├── .classpath ├── .gitignore ├── .gradle └── buildOutputCleanup │ ├── buildOutputCleanup.lock │ └── cache.properties ├── .project ├── .settings ├── .jsdtscope ├── org.eclipse.buildship.core.prefs ├── org.eclipse.core.resources.prefs ├── org.eclipse.jdt.core.prefs ├── org.eclipse.wst.common.component ├── org.eclipse.wst.common.project.facet.core.xml ├── org.eclipse.wst.jsdt.ui.superType.container └── org.eclipse.wst.jsdt.ui.superType.name ├── LICENSE ├── README.md ├── bin ├── .gitignore └── main │ ├── com │ └── wrlus │ │ └── seciot │ │ ├── cve │ │ ├── controller │ │ │ └── CVEController.class │ │ ├── dao │ │ │ └── CVEMapper.class │ │ ├── model │ │ │ └── CVEDao.class │ │ └── service │ │ │ ├── CVEService.class │ │ │ └── CVEServiceImpl.class │ │ ├── fw │ │ ├── controller │ │ │ └── FwController.class │ │ ├── model │ │ │ └── FwInfo.class │ │ └── service │ │ │ ├── FwService.class │ │ │ └── FwServiceImpl.class │ │ ├── history │ │ ├── controller │ │ │ └── HistoryController.class │ │ ├── dao │ │ │ └── HistoryMapper.class │ │ ├── model │ │ │ ├── FwHistoryDao.class │ │ │ └── HistoryDao.class │ │ └── service │ │ │ ├── HistoryService.class │ │ │ └── HistoryServiceImpl.class │ │ ├── library │ │ ├── controller │ │ │ └── ThirdLibraryController.class │ │ ├── dao │ │ │ └── ThirdLibraryMapper.class │ │ ├── model │ │ │ ├── ThirdLibrary.class │ │ │ ├── ThirdLibraryDao.class │ │ │ ├── ThirdLibraryRiskDao.class │ │ │ └── ThirdLibraryRiskResult.class │ │ └── service │ │ │ ├── ThirdLibraryService.class │ │ │ └── ThirdLibraryServiceImpl.class │ │ ├── platform │ │ ├── controller │ │ │ └── PlatformController.class │ │ ├── dao │ │ │ └── PlatformRiskMapper.class │ │ ├── model │ │ │ ├── PlatformRiskDao.class │ │ │ └── PlatformRiskResult.class │ │ └── service │ │ │ ├── PlatformRiskService.class │ │ │ └── PlatformRiskServiceImpl.class │ │ ├── pysocket │ │ ├── Callback.class │ │ ├── PyClient.class │ │ ├── PyServerManager.class │ │ └── model │ │ │ ├── PySocketRequest.class │ │ │ └── PySocketResponse.class │ │ ├── user │ │ ├── controller │ │ │ └── UserController.class │ │ ├── dao │ │ │ └── UserMapper.class │ │ ├── model │ │ │ └── UserDao.class │ │ └── service │ │ │ ├── UserService.class │ │ │ └── UserServiceImpl.class │ │ ├── util │ │ ├── excel │ │ │ ├── ConventExcelCellType.class │ │ │ ├── ExcelFileSolver.class │ │ │ └── ReadRiskExcel.class │ │ ├── exception │ │ │ ├── ClientAlreadyExistsException.class │ │ │ ├── FileUploadException.class │ │ │ ├── FridaException.class │ │ │ ├── InvalidParameterException.class │ │ │ ├── NoSuchClientException.class │ │ │ ├── NoSuchPythonMethodException.class │ │ │ ├── NoSuchRiskException.class │ │ │ ├── PortRunOutException.class │ │ │ ├── PythonException.class │ │ │ ├── PythonIOException.class │ │ │ ├── PythonRuntimeException.class │ │ │ ├── ReasonEnum.class │ │ │ └── RootException.class │ │ └── os │ │ │ └── OSUtil.class │ │ └── waf │ │ └── XSSProtect.class │ └── log4j2.xml ├── build.gradle ├── gradle └── wrapper │ ├── gradle-wrapper.jar │ └── gradle-wrapper.properties ├── gradlew ├── gradlew.bat ├── settings.gradle └── src └── main ├── java ├── com │ └── wrlus │ │ └── seciot │ │ ├── cve │ │ ├── controller │ │ │ └── CVEController.java │ │ ├── dao │ │ │ └── CVEMapper.java │ │ ├── model │ │ │ └── CVEDao.java │ │ └── service │ │ │ ├── CVEService.java │ │ │ └── CVEServiceImpl.java │ │ ├── fw │ │ ├── controller │ │ │ └── FwController.java │ │ ├── model │ │ │ └── FwInfo.java │ │ └── service │ │ │ ├── FwService.java │ │ │ └── FwServiceImpl.java │ │ ├── history │ │ ├── controller │ │ │ └── HistoryController.java │ │ ├── dao │ │ │ └── HistoryMapper.java │ │ ├── model │ │ │ ├── FwHistoryDao.java │ │ │ └── HistoryDao.java │ │ └── service │ │ │ ├── HistoryService.java │ │ │ └── HistoryServiceImpl.java │ │ ├── library │ │ ├── controller │ │ │ └── ThirdLibraryController.java │ │ ├── dao │ │ │ └── ThirdLibraryMapper.java │ │ ├── model │ │ │ ├── ThirdLibrary.java │ │ │ ├── ThirdLibraryDao.java │ │ │ ├── ThirdLibraryRiskDao.java │ │ │ └── ThirdLibraryRiskResult.java │ │ └── service │ │ │ ├── ThirdLibraryService.java │ │ │ └── ThirdLibraryServiceImpl.java │ │ ├── platform │ │ ├── controller │ │ │ └── PlatformController.java │ │ ├── dao │ │ │ └── PlatformRiskMapper.java │ │ ├── model │ │ │ ├── PlatformRiskDao.java │ │ │ └── PlatformRiskResult.java │ │ └── service │ │ │ ├── PlatformRiskService.java │ │ │ └── PlatformRiskServiceImpl.java │ │ ├── pysocket │ │ ├── Callback.java │ │ ├── PyClient.java │ │ ├── PyServerManager.java │ │ └── model │ │ │ ├── PySocketRequest.java │ │ │ └── PySocketResponse.java │ │ ├── user │ │ ├── controller │ │ │ └── UserController.java │ │ ├── dao │ │ │ └── UserMapper.java │ │ ├── model │ │ │ └── UserDao.java │ │ └── service │ │ │ ├── UserService.java │ │ │ └── UserServiceImpl.java │ │ ├── util │ │ ├── excel │ │ │ ├── ConventExcelCellType.java │ │ │ ├── ExcelFileSolver.java │ │ │ └── ReadRiskExcel.java │ │ ├── exception │ │ │ ├── ClientAlreadyExistsException.java │ │ │ ├── FileUploadException.java │ │ │ ├── FridaException.java │ │ │ ├── InvalidParameterException.java │ │ │ ├── NoSuchClientException.java │ │ │ ├── NoSuchPythonMethodException.java │ │ │ ├── NoSuchRiskException.java │ │ │ ├── PortRunOutException.java │ │ │ ├── PythonException.java │ │ │ ├── PythonIOException.java │ │ │ ├── PythonRuntimeException.java │ │ │ ├── ReasonEnum.java │ │ │ └── RootException.java │ │ └── os │ │ │ └── OSUtil.java │ │ └── waf │ │ └── XSSProtect.java └── log4j2.xml └── webapp ├── META-INF └── MANIFEST.MF ├── WEB-INF ├── db │ └── seciot.sql ├── mybatis │ └── mybatis-config.xml ├── python │ ├── fw_platform │ │ ├── fw_crontab.py │ │ ├── fw_dropbear_auth_keys.py │ │ ├── fw_dropbear_enable.py │ │ └── fw_linux_shadow.py │ ├── fw_third_library │ │ ├── fw_busybox_version.py │ │ ├── fw_dropbear_version.py │ │ ├── fw_iproute2_version.py │ │ ├── fw_miniupnp_version.py │ │ ├── fw_openldap_version.py │ │ ├── fw_openssh_version.py │ │ ├── fw_openssl_version.py │ │ ├── fw_pcre_version.py │ │ ├── fw_uclibc_version.py │ │ └── fw_zlib_version.py │ ├── run_tools │ │ └── run_binwalk.py │ └── socket_server.py ├── spring │ ├── spring-config.xml │ ├── spring-security.xml │ └── springmvc-config.xml └── web.xml ├── css ├── custom.css └── dashboard.css ├── index.html ├── js └── main.js └── pages ├── firmware.html ├── history.html └── main.html /.classpath: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /.gradle/ 2 | -------------------------------------------------------------------------------- /.gradle/buildOutputCleanup/buildOutputCleanup.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/.gradle/buildOutputCleanup/buildOutputCleanup.lock -------------------------------------------------------------------------------- /.gradle/buildOutputCleanup/cache.properties: -------------------------------------------------------------------------------- 1 | #Tue Apr 30 14:10:11 CST 2019 2 | gradle.version=5.4.1 3 | -------------------------------------------------------------------------------- /.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | SecIoT 4 | Project SecIoT created by Buildship. 5 | 6 | 7 | 8 | 9 | org.eclipse.jdt.core.javabuilder 10 | 11 | 12 | 13 | 14 | org.eclipse.wst.common.project.facet.core.builder 15 | 16 | 17 | 18 | 19 | org.eclipse.wst.validation.validationbuilder 20 | 21 | 22 | 23 | 24 | org.eclipse.buildship.core.gradleprojectbuilder 25 | 26 | 27 | 28 | 29 | 30 | org.eclipse.jem.workbench.JavaEMFNature 31 | org.eclipse.wst.common.modulecore.ModuleCoreNature 32 | org.eclipse.jdt.core.javanature 33 | org.eclipse.buildship.core.gradleprojectnature 34 | org.eclipse.wst.common.project.facet.core.nature 35 | org.eclipse.wst.jsdt.core.jsNature 36 | 37 | 38 | -------------------------------------------------------------------------------- /.settings/.jsdtscope: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.settings/org.eclipse.buildship.core.prefs: -------------------------------------------------------------------------------- 1 | connection.project.dir= 2 | eclipse.preferences.version=1 3 | -------------------------------------------------------------------------------- /.settings/org.eclipse.core.resources.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | encoding/=UTF-8 3 | -------------------------------------------------------------------------------- /.settings/org.eclipse.jdt.core.prefs: -------------------------------------------------------------------------------- 1 | eclipse.preferences.version=1 2 | org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled 3 | org.eclipse.jdt.core.compiler.codegen.methodParameters=do not generate 4 | org.eclipse.jdt.core.compiler.codegen.targetPlatform=11 5 | org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve 6 | org.eclipse.jdt.core.compiler.compliance=11 7 | org.eclipse.jdt.core.compiler.debug.lineNumber=generate 8 | org.eclipse.jdt.core.compiler.debug.localVariable=generate 9 | org.eclipse.jdt.core.compiler.debug.sourceFile=generate 10 | org.eclipse.jdt.core.compiler.problem.assertIdentifier=error 11 | org.eclipse.jdt.core.compiler.problem.enumIdentifier=error 12 | org.eclipse.jdt.core.compiler.release=enabled 13 | org.eclipse.jdt.core.compiler.source=11 14 | -------------------------------------------------------------------------------- /.settings/org.eclipse.wst.common.component: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | -------------------------------------------------------------------------------- /.settings/org.eclipse.wst.common.project.facet.core.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /.settings/org.eclipse.wst.jsdt.ui.superType.container: -------------------------------------------------------------------------------- 1 | org.eclipse.wst.jsdt.launching.baseBrowserLibrary -------------------------------------------------------------------------------- /.settings/org.eclipse.wst.jsdt.ui.superType.name: -------------------------------------------------------------------------------- 1 | Window -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SecIoT 2 | - IoT安全漏洞检测平台-服务器平台 3 | 4 | ## 主要功能 5 | ### 一、系统安全 6 | #### 1、系统固件静态分析 7 | - 分析Squashfs和JFFS2文件系统的固件 8 | - 分析固件中第三方库的版本以及此版本存在的CVE漏洞,目前支持以下第三方库的检测: 9 | - OpenSSL 10 | - gzlib 11 | - busybox 12 | - miniUPnP 13 | - uclibc 14 | - OpenSSH 15 | - Dropbear 16 | - pcre 17 | - OpenLDAP 18 | - 分析固件中存在的平台配置风险,目前支持的功能: 19 | - 分析Linux固件中的用户情况 20 | - 分析Linux系统是否可通过Dropbear进行SSH远程登录 21 | - 分析Linux系统是否在Dropbear中配置了公钥 22 | - 分析Linux系统的计划任务(crontab)情况 23 | 24 | ## 环境配置 25 | ### 一、基本环境 26 | - 系统要求:Linux、Microsoft Windows 10.0.14393或更高版本 27 | - Web运行环境:JDK 8或更高版本、Tomcat 9.0或更高版本、Gradle(自动配置SSM) 28 | - Python运行环境:Python 3.6或更高版本(不支持Python 2.x) 29 | - 数据库运行环境:MySQL或MariaDB 30 | 31 | ### 二、依赖环境 32 | - binwalk:用于系统固件分析模块(对于Windows必须将binwalk安装在Windows Subsystem Linux中),https://github.com/ReFirmLabs/binwalk 33 | 34 | ### 三、部署方式 35 | - 按照Java Web项目部署war包即可 36 | 37 | ## 计划中的功能 38 | - 系统固件动态分析:整合QEMU开源组件。 39 | - 基于Docker的快捷部署 -------------------------------------------------------------------------------- /bin/.gitignore: -------------------------------------------------------------------------------- 1 | /main/ 2 | -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/cve/controller/CVEController.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/cve/controller/CVEController.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/cve/dao/CVEMapper.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/cve/dao/CVEMapper.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/cve/model/CVEDao.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/cve/model/CVEDao.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/cve/service/CVEService.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/cve/service/CVEService.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/cve/service/CVEServiceImpl.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/cve/service/CVEServiceImpl.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/fw/controller/FwController.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/fw/controller/FwController.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/fw/model/FwInfo.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/fw/model/FwInfo.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/fw/service/FwService.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/fw/service/FwService.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/fw/service/FwServiceImpl.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/fw/service/FwServiceImpl.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/history/controller/HistoryController.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/history/controller/HistoryController.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/history/dao/HistoryMapper.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/history/dao/HistoryMapper.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/history/model/FwHistoryDao.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/history/model/FwHistoryDao.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/history/model/HistoryDao.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/history/model/HistoryDao.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/history/service/HistoryService.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/history/service/HistoryService.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/history/service/HistoryServiceImpl.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/history/service/HistoryServiceImpl.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/library/controller/ThirdLibraryController.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/library/controller/ThirdLibraryController.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/library/dao/ThirdLibraryMapper.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/library/dao/ThirdLibraryMapper.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/library/model/ThirdLibrary.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/library/model/ThirdLibrary.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/library/model/ThirdLibraryDao.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/library/model/ThirdLibraryDao.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/library/model/ThirdLibraryRiskDao.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/library/model/ThirdLibraryRiskDao.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/library/model/ThirdLibraryRiskResult.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/library/model/ThirdLibraryRiskResult.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/library/service/ThirdLibraryService.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/library/service/ThirdLibraryService.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/library/service/ThirdLibraryServiceImpl.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/library/service/ThirdLibraryServiceImpl.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/platform/controller/PlatformController.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/platform/controller/PlatformController.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/platform/dao/PlatformRiskMapper.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/platform/dao/PlatformRiskMapper.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/platform/model/PlatformRiskDao.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/platform/model/PlatformRiskDao.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/platform/model/PlatformRiskResult.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/platform/model/PlatformRiskResult.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/platform/service/PlatformRiskService.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/platform/service/PlatformRiskService.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/platform/service/PlatformRiskServiceImpl.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/platform/service/PlatformRiskServiceImpl.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/pysocket/Callback.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/pysocket/Callback.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/pysocket/PyClient.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/pysocket/PyClient.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/pysocket/PyServerManager.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/pysocket/PyServerManager.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/pysocket/model/PySocketRequest.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/pysocket/model/PySocketRequest.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/pysocket/model/PySocketResponse.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/pysocket/model/PySocketResponse.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/user/controller/UserController.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/user/controller/UserController.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/user/dao/UserMapper.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/user/dao/UserMapper.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/user/model/UserDao.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/user/model/UserDao.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/user/service/UserService.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/user/service/UserService.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/user/service/UserServiceImpl.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/user/service/UserServiceImpl.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/excel/ConventExcelCellType.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/excel/ConventExcelCellType.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/excel/ExcelFileSolver.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/excel/ExcelFileSolver.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/excel/ReadRiskExcel.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/excel/ReadRiskExcel.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/exception/ClientAlreadyExistsException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/exception/ClientAlreadyExistsException.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/exception/FileUploadException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/exception/FileUploadException.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/exception/FridaException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/exception/FridaException.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/exception/InvalidParameterException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/exception/InvalidParameterException.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/exception/NoSuchClientException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/exception/NoSuchClientException.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/exception/NoSuchPythonMethodException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/exception/NoSuchPythonMethodException.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/exception/NoSuchRiskException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/exception/NoSuchRiskException.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/exception/PortRunOutException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/exception/PortRunOutException.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/exception/PythonException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/exception/PythonException.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/exception/PythonIOException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/exception/PythonIOException.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/exception/PythonRuntimeException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/exception/PythonRuntimeException.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/exception/ReasonEnum.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/exception/ReasonEnum.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/exception/RootException.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/exception/RootException.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/util/os/OSUtil.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/util/os/OSUtil.class -------------------------------------------------------------------------------- /bin/main/com/wrlus/seciot/waf/XSSProtect.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/bin/main/com/wrlus/seciot/waf/XSSProtect.class -------------------------------------------------------------------------------- /bin/main/log4j2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /build.gradle: -------------------------------------------------------------------------------- 1 | /* 2 | * This file was generated by the Gradle 'init' task. 3 | * 4 | * This generated file contains a sample Java Library project to get you started. 5 | * For more details take a look at the Java Libraries chapter in the Gradle 6 | * user guide available at https://docs.gradle.org/5.0/userguide/java_library_plugin.html 7 | */ 8 | 9 | plugins { 10 | // Apply the java-library plugin to add support for Java Library 11 | id 'java' 12 | // Apply the war plugin to add support for Java Web war package 13 | id 'war' 14 | } 15 | 16 | // In this section you declare where to find the dependencies of your project 17 | repositories { 18 | // Use jcenter for resolving your dependencies. 19 | // You can declare any Maven/Ivy/file repository here. 20 | jcenter() 21 | } 22 | 23 | dependencies { 24 | // https://mvnrepository.com/artifact/org.xerial/sqlite-jdbc 25 | implementation group: 'org.xerial', name: 'sqlite-jdbc', version: '3.30.1' 26 | // https://mvnrepository.com/artifact/commons-codec/commons-codec 27 | implementation group: 'commons-codec', name: 'commons-codec', version: '1.12' 28 | // https://mvnrepository.com/artifact/org.apache.commons/commons-collections4 29 | implementation group: 'org.apache.commons', name: 'commons-collections4', version: '4.3' 30 | // https://mvnrepository.com/artifact/commons-logging/commons-logging 31 | implementation group: 'commons-logging', name: 'commons-logging', version: '1.2' 32 | // https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core 33 | implementation group: 'org.apache.logging.log4j', name: 'log4j-core', version: '2.11.2' 34 | // https://mvnrepository.com/artifact/org.apache.poi/poi 35 | implementation group: 'org.apache.poi', name: 'poi', version: '4.1.2' 36 | // https://mvnrepository.com/artifact/org.apache.poi/poi-ooxml 37 | implementation group: 'org.apache.poi', name: 'poi-ooxml', version: '4.1.2' 38 | // https://mvnrepository.com/artifact/org.apache.poi/poi-scratchpad 39 | implementation group: 'org.apache.poi', name: 'poi-scratchpad', version: '4.1.2' 40 | // https://mvnrepository.com/artifact/org.apache.poi/poi-ooxml-schemas 41 | implementation group: 'org.apache.poi', name: 'poi-ooxml-schemas', version: '4.1.2' 42 | // https://mvnrepository.com/artifact/org.apache.poi/poi-excelant 43 | implementation group: 'org.apache.poi', name: 'poi-excelant', version: '4.1.2' 44 | // https://mvnrepository.com/artifact/org.springframework/spring-core 45 | implementation group: 'org.springframework', name: 'spring-core', version: '5.2.3.RELEASE' 46 | // https://mvnrepository.com/artifact/org.springframework/spring-beans 47 | implementation group: 'org.springframework', name: 'spring-beans', version: '5.2.3.RELEASE' 48 | // https://mvnrepository.com/artifact/org.springframework/spring-web 49 | implementation group: 'org.springframework', name: 'spring-web', version: '5.2.3.RELEASE' 50 | // https://mvnrepository.com/artifact/org.springframework/spring-webmvc 51 | implementation group: 'org.springframework', name: 'spring-webmvc', version: '5.2.3.RELEASE' 52 | // https://mvnrepository.com/artifact/org.springframework/spring-jdbc 53 | implementation group: 'org.springframework', name: 'spring-jdbc', version: '5.2.3.RELEASE' 54 | // https://mvnrepository.com/artifact/org.springframework/spring-aop 55 | implementation group: 'org.springframework', name: 'spring-aop', version: '5.2.3.RELEASE' 56 | // https://mvnrepository.com/artifact/org.springframework/spring-aspects 57 | implementation group: 'org.springframework', name: 'spring-aspects', version: '5.2.3.RELEASE' 58 | // https://mvnrepository.com/artifact/org.springframework/spring-context-support 59 | implementation group: 'org.springframework', name: 'spring-context-support', version: '5.2.3.RELEASE' 60 | // https://mvnrepository.com/artifact/org.springframework/spring-instrument 61 | implementation group: 'org.springframework', name: 'spring-instrument', version: '5.2.3.RELEASE' 62 | // https://mvnrepository.com/artifact/org.springframework/spring-instrument-tomcat 63 | implementation group: 'org.springframework', name: 'spring-instrument-tomcat', version: '4.3.22.RELEASE' 64 | // https://mvnrepository.com/artifact/org.springframework/spring-jms 65 | implementation group: 'org.springframework', name: 'spring-jms', version: '5.2.3.RELEASE' 66 | // https://mvnrepository.com/artifact/org.springframework/spring-messaging 67 | implementation group: 'org.springframework', name: 'spring-messaging', version: '5.2.3.RELEASE' 68 | // https://mvnrepository.com/artifact/org.springframework/spring-orm 69 | implementation group: 'org.springframework', name: 'spring-orm', version: '5.2.3.RELEASE' 70 | // https://mvnrepository.com/artifact/org.springframework/spring-oxm 71 | implementation group: 'org.springframework', name: 'spring-oxm', version: '5.2.3.RELEASE' 72 | // https://mvnrepository.com/artifact/org.springframework/spring-tx 73 | implementation group: 'org.springframework', name: 'spring-tx', version: '5.2.3.RELEASE' 74 | // https://mvnrepository.com/artifact/org.springframework/spring-webmvc 75 | implementation group: 'org.springframework', name: 'spring-webmvc', version: '5.2.3.RELEASE' 76 | // https://mvnrepository.com/artifact/org.springframework/spring-websocket 77 | implementation group: 'org.springframework', name: 'spring-websocket', version: '5.2.3.RELEASE' 78 | // https://mvnrepository.com/artifact/org.springframework.security/spring-security-core 79 | implementation group: 'org.springframework.security', name: 'spring-security-core', version: '5.2.2.RELEASE' 80 | // https://mvnrepository.com/artifact/org.springframework.security/spring-security-web 81 | implementation group: 'org.springframework.security', name: 'spring-security-web', version: '5.2.23.RELEASE' 82 | // https://mvnrepository.com/artifact/org.springframework.security/spring-security-config 83 | implementation group: 'org.springframework.security', name: 'spring-security-config', version: '5.2.23.RELEASE' 84 | // https://mvnrepository.com/artifact/org.apache.commons/commons-dbcp2 85 | implementation group: 'org.apache.commons', name: 'commons-dbcp2', version: '2.6.0' 86 | // https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload 87 | implementation group: 'commons-fileupload', name: 'commons-fileupload', version: '1.4' 88 | // https://mvnrepository.com/artifact/commons-beanutils/commons-beanutils 89 | implementation group: 'commons-beanutils', name: 'commons-beanutils', version: '1.9.3' 90 | // https://mvnrepository.com/artifact/commons-codec/commons-codec 91 | implementation group: 'commons-codec', name: 'commons-codec', version: '1.12' 92 | // https://mvnrepository.com/artifact/org.apache.commons/commons-collections4 93 | implementation group: 'org.apache.commons', name: 'commons-collections4', version: '4.3' 94 | // https://mvnrepository.com/artifact/org.apache.commons/commons-lang3 95 | implementation group: 'org.apache.commons', name: 'commons-lang3', version: '3.8.1' 96 | // https://mvnrepository.com/artifact/org.mybatis/mybatis-spring 97 | implementation group: 'org.mybatis', name: 'mybatis-spring', version: '2.0.3' 98 | // https://mvnrepository.com/artifact/org.mybatis/mybatis 99 | implementation group: 'org.mybatis', name: 'mybatis', version: '3.5.4' 100 | // https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api 101 | implementation group: 'javax.servlet', name: 'javax.servlet-api', version: '4.0.1' 102 | // https://mvnrepository.com/artifact/org.json/json 103 | implementation group: 'org.json', name: 'json', version: '20190722' 104 | // https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-databind 105 | implementation group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version: '2.10.2' 106 | // https://mvnrepository.com/artifact/com.fasterxml.jackson.core/jackson-core 107 | implementation group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: '2.10.2' 108 | // https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on 109 | implementation group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.64' 110 | 111 | } 112 | -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/wrlu/SecIoT-Web/aee140b9a9b74ecdad0aed6278d3ba9a4126bae4/gradle/wrapper/gradle-wrapper.jar -------------------------------------------------------------------------------- /gradle/wrapper/gradle-wrapper.properties: -------------------------------------------------------------------------------- 1 | #Sun May 05 12:49:35 CST 2019 2 | distributionUrl=https\://services.gradle.org/distributions/gradle-5.4.1-all.zip 3 | distributionBase=GRADLE_USER_HOME 4 | distributionPath=wrapper/dists 5 | zipStorePath=wrapper/dists 6 | zipStoreBase=GRADLE_USER_HOME 7 | -------------------------------------------------------------------------------- /gradlew: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env sh 2 | 3 | ############################################################################## 4 | ## 5 | ## Gradle start up script for UN*X 6 | ## 7 | ############################################################################## 8 | 9 | # Attempt to set APP_HOME 10 | # Resolve links: $0 may be a link 11 | PRG="$0" 12 | # Need this for relative symlinks. 13 | while [ -h "$PRG" ] ; do 14 | ls=`ls -ld "$PRG"` 15 | link=`expr "$ls" : '.*-> \(.*\)$'` 16 | if expr "$link" : '/.*' > /dev/null; then 17 | PRG="$link" 18 | else 19 | PRG=`dirname "$PRG"`"/$link" 20 | fi 21 | done 22 | SAVED="`pwd`" 23 | cd "`dirname \"$PRG\"`/" >/dev/null 24 | APP_HOME="`pwd -P`" 25 | cd "$SAVED" >/dev/null 26 | 27 | APP_NAME="Gradle" 28 | APP_BASE_NAME=`basename "$0"` 29 | 30 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 31 | DEFAULT_JVM_OPTS="" 32 | 33 | # Use the maximum available, or set MAX_FD != -1 to use that value. 34 | MAX_FD="maximum" 35 | 36 | warn () { 37 | echo "$*" 38 | } 39 | 40 | die () { 41 | echo 42 | echo "$*" 43 | echo 44 | exit 1 45 | } 46 | 47 | # OS specific support (must be 'true' or 'false'). 48 | cygwin=false 49 | msys=false 50 | darwin=false 51 | nonstop=false 52 | case "`uname`" in 53 | CYGWIN* ) 54 | cygwin=true 55 | ;; 56 | Darwin* ) 57 | darwin=true 58 | ;; 59 | MINGW* ) 60 | msys=true 61 | ;; 62 | NONSTOP* ) 63 | nonstop=true 64 | ;; 65 | esac 66 | 67 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar 68 | 69 | # Determine the Java command to use to start the JVM. 70 | if [ -n "$JAVA_HOME" ] ; then 71 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then 72 | # IBM's JDK on AIX uses strange locations for the executables 73 | JAVACMD="$JAVA_HOME/jre/sh/java" 74 | else 75 | JAVACMD="$JAVA_HOME/bin/java" 76 | fi 77 | if [ ! -x "$JAVACMD" ] ; then 78 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME 79 | 80 | Please set the JAVA_HOME variable in your environment to match the 81 | location of your Java installation." 82 | fi 83 | else 84 | JAVACMD="java" 85 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 86 | 87 | Please set the JAVA_HOME variable in your environment to match the 88 | location of your Java installation." 89 | fi 90 | 91 | # Increase the maximum file descriptors if we can. 92 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then 93 | MAX_FD_LIMIT=`ulimit -H -n` 94 | if [ $? -eq 0 ] ; then 95 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then 96 | MAX_FD="$MAX_FD_LIMIT" 97 | fi 98 | ulimit -n $MAX_FD 99 | if [ $? -ne 0 ] ; then 100 | warn "Could not set maximum file descriptor limit: $MAX_FD" 101 | fi 102 | else 103 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" 104 | fi 105 | fi 106 | 107 | # For Darwin, add options to specify how the application appears in the dock 108 | if $darwin; then 109 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" 110 | fi 111 | 112 | # For Cygwin, switch paths to Windows format before running java 113 | if $cygwin ; then 114 | APP_HOME=`cygpath --path --mixed "$APP_HOME"` 115 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` 116 | JAVACMD=`cygpath --unix "$JAVACMD"` 117 | 118 | # We build the pattern for arguments to be converted via cygpath 119 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` 120 | SEP="" 121 | for dir in $ROOTDIRSRAW ; do 122 | ROOTDIRS="$ROOTDIRS$SEP$dir" 123 | SEP="|" 124 | done 125 | OURCYGPATTERN="(^($ROOTDIRS))" 126 | # Add a user-defined pattern to the cygpath arguments 127 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then 128 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" 129 | fi 130 | # Now convert the arguments - kludge to limit ourselves to /bin/sh 131 | i=0 132 | for arg in "$@" ; do 133 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` 134 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option 135 | 136 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition 137 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` 138 | else 139 | eval `echo args$i`="\"$arg\"" 140 | fi 141 | i=$((i+1)) 142 | done 143 | case $i in 144 | (0) set -- ;; 145 | (1) set -- "$args0" ;; 146 | (2) set -- "$args0" "$args1" ;; 147 | (3) set -- "$args0" "$args1" "$args2" ;; 148 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;; 149 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; 150 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; 151 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; 152 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; 153 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; 154 | esac 155 | fi 156 | 157 | # Escape application args 158 | save () { 159 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done 160 | echo " " 161 | } 162 | APP_ARGS=$(save "$@") 163 | 164 | # Collect all arguments for the java command, following the shell quoting and substitution rules 165 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" 166 | 167 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong 168 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then 169 | cd "$(dirname "$0")" 170 | fi 171 | 172 | exec "$JAVACMD" "$@" 173 | -------------------------------------------------------------------------------- /gradlew.bat: -------------------------------------------------------------------------------- 1 | @if "%DEBUG%" == "" @echo off 2 | @rem ########################################################################## 3 | @rem 4 | @rem Gradle startup script for Windows 5 | @rem 6 | @rem ########################################################################## 7 | 8 | @rem Set local scope for the variables with windows NT shell 9 | if "%OS%"=="Windows_NT" setlocal 10 | 11 | set DIRNAME=%~dp0 12 | if "%DIRNAME%" == "" set DIRNAME=. 