添加知识库到cve页面

emo-crab · Feb 20, 2024 · 7b9ee9b · 7b9ee9b
1 parent 7843823
commit 7b9ee9b
Show file tree

Hide file tree

Showing 6 changed files with 157 additions and 15 deletions.
diff --git a/helper/src/exp/mod.rs b/helper/src/exp/mod.rs
@@ -148,7 +148,7 @@ impl ExploitDB {
   }
 }
 
-fn create_or_update_exploit(
+pub fn create_or_update_exploit(
   connection: &mut MysqlConnection,
   exploit_item: CreateExploit,
   cve_id: Option<String>,
@@ -344,8 +344,8 @@ pub fn import_from_nuclei_templates_path(path: PathBuf) {
           .to_string(),
         meta: AnyValue::new(meta),
         verified: 1,
-        created_at: Utc::now().naive_local(),
-        updated_at: Utc::now().naive_local(),
+        created_at: Utc::now().naive_utc(),
+        updated_at: Utc::now().naive_utc(),
       };
       if let Err(err) = create_or_update_exploit(conn, new_exp, Some(template.id)) {
         println!("import nuclei exploit err: {:?}", err);
@@ -444,8 +444,8 @@ impl GitHubCommit {
                   path,
                   meta: AnyValue::new(meta),
                   verified: 1,
-                  created_at: Utc::now().naive_local(),
-                  updated_at: Utc::now().naive_local(),
+                  created_at: Utc::now().naive_utc(),
+                  updated_at: Utc::now().naive_utc(),
                 };
                 if let Err(err) = create_or_update_exploit(conn, new_exp, Some(template.id)) {
                   println!("import nuclei exploit err: {:?}", err);
@@ -551,7 +551,7 @@ pub async fn update_from_rss() {
     let rss: Rss = quick_xml::de::from_str(&s).unwrap();
     for item in rss.channel.item {
       // 发布时间小于三天前跳过更新
-      if item.published < (Utc::now() - Duration::days(3)).naive_local() {
+      if item.published < (Utc::now() - Duration::days(3)).naive_utc() {
         continue;
       }
       get_info_from_exploit_url(connection_pool.get().unwrap().deref_mut(), &item).await;

diff --git a/helper/src/kb/mod.rs b/helper/src/kb/mod.rs
@@ -7,11 +7,13 @@ use chrono::Utc;
 use diesel::MysqlConnection;
 
 use nvd_model::error::DBResult;
+use nvd_model::exploit::db::{CreateExploit, ExploitSource};
 use nvd_model::knowledge_base::db::{CreateKnowledgeBase, KnowledgeBaseSource};
 use nvd_model::knowledge_base::KnowledgeBase;
 use nvd_model::types::{AnyValue, MetaData};
 
 use crate::error::HelperResult;
+use crate::exp::create_or_update_exploit;
 use crate::init_db_pool;
 
 pub async fn akb_sync() -> HelperResult<()> {
@@ -31,7 +33,7 @@ pub async fn akb_sync() -> HelperResult<()> {
       let meta = MetaData::default();
       for topic in topics.data {
         if topic.rapid7_analysis.is_some() {
-          let new_exp = CreateKnowledgeBase {
+          let new_kb = CreateKnowledgeBase {
             id: uuid::Uuid::new_v4().as_bytes().to_vec(),
             name: topic.name.clone(),
             description: topic.document,
@@ -41,18 +43,41 @@ pub async fn akb_sync() -> HelperResult<()> {
             created_at: topic
               .rapid7_analysis_created
               .unwrap_or(Utc::now())
-              .naive_local(),
+              .naive_utc(),
             updated_at: topic
               .rapid7_analysis_revision_date
               .unwrap_or(Utc::now())
-              .naive_local(),
+              .naive_utc(),
           };
-          if let Err(err) = create_or_update_kb(connection_pool.get().unwrap().deref_mut(), new_exp)
+          if let Err(err) = create_or_update_kb(connection_pool.get().unwrap().deref_mut(), new_kb)
           {
             println!("import attackerkb err: {:?}", err);
           }
           break;
         }
+        if let Some(credits) = topic.metadata.credits {
+          for module in credits.module {
+            println!("同步metasploit插件：{}", module);
+            let new_exp = CreateExploit {
+              id: uuid::Uuid::new_v4().as_bytes().to_vec(),
+              name: topic.name.to_string(),
+              description: topic.document.clone(),
+              source: ExploitSource::Metasploit.to_string(),
+              path: module,
+              meta: AnyValue::new(meta.clone()),
+              verified: true as u8,
+              created_at: topic.created.naive_utc(),
+              updated_at: topic.revision_date.naive_utc(),
+            };
+            if let Err(err) = create_or_update_exploit(
+              connection_pool.get().unwrap().deref_mut(),
+              new_exp,
+              Some(topic.name.clone()),
+            ) {
+              println!("同步metasploit 插件失败： {:?}", err);
+            };
+          }
+        }
       }
     }
   }

diff --git a/nvd-model/src/exploit/db.rs b/nvd-model/src/exploit/db.rs
@@ -16,13 +16,15 @@ use crate::DB;
 pub enum ExploitSource {
   ExploitDb,
   NucleiTemplates,
+  Metasploit,
 }
 
 impl Display for ExploitSource {
   fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
     match self {
       ExploitSource::ExploitDb => f.write_str("exploit-db"),
       ExploitSource::NucleiTemplates => f.write_str("nuclei-templates"),
+      ExploitSource::Metasploit => f.write_str("metasploit"),
     }
   }
 }

