From 7eb5e5289fb93cdf89ac297264374490b644de21 Mon Sep 17 00:00:00 2001 From: itsdivyanshjain Date: Sun, 18 Sep 2022 08:13:14 -0400 Subject: [PATCH 1/4] local html reports improved --- core/graph.py | 15 +- lib/graph/d3_tree_v1/engine.py | 1 + lib/html_log/log_data.py | 7 + web/static/index.html | 12 ++ web/static/js/renderjson.js | 216 ++++++++++++++++++++++++++++ web/static/report/d3_tree_v1.html | 220 +++++++++++++++++++++++++++++ web/static/report/html_table.css | 1 + web/static/report/json_parse.js | 11 ++ web/static/report/table_items.html | 2 +- web/static/report/table_title.html | 2 +- 10 files changed, 479 insertions(+), 8 deletions(-) create mode 100644 web/static/js/renderjson.js create mode 100644 web/static/report/json_parse.js diff --git a/core/graph.py b/core/graph.py index 7e16d5005..2e7a46728 100644 --- a/core/graph.py +++ b/core/graph.py @@ -11,6 +11,7 @@ from core.die import die_failure from database.db import get_logs_by_scan_unique_id from database.db import submit_report_to_db +from core.utility import merge_logs_to_list def build_graph(graph_name, events): @@ -128,26 +129,28 @@ def create_report(options, scan_unique_id): 'date', 'target', 'module_name', - 'scan_unique_id', 'port', - 'event', + 'logs', 'json_event' ) + index=1 for event in all_scan_logs: + log = merge_logs_to_list(json.loads(event["json_event"]), []) html_table_content += log_data.table_items.format( event["date"], event["target"], event["module_name"], - event["scan_unique_id"], event["port"], - event["event"], + "
".join(log) if log else "detected", #event["event"], #log + index, event["json_event"] ) - html_table_content += log_data.table_end + '
' + str(index-1) + '
' + '' + ) + '