13 | set APP_BASE_NAME=%~n0 14 | set APP_HOME=%DIRNAME% 15 | 16 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. 17 | set DEFAULT_JVM_OPTS= 18 | 19 | @rem Find java.exe 20 | if defined JAVA_HOME goto findJavaFromJavaHome 21 | 22 | set JAVA_EXE=java.exe 23 | %JAVA_EXE% -version >NUL 2>&1 24 | if "%ERRORLEVEL%" == "0" goto init 25 | 26 | echo. 27 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 28 | echo. 29 | echo Please set the JAVA_HOME variable in your environment to match the 30 | echo location of your Java installation. 31 | 32 | goto fail 33 | 34 | :findJavaFromJavaHome 35 | set JAVA_HOME=%JAVA_HOME:"=% 36 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe 37 | 38 | if exist "%JAVA_EXE%" goto init 39 | 40 | echo. 41 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 42 | echo. 43 | echo Please set the JAVA_HOME variable in your environment to match the 44 | echo location of your Java installation. 45 | 46 | goto fail 47 | 48 | :init 49 | @rem Get command-line arguments, handling Windows variants 50 | 51 | if not "%OS%" == "Windows_NT" goto win9xME_args 52 | 53 | :win9xME_args 54 | @rem Slurp the command line arguments. 55 | set CMD_LINE_ARGS= 56 | set _SKIP=2 57 | 58 | :win9xME_args_slurp 59 | if "x%~1" == "x" goto execute 60 | 61 | set CMD_LINE_ARGS=%* 62 | 63 | :execute 64 | @rem Setup the command line 65 | 66 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar 67 | 68 | @rem Execute Gradle 69 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% 70 | 71 | :end 72 | @rem End local scope for the variables with windows NT shell 73 | if "%ERRORLEVEL%"=="0" goto mainEnd 74 | 75 | :fail 76 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of 77 | rem the _cmd.exe /c_ return code! 78 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 79 | exit /b 1 80 | 81 | :mainEnd 82 | if "%OS%"=="Windows_NT" endlocal 83 | 84 | :omega 85 | -------------------------------------------------------------------------------- /settings.gradle: -------------------------------------------------------------------------------- 1 | /* 2 | * This settings file was generated by the Gradle 'init' task. 3 | * 4 | * The settings file is used to specify which projects to include in your build. 5 | * In a single project build this file can be empty or even removed. 6 | * 7 | * Detailed information about configuring a multi-project build in Gradle can be found 8 | * in the user guide at https://docs.gradle.org/4.3/userguide/multi_project_builds.html 9 | */ 10 | 11 | /* 12 | // To declare projects as part of a multi-project build use the 'include' method 13 | include 'shared' 14 | include 'api' 15 | include 'services:webservice' 16 | */ 17 | 18 | rootProject.name = 'SecIoT' 19 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/cve/controller/CVEController.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.cve.controller; 2 | 3 | import org.springframework.stereotype.Controller; 4 | import org.springframework.web.bind.annotation.RequestMapping; 5 | 6 | @Controller 7 | @RequestMapping("/cve") 8 | public class CVEController { 9 | 10 | } 11 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/cve/dao/CVEMapper.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.cve.dao; 2 | 3 | import java.util.List; 4 | 5 | import org.apache.ibatis.annotations.Param; 6 | import org.apache.ibatis.annotations.Select; 7 | import org.springframework.stereotype.Repository; 8 | 9 | import com.wrlus.seciot.cve.model.CVEDao; 10 | 11 | @Repository 12 | public interface CVEMapper { 13 | 14 | @Select("select * from cve;") 15 | public List getCVEAll(); 16 | 17 | @Select("select * from cve where cve_num = #{cve_num};") 18 | public List getCVEByNum(@Param("cve_num") String cvenumber); 19 | 20 | } 21 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/cve/model/CVEDao.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.cve.model; 2 | 3 | public class CVEDao { 4 | private String cve_num; 5 | private String level; 6 | private String description; 7 | private String platform; 8 | private String statment; 9 | private String payload; 10 | public String getCve_num() { 11 | return cve_num; 12 | } 13 | public void setCve_num(String cve_num) { 14 | this.cve_num = cve_num; 15 | } 16 | public String getLevel() { 17 | return level; 18 | } 19 | public void setLevel(String level) { 20 | this.level = level; 21 | } 22 | public String getDescription() { 23 | return description; 24 | } 25 | public void setDescription(String description) { 26 | this.description = description; 27 | } 28 | public String getPlatform() { 29 | return platform; 30 | } 31 | public void setPlatform(String platform) { 32 | this.platform = platform; 33 | } 34 | public String getStatment() { 35 | return statment; 36 | } 37 | public void setStatment(String statment) { 38 | this.statment = statment; 39 | } 40 | public String getPayload() { 41 | return payload; 42 | } 43 | public void setPayload(String payload) { 44 | this.payload = payload; 45 | } 46 | 47 | } 48 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/cve/service/CVEService.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.cve.service; 2 | 3 | import java.util.List; 4 | 5 | import com.wrlus.seciot.cve.model.CVEDao; 6 | 7 | public interface CVEService { 8 | public List getCVEAll(); 9 | public List getCVEByNum(String cvenumber); 10 | } 11 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/cve/service/CVEServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.cve.service; 2 | 3 | import java.util.List; 4 | 5 | import org.springframework.beans.factory.annotation.Autowired; 6 | import org.springframework.stereotype.Service; 7 | 8 | import com.wrlus.seciot.cve.dao.CVEMapper; 9 | import com.wrlus.seciot.cve.model.CVEDao; 10 | 11 | @Service 12 | public class CVEServiceImpl implements CVEService { 13 | 14 | @Autowired 15 | private CVEMapper dao; 16 | 17 | @Override 18 | public List getCVEAll() { 19 | return dao.getCVEAll(); 20 | } 21 | 22 | @Override 23 | public List getCVEByNum(String cvenumber) { 24 | return dao.getCVEByNum(cvenumber); 25 | } 26 | 27 | } 28 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/fw/controller/FwController.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.fw.controller; 2 | 3 | import java.io.File; 4 | import java.sql.Date; 5 | import java.util.ArrayList; 6 | import java.util.HashMap; 7 | import java.util.List; 8 | import java.util.Map; 9 | import java.util.UUID; 10 | 11 | import javax.servlet.http.HttpServletRequest; 12 | import javax.servlet.http.HttpServletResponse; 13 | 14 | import org.apache.logging.log4j.LogManager; 15 | import org.apache.logging.log4j.Logger; 16 | import org.springframework.beans.factory.annotation.Autowired; 17 | import org.springframework.security.core.context.SecurityContextHolder; 18 | import org.springframework.security.core.userdetails.UserDetails; 19 | import org.springframework.stereotype.Controller; 20 | import org.springframework.web.bind.annotation.RequestMapping; 21 | import org.springframework.web.bind.annotation.ResponseBody; 22 | import org.springframework.web.multipart.MultipartFile; 23 | import org.springframework.web.multipart.MultipartHttpServletRequest; 24 | 25 | import com.wrlus.seciot.fw.model.FwInfo; 26 | import com.wrlus.seciot.fw.service.FwServiceImpl; 27 | import com.wrlus.seciot.history.model.FwHistoryDao; 28 | import com.wrlus.seciot.history.model.HistoryDao; 29 | import com.wrlus.seciot.history.service.HistoryServiceImpl; 30 | import com.wrlus.seciot.library.model.ThirdLibraryDao; 31 | import com.wrlus.seciot.library.model.ThirdLibrary; 32 | import com.wrlus.seciot.library.model.ThirdLibraryRiskDao; 33 | import com.wrlus.seciot.library.service.ThirdLibraryServiceImpl; 34 | import com.wrlus.seciot.platform.model.PlatformRiskDao; 35 | import com.wrlus.seciot.platform.model.PlatformRiskResult; 36 | import com.wrlus.seciot.platform.service.PlatformRiskServiceImpl; 37 | import com.wrlus.seciot.util.os.OSUtil; 38 | import com.wrlus.seciot.waf.XSSProtect; 39 | import com.wrlus.seciot.util.exception.FileUploadException; 40 | import com.wrlus.seciot.util.exception.ReasonEnum; 41 | import com.wrlus.seciot.util.exception.RootException;; 42 | 43 | @Controller 44 | @RequestMapping("/fw") 45 | public class FwController { 46 | private static Logger log = LogManager.getLogger(); 47 | @Autowired 48 | private FwServiceImpl fwService; 49 | @Autowired 50 | private ThirdLibraryServiceImpl thirdLibraryService; 51 | @Autowired 52 | private PlatformRiskServiceImpl platformRiskService; 53 | @Autowired 54 | private HistoryServiceImpl historyService; 55 | 56 | @ResponseBody 57 | @RequestMapping("/analysis") 58 | public Map analysis(HttpServletRequest request, HttpServletResponse response) { 59 | Map data = new HashMap<>(); 60 | // Windows: file:/C:/******/SecIoT/WebContent/WEB-INF/classes/ 61 | // *nix: file:/mnt/******/SecIoT/WEB-INF/classes/ 62 | String path = Thread.currentThread().getContextClassLoader().getResource("").toString(); 63 | if (OSUtil.isWindows()) { 64 | path = path.replace("file:/", ""); 65 | } else { 66 | path = path.replace("file:", ""); 67 | } 68 | path = path.replace("WEB-INF/classes/", "attach/uploads/firmware/"+UUID.randomUUID().toString()+"/"); 69 | if (OSUtil.isWindows()) { 70 | path = OSUtil.escapeUnixSeparator(path); 71 | } 72 | try { 73 | // 保存上传文件 74 | File fwFile = this.resolveUploadFile((MultipartHttpServletRequest) request, path); 75 | // 分析固件信息(binwalk) 76 | FwInfo fwInfo = fwService.getFwInfo(fwFile); 77 | fwInfo.setSize(fwFile.length()); 78 | // 提取固件(binwalk -Me),获得固件根路径 79 | File rootDir = fwService.getFwRootDirectory(fwInfo); 80 | fwInfo.setRootDir(rootDir.getAbsolutePath()); 81 | // 获得所有已知的第三方库信息 82 | List libraries = thirdLibraryService.getThirdLibraryAll(); 83 | // 保存存在的第三方库对象 84 | List thirdLibraries = new ArrayList<>(); 85 | // 保存第三方库名称和每种库包含风险内容的映射 86 | Map> thirdLibraryRisks = new HashMap<>(); 87 | // 遍历所有已知第三方库 88 | for (ThirdLibraryDao libraryDao : libraries) { 89 | // 获得第三方库信息 90 | ThirdLibrary library = fwService.getFwThirdLibrary(fwInfo, libraryDao.getName()); 91 | // 如果第三方库存在 92 | if (library.isAvaliable()) { 93 | thirdLibraries.add(library); 94 | // 获取这种第三方库所包含的风险 95 | List libraryRisks = thirdLibraryService.getThirdLibraryRiskByLibInfo(library.getName(), library.getVersion()); 96 | thirdLibraryRisks.put(library.getName(), libraryRisks); 97 | } 98 | } 99 | // 获得所有Firmware类型的平台风险 100 | List platformRisks = platformRiskService.getPlatformRiskByCategory("Firmware"); 101 | List platformRiskResults = fwService.checkFwPlatformRisks(fwInfo, platformRisks.toArray(new PlatformRiskDao[0])); 102 | // 清除绝对路径信息,防止路径泄露 103 | fwInfo.setPath(""); 104 | fwInfo.setRootDir(fwInfo.getRootDir().split(".extracted")[1]); 105 | // 返回状态码 106 | data.put("status", 0); 107 | // 返回状态说明字符串 108 | data.put("reason", ReasonEnum.SUCCESS.get()); 109 | // 返回固件信息 110 | data.put("fw_info", fwInfo); 111 | // 返回第三方库信息 112 | data.put("fw_lib", thirdLibraries); 113 | // 返回每种第三方库的所有风险 114 | data.put("fw_lib_risk", thirdLibraryRisks); 115 | // 返回平台风险详情 116 | data.put("fw_platform_risk", platformRiskResults); 117 | FwHistoryDao fwHistory = new FwHistoryDao(); 118 | fwHistory.setId(UUID.randomUUID().toString()); 119 | fwHistory.setFwinfo(fwInfo); 120 | fwHistory.setFwlib(thirdLibraries); 121 | fwHistory.setFwlibrisk(thirdLibraryRisks); 122 | fwHistory.setFwplatformrisk(platformRiskResults); 123 | historyService.addFwHistory(fwHistory); 124 | HistoryDao history = new HistoryDao(); 125 | history.setId(UUID.randomUUID().toString()); 126 | history.setName("FirmwareStatic-"+fwFile.getName()); 127 | history.setTarget(fwFile.getName()); 128 | history.setType("firmware-static"); 129 | history.setUser(getAuthenticatedUsername()); 130 | history.setDate(new Date(new java.util.Date().getTime())); 131 | history.setDetailid(fwHistory.getId()); 132 | historyService.addHistory(history); 133 | } catch (RootException e) { 134 | log.error(e.getClass().getName() + ": " + e.getLocalizedMessage()); 135 | if (log.isDebugEnabled()) { 136 | e.printStackTrace(); 137 | } 138 | data.put("status", -1); 139 | data.put("reason", e.getReason().get()); 140 | } catch (Exception e) { 141 | log.error(e.getClass().getName() + ": " + e.getLocalizedMessage()); 142 | if (log.isDebugEnabled()) { 143 | e.printStackTrace(); 144 | } 145 | data.put("status", -1); 146 | data.put("reason", ReasonEnum.UNKNOWN.get()); 147 | } 148 | this.cleanUploadFile(path); 149 | return data; 150 | } 151 | 152 | public File resolveUploadFile(MultipartHttpServletRequest multipartRequest, String path) throws FileUploadException { 153 | try { 154 | MultipartFile multipartFile = multipartRequest.getFile("file"); 155 | new File(path).mkdirs(); 156 | String originalFilename = multipartFile.getOriginalFilename(); 157 | if (!originalFilename.endsWith(".bin")) { 158 | throw new FileUploadException("File type mismatch."); 159 | } 160 | File targetFile = new File(path + XSSProtect.escapeString(originalFilename)); 161 | multipartFile.transferTo(targetFile); 162 | return targetFile; 163 | } catch (Exception e) { 164 | throw new FileUploadException(e); 165 | } 166 | } 167 | 168 | public void cleanUploadFile(String path) { 169 | new File(path).delete(); 170 | } 171 | 172 | public static String getAuthenticatedUsername() { 173 | String username; 174 | Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); 175 | if (principal instanceof UserDetails) { 176 | username = ((UserDetails) principal).getUsername(); 177 | } else { 178 | username = principal.toString(); 179 | } 180 | return username; 181 | } 182 | 183 | } 184 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/fw/model/FwInfo.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.fw.model; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | 5 | public class FwInfo { 6 | 7 | @JsonProperty("fw_name") 8 | private String name; 9 | @JsonProperty("fw_path") 10 | private String path; 11 | @JsonProperty("fw_size") 12 | private long size; 13 | @JsonProperty("fw_filesystem") 14 | private String filesystem; 15 | @JsonProperty("fw_root_directory") 16 | private String rootDir; 17 | 18 | public String getName() { 19 | return name; 20 | } 21 | public void setName(String name) { 22 | this.name = name; 23 | } 24 | public String getPath() { 25 | return path; 26 | } 27 | public void setPath(String path) { 28 | this.path = path; 29 | } 30 | public long getSize() { 31 | return size; 32 | } 33 | public void setSize(long size) { 34 | this.size = size; 35 | } 36 | public String getFilesystem() { 37 | return filesystem; 38 | } 39 | public void setFilesystem(String filesystem) { 40 | this.filesystem = filesystem; 41 | } 42 | public String getRootDir() { 43 | return rootDir; 44 | } 45 | public void setRootDir(String rootDir) { 46 | this.rootDir = rootDir; 47 | } 48 | 49 | } 50 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/fw/service/FwService.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.fw.service; 2 | 3 | import java.io.File; 4 | import java.util.List; 5 | 6 | import com.wrlus.seciot.fw.model.FwInfo; 7 | import com.wrlus.seciot.library.model.ThirdLibrary; 8 | import com.wrlus.seciot.platform.model.PlatformRiskDao; 9 | import com.wrlus.seciot.platform.model.PlatformRiskResult; 10 | import com.wrlus.seciot.util.exception.PythonException; 11 | 12 | public interface FwService { 13 | public FwInfo getFwInfo(File fwFile) throws PythonException; 14 | public File getFwRootDirectory(FwInfo fwInfoModel) throws PythonException; 15 | public ThirdLibrary getFwThirdLibrary(FwInfo fwInfo, String libName) throws PythonException; 16 | public List checkFwPlatformRisks(FwInfo fwInfo, PlatformRiskDao[] platformRisks) throws PythonException; 17 | } 18 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/fw/service/FwServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.fw.service; 2 | 3 | import java.io.File; 4 | import java.io.IOException; 5 | import java.util.ArrayList; 6 | import java.util.HashMap; 7 | import java.util.List; 8 | import java.util.Map; 9 | 10 | import org.apache.logging.log4j.LogManager; 11 | import org.apache.logging.log4j.Logger; 12 | import org.springframework.stereotype.Service; 13 | 14 | import com.fasterxml.jackson.databind.ObjectMapper; 15 | import com.wrlus.seciot.fw.model.FwInfo; 16 | import com.wrlus.seciot.library.model.ThirdLibrary; 17 | import com.wrlus.seciot.platform.model.PlatformRiskDao; 18 | import com.wrlus.seciot.platform.model.PlatformRiskResult; 19 | import com.wrlus.seciot.pysocket.PyClient; 20 | import com.wrlus.seciot.pysocket.model.PySocketRequest; 21 | import com.wrlus.seciot.pysocket.model.PySocketResponse; 22 | import com.wrlus.seciot.util.exception.PythonException; 23 | import com.wrlus.seciot.util.exception.PythonIOException; 24 | import com.wrlus.seciot.util.exception.PythonRuntimeException; 25 | 26 | 27 | @Service 28 | public class FwServiceImpl implements FwService { 29 | private static Logger log = LogManager.getLogger(); 30 | private ObjectMapper mapper = new ObjectMapper(); 31 | 32 | @Override 33 | public FwInfo getFwInfo(File fwFile) throws PythonException { 34 | PySocketRequest request = new PySocketRequest(); 35 | Map parameters = new HashMap<>(); 36 | parameters.put("file_name", fwFile.getName()); 37 | parameters.put("file_path", fwFile.getAbsolutePath()); 38 | request.setCmd("FwService.get_fw_info"); 39 | request.setParameters(parameters); 40 | PyClient pyClient = new PyClient(); 41 | pyClient.connect(); 42 | PySocketResponse response = pyClient.sendCmdSync(request); 43 | log.debug(response.toString()); 44 | try { 45 | pyClient.close(); 46 | } catch (IOException e) { 47 | throw new PythonIOException("An error occured when parsing response from python server.", e); 48 | } 49 | if (response.getStatus() == 0) { 50 | try { 51 | FwInfo fwInfo = mapper.readValue(mapper.writeValueAsString(response.getData()), FwInfo.class); 52 | return fwInfo; 53 | } catch (Exception e) { 54 | throw new PythonIOException("An error occured when parsing response from python server.", e); 55 | } 56 | } else { 57 | throw new PythonRuntimeException(); 58 | } 59 | } 60 | 61 | @Override 62 | public File getFwRootDirectory(FwInfo fwInfoModel) throws PythonException { 63 | PySocketRequest request = new PySocketRequest(); 64 | Map parameters = new HashMap<>(); 65 | parameters.put("fw_info", fwInfoModel); 66 | request.setCmd("FwService.get_fw_root_directory"); 67 | request.setParameters(parameters); 68 | PyClient pyClient = new PyClient(); 69 | pyClient.connect(); 70 | PySocketResponse response = pyClient.sendCmdSync(request); 71 | log.debug(response.toString()); 72 | try { 73 | pyClient.close(); 74 | } catch (IOException e) { 75 | throw new PythonIOException("An error occured when parsing response from python server.", e); 76 | } 77 | if (response.getStatus() == 0) { 78 | File rootDir = new File(String.valueOf(response.getData().get("fw_root_directory"))); 79 | return rootDir; 80 | } else { 81 | throw new PythonRuntimeException(); 82 | } 83 | } 84 | 85 | @Override 86 | public ThirdLibrary getFwThirdLibrary(FwInfo fwInfo, String libName) throws PythonException { 87 | PySocketRequest request = new PySocketRequest(); 88 | Map parameters = new HashMap<>(); 89 | parameters.put("fw_info", fwInfo); 90 | parameters.put("lib_name", libName); 91 | request.setCmd("FwService.get_fw_third_library"); 92 | request.setParameters(parameters); 93 | PyClient pyClient = new PyClient(); 94 | pyClient.connect(); 95 | PySocketResponse response = pyClient.sendCmdSync(request); 96 | try { 97 | pyClient.close(); 98 | } catch (IOException e) { 99 | throw new PythonIOException("An error occured when parsing response from python server.", e); 100 | } 101 | log.debug(response.toString()); 102 | if (response.getStatus() == 0) { 103 | try { 104 | ThirdLibrary fwThirdLibrary = mapper.readValue(mapper.writeValueAsString(response.getData()), ThirdLibrary.class); 105 | return fwThirdLibrary; 106 | } catch (Exception e) { 107 | throw new PythonIOException("An error occured when parsing response from python server.", e); 108 | } 109 | } else { 110 | throw new PythonRuntimeException(); 111 | } 112 | } 113 | 114 | @Override 115 | public List checkFwPlatformRisks(FwInfo fwInfo, PlatformRiskDao[] platformRisks) throws PythonException { 116 | List results = new ArrayList<>(); 117 | int successCount = 0; 118 | for (PlatformRiskDao platformRisk : platformRisks) { 119 | PySocketRequest request = new PySocketRequest(); 120 | Map parameters = new HashMap<>(); 121 | parameters.put("fw_info", fwInfo); 122 | request.setCmd(platformRisk.getPayload()); 123 | request.setParameters(parameters); 124 | PyClient pyClient = new PyClient(); 125 | pyClient.connect(); 126 | PySocketResponse response = pyClient.sendCmdSync(request); 127 | try { 128 | pyClient.close(); 129 | } catch (IOException e) { 130 | throw new PythonIOException("An error occured when parsing response from python server.", e); 131 | } 132 | log.debug(response.toString()); 133 | if (response.getStatus() == 0) { 134 | try { 135 | PlatformRiskResult result = mapper.readValue(mapper.writeValueAsString(response.getData()), PlatformRiskResult.class); 136 | results.add(result); 137 | ++successCount; 138 | } catch (Exception e) { 139 | log.error(e.getClass().getName() + ": " + e.getLocalizedMessage()); 140 | if (log.isDebugEnabled()) { 141 | e.printStackTrace(); 142 | } 143 | } 144 | } else { 145 | log.error("Failed to check platform risk item: "+platformRisk.getName()); 146 | } 147 | } 148 | if (successCount != platformRisks.length) { 149 | log.warn("Some platform risk checking script runs failed."); 150 | } 151 | return results; 152 | } 153 | 154 | } 155 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/history/controller/HistoryController.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.history.controller; 2 | 3 | import java.util.HashMap; 4 | import java.util.List; 5 | import java.util.Map; 6 | 7 | import javax.servlet.http.HttpServletRequest; 8 | import javax.servlet.http.HttpServletResponse; 9 | 10 | import org.apache.logging.log4j.LogManager; 11 | import org.apache.logging.log4j.Logger; 12 | import org.springframework.beans.factory.annotation.Autowired; 13 | import org.springframework.security.core.context.SecurityContextHolder; 14 | import org.springframework.security.core.userdetails.UserDetails; 15 | import org.springframework.stereotype.Controller; 16 | import org.springframework.web.bind.annotation.RequestMapping; 17 | import org.springframework.web.bind.annotation.RequestParam; 18 | import org.springframework.web.bind.annotation.ResponseBody; 19 | 20 | import com.wrlus.seciot.history.model.FwHistoryDao; 21 | import com.wrlus.seciot.history.model.HistoryDao; 22 | import com.wrlus.seciot.history.service.HistoryServiceImpl; 23 | import com.wrlus.seciot.util.exception.ReasonEnum; 24 | 25 | @Controller 26 | @RequestMapping("/history") 27 | public class HistoryController { 28 | private static Logger log = LogManager.getLogger(); 29 | @Autowired 30 | private HistoryServiceImpl historyService; 31 | 32 | @ResponseBody 33 | @RequestMapping("/getHistoryAll") 34 | public Map getHistoryAll(HttpServletRequest request, HttpServletResponse response) { 35 | Map data = new HashMap<>(); 36 | try { 37 | List historyList = historyService.getHistoryAll(); 38 | String username = getAuthenticatedUsername(); 39 | for (HistoryDao history : historyList) { 40 | if (!history.getUser().equals(username)) { 41 | historyList.remove(history); 42 | } 43 | } 44 | data.put("status", 0); 45 | data.put("resaon", ReasonEnum.SUCCESS.get()); 46 | data.put("history_list", historyList); 47 | } catch (Exception e) { 48 | log.error(e.getClass().getName() + ": " + e.getLocalizedMessage()); 49 | if (log.isDebugEnabled()) { 50 | e.printStackTrace(); 51 | } 52 | data.put("status", -1); 53 | data.put("reason", ReasonEnum.INVALID_PARAM.get()); 54 | } 55 | return data; 56 | } 57 | 58 | @ResponseBody 59 | @RequestMapping("/getHistoryByType") 60 | public Map getHistoryByType(@RequestParam("type") String type, HttpServletRequest request, HttpServletResponse response) { 61 | Map data = new HashMap<>(); 62 | try { 63 | List historyList = historyService.getHistoryByType(type); 64 | String username = getAuthenticatedUsername(); 65 | for (HistoryDao history : historyList) { 66 | if (!history.getUser().equals(username)) { 67 | historyList.remove(history); 68 | } 69 | } 70 | data.put("status", 0); 71 | data.put("resaon", ReasonEnum.SUCCESS.get()); 72 | data.put("history_list", historyList); 73 | } catch (Exception e) { 74 | log.error(e.getClass().getName() + ": " + e.getLocalizedMessage()); 75 | if (log.isDebugEnabled()) { 76 | e.printStackTrace(); 77 | } 78 | data.put("status", -1); 79 | data.put("reason", ReasonEnum.INVALID_PARAM.get()); 80 | } 81 | return data; 82 | } 83 | 84 | @ResponseBody 85 | @RequestMapping("/getFwHistoryById") 86 | public Map getFwHistoryById(@RequestParam("id") String id, HttpServletRequest request, HttpServletResponse response) { 87 | Map data = new HashMap<>(); 88 | try { 89 | FwHistoryDao history = historyService.getFwHistoryById(id).get(0); 90 | data.put("status", 0); 91 | data.put("reason", ReasonEnum.SUCCESS.get()); 92 | data.put("fw_info", history.getFwinfoRaw()); 93 | data.put("fw_lib", history.getFwlibRaw()); 94 | data.put("fw_lib_risk", history.getFwlibriskRaw()); 95 | data.put("fw_platform_risk", history.getFwplatformriskRaw()); 96 | } catch (Exception e) { 97 | log.error(e.getClass().getName() + ": " + e.getLocalizedMessage()); 98 | if (log.isDebugEnabled()) { 99 | e.printStackTrace(); 100 | } 101 | data.put("status", -1); 102 | data.put("reason", ReasonEnum.INVALID_PARAM.get()); 103 | } 104 | return data; 105 | } 106 | 107 | @ResponseBody 108 | @RequestMapping("/edit") 109 | public Map edit(@RequestParam("id") String id, @RequestParam("name") String name, HttpServletRequest request, HttpServletResponse response) { 110 | Map data = new HashMap<>(); 111 | try { 112 | historyService.updateHistoryName(id, name); 113 | data.put("status", 0); 114 | data.put("reason", ReasonEnum.SUCCESS.get()); 115 | } catch (Exception e) { 116 | log.error(e.getClass().getName() + ": " + e.getLocalizedMessage()); 117 | if (log.isDebugEnabled()) { 118 | e.printStackTrace(); 119 | } 120 | data.put("status", -1); 121 | data.put("reason", ReasonEnum.INVALID_PARAM.get()); 122 | } 123 | return data; 124 | } 125 | 126 | @ResponseBody 127 | @RequestMapping("/delete") 128 | public Map delete(@RequestParam("id") String id, HttpServletRequest request, HttpServletResponse response) { 129 | Map data = new HashMap<>(); 130 | try { 131 | HistoryDao history = historyService.getHistoryById(id).get(0); 132 | String type = history.getType(); 133 | if (type.equals("firmware-static")) { 134 | historyService.deleteFwHistory(history.getDetailid()); 135 | } 136 | historyService.deleteHistory(id); 137 | data.put("status", 0); 138 | data.put("reason", ReasonEnum.SUCCESS.get()); 139 | } catch (Exception e) { 140 | log.error(e.getClass().getName() + ": " + e.getLocalizedMessage()); 141 | if (log.isDebugEnabled()) { 142 | e.printStackTrace(); 143 | } 144 | data.put("status", -1); 145 | data.put("reason", ReasonEnum.INVALID_PARAM.get()); 146 | } 147 | return data; 148 | } 149 | 150 | public static String getAuthenticatedUsername() { 151 | String username; 152 | Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); 153 | if (principal instanceof UserDetails) { 154 | username = ((UserDetails) principal).getUsername(); 155 | } else { 156 | username = principal.toString(); 157 | } 158 | return username; 159 | } 160 | } 161 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/history/dao/HistoryMapper.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.history.dao; 2 | 3 | import java.util.List; 4 | 5 | import org.apache.ibatis.annotations.Delete; 6 | import org.apache.ibatis.annotations.Insert; 7 | import org.apache.ibatis.annotations.Param; 8 | import org.apache.ibatis.annotations.Select; 9 | import org.apache.ibatis.annotations.Update; 10 | import org.springframework.stereotype.Repository; 11 | 12 | import com.wrlus.seciot.history.model.FwHistoryDao; 13 | import com.wrlus.seciot.history.model.HistoryDao; 14 | 15 | @Repository 16 | public interface HistoryMapper { 17 | @Select("select * from history;") 18 | public List getHistoryAll(); 19 | @Select("select * from history where id = #{id};") 20 | public List getHistoryById(@Param("id") String id); 21 | @Select("select * from history where type = #{type};") 22 | public List getHistoryByType(@Param("type") String type); 23 | @Select("select * from history_fw_static where id = #{id};") 24 | public List getFwHistoryById(@Param("id") String id); 25 | @Insert("insert into history values (#{id}, #{name}, #{type}, #{target}, #{user}, #{date}, #{detailid});") 26 | public int addHistory(HistoryDao history); 27 | @Insert("insert into history_fw_static values (#{id}, #{fwinfo}, #{fwlib}, #{fwlibrisk}, #{fwplatformrisk});") 28 | public int addFwHistory(FwHistoryDao fwHistory); 29 | @Update("update history set name = #{name} where id = #{id};") 30 | public int updateHistoryName(@Param("id") String id, @Param("name") String name); 31 | @Delete("delete from history where id = #{id};") 32 | public int deleteHistory(@Param("id") String id); 33 | @Delete("delete from history_fw_static where id = #{id};") 34 | public int deleteFwHistory(@Param("id") String id); 35 | } 36 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/history/model/FwHistoryDao.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.history.model; 2 | 3 | import java.io.IOException; 4 | import java.util.List; 5 | import java.util.Map; 6 | 7 | import com.fasterxml.jackson.core.JsonProcessingException; 8 | import com.fasterxml.jackson.databind.ObjectMapper; 9 | import com.wrlus.seciot.fw.model.FwInfo; 10 | import com.wrlus.seciot.library.model.ThirdLibrary; 11 | import com.wrlus.seciot.library.model.ThirdLibraryRiskDao; 12 | import com.wrlus.seciot.platform.model.PlatformRiskResult; 13 | 14 | public class FwHistoryDao { 15 | private String id; 16 | private FwInfo fwinfo; 17 | private List fwlib; 18 | private Map> fwlibrisk; 19 | private List fwplatformrisk; 20 | private static ObjectMapper mapper = new ObjectMapper(); 21 | public String getId() { 22 | return id; 23 | } 24 | public void setId(String id) { 25 | this.id = id; 26 | } 27 | public String getFwinfo() { 28 | try { 29 | return mapper.writeValueAsString(fwinfo); 30 | } catch (JsonProcessingException e) { 31 | e.printStackTrace(); 32 | return null; 33 | } 34 | } 35 | public void setFwinfo(String fwinfo) { 36 | try { 37 | this.fwinfo = mapper.readValue(fwinfo, FwInfo.class); 38 | } catch (IOException e) { 39 | e.printStackTrace(); 40 | } 41 | } 42 | public String getFwlib() { 43 | try { 44 | return mapper.writeValueAsString(fwlib); 45 | } catch (JsonProcessingException e) { 46 | e.printStackTrace(); 47 | return null; 48 | } 49 | } 50 | @SuppressWarnings("unchecked") 51 | public void setFwlib(String fwlib) { 52 | try { 53 | this.fwlib = mapper.readValue(fwlib, List.class); 54 | } catch (IOException e) { 55 | e.printStackTrace(); 56 | } 57 | } 58 | public String getFwlibrisk() { 59 | try { 60 | return mapper.writeValueAsString(fwlibrisk); 61 | } catch (JsonProcessingException e) { 62 | e.printStackTrace(); 63 | return null; 64 | } 65 | } 66 | @SuppressWarnings("unchecked") 67 | public void setFwlibrisk(String fwlibrisk) { 68 | try { 69 | this.fwlibrisk = mapper.readValue(fwlibrisk, Map.class); 70 | } catch (IOException e) { 71 | e.printStackTrace(); 72 | } 73 | } 74 | public String getFwplatformrisk() { 75 | try { 76 | return mapper.writeValueAsString(fwplatformrisk); 77 | } catch (JsonProcessingException e) { 78 | e.printStackTrace(); 79 | return null; 80 | } 81 | } 82 | @SuppressWarnings("unchecked") 83 | public void setFwplatformrisk(String fwplatformrisk) { 84 | try { 85 | this.fwplatformrisk = mapper.readValue(fwplatformrisk, List.class); 86 | } catch (IOException e) { 87 | e.printStackTrace(); 88 | } 89 | } 90 | public FwInfo getFwinfoRaw() { 91 | return fwinfo; 92 | } 93 | public List getFwlibRaw() { 94 | return fwlib; 95 | } 96 | public Map> getFwlibriskRaw() { 97 | return fwlibrisk; 98 | } 99 | public List getFwplatformriskRaw() { 100 | return fwplatformrisk; 101 | } 102 | public void setFwinfo(FwInfo fwinfo) { 103 | this.fwinfo = fwinfo; 104 | } 105 | public void setFwlib(List fwlib) { 106 | this.fwlib = fwlib; 107 | } 108 | public void setFwlibrisk(Map> fwlibrisk) { 109 | this.fwlibrisk = fwlibrisk; 110 | } 111 | public void setFwplatformrisk(List fwplatformrisk) { 112 | this.fwplatformrisk = fwplatformrisk; 113 | } 114 | 115 | } 116 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/history/model/HistoryDao.