更新未授权扫描功能

Author: 11072162

code/app/controller/Code.php

@@ -17,7 +17,7 @@ class Code extends Common
     public $tools = [
         'fortify'=>'fortify',
         'semgrep'=>'semgrep',
-        'kunlun'=>'kunlun',
+        //'kunlun'=>'kunlun',
         'murphysec'=>'murphysec',
         'webshell'=>'河马webshell检测',
     ];
@@ -147,7 +147,7 @@ public function details(Request $request)
         }
         $data['fortify'] = Db::table('fortify')->where($where)->order("id", 'desc')->limit(0, 10)->select()->toArray();
         //$data['kunlun'] = Db::connect('kunlun')->table("index_scanresulttask")->where($where)->order("id", 'desc')->limit(0, 10)->select()->toArray();
-        $data['kunlun'] = [];
+        //$data['kunlun'] = [];
         $data['semgrep'] = Db::table('semgrep')->where($where)->order("id", 'desc')->limit(0, 10)->select()->toArray();
         $data['mobsfscan'] = Db::table('mobsfscan')->where($where)->order("id", 'desc')->limit(0, 10)->select()->toArray();
         $data['murphysec'] = Db::table('murphysec')->where($where)->order("id", 'desc')->limit(0, 10)->select()->toArray();

code/app/controller/LinuxBaselineCheck.php

@@ -40,7 +40,6 @@
             // 是否严格检查字段是否存在
             'fields_strict' => false,
 
-
             // 数据库部署方式:0 集中式(单一服务器),1 分布式(主从服务器)
             'deploy' => 0,
             // 数据库读写是否分离 主从式有效
@@ -76,7 +75,6 @@
             // 是否严格检查字段是否存在
             'fields_strict' => false,
 
-
             // 数据库部署方式:0 集中式(单一服务器),1 分布式(主从服务器)
             'deploy' => 0,
             // 数据库读写是否分离 主从式有效

code/config/database.php

@@ -26,17 +26,16 @@
                 <div>
                     <?php
                     error_reporting(E_ALL);
-                    //检查数据库参数是否正确，修改系统配置文件
+                    // 检查数据库参数是否正确，修改系统配置文件
                     writingConf();
 
                     //更新python配置
                     setPythonConfig();
 
                     //从SQL文件中提取SQL语句
-                    $sqlArr = getSQLArr();
-
+                    $sqlArr = getSQLArr('./qingscan.sql');
                     //批量执行SQL语句
-                    batchExecuteSql($sqlArr);
+                    batchExecuteSql('mysql',$sqlArr);
 
                     addOldData();
                     ?>
@@ -63,10 +62,10 @@ function setPythonConfig(){
 }
 
 
-function batchExecuteSql($sqlArr)
-{
+function batchExecuteSql($database,$sqlArr)
+{;
     foreach ($sqlArr as $sql) {
-        $result = Db::execute($sql);
+        $result = Db::connect($database)->execute($sql);
         if ($result === 0) {
 //            echo "执行SQL语句成功:<pre>{$sql}</pre><br>";
         } elseif (strstr($sql, "INSERT") && $result === 1) {
@@ -107,9 +106,9 @@ function addOldData()
     }
 }
 
-function getSqlArr()
+function getSqlArr($filename)
 {
-    $str = file_get_contents("./qingscan.sql");
+    $str = file_get_contents($filename);
     //匹配删表语句
     $zhengze = "/DROP.*;/Us";
     preg_match_all($zhengze, $str, $shanbiao);
@@ -147,12 +146,12 @@ function writingConf()
     $config['connections']['mysql']['database'] = $_POST['DB_NAME'];
     $config['connections']['mysql']['charset'] = $_POST['DB_CHARSET'];
 
-    $config['connections']['kunlun']['hostname'] = $_POST['DB_HOST'];
+    /*$config['connections']['kunlun']['hostname'] = $_POST['DB_HOST'];
     $config['connections']['kunlun']['hostport'] = $_POST['DB_PORT'];
     $config['connections']['kunlun']['username'] = $_POST['DB_USER'];
     $config['connections']['kunlun']['password'] = $_POST['DB_PASS'];
     $config['connections']['kunlun']['database'] = 'kunlun';
-    $config['connections']['kunlun']['charset'] = $_POST['DB_CHARSET'];
+    $config['connections']['kunlun']['charset'] = $_POST['DB_CHARSET'];*/
 
     $database = "<?php \n";
     $database .= 'return ' . var_export($config, true) . ';';

code/public/install/step3.php

@@ -58,7 +58,7 @@ class="btn btn-outline-danger">批量删除</a>
                             <th>项目地址</th>
                             <th>clone方式</th>
                             <th>Fortify</th>
-                            <th>Kunlun-M</th>
+                            <!--<th>Kunlun-M</th>-->
                             <th>Semgrep</th>
                             <th>mobsfscan</th>
                             <th>murphysec</th>
@@ -87,11 +87,11 @@ class="btn btn-outline-danger">批量删除</a>
                                         <?php echo $fortifyNum[$value['id']] ?? 0 ?>
                                     </a>
                                 </td>
-                                <td>
-                                    <a title="扫描时间:<?php echo $value['kunlun_scan_time'] ?>"
-                                       href="<?php echo url('kunlun/index', ['code_id' => $value['id']]); ?>"><?php echo $kunlunNum[$value['id']] ?? 0 ?>
+                                <!--<td>
+                                    <a title="扫描时间:<?php /*echo $value['kunlun_scan_time'] */?>"
+                                       href="<?php /*echo url('kunlun/index', ['code_id' => $value['id']]); */?>"><?php /*echo $kunlunNum[$value['id']] ?? 0 */?>
                                     </a>
-                                </td>
+                                </td>-->
                                 <td>
                                     <a title="扫描时间:<?php echo $value['semgrep_scan_time'] ?>"
                                        href="<?php echo url('code/semgrep_list', ['code_id' => $value['id']]); ?>"><?php echo $semgrepNum[$value['id']] ?? 0 ?>

code/view/code/list.php

@@ -1 +1 @@
-v1.3.0
+v1.7.1

docker/data/update.lock

@@ -1,3 +1,2 @@
 INSERT INTO `QingScan`.`auth_rule` (`href`, `title`, `is_delete`, `is_open_auth`, `pid`, `sort`, `created_at`, `menu_status`, `update_time`, `level`, `delete_time`, `icon_url`) VALUES ('unauthorized/index', '未授权列表', 0, 1, 35, 4, 1669016435, 1, 1669016502, 2, 0, '');
-
 INSERT INTO `QingScan`.`process_safe` (`key`, `value`, `status`, `note`, `update_time`, `type`) VALUES ('scan unauthorizeScan', 'cd /root/qingscan/code  &&  php think scan unauthorizeScan>> /tmp/unauthorizeScan.txt & ', 0, '未授权扫描', '2022-11-21 18:11:52', 4);