TODO 15 | **/ 16 | 17 | var listfile []string //获取文件列表 18 | 19 | func Listfunc(path string, f os.FileInfo, err error) error { 20 | var strRet string 21 | strRet, _ = os.Getwd() 22 | ostype := os.Getenv("GOOS") // windows, linux 23 | 24 | if ostype == "windows" { 25 | strRet += "\\" 26 | } else { 27 | strRet += "/" 28 | } 29 | 30 | if f == nil { 31 | return err 32 | } 33 | if f.IsDir() { 34 | return nil 35 | } 36 | 37 | strRet += path //+ "\r\n" 38 | 39 | ok := strings.HasSuffix(strRet, ".ql") 40 | if ok { 41 | listfile = append(listfile, strRet) //将目录push到listfile []string中 42 | } 43 | 44 | return nil 45 | } 46 | 47 | func getFileList(path string) string { 48 | err := filepath.Walk(path, Listfunc) // 49 | if err != nil { 50 | fmt.Printf("filepath.Walk() returned %v\n", err) 51 | } 52 | 53 | return " " 54 | } 55 | 56 | func ListFileFunc(p []string) { 57 | for _, value := range p { 58 | fmt.Println(value) 59 | } 60 | } 61 | 62 | func TestFile(t *testing.T) { 63 | getFileList("/Users/yhy/CodeQL/codeql/java/ql/src/Security/CWE/CWE-074") 64 | ListFileFunc(listfile) 65 | } 66 | -------------------------------------------------------------------------------- /test/github_test.go: -------------------------------------------------------------------------------- 1 | package test 2 | 3 | import ( 4 | "Yi/pkg/runner" 5 | "Yi/pkg/utils" 6 | "fmt" 7 | "testing" 8 | ) 9 | 10 | /** 11 | @author: yhy 12 | @since: 2022/12/13 13 | @desc: //TODO 14 | **/ 15 | 16 | func TestGithub(t *testing.T) { 17 | //req, _ := http.NewRequest("GET", "https://api.github.com/repos/airshipit/treasuremap/languages", nil) 18 | //req.Header.Set("Accept", "application/vnd.github.v3.text-match+json") 19 | // 20 | //req.Header.Set("User-Agent", uarand.GetRandom()) 21 | //req.Close = true 22 | // 23 | //resp, err := utils.Httpx("").Do(req) 24 | // 25 | //if err != nil { 26 | // logging.Logger.Errorln("GetLanguage client.Do(req) err:", err) 27 | // 28 | //} 29 | //defer resp.Body.Close() 30 | //body, _ := ioutil.ReadAll(resp.Body) 31 | //results := jsoniter.Get(body).Keys() 32 | // 33 | //fmt.Println(results) 34 | runner.Option.Session = utils.NewSession("") 35 | fmt.Println(runner.GetLanguage("https://api.github.com/repos/agragregra/OptimizedHTML-4", "https://github.com/agragregra/OptimizedHTML-4")) 36 | 37 | asd := make(map[string]string) 38 | 39 | delete(asd, "11") 40 | 41 | fmt.Println("1 ", asd) 42 | 43 | asd["11"] = "12" 44 | 45 | delete(asd, "22") 46 | 47 | fmt.Println(asd) 48 | delete(asd, "11") 49 | 50 | fmt.Println(asd) 51 | } 52 | --------------------------------------------------------------------------------