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.history.model; 2 | 3 | import java.sql.Date; 4 | 5 | public class HistoryDao { 6 | private String id; 7 | private String name; 8 | private String type; 9 | private String target; 10 | private String user; 11 | private Date date; 12 | private String detailid; 13 | public String getId() { 14 | return id; 15 | } 16 | public void setId(String id) { 17 | this.id = id; 18 | } 19 | public String getName() { 20 | return name; 21 | } 22 | public void setName(String name) { 23 | this.name = name; 24 | } 25 | public String getType() { 26 | return type; 27 | } 28 | public void setType(String type) { 29 | this.type = type; 30 | } 31 | public String getTarget() { 32 | return target; 33 | } 34 | public void setTarget(String target) { 35 | this.target = target; 36 | } 37 | public String getUser() { 38 | return user; 39 | } 40 | public void setUser(String user) { 41 | this.user = user; 42 | } 43 | public String getDate() { 44 | return date.toString(); 45 | } 46 | public void setDate(Date date) { 47 | this.date = date; 48 | } 49 | public String getDetailid() { 50 | return detailid; 51 | } 52 | public void setDetailid(String detailid) { 53 | this.detailid = detailid; 54 | } 55 | 56 | } 57 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/history/service/HistoryService.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.history.service; 2 | 3 | import java.util.List; 4 | 5 | import com.wrlus.seciot.history.model.FwHistoryDao; 6 | import com.wrlus.seciot.history.model.HistoryDao; 7 | 8 | public interface HistoryService { 9 | public List getHistoryAll(); 10 | public List getHistoryById(String id); 11 | public List getHistoryByType(String type); 12 | public List getFwHistoryById(String id); 13 | public int addHistory(HistoryDao history); 14 | public int addFwHistory(FwHistoryDao fwHistory); 15 | public int updateHistoryName(String id, String name); 16 | public int deleteHistory(String id); 17 | public int deleteFwHistory(String id); 18 | } 19 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/history/service/HistoryServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.history.service; 2 | 3 | import java.util.List; 4 | 5 | import org.springframework.beans.factory.annotation.Autowired; 6 | import org.springframework.stereotype.Service; 7 | 8 | import com.wrlus.seciot.history.dao.HistoryMapper; 9 | import com.wrlus.seciot.history.model.FwHistoryDao; 10 | import com.wrlus.seciot.history.model.HistoryDao; 11 | import com.wrlus.seciot.waf.XSSProtect; 12 | 13 | @Service 14 | public class HistoryServiceImpl implements HistoryService { 15 | 16 | @Autowired 17 | private HistoryMapper dao; 18 | 19 | @Override 20 | public List getHistoryAll() { 21 | return dao.getHistoryAll(); 22 | } 23 | 24 | @Override 25 | public List getHistoryById(String id) { 26 | return dao.getHistoryById(id); 27 | } 28 | 29 | @Override 30 | public List getHistoryByType(String type) { 31 | return dao.getHistoryByType(type); 32 | } 33 | 34 | @Override 35 | public List getFwHistoryById(String id) { 36 | return dao.getFwHistoryById(id); 37 | } 38 | 39 | @Override 40 | public int addHistory(HistoryDao history) { 41 | return dao.addHistory(history); 42 | } 43 | 44 | @Override 45 | public int addFwHistory(FwHistoryDao fwHistory) { 46 | return dao.addFwHistory(fwHistory); 47 | } 48 | 49 | @Override 50 | public int updateHistoryName(String id, String name) { 51 | return dao.updateHistoryName(id, XSSProtect.escapeString(name)); 52 | } 53 | 54 | @Override 55 | public int deleteHistory(String id) { 56 | return dao.deleteHistory(id); 57 | } 58 | 59 | @Override 60 | public int deleteFwHistory(String id) { 61 | return dao.deleteFwHistory(id); 62 | } 63 | 64 | } 65 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/library/controller/ThirdLibraryController.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.library.controller; 2 | 3 | import org.springframework.stereotype.Controller; 4 | import org.springframework.web.bind.annotation.RequestMapping; 5 | 6 | @Controller 7 | @RequestMapping("/library") 8 | public class ThirdLibraryController { 9 | 10 | } 11 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/library/dao/ThirdLibraryMapper.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.library.dao; 2 | 3 | import java.util.List; 4 | 5 | import org.apache.ibatis.annotations.Param; 6 | import org.apache.ibatis.annotations.Select; 7 | 8 | import com.wrlus.seciot.library.model.ThirdLibraryDao; 9 | import com.wrlus.seciot.library.model.ThirdLibraryRiskDao; 10 | 11 | public interface ThirdLibraryMapper { 12 | @Select("select * from third_library;") 13 | public List getThirdLibraryAll(); 14 | 15 | @Select("select * from third_library where id = #{id};") 16 | public List getThirdLibraryById(@Param("id") String id); 17 | 18 | @Select("select * from library_risk where name = #{libname} and version = #{libver};") 19 | public List getThirdLibraryRiskByLibInfo(@Param("libname") String libname, @Param("libver") String libver); 20 | 21 | @Select("select * from library_risk where id = #{id};") 22 | public List getThirdLibraryRiskById(String id); 23 | } 24 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/library/model/ThirdLibrary.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.library.model; 2 | 3 | import com.fasterxml.jackson.annotation.JsonProperty; 4 | 5 | public class ThirdLibrary { 6 | 7 | @JsonProperty("lib_name") 8 | private String name; 9 | @JsonProperty("lib_avaliable") 10 | private boolean avaliable; 11 | @JsonProperty("lib_path") 12 | private String path; 13 | @JsonProperty("lib_version") 14 | private String version; 15 | 16 | public String getName() { 17 | return name; 18 | } 19 | public void setName(String name) { 20 | this.name = name; 21 | } 22 | public boolean isAvaliable() { 23 | return avaliable; 24 | } 25 | public void setAvaliable(boolean avaliable) { 26 | this.avaliable = avaliable; 27 | } 28 | public String getPath() { 29 | return path; 30 | } 31 | public void setPath(String path) { 32 | this.path = path; 33 | } 34 | public String getVersion() { 35 | return version; 36 | } 37 | public void setVersion(String version) { 38 | this.version = version; 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/library/model/ThirdLibraryDao.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.library.model; 2 | 3 | public class ThirdLibraryDao { 4 | private String id; 5 | private String name; 6 | private String description; 7 | private String latest_version; 8 | public String getId() { 9 | return id; 10 | } 11 | public void setId(String id) { 12 | this.id = id; 13 | } 14 | public String getName() { 15 | return name; 16 | } 17 | public void setName(String name) { 18 | this.name = name; 19 | } 20 | public String getDescription() { 21 | return description; 22 | } 23 | public void setDescription(String description) { 24 | this.description = description; 25 | } 26 | public String getLatest_version() { 27 | return latest_version; 28 | } 29 | public void setLatest_version(String latest_version) { 30 | this.latest_version = latest_version; 31 | } 32 | 33 | } 34 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/library/model/ThirdLibraryRiskDao.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.library.model; 2 | 3 | public class ThirdLibraryRiskDao { 4 | private String id; 5 | private String name; 6 | private String version; 7 | private String cve_num; 8 | public String getId() { 9 | return id; 10 | } 11 | public void setId(String id) { 12 | this.id = id; 13 | } 14 | public String getName() { 15 | return name; 16 | } 17 | public void setName(String name) { 18 | this.name = name; 19 | } 20 | public String getVersion() { 21 | return version; 22 | } 23 | public void setVersion(String version) { 24 | this.version = version; 25 | } 26 | public String getCve_num() { 27 | return cve_num; 28 | } 29 | public void setCve_num(String cve_num) { 30 | this.cve_num = cve_num; 31 | } 32 | 33 | } 34 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/library/model/ThirdLibraryRiskResult.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.library.model; 2 | 3 | import java.util.List; 4 | import java.util.Map; 5 | 6 | import com.fasterxml.jackson.annotation.JsonProperty; 7 | 8 | public class ThirdLibraryRiskResult { 9 | @JsonProperty("risk_exists") 10 | private boolean exists; 11 | @JsonProperty("risk_name") 12 | private String name; 13 | @JsonProperty("risk_description") 14 | private String description; 15 | @JsonProperty("risk_level") 16 | private String level; 17 | @JsonProperty("risk_platform") 18 | private String platform; 19 | @JsonProperty("risk_detail_keys") 20 | private String[] detailKeys; 21 | @JsonProperty("risk_details") 22 | private Map> details; 23 | public boolean isExists() { 24 | return exists; 25 | } 26 | public void setExists(boolean exists) { 27 | this.exists = exists; 28 | } 29 | public String getName() { 30 | return name; 31 | } 32 | public void setName(String name) { 33 | this.name = name; 34 | } 35 | public String getDescription() { 36 | return description; 37 | } 38 | public void setDescription(String description) { 39 | this.description = description; 40 | } 41 | public String getLevel() { 42 | return level; 43 | } 44 | public void setLevel(String level) { 45 | this.level = level; 46 | } 47 | public String getPlatform() { 48 | return platform; 49 | } 50 | public void setPlatform(String platform) { 51 | this.platform = platform; 52 | } 53 | public Map> getDetails() { 54 | return details; 55 | } 56 | public void setDetails(Map> details) { 57 | this.details = details; 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/library/service/ThirdLibraryService.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.library.service; 2 | 3 | import java.util.List; 4 | 5 | import com.wrlus.seciot.library.model.ThirdLibraryDao; 6 | import com.wrlus.seciot.library.model.ThirdLibraryRiskDao; 7 | 8 | public interface ThirdLibraryService { 9 | public List getThirdLibraryAll(); 10 | public List getThirdLibraryById(String id); 11 | public List getThirdLibraryRiskByLibInfo(String libname, String libversion); 12 | public List getThirdLibraryRiskById(String id); 13 | } 14 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/library/service/ThirdLibraryServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.library.service; 2 | 3 | import java.util.List; 4 | 5 | import org.springframework.beans.factory.annotation.Autowired; 6 | import org.springframework.stereotype.Service; 7 | 8 | import com.wrlus.seciot.library.dao.ThirdLibraryMapper; 9 | import com.wrlus.seciot.library.model.ThirdLibraryDao; 10 | import com.wrlus.seciot.library.model.ThirdLibraryRiskDao; 11 | 12 | @Service 13 | public class ThirdLibraryServiceImpl implements ThirdLibraryService { 14 | @Autowired 15 | private ThirdLibraryMapper dao; 16 | 17 | @Override 18 | public List getThirdLibraryAll() { 19 | return dao.getThirdLibraryAll(); 20 | } 21 | 22 | @Override 23 | public List getThirdLibraryById(String id) { 24 | return dao.getThirdLibraryById(id); 25 | } 26 | 27 | @Override 28 | public List getThirdLibraryRiskByLibInfo(String libname, String libversion) { 29 | return dao.getThirdLibraryRiskByLibInfo(libname, libversion); 30 | } 31 | 32 | @Override 33 | public List getThirdLibraryRiskById(String id) { 34 | return dao.getThirdLibraryRiskById(id); 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/platform/controller/PlatformController.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.platform.controller; 2 | 3 | import org.springframework.stereotype.Controller; 4 | import org.springframework.web.bind.annotation.RequestMapping; 5 | 6 | @Controller 7 | @RequestMapping("/platform") 8 | public class PlatformController { 9 | 10 | } 11 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/platform/dao/PlatformRiskMapper.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.platform.dao; 2 | 3 | import java.util.List; 4 | 5 | import org.apache.ibatis.annotations.Param; 6 | import org.apache.ibatis.annotations.Select; 7 | import org.springframework.stereotype.Repository; 8 | 9 | import com.wrlus.seciot.platform.model.PlatformRiskDao; 10 | 11 | @Repository 12 | public interface PlatformRiskMapper { 13 | @Select("select * from platform_risk;") 14 | public List getPlatformRiskAll(); 15 | 16 | @Select("select * from platform_risk where id = #{id};") 17 | public List getPlatformRiskById(@Param("id") String id); 18 | 19 | @Select("select * from platform_risk where id in (select id from platform_risk_category where category = #{category});") 20 | public List getPlatformRiskByCategory(@Param("category") String category); 21 | 22 | } 23 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/platform/model/PlatformRiskDao.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.platform.model; 2 | 3 | public class PlatformRiskDao { 4 | private String id; 5 | private String name; 6 | private String description; 7 | private String level; 8 | private String platform; 9 | private String payload; 10 | public String getId() { 11 | return id; 12 | } 13 | public void setId(String id) { 14 | this.id = id; 15 | } 16 | public String getName() { 17 | return name; 18 | } 19 | public void setName(String name) { 20 | this.name = name; 21 | } 22 | public String getDescription() { 23 | return description; 24 | } 25 | public void setDescription(String description) { 26 | this.description = description; 27 | } 28 | public String getLevel() { 29 | return level; 30 | } 31 | public void setLevel(String level) { 32 | this.level = level; 33 | } 34 | public String getPlatform() { 35 | return platform; 36 | } 37 | public void setPlatform(String platform) { 38 | this.platform = platform; 39 | } 40 | public String getPayload() { 41 | return payload; 42 | } 43 | public void setPayload(String payload) { 44 | this.payload = payload; 45 | } 46 | 47 | } 48 | 49 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/platform/model/PlatformRiskResult.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.platform.model; 2 | 3 | import java.util.List; 4 | import java.util.Map; 5 | 6 | import com.fasterxml.jackson.annotation.JsonProperty; 7 | 8 | public class PlatformRiskResult { 9 | @JsonProperty("risk_exists") 10 | private boolean exists; 11 | @JsonProperty("risk_name") 12 | private String name; 13 | @JsonProperty("risk_description") 14 | private String description; 15 | @JsonProperty("risk_level") 16 | private String level; 17 | @JsonProperty("risk_platform") 18 | private String platform; 19 | @JsonProperty("risk_detail_keys") 20 | private String[] detailKeys; 21 | @JsonProperty("risk_details") 22 | private Map> details; 23 | public boolean isExists() { 24 | return exists; 25 | } 26 | public void setExists(boolean exists) { 27 | this.exists = exists; 28 | } 29 | public String getName() { 30 | return name; 31 | } 32 | public void setName(String name) { 33 | this.name = name; 34 | } 35 | public String getDescription() { 36 | return description; 37 | } 38 | public void setDescription(String description) { 39 | this.description = description; 40 | } 41 | public String getLevel() { 42 | return level; 43 | } 44 | public void setLevel(String level) { 45 | this.level = level; 46 | } 47 | public String getPlatform() { 48 | return platform; 49 | } 50 | public void setPlatform(String platform) { 51 | this.platform = platform; 52 | } 53 | public String[] getDetailKeys() { 54 | return detailKeys; 55 | } 56 | public void setDetailKeys(String[] detailKeys) { 57 | this.detailKeys = detailKeys; 58 | } 59 | public Map> getDetails() { 60 | return details; 61 | } 62 | public void setDetails(Map> details) { 63 | this.details = details; 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/platform/service/PlatformRiskService.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.platform.service; 2 | 3 | import java.util.List; 4 | 5 | import com.wrlus.seciot.platform.model.PlatformRiskDao; 6 | 7 | public interface PlatformRiskService { 8 | public List getPlatformRiskAll(); 9 | public List getPlatformRiskById(String id); 10 | public List getPlatformRiskByCategory(String category); 11 | } 12 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/platform/service/PlatformRiskServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.platform.service; 2 | 3 | import java.util.List; 4 | 5 | import org.springframework.beans.factory.annotation.Autowired; 6 | import org.springframework.stereotype.Service; 7 | 8 | import com.wrlus.seciot.platform.dao.PlatformRiskMapper; 9 | import com.wrlus.seciot.platform.model.PlatformRiskDao; 10 | 11 | @Service 12 | public class PlatformRiskServiceImpl implements PlatformRiskService { 13 | @Autowired 14 | private PlatformRiskMapper dao; 15 | 16 | @Override 17 | public List getPlatformRiskAll() { 18 | return dao.getPlatformRiskAll(); 19 | } 20 | 21 | @Override 22 | public List getPlatformRiskById(String id) { 23 | return dao.getPlatformRiskById(id); 24 | } 25 | 26 | @Override 27 | public List getPlatformRiskByCategory(String category) { 28 | return dao.getPlatformRiskByCategory(category); 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/pysocket/Callback.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.pysocket; 2 | 3 | import com.wrlus.seciot.pysocket.model.PySocketResponse; 4 | 5 | public interface Callback { 6 | public void onSuccess(PySocketResponse result); 7 | public void onError(PySocketResponse result); 8 | } 9 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/pysocket/PyClient.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.pysocket; 2 | 3 | import java.io.BufferedReader; 4 | import java.io.BufferedWriter; 5 | import java.io.IOException; 6 | import java.io.InputStream; 7 | import java.io.InputStreamReader; 8 | import java.io.OutputStream; 9 | import java.io.OutputStreamWriter; 10 | import java.net.Socket; 11 | import java.util.HashMap; 12 | import java.util.Map; 13 | 14 | import org.apache.logging.log4j.LogManager; 15 | import org.apache.logging.log4j.Logger; 16 | 17 | import com.fasterxml.jackson.databind.ObjectMapper; 18 | import com.wrlus.seciot.pysocket.model.PySocketRequest; 19 | import com.wrlus.seciot.pysocket.model.PySocketResponse; 20 | import com.wrlus.seciot.util.exception.PythonException; 21 | import com.wrlus.seciot.util.exception.PythonIOException; 22 | 23 | public class PyClient { 24 | private Socket socket; 25 | private BufferedWriter writer; 26 | private BufferedReader reader; 27 | private static Logger log = LogManager.getLogger(); 28 | 29 | public void connect() throws PythonIOException { 30 | if (socket == null || !socket.isConnected()) { 31 | try { 32 | socket = new Socket("localhost", 8081); 33 | OutputStream os = socket.getOutputStream(); 34 | InputStream is = socket.getInputStream(); 35 | writer = new BufferedWriter(new OutputStreamWriter(os)); 36 | reader = new BufferedReader(new InputStreamReader(is)); 37 | log.debug("Connect to server "+socket.getInetAddress().getHostAddress()+":"+socket.getPort()); 38 | } catch (IOException e) { 39 | throw new PythonIOException("An error occured when connecting to python server.", e); 40 | } 41 | } 42 | } 43 | 44 | public void close() throws IOException { 45 | if (socket != null && !socket.isClosed()) { 46 | socket.close(); 47 | } 48 | } 49 | 50 | public PySocketResponse sendCmdSync(PySocketRequest cmd) throws PythonException { 51 | return sendCmd(cmd); 52 | } 53 | 54 | public void sendCmdAsync(PySocketRequest cmd, Callback callback) { 55 | Thread pyCmdThread = new Thread(()->{ 56 | try { 57 | PySocketResponse response = sendCmd(cmd); 58 | callback.onSuccess(response); 59 | } catch (PythonException e) { 60 | PySocketResponse response = new PySocketResponse(); 61 | response.setStatus(-1); 62 | response.setReason(e.getLocalizedMessage()); 63 | callback.onError(response); 64 | log.error(e.getClass().getName() + ": " + e.getLocalizedMessage()); 65 | if (log.isDebugEnabled()) { 66 | e.printStackTrace(); 67 | } 68 | } 69 | }); 70 | pyCmdThread.setName("PyClient SendCmdAsync Thread"); 71 | pyCmdThread.setDaemon(true); 72 | pyCmdThread.start(); 73 | } 74 | 75 | private PySocketResponse sendCmd(PySocketRequest request) throws PythonException { 76 | ObjectMapper mapper = new ObjectMapper(); 77 | try { 78 | String data = mapper.writeValueAsString(request); 79 | log.debug("Send request to the server: "+data); 80 | writer.write(data); 81 | writer.flush(); 82 | String receiveData = reader.readLine(); 83 | PySocketResponse response = mapper.readValue(receiveData, PySocketResponse.class); 84 | return response; 85 | } catch (Exception e) { 86 | throw new PythonIOException("An error occured when sending command to python server.", e); 87 | } 88 | } 89 | 90 | public void sendExitSignal(int signal) throws PythonException { 91 | PySocketRequest request = new PySocketRequest(); 92 | Map params = new HashMap<>(); 93 | params.put("code", 1); 94 | request.setCmd("exit"); 95 | request.setParameters(params); 96 | ObjectMapper mapper = new ObjectMapper(); 97 | try { 98 | String data = mapper.writeValueAsString(request); 99 | log.debug("Send request to the server: "+data); 100 | log.debug("Send exit signal to the server: "+signal); 101 | writer.write(data); 102 | writer.flush(); 103 | } catch (Exception e) { 104 | throw new PythonIOException("An error occured when sending exit signal to python server.", e); 105 | } 106 | } 107 | } -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/pysocket/PyServerManager.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.pysocket; 2 | 3 | import java.io.BufferedReader; 4 | import java.io.IOException; 5 | import java.io.InputStreamReader; 6 | 7 | import org.apache.logging.log4j.LogManager; 8 | import org.apache.logging.log4j.Logger; 9 | 10 | import com.wrlus.seciot.util.os.OSUtil; 11 | 12 | public class PyServerManager { 13 | private static Logger log = LogManager.getLogger(); 14 | private Process process; 15 | private Thread readThread; 16 | 17 | public void init() { 18 | String path = Thread.currentThread().getContextClassLoader().getResource("").toString(); 19 | if (OSUtil.isWindows()) { 20 | path = path.replace("file:/", ""); 21 | } else { 22 | path = path.replace("file:", ""); 23 | } 24 | path = path.replace("classes/", "python/"); 25 | if (OSUtil.isWindows()) { 26 | path = OSUtil.escapeUnixSeparator(path); 27 | } 28 | String fullScriptName = path + "socket_server.py"; 29 | log.debug("ScriptName: "+fullScriptName); 30 | ProcessBuilder processBuilder = new ProcessBuilder("python3", fullScriptName); 31 | processBuilder.redirectErrorStream(true); 32 | try { 33 | process = processBuilder.start(); 34 | log.info("Starting Python Socket Server Daemon..."); 35 | BufferedReader bs = new BufferedReader(new InputStreamReader(process.getInputStream())); 36 | readThread = new Thread(()->{ 37 | try { 38 | while(!Thread.currentThread().isInterrupted()) { 39 | String line; 40 | while ((line = bs.readLine()) != null) { 41 | if (log.isDebugEnabled()) { 42 | System.out.println(line); 43 | } 44 | } 45 | Thread.sleep(1000); 46 | } 47 | } catch (IOException | InterruptedException e) { 48 | if (log.isDebugEnabled()) { 49 | e.printStackTrace(); 50 | } 51 | } 52 | log.warn("Stopping Python Socket Server Daemon..."); 53 | }); 54 | readThread.setDaemon(true); 55 | readThread.setName("Thread-PySocketServer"); 56 | readThread.start(); 57 | } catch (IOException e) { 58 | if (log.isDebugEnabled()) { 59 | e.printStackTrace(); 60 | } 61 | } 62 | } 63 | 64 | public void destory() { 65 | log.warn("Stoping Python Socket Server Daemon..."); 66 | process.destroy(); 67 | readThread.interrupt(); 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/pysocket/model/PySocketRequest.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.pysocket.model; 2 | 3 | import java.util.Map; 4 | 5 | import com.fasterxml.jackson.annotation.JsonProperty; 6 | 7 | public class PySocketRequest { 8 | @JsonProperty("cmd") 9 | private String cmd; 10 | @JsonProperty("params") 11 | private Map parameters; 12 | 13 | public String getCmd() { 14 | return cmd; 15 | } 16 | public void setCmd(String cmd) { 17 | this.cmd = cmd; 18 | } 19 | public Map getParameters() { 20 | return parameters; 21 | } 22 | public void setParameters(Map parameters) { 23 | this.parameters = parameters; 24 | } 25 | @Override 26 | public String toString() { 27 | StringBuilder printable = new StringBuilder(this.getClass().getName()); 28 | printable.append(": [ "); 29 | printable.append("cmd="+cmd+", "); 30 | printable.append("params={ "); 31 | for(String key : parameters.keySet()) { 32 | printable.append(key+"="+parameters.getOrDefault(key, "null")+", "); 33 | } 34 | printable.append("} ]"); 35 | return printable.toString(); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/pysocket/model/PySocketResponse.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.pysocket.model; 2 | 3 | import java.util.Map; 4 | 5 | public class PySocketResponse { 6 | 7 | private int status; 8 | private String reason; 9 | private Map data; 10 | 11 | public int getStatus() { 12 | return status; 13 | } 14 | public void setStatus(int status) { 15 | this.status = status; 16 | } 17 | public String getReason() { 18 | return reason; 19 | } 20 | public void setReason(String reason) { 21 | this.reason = reason; 22 | } 23 | public Map getData() { 24 | return data; 25 | } 26 | public void setData(Map data) { 27 | this.data = data; 28 | } 29 | @Override 30 | public String toString() { 31 | StringBuilder printable = new StringBuilder(this.getClass().getName()); 32 | printable.append(": [ "); 33 | printable.append("status="+status+", "); 34 | printable.append("reason="+reason+", "); 35 | printable.append("data={ "); 36 | for(String key : data.keySet()) { 37 | printable.append(key+"="+data.getOrDefault(key, "null")+", "); 38 | } 39 | printable.append("} ]"); 40 | return printable.toString(); 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/user/controller/UserController.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.user.controller; 2 | 3 | import java.util.HashMap; 4 | import java.util.Map; 5 | 6 | import javax.servlet.http.HttpServletRequest; 7 | import javax.servlet.http.HttpServletResponse; 8 | 9 | import org.springframework.beans.factory.annotation.Autowired; 10 | import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; 11 | import org.springframework.stereotype.Controller; 12 | import org.springframework.web.bind.annotation.RequestMapping; 13 | import org.springframework.web.bind.annotation.RequestParam; 14 | import org.springframework.web.bind.annotation.ResponseBody; 15 | 16 | import com.wrlus.seciot.user.model.UserDao; 17 | import com.wrlus.seciot.user.service.UserServiceImpl; 18 | 19 | @Controller 20 | @RequestMapping("/user") 21 | public class UserController { 22 | 23 | @Autowired 24 | private UserServiceImpl userService; 25 | 26 | @ResponseBody 27 | @RequestMapping("/signup") 28 | public Map signup(UserDao user, HttpServletRequest request, HttpServletResponse response) { 29 | Map data = new HashMap<>(); 30 | BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); 31 | user.setPassword(passwordEncoder.encode(user.getPassword())); 32 | user.setEnabled(0); 33 | userService.addUser(user); 34 | return data; 35 | } 36 | 37 | @ResponseBody 38 | @RequestMapping("/enable") 39 | public Map enable(UserDao user, HttpServletRequest request, HttpServletResponse response) { 40 | Map data = new HashMap<>(); 41 | return data; 42 | } 43 | 44 | @ResponseBody 45 | @RequestMapping("/disable") 46 | public Map disable(UserDao user, HttpServletRequest request, HttpServletResponse response) { 47 | Map data = new HashMap<>(); 48 | return data; 49 | } 50 | 51 | @ResponseBody 52 | @RequestMapping("/grant") 53 | public Map grant( 54 | @RequestParam("username") String username, 55 | @RequestParam("authority") String authority, HttpServletRequest request, HttpServletResponse response) { 56 | Map data = new HashMap<>(); 57 | return data; 58 | } 59 | 60 | @ResponseBody 61 | @RequestMapping("/revoke") 62 | public Map revoke(@RequestParam("username") String username, HttpServletRequest request, HttpServletResponse response) { 63 | Map data = new HashMap<>(); 64 | return data; 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/user/dao/UserMapper.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.user.dao; 2 | 3 | import java.util.List; 4 | 5 | import org.apache.ibatis.annotations.Delete; 6 | import org.apache.ibatis.annotations.Insert; 7 | import org.apache.ibatis.annotations.Param; 8 | import org.apache.ibatis.annotations.Select; 9 | import org.apache.ibatis.annotations.Update; 10 | 11 | import com.wrlus.seciot.user.model.UserDao; 12 | 13 | public interface UserMapper { 14 | 15 | @Select("select * from users;") 16 | public List getAllUser(); 17 | @Select("select * from users where username = #{username};") 18 | public List getUserByUsername(@Param("username") String username); 19 | @Insert("insert into users values(#{username}, #{password}, #{enabled});") 20 | public int addUser(UserDao user); 21 | @Update("update users set password = #{password} where username = #{username};") 22 | public int updateUserPassword(@Param("username") String username, @Param("password") String password); 23 | @Update("update users set enabled = #{enabled} where username = #{username};") 24 | public int updateUserEnable(@Param("username") String username, @Param("enabled") int enabled); 25 | @Insert("insert into authorities values(#{username}, #{authority});") 26 | public int addUserRole(@Param("username") String username, @Param("authority") String authority); 27 | @Update("update authorities set authority = #{authority} where username = #{username};") 28 | public int updateUserRole(@Param("username") String username, @Param("authority") String authority); 29 | @Delete("delete from authorities where username = #{username};") 30 | public int deleteUserRole(@Param("username") String username); 31 | @Delete("delete from users where username = #{username};") 32 | public int deleteUser(@Param("username") String username); 33 | } 34 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/user/model/UserDao.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.user.model; 2 | 3 | public class UserDao { 4 | private String username; 5 | private String password; 6 | private int enabled; 7 | public String getUsername() { 8 | return username; 9 | } 10 | public void setUsername(String username) { 11 | this.username = username; 12 | } 13 | public String getPassword() { 14 | return password; 15 | } 16 | public void setPassword(String password) { 17 | this.password = password; 18 | } 19 | public int getEnabled() { 20 | return enabled; 21 | } 22 | public void setEnabled(int enabled) { 23 | this.enabled = enabled; 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/user/service/UserService.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.user.service; 2 | 3 | import java.util.List; 4 | 5 | import com.wrlus.seciot.user.model.UserDao; 6 | 7 | public interface UserService { 8 | public List getAllUser(); 9 | public List getUserByUsername(String username); 10 | public int addUser(UserDao user); 11 | public int updateUserPassword(String username, String password); 12 | public int updateUserEnable(String username, int enabled); 13 | public int addUserRole(String username, String authority); 14 | public int updateUserRole(String username, String authority); 15 | public int deleteUserRole(String username); 16 | public int deleteUser(String username); 17 | } 18 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/user/service/UserServiceImpl.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.user.service; 2 | 3 | import java.util.List; 4 | 5 | import org.springframework.beans.factory.annotation.Autowired; 6 | import org.springframework.stereotype.Service; 7 | 8 | import com.wrlus.seciot.user.dao.UserMapper; 9 | import com.wrlus.seciot.user.model.UserDao; 10 | 11 | @Service 12 | public class UserServiceImpl implements UserService { 13 | 14 | @Autowired 15 | private UserMapper dao; 16 | 17 | @Override 18 | public List getAllUser() { 19 | return dao.getAllUser(); 20 | } 21 | 22 | @Override 23 | public List getUserByUsername(String username) { 24 | return dao.getUserByUsername(username); 25 | } 26 | 27 | @Override 28 | public int addUser(UserDao user) { 29 | return dao.addUser(user); 30 | } 31 | 32 | @Override 33 | public int updateUserPassword(String username, String password) { 34 | return dao.updateUserPassword(username, password); 35 | } 36 | 37 | @Override 38 | public int updateUserEnable(String username, int enabled) { 39 | return dao.updateUserEnable(username, enabled); 40 | } 41 | 42 | @Override 43 | public int addUserRole(String username, String authority) { 44 | return dao.addUserRole(username, authority); 45 | } 46 | 47 | @Override 48 | public int updateUserRole(String username, String authority) { 49 | return dao.updateUserRole(username, authority); 50 | } 51 | 52 | @Override 53 | public int deleteUserRole(String username) { 54 | return dao.deleteUserRole(username); 55 | } 56 | 57 | @Override 58 | public int deleteUser(String username) { 59 | return dao.deleteUser(username); 60 | } 61 | 62 | } 63 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/excel/ConventExcelCellType.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.excel; 2 | 3 | import java.io.File; 4 | import java.io.FileOutputStream; 5 | 6 | import org.apache.poi.hssf.usermodel.HSSFCell; 7 | import org.apache.poi.hssf.usermodel.HSSFRow; 8 | import org.apache.poi.hssf.usermodel.HSSFSheet; 9 | import org.apache.poi.hssf.usermodel.HSSFWorkbook; 10 | import org.apache.poi.poifs.filesystem.POIFSFileSystem; 11 | import org.apache.poi.ss.usermodel.CellType; 12 | import org.apache.poi.xssf.usermodel.XSSFCell; 13 | import org.apache.poi.xssf.usermodel.XSSFRow; 14 | import org.apache.poi.xssf.usermodel.XSSFSheet; 15 | import org.apache.poi.xssf.usermodel.XSSFWorkbook; 16 | /** 17 | * 功能: 18 | * 转换Excel文件格式 19 | * 20 | * 修订版本: 21 | * 2019-04-12 更新Apache-POI版本到4.1.0,修改getCellType调用 22 | * 2018-01-04 更新Apache-POI版本到3.17 23 | * 2018-01-01 首次编写,提供单元格类型转文本型的方法 24 | * 25 | * @author 路伟饶 26 | * 27 | */ 28 | public class ConventExcelCellType { 29 | private File sourceFile,targetFile; 30 | /** 31 | * 构造方法 32 | * @param from 源文件 33 | * @param to 目的文件 34 | */ 35 | public ConventExcelCellType(File from, File to) { 36 | this.sourceFile = from; 37 | this.targetFile = to; 38 | } 39 | /** 40 | * 将Excel中的数值型单元格都转为文本型 41 | * @throws Exception 42 | */ 43 | public void conventToStringValue() throws Exception { 44 | // 目标文件类型为新版Microsoft Excel文件,使用XSSF系列类型 45 | if (sourceFile.getName().endsWith(".xlsx")) { 46 | // 打开源工作簿 47 | XSSFWorkbook xlsx = new XSSFWorkbook(sourceFile); 48 | XSSFWorkbook target = new XSSFWorkbook(); 49 | // 获得第一个工作表 50 | XSSFSheet sheet = xlsx.getSheetAt(0); 51 | XSSFSheet targetSheet = target.createSheet(); 52 | for (int i = sheet.getFirstRowNum(); i <= sheet.getLastRowNum(); ++i) { 53 | // 获得行对象,迭代一行数据 54 | XSSFRow row = sheet.getRow(i); 55 | XSSFRow targetRow = targetSheet.createRow(i); 56 | for (int j = row.getFirstCellNum(); j <= row.getLastCellNum(); ++j) { 57 | // 获得单元格对象 58 | XSSFCell cell = row.getCell(j); 59 | if (cell==null) { 60 | continue; 61 | } 62 | // 判断单元格数据类型 63 | // 只支持文本类型和数字类型 64 | // 如果为文本类型单元格 65 | XSSFCell targetCell = targetRow.createCell(j); 66 | if (cell.getCellType().equals(CellType.STRING)) { 67 | targetCell.setCellValue(cell.getStringCellValue()); 68 | } 69 | // 数字类型单元格,也转化为文本类型存储 70 | else if (cell.getCellType().equals(CellType.NUMERIC)) { 71 | Double d = cell.getNumericCellValue(); 72 | targetCell.setCellValue(Long.toString(d.longValue())); 73 | System.out.println("Changing Numeric Cell Value: "+d.longValue()); 74 | } 75 | else if (cell.getCellType().equals(CellType.BLANK)) { 76 | continue; 77 | } 78 | else { 79 | System.out.println("Odd Cell Type: "+cell.getCellType().name()+", skipped."); 80 | continue; 81 | } 82 | } 83 | } 84 | xlsx.close(); 85 | FileOutputStream fos = new FileOutputStream(targetFile); 86 | target.write(fos); 87 | target.close(); 88 | fos.close(); 89 | } 90 | // 目标文件类型为旧版Microsoft Excel 1997-2003 文件,使用HSSF系列类型 91 | else if (sourceFile.getName().endsWith(".xls")) { 92 | // HSSF系列类型中文件打开操作略有不同 93 | // 需要使用POIFSFileSystem类打开文件再传入HSSFWorkbook 94 | // XSSF系列类型进行了简化,毕竟真的有点反人类...... 