diff --git a/nvd-yew/src/component/knowledge_base.rs b/nvd-yew/src/component/knowledge_base.rs
@@ -0,0 +1,105 @@
+use yew::prelude::*;
+
+use nvd_model::knowledge_base::{KnowledgeBase, QueryKnowledgeBase};
+
+use crate::component::{KBRow, KbProps};
+use crate::console_log;
+use crate::modules::Paging;
+use crate::services::kb::knowledge_base_list;
+use crate::services::FetchState;
+
+#[derive(Default)]
+pub struct CVEKnowledgeBaseInfoList {
+  pub result: Vec<KnowledgeBase>,
+  pub paging: Paging,
+  pub query: QueryKnowledgeBase,
+}
+
+#[derive(PartialEq, Clone, Properties)]
+pub struct IDProps {
+  pub id: String,
+}
+
+#[allow(clippy::large_enum_variant)]
+pub enum Msg {
+  SetFetchState(FetchState<CVEKnowledgeBaseInfoList>),
+  Send,
+}
+
+impl Component for CVEKnowledgeBaseInfoList {
+  type Message = Msg;
+  type Properties = IDProps;
+
+  fn create(_ctx: &Context<Self>) -> Self {
+    CVEKnowledgeBaseInfoList::default()
+  }
+
+  fn update(&mut self, ctx: &Context<Self>, msg: Self::Message) -> bool {
+    match msg {
+      Msg::SetFetchState(state) => {
+        match state {
+          FetchState::Success(data) => {
+            self.result = data.result;
+            return true;
+          }
+          FetchState::Failed(err) => {
+            console_log!("{:?}", err);
+          }
+        }
+        return true;
+      }
+      Msg::Send => {
+        let q = QueryKnowledgeBase {
+          cve: Some(ctx.props().id.clone()),
+          ..self.query.clone()
+        };
+        ctx.link().send_future(async move {
+          match knowledge_base_list(q).await {
+            Ok(data) => {
+              let data = CVEKnowledgeBaseInfoList {
+                result: data.result,
+                paging: data.paging,
+                query: data.query,
+              };
+              Msg::SetFetchState(FetchState::Success(data))
+            }
+            Err(err) => Msg::SetFetchState(FetchState::Failed(err)),
+          }
+        });
+      }
+    }
+    false
+  }
+  fn view(&self, _ctx: &Context<Self>) -> Html {
+    let knowledge_base = self.result.clone();
+    if !knowledge_base.is_empty() {
+      return html! {
+      <div class="table-responsive">
+        <table class="table table-vcenter card-table table-striped">
+            <thead>
+              <tr>
+                <th scope="col">{"Name"}</th>
+                <th scope="col">{"Source"}</th>
+                <th scope="col">{"Links"}</th>
+                <th scope="col">{"Meta"}</th>
+                <th scope="col">{"Updated"}</th>
+              </tr>
+            </thead>
+          <tbody>
+          {knowledge_base.into_iter().map(|e|{
+            let p = KbProps{props:e.clone()};
+            html!{<KBRow ..p/>}
+          }).collect::<Html>()}
+          </tbody>
+        </table>
+      </div>
+      };
+    }
+    html!()
+  }
+  fn rendered(&mut self, ctx: &Context<Self>, first_render: bool) {
+    if first_render {
+      ctx.link().send_message(Msg::Send);
+    }
+  }
+}
diff --git a/nvd-yew/src/component/mod.rs b/nvd-yew/src/component/mod.rs
@@ -11,6 +11,7 @@ pub use exp_row::{EXPRow, ExpProps};
 pub use exploit::CVEExploitInfoList;
 pub use kb_query::{KBQuery, KBQueryProps};
 pub use kb_row::{KBRow, KbProps};
+pub use knowledge_base::CVEKnowledgeBaseInfoList;
 pub use pagination::{Pagination, PaginationProps};
 pub use tooltip_popover::TooltipPopover;
 pub use weaknesses::CWEDetails;
@@ -29,6 +30,7 @@ mod exp_row;
 mod exploit;
 mod kb_query;
 mod kb_row;
+mod knowledge_base;
 mod pagination;
 mod tooltip_popover;
 mod weaknesses;
diff --git a/nvd-yew/src/routes/cve.rs b/nvd-yew/src/routes/cve.rs
@@ -7,8 +7,8 @@ use nvd_model::cve::Cve;
 
 use crate::component::cvss_tags::{cvss2, cvss3};
 use crate::component::{
-  Accordion, CVEConfiguration, CVEConfigurationProps, CVEExploitInfoList, CWEDetails, Comments,
-  CVSS2, CVSS3,
+  Accordion, CVEConfiguration, CVEConfigurationProps, CVEExploitInfoList, CVEKnowledgeBaseInfoList,
+  CWEDetails, Comments, CVSS2, CVSS3,
 };
 use crate::console_log;
 use crate::error::Error;
@@ -122,7 +122,8 @@ impl Component for CVEDetails {
         {self.cvss(cve.clone())}
         {self.references(&cve.references)}
         {self.weaknesses(&cve.weaknesses)}
-        {self.exploit(cve.id)}
+        {self.exploit(&cve.id)}
+        {self.knowledge_base(&cve.id)}
         {self.configurations(&cve.configurations)}
         <Comments/>
       <div class="card-body">
@@ -266,10 +267,17 @@ impl CVEDetails {
       </Accordion>
     }
   }
-  fn exploit(&self, id: String) -> Html {
+  fn exploit(&self, id: &str) -> Html {
     html! {
       <Accordion name={"Exploits"}>
-      <CVEExploitInfoList id={id}/>
+      <CVEExploitInfoList id={id.to_string()}/>
+      </Accordion>
+    }
+  }
+  fn knowledge_base(&self, id: &str) -> Html {
+    html! {
+      <Accordion name={"KnowledgeBase"}>
+      <CVEKnowledgeBaseInfoList id={id.to_string()}/>
       </Accordion>
     }
   }