95 | // 再次证明一个道理:不要用97-03的格式,程序员写程序都更麻烦 96 | POIFSFileSystem fileSystem = new POIFSFileSystem(sourceFile, true); 97 | HSSFWorkbook xls = new HSSFWorkbook(fileSystem); 98 | HSSFWorkbook target = new HSSFWorkbook(); 99 | HSSFSheet sheet = xls.getSheetAt(0); 100 | HSSFSheet targetSheet = target.createSheet(); 101 | for (int i = sheet.getFirstRowNum(); i <= sheet.getLastRowNum(); ++i) { 102 | HSSFRow row = sheet.getRow(i); 103 | HSSFRow targetRow = targetSheet.createRow(i); 104 | for (int j = row.getFirstCellNum(); j <= row.getLastCellNum(); ++j) { 105 | HSSFCell cell = row.getCell(j); 106 | if (cell == null) { 107 | continue; 108 | } 109 | HSSFCell targetCell = targetRow.createCell(j); 110 | if (cell.getCellType().equals(CellType.STRING)) { 111 | targetCell.setCellValue(cell.getStringCellValue()); 112 | } 113 | else if (cell.getCellType().equals(CellType.NUMERIC)) { 114 | Double d = cell.getNumericCellValue(); 115 | targetCell.setCellValue(Long.toString(d.longValue())); 116 | System.out.println("Changing Numeric Cell Value: "+d.longValue()); 117 | } 118 | else if (cell.getCellType().equals(CellType.BLANK)) { 119 | continue; 120 | } 121 | else { 122 | System.out.println("Odd Cell Type: "+cell.getCellType().name()+", skipped."); 123 | continue; 124 | } 125 | } 126 | } 127 | xls.close(); 128 | FileOutputStream fos = new FileOutputStream(targetFile); 129 | target.write(fos); 130 | target.close(); 131 | fos.close(); 132 | } 133 | else { 134 | throw new IllegalArgumentException("不是Excel文件后缀"); 135 | } 136 | } 137 | } -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/excel/ExcelFileSolver.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.excel; 2 | 3 | import java.io.File; 4 | import java.io.FileOutputStream; 5 | import java.io.IOException; 6 | import java.util.Iterator; 7 | import java.util.Vector; 8 | 9 | import org.apache.poi.hssf.usermodel.HSSFCell; 10 | import org.apache.poi.hssf.usermodel.HSSFRow; 11 | import org.apache.poi.hssf.usermodel.HSSFSheet; 12 | import org.apache.poi.hssf.usermodel.HSSFWorkbook; 13 | import org.apache.poi.openxml4j.exceptions.InvalidFormatException; 14 | import org.apache.poi.poifs.filesystem.POIFSFileSystem; 15 | import org.apache.poi.ss.usermodel.CellType; 16 | import org.apache.poi.xssf.usermodel.XSSFCell; 17 | import org.apache.poi.xssf.usermodel.XSSFRow; 18 | import org.apache.poi.xssf.usermodel.XSSFSheet; 19 | import org.apache.poi.xssf.usermodel.XSSFWorkbook; 20 | 21 | /** 22 | * 功能: 23 | * 导入导出Excel文件 24 | * 25 | * 重要声明: 26 | * 不支持WPS表格的专有格式!!! 27 | * 28 | * 修订版本: 29 | * 2019-04-12 更新Apache-POI版本到4.1.0,修改getCellType调用 30 | * 2018-01-04 更新Apache-POI版本到3.17 31 | * 2018-01-01 修正错误 32 | * 2017-12-18 首次编写 33 | * 34 | * @author 路伟饶 35 | * 36 | */ 37 | public class ExcelFileSolver { 38 | private File targetFile; 39 | /** 40 | * 构造方法 41 | * @param file 用于操作的文件 42 | */ 43 | public ExcelFileSolver(File file) { 44 | this.targetFile = file; 45 | } 46 | /** 47 | * 导出到Excel文件 48 | * @param data 待写入的数据,二维向量类型 49 | * @throws InvalidFormatException 文件不是Excel文件 50 | * @throws IOException 文件I/O错误 51 | */ 52 | public void writeData(Vector> data) throws InvalidFormatException, IOException { 53 | // 选择保存的文件类型为新版Microsoft Excel文件,使用XSSF系列类型 54 | if (targetFile.getName().endsWith(".xlsx")) { 55 | // 获得工作簿对象 56 | XSSFWorkbook xlsx = new XSSFWorkbook(); 57 | // 获得工作表对象 58 | XSSFSheet sheet = xlsx.createSheet(); 59 | int i = 0; 60 | // 迭代器,迭代数据行 61 | for (Iterator> rowIterator = data.iterator(); rowIterator.hasNext();++i) { 62 | // 获得一行数据 63 | Vector vector = (Vector) rowIterator.next(); 64 | // 创建行对象 65 | XSSFRow row = sheet.createRow(i); 66 | int j = 0; 67 | // 迭代器,迭代一行数据的每一列 68 | for (Iterator colIterator = vector.iterator(); colIterator.hasNext();++j) { 69 | // 获得一个单元格的数据并写入数据 70 | String string = (String) colIterator.next(); 71 | XSSFCell cell = row.createCell(j); 72 | cell.setCellValue(string); 73 | } 74 | } 75 | // 输出到文件 76 | FileOutputStream fos = new FileOutputStream(targetFile); 77 | xlsx.write(fos); 78 | xlsx.close(); 79 | } 80 | // 选择保存的文件类型为旧版Microsoft Excel 1997-2003 文件,使用HSSF系列类型 81 | else if (targetFile.getName().endsWith(".xls")) { 82 | HSSFWorkbook xls = new HSSFWorkbook(); 83 | HSSFSheet sheet = xls.createSheet(); 84 | int i = 0; 85 | for (Iterator> rowIterator = data.iterator(); rowIterator.hasNext();++i) { 86 | Vector vector = (Vector) rowIterator.next(); 87 | HSSFRow row = sheet.createRow(i); 88 | int j = 0; 89 | for (Iterator colIterator = vector.iterator(); colIterator.hasNext();++j) { 90 | String string = (String) colIterator.next(); 91 | HSSFCell cell = row.createCell(j); 92 | cell.setCellValue(string); 93 | } 94 | } 95 | FileOutputStream fos = new FileOutputStream(targetFile); 96 | xls.write(fos); 97 | xls.close(); 98 | } 99 | // 其他后缀,不被允许 100 | else { 101 | throw new IllegalArgumentException("不是Excel文件后缀"); 102 | } 103 | } 104 | /** 105 | * 从Excel文件导入数据 106 | * @return 返回的数据集合,是二维向量类型 107 | * @throws IllegalArgumentException 文件不是Excel文件 108 | * @throws InvalidFormatException Excel中含有不受支持的单元格,仅支持文本型和数字型 109 | * @throws IOException 文件I/O错误 110 | */ 111 | public Vector> readData() throws IllegalArgumentException, InvalidFormatException, IOException { 112 | // 目标文件类型为新版Microsoft Excel文件,使用XSSF系列类型 113 | if (targetFile.getName().endsWith(".xlsx")) { 114 | // 创建数据二维向量 115 | Vector> data = new Vector>(); 116 | // 打开目标工作簿 117 | XSSFWorkbook xlsx = new XSSFWorkbook(targetFile); 118 | // 获得第一个工作表 119 | XSSFSheet sheet = xlsx.getSheetAt(0); 120 | // 从0开始迭代行 121 | // 从0开始的原因是,如果前面有空行,则存入向量之后空行效果将丢失 122 | for (int i = 0; i <= sheet.getLastRowNum(); ++i) { 123 | // 保留数据开始之前的空行 124 | if (i < sheet.getFirstRowNum()) { 125 | data.add(null); 126 | continue; 127 | } 128 | // 获得行对象,迭代一行数据 129 | XSSFRow row = sheet.getRow(i); 130 | Vector rowData = new Vector(); 131 | // 从0开始迭代一行数据 132 | // 从0开始的原因是,如果前面有空单元格,则存入向量之后将会错位 133 | for (int j = 0; j <= row.getLastCellNum(); ++j) { 134 | // 保留数据开始之前的空单元格 135 | if (j < row.getFirstCellNum()) { 136 | rowData.add(null); 137 | continue; 138 | } 139 | // 获得单元格对象 140 | XSSFCell cell = row.getCell(j); 141 | if (cell==null) { 142 | rowData.add(null); 143 | continue; 144 | } 145 | // 判断单元格数据类型 146 | // 只支持文本类型和数字类型 147 | // 如果为文本类型单元格 148 | if (cell.getCellType().equals(CellType.STRING)) { 149 | rowData.add(cell.getStringCellValue()); 150 | } 151 | // 数字类型单元格,也转化为文本类型存储,这里有可能会把长数字变为科学计数法 152 | // 如果要存储手机号,建议先看一下文件里单元格是不是文本型 153 | // 如果是数字型的话,建议使用ConventExcelCellType类进行转换 154 | else if (cell.getCellType().equals(CellType.NUMERIC)) { 155 | rowData.add(Double.toString(cell.getNumericCellValue())); 156 | } 157 | else if (cell.getCellType().equals(CellType.BLANK)) { 158 | rowData.add(""); 159 | } 160 | else { 161 | continue; 162 | } 163 | } 164 | // 将一行数据添加到向量中 165 | data.add(rowData); 166 | } 167 | // 关闭文件并返回数据 168 | xlsx.close(); 169 | return data; 170 | } 171 | // 目标文件类型为旧版Microsoft Excel 1997-2003 文件,使用HSSF系列类型 172 | else if (targetFile.getName().endsWith(".xls")) { 173 | Vector> data = new Vector>(); 174 | // HSSF系列类型中文件打开操作略有不同 175 | // 需要使用POIFSFileSystem类打开文件再传入HSSFWorkbook 176 | // XSSF系列类型进行了简化,毕竟真的有点反人类...... 177 | // 再次证明一个道理:不要用97-03的格式,程序员写程序都更麻烦 178 | POIFSFileSystem fileSystem = new POIFSFileSystem(targetFile, true); 179 | HSSFWorkbook xls = new HSSFWorkbook(fileSystem); 180 | HSSFSheet sheet = xls.getSheetAt(0); 181 | for (int i = 0; i <= sheet.getLastRowNum(); ++i) { 182 | if (i < sheet.getFirstRowNum()) { 183 | data.add(null); 184 | continue; 185 | } 186 | HSSFRow row = sheet.getRow(i); 187 | Vector rowData = new Vector(); 188 | for (int j = 0; j <= row.getLastCellNum(); ++j) { 189 | if (j < row.getFirstCellNum()) { 190 | rowData.add(null); 191 | continue; 192 | } 193 | HSSFCell cell = row.getCell(j); 194 | if (cell.getCellType().equals(CellType.STRING)) { 195 | rowData.add(cell.getStringCellValue()); 196 | } 197 | else if (cell.getCellType().equals(CellType.NUMERIC)) { 198 | rowData.add(Double.toString(cell.getNumericCellValue())); 199 | } 200 | else if (cell.getCellType().equals(CellType.BLANK)) { 201 | rowData.add(""); 202 | } 203 | else { 204 | continue; 205 | } 206 | } 207 | data.add(rowData); 208 | } 209 | xls.close(); 210 | return data; 211 | } 212 | else { 213 | throw new IllegalArgumentException("不是Excel文件后缀"); 214 | } 215 | } 216 | } -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/excel/ReadRiskExcel.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.excel; 2 | 3 | import java.io.File; 4 | import java.io.FileWriter; 5 | import java.util.HashMap; 6 | import java.util.Map; 7 | import java.util.UUID; 8 | import java.util.Vector; 9 | 10 | public class ReadRiskExcel { 11 | 12 | public static void main(String[] args) throws Exception { 13 | File sourceFile = new File("/home/wrlu/文档/CAUC-项目科研/中国民航大学本科毕业设计/第三方库漏洞/Zlib漏洞.xlsx"); 14 | File sqlFile = new File("ZlibRisk.sql"); 15 | String libName = "Zlib"; 16 | FileWriter writer = new FileWriter(sqlFile); 17 | if (sourceFile.exists()) { 18 | ExcelFileSolver solver = new ExcelFileSolver(sourceFile); 19 | // 读取Excel中所有数据 20 | Vector> data = solver.readData(); 21 | Vector firstRow = new Vector<>(); 22 | firstRow = data.get(0); 23 | Map levelMap = new HashMap<>(); 24 | levelMap.put("高", "High"); 25 | levelMap.put("中等", "Medium"); 26 | levelMap.put("低", "Low"); 27 | String libid = UUID.randomUUID().toString(); 28 | writer.write("insert into `seciot`.`third_library` values ('"+libid+"', '"+libName+"', '', '');"); 29 | writer.write("\r\n"); 30 | // 数据是行优先排列的,首先遍历行 31 | for (int i = 1; i < data.size(); ++i) { 32 | Vector rowVector = data.get(i); 33 | String cveName = rowVector.get(0).replaceAll(" ", "").trim(); 34 | // 然后遍历列 35 | for (int j = 2; j < rowVector.size(); ++j) { 36 | String item = rowVector.get(j); 37 | if (j == 2 && item != null) { 38 | String des = item.trim(); 39 | writer.write("insert into `seciot`.`cve` values ('"+cveName+"', '', '"+des+"', 'Linux', '');"); 40 | writer.write("\r\n"); 41 | continue; 42 | } 43 | if (j == 3 && item != null) { 44 | String level = "Unknown"; 45 | double mark = Double.valueOf(item); 46 | if (mark >= 7) { 47 | level = "High"; 48 | } else if (mark >= 4 && mark < 7) { 49 | level = "Medium"; 50 | } else if (mark < 4 && mark > 0) { 51 | level = "Low"; 52 | } 53 | writer.write("update `seciot`.`cve` set level = '"+level+"' where cve_num = '"+cveName+"';"); 54 | writer.write("\r\n"); 55 | continue; 56 | } 57 | if (item != null && item.equals("Y")) { 58 | String id = UUID.randomUUID().toString(); 59 | String version = firstRow.get(j); 60 | writer.write("insert into `seciot`.`library_risk` values ('"+id+"', '"+libName+"', '"+version+"', '"+cveName+"');"); 61 | writer.write("\r\n"); 62 | } 63 | writer.flush(); 64 | } 65 | } 66 | } 67 | writer.close(); 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/exception/ClientAlreadyExistsException.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.exception; 2 | 3 | public class ClientAlreadyExistsException extends RootException{ 4 | 5 | private static final long serialVersionUID = -1558339448296518822L; 6 | private static final String DEFAULT_REASON = "Client already exists."; 7 | 8 | public ClientAlreadyExistsException() { 9 | super(DEFAULT_REASON); 10 | } 11 | 12 | public ClientAlreadyExistsException(String reason) { 13 | super(reason); 14 | } 15 | 16 | public ClientAlreadyExistsException(Throwable throwable) { 17 | super(DEFAULT_REASON, throwable); 18 | } 19 | 20 | public ClientAlreadyExistsException(String reason, Throwable throwable) { 21 | super(reason, throwable); 22 | } 23 | 24 | @Override 25 | public ReasonEnum getReason() { 26 | return ReasonEnum.CLIENT_ALREADY_EXISTS; 27 | } 28 | 29 | } 30 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/exception/FileUploadException.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.exception; 2 | 3 | public class FileUploadException extends RootException { 4 | 5 | private static final long serialVersionUID = -6429086061683403202L; 6 | private static final String DEFAULT_REASON = "Cannot upload file to the server."; 7 | 8 | public FileUploadException() { 9 | super(DEFAULT_REASON); 10 | } 11 | 12 | public FileUploadException(String reason) { 13 | super(reason); 14 | } 15 | 16 | public FileUploadException(Throwable throwable) { 17 | super(DEFAULT_REASON, throwable); 18 | } 19 | 20 | public FileUploadException(String reason, Throwable throwable) { 21 | super(reason, throwable); 22 | } 23 | 24 | @Override 25 | public ReasonEnum getReason() { 26 | return ReasonEnum.FILE_UPLOAD; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/exception/FridaException.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.exception; 2 | 3 | public class FridaException extends PythonRuntimeException { 4 | 5 | private static final long serialVersionUID = 3593060171127082582L; 6 | private static final String DEFAULT_REASON = "Frida module reports an error."; 7 | 8 | public FridaException() { 9 | super(DEFAULT_REASON); 10 | } 11 | 12 | public FridaException(String reason) { 13 | super(reason); 14 | } 15 | 16 | public FridaException(Throwable throwable) { 17 | super(DEFAULT_REASON, throwable); 18 | } 19 | 20 | public FridaException(String reason, Throwable throwable) { 21 | super(reason, throwable); 22 | } 23 | 24 | @Override 25 | public ReasonEnum getReason() { 26 | return ReasonEnum.FRIDA_ERROR; 27 | } 28 | 29 | @Override 30 | public String getPythonError() { 31 | return getLocalizedMessage(); 32 | } 33 | 34 | } 35 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/exception/InvalidParameterException.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.exception; 2 | 3 | public class InvalidParameterException extends PythonException { 4 | 5 | private static final long serialVersionUID = -3340148969745732673L; 6 | private static final String DEFAULT_REASON = "Invalid parameter type or value."; 7 | 8 | public InvalidParameterException() { 9 | super(DEFAULT_REASON); 10 | } 11 | 12 | public InvalidParameterException(String reason) { 13 | super(reason); 14 | } 15 | 16 | public InvalidParameterException(Throwable throwable) { 17 | super(DEFAULT_REASON, throwable); 18 | } 19 | 20 | public InvalidParameterException (String reason, Throwable throwable) { 21 | super(reason, throwable); 22 | } 23 | 24 | @Override 25 | public String getPythonError() { 26 | return null; 27 | } 28 | 29 | @Override 30 | public ReasonEnum getReason() { 31 | return ReasonEnum.INVALID_PARAM; 32 | } 33 | 34 | } 35 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/exception/NoSuchClientException.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.exception; 2 | 3 | public class NoSuchClientException extends RootException{ 4 | 5 | private static final long serialVersionUID = -1558339448296518822L; 6 | private static final String DEFAULT_REASON = "No such client."; 7 | 8 | public NoSuchClientException() { 9 | super(DEFAULT_REASON); 10 | } 11 | 12 | public NoSuchClientException(String reason) { 13 | super(reason); 14 | } 15 | 16 | public NoSuchClientException(Throwable throwable) { 17 | super(DEFAULT_REASON, throwable); 18 | } 19 | 20 | public NoSuchClientException(String reason, Throwable throwable) { 21 | super(reason, throwable); 22 | } 23 | 24 | @Override 25 | public ReasonEnum getReason() { 26 | return ReasonEnum.NO_SUCH_CLINET; 27 | } 28 | 29 | } 30 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/exception/NoSuchPythonMethodException.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.exception; 2 | 3 | public class NoSuchPythonMethodException extends RootException { 4 | 5 | private static final long serialVersionUID = -2789531819000974764L; 6 | private static final String DEFAULT_REASON = "Python method not found."; 7 | 8 | public NoSuchPythonMethodException() { 9 | super(DEFAULT_REASON); 10 | } 11 | 12 | public NoSuchPythonMethodException(String reason) { 13 | super(reason); 14 | } 15 | 16 | public NoSuchPythonMethodException(Throwable throwable) { 17 | super(DEFAULT_REASON, throwable); 18 | } 19 | 20 | public NoSuchPythonMethodException(String reason, Throwable throwable) { 21 | super(reason, throwable); 22 | } 23 | 24 | @Override 25 | public ReasonEnum getReason() { 26 | return ReasonEnum.NO_SUCH_PYTHON_METHOD; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/exception/NoSuchRiskException.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.exception; 2 | 3 | public class NoSuchRiskException extends RootException { 4 | 5 | private static final long serialVersionUID = 5528801655820018054L; 6 | private static final String DEFAULT_REASON = "Risk not found."; 7 | 8 | public NoSuchRiskException() { 9 | super(DEFAULT_REASON); 10 | } 11 | 12 | public NoSuchRiskException(String reason) { 13 | super(reason); 14 | } 15 | 16 | public NoSuchRiskException(Throwable throwable) { 17 | super(DEFAULT_REASON, throwable); 18 | } 19 | 20 | public NoSuchRiskException(String reason, Throwable throwable) { 21 | super(reason, throwable); 22 | } 23 | 24 | @Override 25 | public ReasonEnum getReason() { 26 | return ReasonEnum.NO_SUCH_RISK; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/exception/PortRunOutException.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.exception; 2 | 3 | public class PortRunOutException extends RootException { 4 | 5 | private static final long serialVersionUID = 7136684699971113615L; 6 | private static final String DEFAULT_REASON = "There is no avaliable port on this server (too many clients)."; 7 | 8 | public PortRunOutException() { 9 | super(DEFAULT_REASON); 10 | } 11 | 12 | public PortRunOutException(String reason) { 13 | super(reason); 14 | } 15 | 16 | public PortRunOutException(Throwable throwable) { 17 | super(DEFAULT_REASON, throwable); 18 | } 19 | 20 | public PortRunOutException(String reason, Throwable throwable) { 21 | super(reason, throwable); 22 | } 23 | 24 | @Override 25 | public ReasonEnum getReason() { 26 | return ReasonEnum.PORT_RUN_OUT; 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/exception/PythonException.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.exception; 2 | 3 | public abstract class PythonException extends RootException { 4 | 5 | private static final long serialVersionUID = -6386840722534713828L; 6 | private static final String DEFAULT_REASON = "A python error occured."; 7 | 8 | public PythonException() { 9 | super(DEFAULT_REASON); 10 | } 11 | 12 | public PythonException(String reason) { 13 | super(reason); 14 | } 15 | 16 | public PythonException(Throwable throwable) { 17 | super(DEFAULT_REASON, throwable); 18 | } 19 | 20 | public PythonException(String reason, Throwable throwable) { 21 | super(reason, throwable); 22 | } 23 | 24 | public abstract String getPythonError(); 25 | } 26 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/exception/PythonIOException.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.exception; 2 | 3 | public class PythonIOException extends PythonException { 4 | 5 | private static final long serialVersionUID = -3955759282002405579L; 6 | private static final String DEFAULT_REASON = "An error occured when execute python script."; 7 | 8 | public PythonIOException() { 9 | super(DEFAULT_REASON); 10 | } 11 | 12 | public PythonIOException(String reason) { 13 | super(reason); 14 | } 15 | 16 | public PythonIOException(Throwable throwable) { 17 | super(DEFAULT_REASON, throwable); 18 | } 19 | 20 | public PythonIOException(String reason, Throwable throwable) { 21 | super(reason, throwable); 22 | } 23 | 24 | @Override 25 | public ReasonEnum getReason() { 26 | return ReasonEnum.PYTHON_IO; 27 | } 28 | 29 | @Override 30 | public String getPythonError() { 31 | return getLocalizedMessage(); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/exception/PythonRuntimeException.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.exception; 2 | 3 | public class PythonRuntimeException extends PythonException { 4 | 5 | private static final long serialVersionUID = -3980967766530821832L; 6 | private static final String DEFAULT_REASON = "An error occured when python script is running."; 7 | 8 | public PythonRuntimeException() { 9 | super(DEFAULT_REASON); 10 | } 11 | 12 | public PythonRuntimeException(String reason) { 13 | super(reason); 14 | } 15 | 16 | public PythonRuntimeException(Throwable throwable) { 17 | super(DEFAULT_REASON, throwable); 18 | } 19 | 20 | public PythonRuntimeException (String reason, Throwable throwable) { 21 | super(reason, throwable); 22 | } 23 | 24 | @Override 25 | public String getPythonError() { 26 | return getLocalizedMessage(); 27 | } 28 | 29 | @Override 30 | public ReasonEnum getReason() { 31 | return ReasonEnum.PYTHON_RUNTIME; 32 | } 33 | 34 | } 35 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/exception/ReasonEnum.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.exception; 2 | 3 | public enum ReasonEnum { 4 | SUCCESS("成功"), 5 | UNKNOWN("未知错误"), 6 | FILE_UPLOAD("上传文件失败"), 7 | NO_SUCH_PYTHON_METHOD("没有那个检测功能"), 8 | NO_SUCH_RISK("没有那个风险"), 9 | PYTHON_IO("与检测服务器通信时出错"), 10 | PYTHON_RUNTIME("检测服务器报告了一个错误"), 11 | PORT_RUN_OUT("已达到最大客户端连接数"), 12 | CLIENT_ALREADY_EXISTS("客户端已注册过映射端口"), 13 | NO_SUCH_CLINET("没有那个客户端"), 14 | INVALID_PARAM("参数错误"), 15 | FRIDA_ERROR("远程调试服务器报告了一个错误"); 16 | 17 | private String reason; 18 | 19 | private ReasonEnum(String reason) { 20 | this.reason = reason; 21 | } 22 | 23 | public String get() { 24 | return reason; 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/exception/RootException.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.exception; 2 | 3 | public class RootException extends Exception { 4 | private static final long serialVersionUID = -4956900992196314341L; 5 | private static final String DEFAULT_REASON = "Unknown reason."; 6 | 7 | public RootException() { 8 | super(DEFAULT_REASON); 9 | } 10 | 11 | public RootException(String reason) { 12 | super(reason); 13 | } 14 | 15 | public RootException(Throwable throwable) { 16 | super(DEFAULT_REASON, throwable); 17 | } 18 | 19 | public RootException(String reason, Throwable throwable) { 20 | super(reason, throwable); 21 | } 22 | 23 | public ReasonEnum getReason() { 24 | return ReasonEnum.UNKNOWN; 25 | } 26 | 27 | } 28 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/util/os/OSUtil.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.util.os; 2 | 3 | public class OSUtil { 4 | private static final String OS = System.getProperty("os.name").toLowerCase(); 5 | 6 | public static String escapeUnixSeparator(String unixPath) { 7 | String escapePath = unixPath; 8 | while(escapePath.contains("/")) { 9 | escapePath = escapePath.replace("/", "\\"); 10 | } 11 | return escapePath; 12 | } 13 | 14 | public static String escapeWindowsSeparator(String windowsPath) { 15 | String escapePath = windowsPath; 16 | while(escapePath.contains("\\")) { 17 | escapePath = escapePath.replace("\\", "/"); 18 | } 19 | return escapePath; 20 | } 21 | 22 | public static String getArch() { 23 | return System.getProperty("os.arch"); 24 | } 25 | 26 | public static boolean isLinux(){ 27 | return OS.indexOf("linux")>=0; 28 | } 29 | 30 | public static boolean isMacOS(){ 31 | return OS.indexOf("mac")>=0&&OS.indexOf("os")>0&&OS.indexOf("x")<0; 32 | } 33 | 34 | public static boolean isMacOSX(){ 35 | return OS.indexOf("mac")>=0&&OS.indexOf("os")>0&&OS.indexOf("x")>0; 36 | } 37 | 38 | public static boolean isWindows(){ 39 | return OS.indexOf("windows")>=0; 40 | } 41 | 42 | public static boolean isOS2(){ 43 | return OS.indexOf("os/2")>=0; 44 | } 45 | 46 | public static boolean isSolaris(){ 47 | return OS.indexOf("solaris")>=0; 48 | } 49 | 50 | public static boolean isSunOS(){ 51 | return OS.indexOf("sunos")>=0; 52 | } 53 | 54 | public static boolean isMPEiX(){ 55 | return OS.indexOf("mpe/ix")>=0; 56 | } 57 | 58 | public static boolean isHPUX(){ 59 | return OS.indexOf("hp-ux")>=0; 60 | } 61 | 62 | public static boolean isAix(){ 63 | return OS.indexOf("aix")>=0; 64 | } 65 | 66 | public static boolean isOS390(){ 67 | return OS.indexOf("os/390")>=0; 68 | } 69 | 70 | public static boolean isFreeBSD(){ 71 | return OS.indexOf("freebsd")>=0; 72 | } 73 | 74 | public static boolean isIrix(){ 75 | return OS.indexOf("irix")>=0; 76 | } 77 | 78 | public static boolean isDigitalUnix(){ 79 | return OS.indexOf("digital")>=0&&OS.indexOf("unix")>0; 80 | } 81 | 82 | public static boolean isNetWare(){ 83 | return OS.indexOf("netware")>=0; 84 | } 85 | 86 | public static boolean isOSF1(){ 87 | return OS.indexOf("osf1")>=0; 88 | } 89 | 90 | public static boolean isOpenVMS(){ 91 | return OS.indexOf("openvms")>=0; 92 | } 93 | } 94 | -------------------------------------------------------------------------------- /src/main/java/com/wrlus/seciot/waf/XSSProtect.java: -------------------------------------------------------------------------------- 1 | package com.wrlus.seciot.waf; 2 | 3 | public class XSSProtect { 4 | public static String escapeString(String input) { 5 | String regex = "[^a-zA-Z0-9\\u4e00-\\u9fa5\\_\\-\\.\\s]"; 6 | return input.replaceAll(regex, ""); 7 | } 8 | 9 | public static String escapeUuid(String input) { 10 | String regex = "[^a-zA-Z0-9\\-]"; 11 | return input.replaceAll(regex, ""); 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /src/main/java/log4j2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /src/main/webapp/META-INF/MANIFEST.MF: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | Class-Path: 3 | 4 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/mybatis/mybatis-config.xml: -------------------------------------------------------------------------------- 1 | 2 | 5 | 6 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_platform/fw_crontab.py: -------------------------------------------------------------------------------- 1 | import platform 2 | import os 3 | 4 | risk_name = 'Crontab计划任务' 5 | risk_description = 'Crontab是Linux中的计划任务程序,在Crontab中设置的不恰当的项目可能意味着系统存在后门。' 6 | risk_level = 'Low' 7 | risk_platform = 'Linux' 8 | crontab_folder_name = '/etc/crontabs/' 9 | 10 | 11 | def do(base_dir): 12 | if platform.system() == 'Windows': 13 | path_fix = '\\' 14 | else: 15 | path_fix = '/' 16 | try: 17 | crontab_file_list = os.listdir(base_dir + crontab_folder_name.replace('/', path_fix)) 18 | risk_details = {} 19 | risk_exists = False 20 | for crontab_file_name in crontab_file_list: 21 | crontab_file = open(base_dir + crontab_folder_name.replace('/', path_fix) + crontab_file_name, 'r') 22 | crontab_file_content = crontab_file.read() 23 | if crontab_file_content == '': 24 | continue 25 | crontab_file_content_lines = crontab_file_content.split('\n') 26 | risk_details[crontab_file_name] = [] 27 | for line in crontab_file_content_lines: 28 | risk_details[crontab_file_name].append(line) 29 | crontab_file.close() 30 | if risk_details != {}: 31 | risk_exists = True 32 | risk_result = { 33 | 'risk_exists': risk_exists, 34 | 'risk_name': risk_name, 35 | 'risk_description': risk_description, 36 | 'risk_level': risk_level, 37 | 'risk_platform': risk_platform, 38 | 'risk_details': risk_details 39 | } 40 | return risk_result 41 | except Exception as e: 42 | print(e) 43 | risk_result = { 44 | 'risk_exists': False, 45 | 'risk_name': risk_name, 46 | 'risk_description': risk_description, 47 | 'risk_level': risk_level, 48 | 'risk_platform': risk_platform, 49 | 'risk_details': {} 50 | } 51 | return risk_result 52 | 53 | 54 | if __name__ == '__main__': 55 | base_dir = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 56 | result = do(base_dir) 57 | print(result) 58 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_platform/fw_dropbear_auth_keys.py: -------------------------------------------------------------------------------- 1 | import platform 2 | 3 | 4 | risk_name = 'Dropbear配置公钥风险' 5 | risk_description = 'Dropbear是一款实现SSH远程登录的实用工具,配置了公钥表明设备生产商可能通过他们自己的私钥远程接入设备。' 6 | risk_level = 'Medium' 7 | risk_platform = 'Linux' 8 | dropbear_auth_keys_file_name = '/etc/dropbear/authorized_keys' 9 | 10 | 11 | def do(base_dir): 12 | globals() 13 | if platform.system() == 'Windows': 14 | path_fix = '\\' 15 | else: 16 | path_fix = '/' 17 | try: 18 | dropbear_auth_keys_file = open(base_dir + dropbear_auth_keys_file_name.replace('/', path_fix), 'r') 19 | dropbear_auth_keys_file_content = dropbear_auth_keys_file.read() 20 | dropbear_auth_keys_file_content_lines = dropbear_auth_keys_file_content.split('\n') 21 | dropbear_auth_keys_file.close() 22 | risk_result = { 23 | 'risk_exists': True, 24 | 'risk_name': risk_name, 25 | 'risk_description': risk_description, 26 | 'risk_level': risk_level, 27 | 'risk_platform': risk_platform, 28 | 'risk_details': { 29 | 'auth_keys': dropbear_auth_keys_file_content_lines 30 | } 31 | } 32 | return risk_result 33 | except Exception as e: 34 | print(e) 35 | risk_result = { 36 | 'risk_exists': False, 37 | 'risk_name': risk_name, 38 | 'risk_description': risk_description, 39 | 'risk_level': risk_level, 40 | 'risk_platform': risk_platform, 41 | 'risk_details': {} 42 | } 43 | return risk_result 44 | 45 | 46 | if __name__ == '__main__': 47 | base_dir = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 48 | result = do(base_dir) 49 | print(result) 50 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_platform/fw_dropbear_enable.py: -------------------------------------------------------------------------------- 1 | import platform 2 | import re 3 | 4 | 5 | risk_name = 'Dropbear开启风险' 6 | risk_description = 'Dropbear是一款实现SSH远程登录的实用工具,开启Dropbear将允许攻击者有机会从远程登录设备。' 7 | risk_level = 'High' 8 | risk_platform = 'Linux' 9 | dropbear_config_file_name = '/etc/config/dropbear' 10 | pwd_auth_search_regex_str = "option\\s+PasswordAuth\\s+'[Oo][Nn]'" 11 | root_pwd_auth_search_regex_str = "option\\s+RootPasswordAuth\\s+'[Oo][Nn]'" 12 | 13 | 14 | def do(base_dir): 15 | globals() 16 | if platform.system() == 'Windows': 17 | path_fix = '\\' 18 | else: 19 | path_fix = '/' 20 | try: 21 | dropbear_config_file = open(base_dir + dropbear_config_file_name.replace('/', path_fix), 'r') 22 | dropbear_config_file_content = dropbear_config_file.read() 23 | dropbear_config_file_content_lines = dropbear_config_file_content.split('\n') 24 | dropbear_config_file.close() 25 | pwd_auth_status = False 26 | root_pwd_auth_status = False 27 | for line in dropbear_config_file_content_lines: 28 | pwd_auth_search_regex = re.compile(pwd_auth_search_regex_str) 29 | pwd_auth_search_found = pwd_auth_search_regex.findall(line) 30 | if len(pwd_auth_search_found) != 0: 31 | pwd_auth_status = True 32 | root_pwd_auth_search_regex = re.compile(root_pwd_auth_search_regex_str) 33 | root_pwd_auth_search_found = root_pwd_auth_search_regex.findall(line) 34 | if len(root_pwd_auth_search_found) != 0: 35 | root_pwd_auth_status = True 36 | 37 | risk_result = { 38 | 'risk_exists': pwd_auth_status or root_pwd_auth_status, 39 | 'risk_name': risk_name, 40 | 'risk_description': risk_description, 41 | 'risk_level': risk_level, 42 | 'risk_platform': risk_platform, 43 | 'risk_details': { 44 | 'pwd_auth': [pwd_auth_status], 45 | 'root_pwd_auth': [root_pwd_auth_status] 46 | } 47 | } 48 | return risk_result 49 | except Exception as e: 50 | print(e) 51 | risk_result = { 52 | 'risk_exists': False, 53 | 'risk_name': risk_name, 54 | 'risk_description': risk_description, 55 | 'risk_level': risk_level, 56 | 'risk_platform': risk_platform, 57 | 'risk_details': {} 58 | } 59 | return risk_result 60 | 61 | 62 | if __name__ == '__main__': 63 | base_dir = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 64 | result = do(base_dir) 65 | print(result) 66 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_platform/fw_linux_shadow.py: -------------------------------------------------------------------------------- 1 | import platform 2 | 3 | 4 | risk_name = 'Linux用户帐户风险' 5 | risk_description = '固件中存在可登录的Linux用户,可能导致攻击者从本地接口或远程方式取得系统权限。' 6 | risk_level = 'Low' 7 | risk_platform = 'Linux' 8 | can_login_shell = [ 9 | '/bin/bash', '/bin/sh', '/bin/ash' 10 | ] 11 | passwd_file_name = '/etc/passwd' 12 | shadow_file_name = '/etc/shadow' 13 | 14 | 15 | def do(base_dir): 16 | globals() 17 | if platform.system() == 'Windows': 18 | path_fix = '\\' 19 | else: 20 | path_fix = '/' 21 | try: 22 | passwd_file = open(base_dir + passwd_file_name.replace('/', path_fix), 'r') 23 | passwd_file_content = passwd_file.read() 24 | passwd_file_content_lines = passwd_file_content.split('\n') 25 | passwd_file.close() 26 | user_can_login = [] 27 | for line in passwd_file_content_lines: 28 | for shell in can_login_shell: 29 | if shell in line: 30 | username = line[:line.find(':')] 31 | user_can_login.append(username) 32 | 33 | shadow_file = open(base_dir + shadow_file_name.replace('/', path_fix), 'r') 34 | shadow_file_content = shadow_file.read() 35 | shadow_file_content_lines = shadow_file_content.split('\n') 36 | shadow_file.close() 37 | user_has_no_passwd = [] 38 | user_has_passwd = [] 39 | for line in shadow_file_content_lines: 40 | username = line[:line.find(':')] 41 | if username == '': 42 | continue 43 | if username not in user_can_login: 44 | continue 45 | passwd_hash_len = line.find(':', line.find(':') + 1) - line.find(':') - 1 46 | if passwd_hash_len > 2: 47 | user_has_passwd.append(username) 48 | elif passwd_hash_len == 0: 49 | user_has_no_passwd.append(username) 50 | risk_details = { 51 | 'user_avaliable': user_can_login, 52 | 'user_has_no_passwd': user_has_no_passwd, 53 | 'user_has_passwd': user_has_passwd, 54 | } 55 | if len(user_can_login) != 0: 56 | risk_exists = True 57 | else: 58 | risk_exists = False 59 | risk_result = { 60 | 'risk_exists': risk_exists, 61 | 'risk_name': risk_name, 62 | 'risk_description': risk_description, 63 | 'risk_level': risk_level, 64 | 'risk_platform': risk_platform, 65 | 'risk_details': risk_details 66 | } 67 | return risk_result 68 | except Exception as e: 69 | print(e) 70 | risk_result = { 71 | 'risk_exists': False, 72 | 'risk_name': risk_name, 73 | 'risk_description': risk_description, 74 | 'risk_level': risk_level, 75 | 'risk_platform': risk_platform, 76 | 'risk_details': {} 77 | } 78 | return risk_result 79 | 80 | 81 | if __name__ == '__main__': 82 | base_dir = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 83 | result = do(base_dir) 84 | print(result) 85 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_third_library/fw_busybox_version.py: -------------------------------------------------------------------------------- 1 | import os 2 | import re 3 | import platform 4 | 5 | 6 | busybox_names = [ 7 | '/bin/busybox', 8 | '/usr/bin/busybox', 9 | '/usr/local/bin/busybox', 10 | '/sbin/busybox', 11 | '/usr/sbin/busybox' 12 | ] 13 | busybox_version_search_regex = b'BusyBox v[0-1].[0-9]*.[0-9]*' 14 | 15 | 16 | def do(base_dir): 17 | if platform.system() == 'Windows': 18 | path_fix = '\\' 19 | else: 20 | path_fix = '/' 21 | busybox_path = '' 22 | for name in busybox_names: 23 | if os.path.exists(base_dir + name.replace('/', path_fix)): 24 | busybox_path = name 25 | 26 | if busybox_path == '': 27 | return { 28 | 'lib_avaliable': False 29 | } 30 | busybox_exec = open(base_dir + busybox_path.replace('/', path_fix), 'rb') 31 | busybox_exec_binary = busybox_exec.read() 32 | busybox_exec.close() 33 | regex = re.compile(busybox_version_search_regex) 34 | dropbear_version = regex.findall(busybox_exec_binary) 35 | if len(dropbear_version) != 0: 36 | result = { 37 | 'lib_name': 'Busybox', 38 | 'lib_avaliable': True, 39 | 'lib_path': busybox_path, 40 | 'lib_version': dropbear_version[0].decode('utf8').replace('BusyBox v', '') 41 | } 42 | else: 43 | result = { 44 | 'lib_name': 'Dropbear', 45 | 'lib_avaliable': True, 46 | 'lib_path': busybox_path, 47 | 'lib_version': 'Unknown' 48 | } 49 | return result 50 | 51 | 52 | if __name__ == '__main__': 53 | d = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 54 | r = do(d) 55 | print(r) 56 | 57 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_third_library/fw_dropbear_version.py: -------------------------------------------------------------------------------- 1 | import os 2 | import re 3 | import platform 4 | 5 | 6 | dropbear_names = [ 7 | '/sbin/dropbear', 8 | '/usr/sbin/dropbear', 9 | '/bin/dropbear', 10 | '/usr/bin/dropbear', 11 | '/usr/local/bin/dropbear' 12 | ] 13 | dropbear_version_search_regex = b'20[1-9][0-9].[0-9]+\x00Dropbear SSH' 14 | 15 | 16 | def do(base_dir): 17 | if platform.system() == 'Windows': 18 | path_fix = '\\' 19 | else: 20 | path_fix = '/' 21 | dropbear_path = '' 22 | for name in dropbear_names: 23 | if os.path.exists(base_dir + name.replace('/', path_fix)): 24 | dropbear_path = name 25 | 26 | if dropbear_path == '': 27 | return { 28 | 'lib_avaliable': False 29 | } 30 | dropbear_exec = open(base_dir + dropbear_path.replace('/', path_fix), 'rb') 31 | dropbear_exec_binary = dropbear_exec.read() 32 | dropbear_exec.close() 33 | regex = re.compile(dropbear_version_search_regex) 34 | dropbear_version = regex.findall(dropbear_exec_binary) 35 | if len(dropbear_version) != 0: 36 | result = { 37 | 'lib_name': 'Dropbear', 38 | 'lib_avaliable': True, 39 | 'lib_path': dropbear_path, 40 | 'lib_version': dropbear_version[0].decode('utf8').replace('\x00Dropbear SSH', '') 41 | } 42 | else: 43 | result = { 44 | 'lib_name': 'Dropbear', 45 | 'lib_avaliable': True, 46 | 'lib_path': dropbear_path, 47 | 'lib_version': 'Unknown' 48 | } 49 | return result 50 | 51 | 52 | if __name__ == '__main__': 53 | d = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 54 | r = do(d) 55 | print(r) 56 | 57 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_third_library/fw_iproute2_version.py: -------------------------------------------------------------------------------- 1 | import os 2 | import re 3 | import platform 4 | 5 | 6 | iproute2_names = [ 7 | '/sbin/ip', 8 | '/usr/sbin/ip' 9 | ] 10 | iproute2_version_search_regex = b'1[0-9][0-1][0-9][0-3][0-9]' 11 | 12 | 13 | def do(base_dir): 14 | if platform.system() == 'Windows': 15 | path_fix = '\\' 16 | else: 17 | path_fix = '/' 18 | iproute2_path = '' 19 | for name in iproute2_names: 20 | if os.path.exists(base_dir + name.replace('/', path_fix)): 21 | iproute2_path = name 22 | 23 | if iproute2_path == '': 24 | return { 25 | 'lib_avaliable': False 26 | } 27 | iproute2_exec = open(base_dir + iproute2_path.replace('/', path_fix), 'rb') 28 | iproute2_exec_binary = iproute2_exec.read() 29 | iproute2_exec.close() 30 | regex = re.compile(iproute2_version_search_regex) 31 | iproute2_version = regex.findall(iproute2_exec_binary) 32 | if len(iproute2_version) != 0: 33 | result = { 34 | 'lib_name': 'Iproute2', 35 | 'lib_avaliable': True, 36 | 'lib_path': iproute2_path, 37 | 'lib_version': iproute2_version[0].decode('utf8') 38 | } 39 | else: 40 | result = { 41 | 'lib_name': 'Iproute2', 42 | 'lib_avaliable': True, 43 | 'lib_path': iproute2_path, 44 | 'lib_version': 'Unknown' 45 | } 46 | return result 47 | 48 | 49 | if __name__ == '__main__': 50 | d = '/' 51 | # d = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 52 | r = do(d) 53 | print(r) 54 | 55 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_third_library/fw_miniupnp_version.py: -------------------------------------------------------------------------------- 1 | import os 2 | import re 3 | import platform 4 | 5 | 6 | libminiupnp_so_names = [ 7 | 8 | ] 9 | libminiupnp_version_search_regex = b'' 10 | 11 | 12 | def do(base_dir): 13 | if platform.system() == 'Windows': 14 | path_fix = '\\' 15 | else: 16 | path_fix = '/' 17 | libminiupnp_so_path = '' 18 | for name in libminiupnp_so_names: 19 | if os.path.exists(base_dir + name.replace('/', path_fix)): 20 | libminiupnp_so_path = name 21 | 22 | if libminiupnp_so_path == '': 23 | return { 24 | 'lib_avaliable': False 25 | } 26 | libminiupnp_so = open(base_dir + libminiupnp_so_path.replace('/', path_fix), 'rb') 27 | libminiupnp_so_binary = libminiupnp_so.read() 28 | libminiupnp_so.close() 29 | regex = re.compile(libminiupnp_version_search_regex) 30 | miniupnp_version = regex.findall(libminiupnp_so_binary) 31 | if len(miniupnp_version) != 0: 32 | result = { 33 | 'lib_name': 'MiniUPnP', 34 | 'lib_avaliable': True, 35 | 'lib_path': libminiupnp_so_path, 36 | 'lib_version': miniupnp_version[0].decode('utf8').replace(' Copyright', '') 37 | } 38 | else: 39 | result = { 40 | 'lib_name': 'MiniUPnP', 41 | 'lib_avaliable': True, 42 | 'lib_path': libminiupnp_so_path, 43 | 'lib_version': 'Unknown' 44 | } 45 | return result 46 | 47 | 48 | if __name__ == '__main__': 49 | d = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 50 | r = do(d) 51 | print(r) 52 | 53 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_third_library/fw_openldap_version.py: -------------------------------------------------------------------------------- 1 | import os 2 | import re 3 | import platform 4 | 5 | 6 | libldap_so_names = [ 7 | '/lib/libldap_r-2.4.so.2', 8 | '/usr/lib/libldap_r-2.4.so.2', 9 | '/usr/local/lib/libldap_r-2.4.so.2', 10 | ] 11 | libldap_version_search_regex = b'libldap_r-2.4.so.[0-2].[0-9]+.[0-9]+-[0-2].[0-9].[0-9]+' 12 | 13 | 14 | def do(base_dir): 15 | if platform.system() == 'Windows': 16 | path_fix = '\\' 17 | else: 18 | path_fix = '/' 19 | libldap_so_path = '' 20 | for name in libldap_so_names: 21 | if os.path.exists(base_dir + name.replace('/', path_fix)): 22 | libldap_so_path = name 23 | 24 | if libldap_so_path == '': 25 | return { 26 | 'lib_avaliable': False 27 | } 28 | libldap_so = open(base_dir + libldap_so_path.replace('/', path_fix), 'rb') 29 | libldap_so_binary = libldap_so.read() 30 | libldap_so.close() 31 | regex = re.compile(libldap_version_search_regex) 32 | libldap_version = regex.findall(libldap_so_binary) 33 | libldap_version_readable = libldap_version[0].decode('utf8').replace('libldap_r-2.4.so.2', '') 34 | libldap_version_readable = libldap_version_readable[libldap_version_readable.find('-') + 1:] 35 | if len(libldap_version) != 0: 36 | result = { 37 | 'lib_name': 'OpenLDAP', 38 | 'lib_avaliable': True, 39 | 'lib_path': libldap_so_path, 40 | 'lib_version': libldap_version_readable 41 | } 42 | else: 43 | result = { 44 | 'lib_name': 'OpenLDAP', 45 | 'lib_avaliable': True, 46 | 'lib_path': libldap_so_path, 47 | 'lib_version': 'Unknown' 48 | } 49 | return result 50 | 51 | 52 | if __name__ == '__main__': 53 | d = '/' 54 | # d = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 55 | r = do(d) 56 | print(r) 57 | 58 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_third_library/fw_openssh_version.py: -------------------------------------------------------------------------------- 1 | import os 2 | import re 3 | import platform 4 | 5 | 6 | openssh_names = [ 7 | '/sbin/ssh', 8 | '/usr/sbin/ssh', 9 | '/bin/ssh', 10 | '/usr/bin/ssh', 11 | '/usr/local/bin/ssh' 12 | ] 13 | openssh_version_search_regex = b'OpenSSH_[0-9].[0-9].?[0-9]*p?[0-9]?' 14 | dropbear_version_search_regex = b'Dropbear SSH' 15 | 16 | 17 | def do(base_dir): 18 | if platform.system() == 'Windows': 19 | path_fix = '\\' 20 | else: 21 | path_fix = '/' 22 | openssh_path = '' 23 | for name in openssh_names: 24 | if os.path.exists(base_dir + name.replace('/', path_fix)): 25 | openssh_path = name 26 | 27 | if openssh_path == '': 28 | return { 29 | 'lib_avaliable': False 30 | } 31 | openssh_exec = open(base_dir + openssh_path.replace('/', path_fix), 'rb') 32 | openssh_exec_binary = openssh_exec.read() 33 | openssh_exec.close() 34 | regex = re.compile(openssh_version_search_regex) 35 | openssh_version = regex.findall(openssh_exec_binary) 36 | if len(openssh_version) != 0: 37 | result = { 38 | 'lib_name': 'OpenSSH', 39 | 'lib_avaliable': True, 40 | 'lib_path': openssh_path, 41 | 'lib_version': openssh_version[0].decode('utf8').replace('OpenSSH_', '') 42 | } 43 | else: 44 | d_regex = re.compile(dropbear_version_search_regex) 45 | dropbear_version = d_regex.findall(openssh_exec_binary) 46 | if len(dropbear_version) != 0: 47 | return { 48 | 'lib_avaliable': False 49 | } 50 | else: 51 | result = { 52 | 'lib_name': 'OpenSSH', 53 | 'lib_avaliable': True, 54 | 'lib_path': openssh_path, 55 | 'lib_version': 'Unknown' 56 | } 57 | return result 58 | 59 | 60 | if __name__ == '__main__': 61 | d = '/' 62 | # d = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 63 | r = do(d) 64 | print(r) 65 | 66 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_third_library/fw_openssl_version.py: -------------------------------------------------------------------------------- 1 | import os 2 | import re 3 | import platform 4 | 5 | 6 | libcrypto_so_names = [ 7 | '/lib/libcrypto.so.1.0.0', 8 | '/usr/lib/libcrypto.so.1.0.0', 9 | '/usr/lib/ssl/libcrypto.so.1.0.0', 10 | '/usr/local/lib/libcrypto.so.1.0.0', 11 | '/usr/local/ssl/lib/libcrypto.so.1.0.0', 12 | '/lib/libssl.so.1.0.0', 13 | '/usr/lib/libssl.so.1.0.0', 14 | '/usr/lib/ssl/libssl.so.1.0.0', 15 | '/usr/local/lib/libssl.so.1.0.0', 16 | '/usr/local/ssl/lib/libssl.so.1.0.0' 17 | ] 18 | openssl_version_search_regex = b'OpenSSL [0-1].[0-9]+.[0-9]+[a-z]?' 19 | 20 | 21 | def do(base_dir): 22 | if platform.system() == 'Windows': 23 | path_fix = '\\' 24 | else: 25 | path_fix = '/' 26 | libcrypto_so_path = '' 27 | for name in libcrypto_so_names: 28 | if os.path.exists(base_dir + name.replace('/', path_fix)): 29 | libcrypto_so_path = name 30 | 31 | if libcrypto_so_path == '': 32 | return { 33 | 'lib_avaliable': False 34 | } 35 | libcrypto_so = open(base_dir + libcrypto_so_path.replace('/', path_fix), 'rb') 36 | libcrypto_so_binary = libcrypto_so.read() 37 | libcrypto_so.close() 38 | regex = re.compile(openssl_version_search_regex) 39 | openssl_version = regex.findall(libcrypto_so_binary) 40 | if len(openssl_version) != 0: 41 | result = { 42 | 'lib_name': 'OpenSSL', 43 | 'lib_avaliable': True, 44 | 'lib_path': libcrypto_so_path, 45 | 'lib_version': openssl_version[0].decode('utf8').replace('OpenSSL ', '') 46 | } 47 | else: 48 | result = { 49 | 'lib_name': 'OpenSSL', 50 | 'lib_avaliable': True, 51 | 'lib_path': libcrypto_so_path, 52 | 'lib_version': 'Unknown' 53 | } 54 | return result 55 | 56 | 57 | if __name__ == '__main__': 58 | d = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 59 | r = do(d) 60 | print(r) 61 | 62 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_third_library/fw_pcre_version.py: -------------------------------------------------------------------------------- 1 | import os 2 | import re 3 | import platform 4 | 5 | 6 | pcre_so_names = [ 7 | '/lib/libpcre.so', 8 | '/usr/lib/libpcre.so', 9 | '/usr/local/lib/libpcre.so', 10 | ] 11 | pcre_version_search_regex = b'[1,7-9]+.[0-9]+ 20[0-9][0-9]-[0-1][0-9]-[0-3][0-9]' 12 | 13 | 14 | def do(base_dir): 15 | if platform.system() == 'Windows': 16 | path_fix = '\\' 17 | else: 18 | path_fix = '/' 19 | pcre_so_path = '' 20 | for name in pcre_so_names: 21 | if os.path.exists(base_dir + name.replace('/', path_fix)): 22 | pcre_so_path = name 23 | 24 | if pcre_so_path == '': 25 | return { 26 | 'lib_avaliable': False 27 | } 28 | pcre_so = open(base_dir + pcre_so_path.replace('/', path_fix), 'rb') 29 | pcre_so_binary = pcre_so.read() 30 | pcre_so.close() 31 | regex = re.compile(pcre_version_search_regex) 32 | zlib_version = regex.findall(pcre_so_binary) 33 | if len(zlib_version) != 0: 34 | result = { 35 | 'lib_name': 'Pcre', 36 | 'lib_avaliable': True, 37 | 'lib_path': pcre_so_path, 38 | 'lib_version': zlib_version[0].decode('utf8')[:-11] 39 | } 40 | else: 41 | result = { 42 | 'lib_name': 'Pcre', 43 | 'lib_avaliable': True, 44 | 'lib_path': pcre_so_path, 45 | 'lib_version': 'Unknown' 46 | } 47 | return result 48 | 49 | 50 | if __name__ == '__main__': 51 | d = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 52 | r = do(d) 53 | print(r) 54 | 55 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_third_library/fw_uclibc_version.py: -------------------------------------------------------------------------------- 1 | import os 2 | import re 3 | import platform 4 | 5 | 6 | libc_so_names = [ 7 | '/lib/libc.so.6', 8 | '/usr/lib/libc.so.6' 9 | ] 10 | libc_version_search_regex = b'version [0-9].[0-9]+' 11 | 12 | 13 | def do(base_dir): 14 | if platform.system() == 'Windows': 15 | path_fix = '\\' 16 | else: 17 | path_fix = '/' 18 | libc_so_path = '' 19 | for name in libc_so_names: 20 | if os.path.exists(base_dir + name.replace('/', path_fix)): 21 | libc_so_path = name 22 | 23 | if libc_so_path == '': 24 | return { 25 | 'lib_avaliable': False 26 | } 27 | libc_so = open(base_dir + libc_so_path.replace('/', path_fix), 'rb') 28 | libc_so_binary = libc_so.read() 29 | libc_so.close() 30 | regex = re.compile(libc_version_search_regex) 31 | libc_version = regex.findall(libc_so_binary) 32 | if len(libc_version) != 0: 33 | result = { 34 | 'lib_name': 'Uclibc', 35 | 'lib_avaliable': True, 36 | 'lib_path': libc_so_path, 37 | 'lib_version': libc_version[0].decode('utf8').replace('version ', '') 38 | } 39 | else: 40 | result = { 41 | 'lib_name': 'Uclibc', 42 | 'lib_avaliable': True, 43 | 'lib_path': libc_so_path, 44 | 'lib_version': 'Unknown' 45 | } 46 | return result 47 | 48 | 49 | if __name__ == '__main__': 50 | d = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 51 | r = do(d) 52 | print(r) 53 | 54 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/fw_third_library/fw_zlib_version.py: -------------------------------------------------------------------------------- 1 | import os 2 | import re 3 | import platform 4 | 5 | 6 | libz_so_names = [ 7 | '/lib/libz.so', 8 | '/usr/lib/libz.so', 9 | '/usr/local/lib/libz.so', 10 | ] 11 | zlib_version_search_regex = b'1.[0-9]*.[0-9]*[0-9]? Copyright' 12 | 13 | 14 | def do(base_dir): 15 | if platform.system() == 'Windows': 16 | path_fix = '\\' 17 | else: 18 | path_fix = '/' 19 | libz_so_path = '' 20 | for name in libz_so_names: 21 | if os.path.exists(base_dir + name.replace('/', path_fix)): 22 | libz_so_path = name 23 | 24 | if libz_so_path == '': 25 | return { 26 | 'lib_avaliable': False 27 | } 28 | libz_so = open(base_dir + libz_so_path.replace('/', path_fix), 'rb') 29 | libz_so_binary = libz_so.read() 30 | libz_so.close() 31 | regex = re.compile(zlib_version_search_regex) 32 | zlib_version = regex.findall(libz_so_binary) 33 | if len(zlib_version) != 0: 34 | result = { 35 | 'lib_name': 'Zlib', 36 | 'lib_avaliable': True, 37 | 'lib_path': libz_so_path, 38 | 'lib_version': zlib_version[0].decode('utf8').replace(' Copyright', '') 39 | } 40 | else: 41 | result = { 42 | 'lib_name': 'Zlib', 43 | 'lib_avaliable': True, 44 | 'lib_path': libz_so_path, 45 | 'lib_version': 'Unknown' 46 | } 47 | return result 48 | 49 | 50 | if __name__ == '__main__': 51 | d = '/mnt/data/Analysis/_mico_all_f86a5_1.44.4.bin.extracted/squashfs-root/' 52 | r = do(d) 53 | print(r) 54 | 55 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/run_tools/run_binwalk.py: -------------------------------------------------------------------------------- 1 | import binwalk 2 | import subprocess 3 | import platform 4 | 5 | 6 | filesystems = [ 7 | 'Squashfs', 'JFFS2' 8 | ] 9 | 10 | filesystem_roots = { 11 | 'Squashfs': 'squashfs-root', 12 | 'JFFS2': 'jffs2-root' 13 | } 14 | 15 | 16 | def get_fw_info(file_name, path): 17 | result = run_binwalk(path, '') 18 | if result == '': 19 | raise OSError('binwalk runs failed.') 20 | fw_filesystem = get_filesystem(result) 21 | fw_info = { 22 | 'fw_name': file_name, 23 | 'fw_path': path, 24 | 'fw_filesystem': fw_filesystem 25 | } 26 | return fw_info 27 | 28 | 29 | def get_fw_root_directory(fw_info): 30 | globals() 31 | result = run_binwalk(fw_info['fw_path'], '-Me') 32 | if result == '': 33 | raise OSError('binwalk runs failed.') 34 | if platform.system() == 'Windows': 35 | path_fix = '\\' 36 | else: 37 | path_fix = '/' 38 | binwalk_base_dir = fw_info['fw_path'].replace(fw_info['fw_name'], '_'+fw_info['fw_name']) + '.extracted' + path_fix 39 | fw_filesystem = fw_info['fw_filesystem'] 40 | fw_info['fw_root_directory'] = binwalk_base_dir + path_fix + filesystem_roots[fw_filesystem] + path_fix 41 | return fw_info 42 | 43 | 44 | def get_filesystem(input): 45 | global filesystems 46 | for filesystem in filesystems: 47 | if filesystem + ' filesystem' in input: 48 | return filesystem 49 | 50 | 51 | def run_binwalk(path, params): 52 | result = '' 53 | if platform.system() == 'Windows': 54 | result = call_wsl_binwalk(path, params) 55 | elif platform.system() == 'Linux' or platform.system() == 'MacOS': 56 | if params == '': 57 | result = call_linux_binwalk(path) 58 | elif params == '-Me': 59 | result = call_linux_binwalk(path, extract=True) 60 | return result 61 | 62 | 63 | def call_wsl_binwalk(path, params): 64 | wsl_path = win_path_to_wsl_path(path) 65 | base_path = wsl_path[:wsl_path.rfind('/')] 66 | cmd = 'wsl binwalk '+params+' -C '+base_path+' '+wsl_path 67 | print(cmd) 68 | process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) 69 | result = '' 70 | for line in process.stdout.readlines(): 71 | result += line.decode('utf8') 72 | return result 73 | 74 | 75 | def call_linux_binwalk(path, extract=False): 76 | base_path = path[:path.rfind('/')] 77 | try: 78 | if extract is True: 79 | modules = binwalk.scan(path, signature=True, matryoshka=True, extract=True, directory=base_path, quiet=True) 80 | else: 81 | modules = binwalk.scan(path, signature=True, directory=base_path, quiet=True) 82 | result = '' 83 | for module in modules: 84 | # print(module.name+" Results:") 85 | for moduleresult in module.results: 86 | result += moduleresult.file.path 87 | result += '\t' 88 | result += moduleresult.description 89 | # print("\t文件名:"+moduleresult.file.path+"\t文件描述:"+moduleresult.description) 90 | return result 91 | except binwalk.ModuleException as e: 92 | print("Critical failure:", e) 93 | return '' 94 | 95 | 96 | # Change Windows-style path to *nix-style path in WSL 97 | # D:\aaa\bbb --> /mnt/d/aaa/bbb 98 | def win_path_to_wsl_path(path): 99 | drive = path[0].lower() 100 | wsl_path = '/mnt/' + drive + path.replace('\\', '/')[2:] 101 | return wsl_path 102 | 103 | 104 | if __name__ == '__main__': 105 | path = '/mnt/data/Analysis/mico_all_f86a5_1.44.4.bin' 106 | file_name = 'mico_all_f86a5_1.44.4.bin' 107 | fw_info = get_fw_info(file_name, path) 108 | fw_info = get_fw_root_directory(fw_info) 109 | print(fw_info) 110 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/python/socket_server.py: -------------------------------------------------------------------------------- 1 | import socketserver 2 | import json 3 | import platform 4 | from run_tools import run_binwalk 5 | from fw_third_library import fw_openssl_version 6 | from fw_third_library import fw_zlib_version 7 | from fw_third_library import fw_dropbear_version 8 | from fw_third_library import fw_busybox_version 9 | from fw_third_library import fw_openssh_version 10 | from fw_third_library import fw_iproute2_version 11 | from fw_third_library import fw_pcre_version 12 | from fw_third_library import fw_miniupnp_version 13 | from fw_third_library import fw_uclibc_version 14 | from fw_third_library import fw_openldap_version 15 | from fw_platform import fw_dropbear_enable 16 | from fw_platform import fw_linux_shadow 17 | from fw_platform import fw_dropbear_auth_keys 18 | from fw_platform import fw_crontab 19 | 20 | 21 | class FwService: 22 | @staticmethod 23 | def get_fw_info(file_name, file_path): 24 | return run_binwalk.get_fw_info(file_name, file_path) 25 | 26 | @staticmethod 27 | def get_fw_root_directory(fw_info): 28 | return run_binwalk.get_fw_root_directory(fw_info) 29 | 30 | @staticmethod 31 | def linux_shadow(base_dir): 32 | return fw_linux_shadow.do(base_dir) 33 | 34 | @staticmethod 35 | def get_fw_third_library(base_dir, lib_name): 36 | if lib_name.lower() == "openssl": 37 | return fw_openssl_version.do(base_dir) 38 | elif lib_name.lower() == "dropbear": 39 | return fw_dropbear_version.do(base_dir) 40 | elif lib_name.lower() == "openssh": 41 | return fw_openssh_version.do(base_dir) 42 | elif lib_name.lower() == "zlib": 43 | return fw_zlib_version.do(base_dir) 44 | elif lib_name.lower() == "iproute2": 45 | return fw_iproute2_version.do(base_dir) 46 | elif lib_name.lower() == "miniupnp": 47 | return fw_miniupnp_version.do(base_dir) 48 | elif lib_name.lower() == "pcre": 49 | return fw_pcre_version.do(base_dir) 50 | elif lib_name.lower() == "uclibc": 51 | return fw_uclibc_version.do(base_dir) 52 | elif lib_name.lower() == "busybox": 53 | return fw_busybox_version.do(base_dir) 54 | elif lib_name.lower() == "openldap": 55 | return fw_openldap_version.do(base_dir) 56 | 57 | @staticmethod 58 | def dropbear_enable(base_dir): 59 | return fw_dropbear_enable.do(base_dir) 60 | 61 | @staticmethod 62 | def dropbear_auth_keys(base_dir): 63 | return fw_dropbear_auth_keys.do(base_dir) 64 | 65 | @staticmethod 66 | def crontab(base_dir): 67 | return fw_crontab.do(base_dir) 68 | 69 | class PySocketServerHandler(socketserver.BaseRequestHandler): 70 | def handle(self): 71 | r_data = self.request.recv(2048) 72 | data = json.loads(r_data.decode('utf8')) 73 | print("Receive data: "+str(data)) 74 | classname, method, params = self.resolve_data(data) 75 | ret = self.do_action(classname, method, params) 76 | print("Send data: "+str(ret)) 77 | self.request.sendall(json.dumps(ret).encode('utf8')) 78 | 79 | @staticmethod 80 | def resolve_data(data): 81 | cmd = data['cmd'] 82 | params = data['params'] 83 | classname = cmd.split('.')[0] 84 | method = cmd.split('.')[1] 85 | print('classname: '+classname) 86 | print('method: '+method) 87 | print('params: '+str(params)) 88 | return classname, method, params 89 | 90 | @staticmethod 91 | def do_action(classname, method, params): 92 | result = {} 93 | try: 94 | if classname == 'FwService': 95 | if method == 'get_fw_info': 96 | result = FwService.get_fw_info(params['file_name'], params['file_path']) 97 | elif method == 'get_fw_root_directory': 98 | result = FwService.get_fw_root_directory(params['fw_info']) 99 | elif method == 'get_fw_third_library': 100 | result = FwService.get_fw_third_library(params['fw_info']['fw_root_directory'], params['lib_name']) 101 | elif method == 'linux_shadow': 102 | result = FwService.linux_shadow(params['fw_info']['fw_root_directory']) 103 | elif method == 'dropbear_enable': 104 | result = FwService.dropbear_enable(params['fw_info']['fw_root_directory']) 105 | elif method == 'dropbear_auth_keys': 106 | result = FwService.dropbear_auth_keys(params['fw_info']['fw_root_directory']) 107 | elif method == 'crontab': 108 | result = FwService.crontab(params['fw_info']['fw_root_directory']) 109 | 110 | if len(result) != 0: 111 | ret = { 112 | 'status': 0, 113 | 'reason': 'OK', 114 | 'data': result 115 | } 116 | else: 117 | ret = { 118 | 'status': -1, 119 | 'reason': 'No such python method or python error' 120 | } 121 | except Exception as e: 122 | print(e) 123 | ret = { 124 | 'status': -1, 125 | 'reason': 'Python error' 126 | } 127 | return ret 128 | 129 | 130 | if __name__ == '__main__': 131 | server = socketserver.ThreadingTCPServer(('localhost', 8081), PySocketServerHandler) 132 | server.serve_forever() 133 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/spring/spring-config.xml: -------------------------------------------------------------------------------- 1 | 2 | 12 | 13 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 35 | 36 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/spring/spring-security.xml: -------------------------------------------------------------------------------- 1 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/spring/springmvc-config.xml: -------------------------------------------------------------------------------- 1 | 2 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 25 | 26 | -------------------------------------------------------------------------------- /src/main/webapp/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 6 | SecIoT 7 | 8 | 9 | index.html 10 | 11 | 12 | 13 | characterEncodingFilter 14 | org.springframework.web.filter.CharacterEncodingFilter 15 | 16 | encoding 17 | UTF-8 18 | 19 | 20 | 21 | characterEncodingFilter 22 | /* 23 | 24 | 25 | org.springframework.web.context.ContextLoaderListener 26 | 27 | 28 | org.springframework.web.util.IntrospectorCleanupListener 29 | 30 | 31 | 32 | contextConfigLocation 33 | /WEB-INF/spring/spring-config.xml 34 | 35 | 36 | 37 | springmvc 38 | org.springframework.web.servlet.DispatcherServlet 39 | 40 | contextConfigLocation 41 | /WEB-INF/spring/springmvc-config.xml 42 | 43 | 1 44 | 45 | 46 | 47 | springmvc 48 | / 49 | 50 | 51 | 63 | -------------------------------------------------------------------------------- /src/main/webapp/css/custom.css: -------------------------------------------------------------------------------- 1 | .cut-off{ 2 | width: 100%; 3 | height: 20px; 4 | background-color:saddlebrown; 5 | } -------------------------------------------------------------------------------- /src/main/webapp/css/dashboard.css: -------------------------------------------------------------------------------- 1 | body { 2 | font-size: .875rem; 3 | } 4 | 5 | .feather { 6 | width: 16px; 7 | height: 16px; 8 | vertical-align: text-bottom; 9 | } 10 | 11 | /* 12 | * Sidebar 13 | */ 14 | 15 | .sidebar { 16 | position: fixed; 17 | top: 0; 18 | bottom: 0; 19 | left: 0; 20 | z-index: 100; /* Behind the navbar */ 21 | padding: 48px 0 0; /* Height of navbar */ 22 | box-shadow: inset -1px 0 0 rgba(0, 0, 0, .1); 23 | } 24 | 25 | .sidebar-sticky { 26 | position: relative; 27 | top: 0; 28 | height: calc(100vh - 48px); 29 | padding-top: .5rem; 30 | overflow-x: hidden; 31 | overflow-y: auto; /* Scrollable contents if viewport is shorter than content. */ 32 | } 33 | 34 | @supports ((position: -webkit-sticky) or (position: sticky)) { 35 | .sidebar-sticky { 36 | position: -webkit-sticky; 37 | position: sticky; 38 | } 39 | } 40 | 41 | .sidebar .nav-link { 42 | font-weight: 500; 43 | color: #333; 44 | } 45 | 46 | .sidebar .nav-link .feather { 47 | margin-right: 4px; 48 | color: #999; 49 | } 50 | 51 | .sidebar .nav-link.active { 52 | color: #007bff; 53 | } 54 | 55 | .sidebar .nav-link:hover .feather, 56 | .sidebar .nav-link.active .feather { 57 | color: inherit; 58 | } 59 | 60 | .sidebar-heading { 61 | font-size: .75rem; 62 | text-transform: uppercase; 63 | } 64 | 65 | /* 66 | * Content 67 | */ 68 | 69 | [role="main"] { 70 | padding-top: 133px; /* Space for fixed navbar */ 71 | } 72 | 73 | @media (min-width: 768px) { 74 | [role="main"] { 75 | padding-top: 48px; /* Space for fixed navbar */ 76 | } 77 | } 78 | 79 | /* 80 | * Navbar 81 | */ 82 | 83 | .navbar-brand { 84 | padding-top: .75rem; 85 | padding-bottom: .75rem; 86 | font-size: 1rem; 87 | background-color: rgba(0, 0, 0, .25); 88 | box-shadow: inset -1px 0 0 rgba(0, 0, 0, .25); 89 | } 90 | 91 | .navbar .form-control { 92 | padding: .75rem 1rem; 93 | border-width: 0; 94 | border-radius: 0; 95 | } 96 | 97 | .form-control-dark { 98 | color: #fff; 99 | background-color: rgba(255, 255, 255, .1); 100 | border-color: rgba(255, 255, 255, .1); 101 | } 102 | 103 | .form-control-dark:focus { 104 | border-color: transparent; 105 | box-shadow: 0 0 0 3px rgba(255, 255, 255, .25); 106 | } 107 | 108 | /* Sticky footer styles 109 | -------------------------------------------------- */ 110 | html { 111 | position: relative; 112 | min-height: 100%; 113 | } 114 | body { 115 | /* Margin bottom by footer height */ 116 | margin-bottom: 60px; 117 | } 118 | .footer { 119 | position: fixed; 120 | bottom: 0; 121 | width: 100%; 122 | /* Set the fixed height of the footer here */ 123 | height: 50px; 124 | line-height: 50px; /* Vertically center the text there */ 125 | background-color: #f5f5f5; 126 | z-index: 1030; 127 | } 128 | 129 | body > .container { 130 | padding: 60px 15px 0; 131 | } 132 | 133 | .footer > .container { 134 | padding-right: 15px; 135 | padding-left: 15px; 136 | } 137 | 138 | code { 139 | font-size: 80%; 140 | } 141 | -------------------------------------------------------------------------------- /src/main/webapp/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 加载中 - SecIoT 7 | 8 | 9 | 10 | 11 |
12 |
13 | SecIoT 漏洞检测系统 14 |
    15 |
  • 退出系统
    • 16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
    24 |
  • 25 | 26 | 主页 27 | 28 |
    • 29 |
30 |
    31 |
    32 | 系统安全 33 |
    34 |
  • 35 | 36 | 系统固件静态分析 37 | 38 |
    • 39 |
    40 | 辅助功能 41 |
    42 |
  • 43 | 44 | 安全检测历史 45 | 46 |
    • 47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 | 56 | Copyright © 2020 SecIoT Contributors. 57 | 自由软件许可 , 58 | 贡献源代码 59 | 60 |
61 |
62 | 63 | 64 | 65 |
66 |
67 |
68 |
69 |
提示
70 |
71 |
72 | 分析中,请稍候... 73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 | 81 | 82 |
83 |
84 |
85 |
86 |
提示
87 | 90 |
91 |
92 |
93 | 94 |
95 |
96 |
97 |
98 | 102 | 106 | 109 | 110 | 111 | 112 | -------------------------------------------------------------------------------- /src/main/webapp/js/main.js: -------------------------------------------------------------------------------- 1 | $(function(){ 2 | var args = getArgs(); 3 | var mainPage = "/SecIoT/?page=main"; 4 | if (typeof(args.page) == "undefined" || args.page == null) { 5 | window.location.href = mainPage; 6 | } else if (args.page == "403") { 7 | $(document).attr("title", "拒绝访问 - SecIoT"); 8 | var errorMsg = '
温馨提示:很抱歉,您没有访问此页面的权限,请联系系统管理员或返回首页
' 9 | $("#main").html(errorMsg); 10 | } else { 11 | $("#main").load("/SecIoT/pages/"+args.page+".html", function(response, status, xhr) { 12 | if (status == "success") { 13 | $(document).attr("title",$("#main_title").html() + " - SecIoT"); 14 | $("#"+args.page+"_nav").addClass("active"); 15 | } else { 16 | $(document).attr("title", "未找到 - SecIoT"); 17 | var errorMsg = '
温馨提示:很抱歉,您请求的页面未找到,请尝试刷新或返回首页
' 18 | $("#main").html(errorMsg); 19 | } 20 | }); 21 | if (args.page == "history") { 22 | onRefreshHistoryList(); 23 | } 24 | } 25 | }); 26 | 27 | function getArgs(){ 28 | var args = {}; 29 | var match = null; 30 | var search = decodeURIComponent(location.search.substring(1)); 31 | var reg = /(?:([^&]+)=([^&]+))/g; 32 | while((match = reg.exec(search))!==null){ 33 | args[match[1]] = match[2]; 34 | } 35 | return args; 36 | } 37 | 38 | function onFwAnalysis() { 39 | var formData = new FormData(document.getElementById("uploadForm")); 40 | // 显示加载模态框 41 | $("#loadingModel").modal("show"); 42 | $.ajax({ 43 | type:"POST", 44 | url:"/SecIoT/fw/analysis", 45 | data:formData, 46 | mimeType:"multipart/form-data", 47 | contentType: false, 48 | cache: false, 49 | processData: false, 50 | success: function (result) { 51 | // 隐藏加载模态框 52 | $("#loadingModel").modal("hide"); 53 | var result=JSON.parse(result); 54 | if(result.status == 0) { 55 | showFwAnalysis(result); 56 | // 填充并显示结果提示模态框 57 | $("#resultModalBody").html("针对 "+result.fw_info.fw_name+" 的分析完成", function() {}); 58 | $("#resultModal").modal("show"); 59 | } else { 60 | // 填充并显示结果提示模态框,提示错误 61 | $("#resultModalBody").html(result.reason); 62 | $("#resultModal").modal("show"); 63 | } 64 | }, 65 | error: function(error){ 66 | // 隐藏加载模态框 67 | $("#loadingModel").modal("hide"); 68 | // 填充并显示结果提示模态框,提示错误 69 | $("#resultModalBody").html(error); 70 | $("#resultModal").modal("show"); 71 | } 72 | }); 73 | } 74 | 75 | function showFwAnalysis(result) { 76 | // 填充固件基本信息 77 | fw_basic_info = '固件基本信息'; 78 | fw_basic_info += '文件名:'+result.fw_info.fw_name+'
'; 79 | fw_basic_info += '文件大小:'+result.fw_info.fw_size+'字节'; 80 | $("#fw_basic_info").html(fw_basic_info); 81 | // 填充文件系统信息 82 | fw_filesystem = '固件文件系统'; 83 | fw_filesystem += '文件系统:'+result.fw_info.fw_filesystem+'
'; 84 | fw_filesystem += '文件系统根目录:'+result.fw_info.fw_root_directory; 85 | $("#fw_filesystem").html(fw_filesystem); 86 | // 填充第三方库信息 87 | var fw_third_library = '
第三方库风险
'; 88 | for (var i = 0, len = result.fw_lib.length; i < len; ++i) { 89 | var fw_per_third_library = '

'; 90 | fw_per_third_library += ''+result.fw_lib[i].lib_name+''; 91 | fw_per_third_library += '库位置:'+result.fw_lib[i].lib_path + '
'; 92 | fw_per_third_library += '库版本:'+result.fw_lib[i].lib_version + '
'; 93 | var fw_per_risk = result.fw_lib_risk[result.fw_lib[i].lib_name] 94 | fw_per_third_library += '此版本的库存在的漏洞:
'; 95 | for (var j = 0, lenr = fw_per_risk.length; j < lenr; ++j ){ 96 | fw_per_third_library += fw_per_risk[j].cve_num + '
'; 97 | } 98 | fw_per_third_library += '

'; 99 | fw_third_library += fw_per_third_library; 100 | } 101 | $("#fw_third_library").html(fw_third_library); 102 | // 显示平台风险 103 | var fw_platform_risk = '
平台风险
'; 104 | for (var i = 0, len = result.fw_platform_risk.length; i < len; ++i) { 105 | var fw_per_platform_risk = '

'; 106 | fw_per_platform_risk += ''+result.fw_platform_risk[i].risk_name+''; 107 | fw_per_platform_risk += '风险是否存在:'+result.fw_platform_risk[i].risk_exists + '
'; 108 | fw_per_platform_risk += '风险描述:'+result.fw_platform_risk[i].risk_description + '
'; 109 | fw_per_platform_risk += '风险等级:'+result.fw_platform_risk[i].risk_level + '
'; 110 | fw_per_platform_risk += '风险适用平台:'+result.fw_platform_risk[i].risk_platform + '
'; 111 | fw_per_platform_risk += '风险技术细节(供专业人员参考):
'; 112 | for (var detail_name in result.fw_platform_risk[i].risk_details){ 113 | fw_per_platform_risk += detail_name + ':
'; 114 | var risk_detail = result.fw_platform_risk[i].risk_details[detail_name]; 115 | for (var j = 0, lenr = risk_detail.length; j < lenr; ++j) { 116 | fw_per_platform_risk += result.fw_platform_risk[i].risk_details[detail_name][j] + '
'; 117 | } 118 | } 119 | fw_per_platform_risk += '

'; 120 | fw_platform_risk += fw_per_platform_risk; 121 | } 122 | $("#fw_platform_risk").html(fw_platform_risk); 123 | } 124 | 125 | function onRefreshHistoryList() { 126 | $.get("/SecIoT/history/getHistoryAll", {}, function(result) { 127 | if(result.status == 0) { 128 | var historyBody = ""; 129 | for (var i = 0, len = result.history_list.length; i < len; ++i) { 130 | historyBody += ''; 131 | historyBody += ''+(i+1)+''; 132 | historyBody += ''+result.history_list[i].name+''; 133 | historyBody += ''+result.history_list[i].date+''; 134 | historyBody += ''+result.history_list[i].type+''; 135 | historyBody += ''+result.history_list[i].target+''; 136 | historyBody += ''; 137 | var type = result.history_list[i].type; 138 | if (type == "firmware-static") { 139 | historyBody += ''; 140 | } else if (type == "android-static") { 141 | historyBody += ''; 142 | } else if (type == "ios-static") { 143 | historyBody += ''; 144 | } 145 | historyBody += ''; 146 | historyBody += ''; 147 | historyBody += ''; 148 | historyBody += ''; 149 | } 150 | $("#historyBody").html(historyBody); 151 | if (result.history_list.length == 0) { 152 | $("#resultModalBody").html("暂时没有检测记录"); 153 | $("#resultModal").modal("show"); 154 | return; 155 | } 156 | } else { 157 | $("#resultModalBody").html(result.reason); 158 | $("#resultModal").modal("show"); 159 | } 160 | }); 161 | } 162 | 163 | function onRefreshHistoryListByType(type) { 164 | if (typeof(type) == "undefined" || type == null || type == "all") { 165 | onRefreshHistoryList(); 166 | return; 167 | } 168 | $.get("/SecIoT/history/getHistoryByType", { 169 | type: type 170 | }, function(result) { 171 | if(result.status == 0) { 172 | var historyBody = ""; 173 | for (var i = 0, len = result.history_list.length; i < len; ++i) { 174 | historyBody += ''; 175 | historyBody += ''+(i+1)+''; 176 | historyBody += ''+result.history_list[i].name+''; 177 | historyBody += ''+result.history_list[i].date+''; 178 | historyBody += ''+result.history_list[i].type+''; 179 | historyBody += ''+result.history_list[i].target+''; 180 | historyBody += ''; 181 | var type = result.history_list[i].type; 182 | if (type == "firmware-static") { 183 | historyBody += ''; 184 | } 185 | historyBody += ''; 186 | historyBody += ''; 187 | historyBody += ''; 188 | historyBody += ''; 189 | } 190 | $("#historyBody").html(historyBody); 191 | if (result.history_list.length == 0) { 192 | $("#resultModalBody").html("暂时没有检测记录"); 193 | $("#resultModal").modal("show"); 194 | return; 195 | } 196 | } else { 197 | $("#resultModalBody").html(result.reason); 198 | $("#resultModal").modal("show"); 199 | } 200 | }); 201 | } 202 | 203 | function onShowFwStaticHistory(id) { 204 | $.get("/SecIoT/history/getFwHistoryById", { 205 | id: id 206 | }, function(result) { 207 | if(result.status == 0) { 208 | showFwAnalysis(result); 209 | } else { 210 | $("#resultModalBody").html(result.reason); 211 | $("#resultModal").modal("show"); 212 | } 213 | }); 214 | } 215 | 216 | function onEditHistoryName(id, name) { 217 | $("#editHistoryId").val(id); 218 | $("#historyNewName").val(name); 219 | } 220 | 221 | function editHistoryName() { 222 | var id = $("#editHistoryId").val(); 223 | var name = $("#historyNewName").val(); 224 | $.post("/SecIoT/history/edit", { 225 | id: id, 226 | name: name 227 | }, function(result) { 228 | onRefreshHistoryList(); 229 | $("#resultModalBody").html(result.reason); 230 | $("#resultModal").modal("show"); 231 | }); 232 | } 233 | 234 | function onDeleteHistory(id) { 235 | $("#deleteHistoryId").val(id); 236 | } 237 | 238 | function deleteHistory() { 239 | var id = $("#deleteHistoryId").val(); 240 | $.post("/SecIoT/history/delete", { 241 | id: id 242 | }, function(result) { 243 | $("#resultModalBody").html(result.reason); 244 | $("#resultModal").modal("show"); 245 | }); 246 | } 247 | 248 | -------------------------------------------------------------------------------- /src/main/webapp/pages/firmware.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |
5 |

系统固件静态分析

6 |
7 |
8 | 9 |
10 | 11 | 12 |
13 |
14 |
15 |

分析结果

16 |
17 |
18 |
固件基本信息
19 |
20 |

21 | 固件基本信息 22 | 等待分析 23 |

24 |
25 |
26 |

27 | 固件文件系统 28 | 等待分析 29 |

30 |
31 |
32 | 33 |
34 |
第三方库风险
35 |
36 |

37 | 第三方库 38 | 等待分析 39 |

40 |
41 |
42 | 43 |
44 |
平台使用风险
45 |
46 |

47 | 平台风险 48 | 等待分析 49 |

50 |
51 |
52 | 53 |
54 |
55 |
56 |
57 |
提示
58 | 61 |
62 |
63 | 您确实要将文件上传到服务器进行分析吗? 64 |
65 |
66 | 67 | 68 |
69 |
70 |
71 |
72 | 73 | 74 | -------------------------------------------------------------------------------- /src/main/webapp/pages/history.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |
5 |

安全检测历史

6 |
7 |
8 |
9 | 16 |
17 | 18 |
19 |
20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 |
#检测名称检测时间检测项目检测目标执行操作
33 |
34 | 35 |
36 |
37 |
38 |
39 |
分析结果
40 | 43 |
44 |
45 |
46 |
固件基本信息
47 |
48 |

49 | 固件基本信息 50 | 等待分析 51 |

52 |
53 |
54 |

55 | 固件文件系统 56 | 等待分析 57 |

58 |
59 |
60 | 61 |
62 |
第三方库风险
63 |
64 |

65 | 第三方库 66 | 等待分析 67 |

68 |
69 |
70 | 71 |
72 |
平台使用风险
73 |
74 |

75 | 平台风险 76 | 等待分析 77 |

78 |
79 |
80 |
81 |
82 | 83 |
84 |
85 |
86 |
87 | 88 |
89 |
90 |
91 |
92 |
分析结果
93 | 96 |
97 |
98 |
99 |
APK基本信息
100 |
101 |

102 | APK基本信息 103 | 等待分析 104 |

105 |
106 |
107 |

108 | 应用权限 109 | 等待分析 110 |

111 |
112 |
113 | 114 |
115 |
平台使用风险
116 |
117 |

118 | 平台风险 119 | 等待分析 120 |

121 |
122 |
123 |
124 |
125 | 126 |
127 |
128 |
129 |
130 | 131 |
132 |
133 |
134 |
135 |
分析结果
136 | 139 |
140 |
141 |
142 |
IPA基本信息
143 |
144 |

145 | IPA基本信息 146 | 等待分析 147 |

148 |
149 |
150 |

151 | 应用权限 152 | 等待分析 153 |

154 |
155 |
156 | 157 |
158 |
平台使用风险
159 |
160 |

161 | 平台风险 162 | 等待分析 163 |

164 |
165 |
166 |
167 |
168 | 169 |
170 |
171 |
172 |
173 | 174 |
175 |
176 |
177 |
178 |
分析结果
179 | 182 |
183 |
184 |
185 | 186 |
187 |
188 |
189 |
190 | 191 |
192 |
193 |
194 |
195 |
编辑名称
196 | 199 |
200 |
201 | 202 | 203 |
204 | 205 | 206 |
207 |
208 |
209 | 210 | 211 |
212 |
213 |
214 |
215 | 216 |
217 |
218 |
219 |
220 |
提示
221 | 224 |
225 |
226 | 227 | 您确实要删除这条历史记录吗? 228 |
229 |
230 | 231 | 232 |
233 |
234 |
235 |
236 | 237 | -------------------------------------------------------------------------------- /src/main/webapp/pages/main.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 |
5 |

主页

6 |
7 |
8 |
特色功能
9 |
10 |
系统安全
11 |

12 | 上传获取到的IoT系统固件,检测固件中常见第三方库的安全风险和系统配置方面的安全风险。
13 | 提示:您需要先自行获取IoT设备的固件再进行上传分析。

14 | 进入静态分析 15 |
16 |
17 | 18 | 19 | --------------------------------------------------------------------------------