' + log_data.json_parse_js with open(report_path_filename, 'w', encoding='utf-8') as save: save.write(html_table_content + '\n') save.close() diff --git a/lib/graph/d3_tree_v1/engine.py b/lib/graph/d3_tree_v1/engine.py index 051c6b238..098f80fa4 100644 --- a/lib/graph/d3_tree_v1/engine.py +++ b/lib/graph/d3_tree_v1/engine.py @@ -73,6 +73,7 @@ def start(events): ) from config import nettacker_paths + print("ok\n",d3_structure) data = open( os.path.join( nettacker_paths()['web_static_files_path'], diff --git a/lib/html_log/log_data.py b/lib/html_log/log_data.py index 759a3bd62..3be8dade1 100644 --- a/lib/html_log/log_data.py +++ b/lib/html_log/log_data.py @@ -11,6 +11,13 @@ ) ).read() +json_parse_js = open( + os.path.join( + nettacker_paths()['web_static_files_path'], + 'report/json_parse.js' + ) +).read() + table_title = open( os.path.join( nettacker_paths()['web_static_files_path'], diff --git a/web/static/index.html b/web/static/index.html index c3386ac41..b748e172e 100644 --- a/web/static/index.html +++ b/web/static/index.html @@ -28,6 +28,18 @@ + +
diff --git a/web/static/js/renderjson.js b/web/static/js/renderjson.js new file mode 100644 index 000000000..9d41d2d28 --- /dev/null +++ b/web/static/js/renderjson.js @@ -0,0 +1,216 @@ +// Copyright © 2013-2017 David Caldwell +// +// Permission to use, copy, modify, and/or distribute this software for any +// purpose with or without fee is hereby granted, provided that the above +// copyright notice and this permission notice appear in all copies. +// +// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION +// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN +// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +// Usage +// ----- +// The module exports one entry point, the `renderjson()` function. It takes in +// the JSON you want to render as a single argument and returns an HTML +// element. +// +// Options +// ------- +// renderjson.set_icons("+", "-") +// This Allows you to override the disclosure icons. +// +// renderjson.set_show_to_level(level) +// Pass the number of levels to expand when rendering. The default is 0, which +// starts with everything collapsed. As a special case, if level is the string +// "all" then it will start with everything expanded. +// +// renderjson.set_max_string_length(length) +// Strings will be truncated and made expandable if they are longer than +// `length`. As a special case, if `length` is the string "none" then +// there will be no truncation. The default is "none". +// +// renderjson.set_sort_objects(sort_bool) +// Sort objects by key (default: false) +// +// renderjson.set_replacer(replacer_function) +// Equivalent of JSON.stringify() `replacer` argument when it's a function +// +// renderjson.set_collapse_msg(collapse_function) +// Accepts a function (len:number):string => {} where len is the length of the +// object collapsed. Function should return the message displayed when a +// object is collapsed. The default message is "X items" +// +// renderjson.set_property_list(property_list) +// Equivalent of JSON.stringify() `replacer` argument when it's an array +// +// Theming +// ------- +// The HTML output uses a number of classes so that you can theme it the way +// you'd like: +// .disclosure ("⊕", "⊖") +// .syntax (",", ":", "{", "}", "[", "]") +// .string (includes quotes) +// .number +// .boolean +// .key (object key) +// .keyword ("null", "undefined") +// .object.syntax ("{", "}") +// .array.syntax ("[", "]") + +var module, window, define, renderjson=(function() { + var themetext = function(/* [class, text]+ */) { + var spans = []; + while (arguments.length) + spans.push(append(span(Array.prototype.shift.call(arguments)), + text(Array.prototype.shift.call(arguments)))); + return spans; + }; + var append = function(/* el, ... */) { + var el = Array.prototype.shift.call(arguments); + for (var a=0; a 0 && type != "string") + show(); + return el; + }; + + if (json === null) return themetext(null, my_indent, "keyword", "null"); + if (json === void 0) return themetext(null, my_indent, "keyword", "undefined"); + + if (typeof(json) == "string" && json.length > options.max_string_length) + return disclosure('"', json.substr(0,options.max_string_length)+" ...", '"', "string", function () { + return append(span("string"), themetext(null, my_indent, "string", JSON.stringify(json))); + }); + + if (typeof(json) != "object" || [Number, String, Boolean, Date].indexOf(json.constructor) >= 0) // Strings, numbers and bools + return themetext(null, my_indent, typeof(json), JSON.stringify(json)); + + if (json.constructor == Array) { + if (json.length == 0) return themetext(null, my_indent, "array syntax", "[]"); + + return disclosure("[", options.collapse_msg(json.length), "]", "array", function () { + var as = append(span("array"), themetext("array syntax", "[", null, "\n")); + for (var i=0; i__title_to_replace__ font-size:small; } + + + \ No newline at end of file diff --git a/web/static/report/table_items.html b/web/static/report/table_items.html index decbfc1f2..7218e73fa 100644 --- a/web/static/report/table_items.html +++ b/web/static/report/table_items.html @@ -1 +1 @@ -{0}{1}{2}{3}{4}{5}{6} \ No newline at end of file +{0}{1}{2}{3}{4}{6} \ No newline at end of file diff --git a/web/static/report/table_title.html b/web/static/report/table_title.html index 2835c3e1c..c95450187 100644 --- a/web/static/report/table_title.html +++ b/web/static/report/table_title.html @@ -1 +1 @@ -{0}{1}



\ No newline at end of file +{0}{1}



{2}{3}{4}{5}{6}{7}{8}
\ No newline at end of file From fae8f948b866aa9393e2736f52a3ee001d861fd4 Mon Sep 17 00:00:00 2001 From: itsdivyanshjain Date: Sun, 18 Sep 2022 08:16:40 -0400 Subject: [PATCH 2/4] removed print --- lib/graph/d3_tree_v1/engine.py | 1 - 1 file changed, 1 deletion(-) diff --git a/lib/graph/d3_tree_v1/engine.py b/lib/graph/d3_tree_v1/engine.py index 098f80fa4..051c6b238 100644 --- a/lib/graph/d3_tree_v1/engine.py +++ b/lib/graph/d3_tree_v1/engine.py @@ -73,7 +73,6 @@ def start(events): ) from config import nettacker_paths - print("ok\n",d3_structure) data = open( os.path.join( nettacker_paths()['web_static_files_path'], From c544ab4fbbcedb908f372d78bdf71a60262d6967 Mon Sep 17 00:00:00 2001 From: itsdivyanshjain Date: Sun, 18 Sep 2022 09:39:06 -0400 Subject: [PATCH 3/4] improved html log by implementing html output encoding --- core/graph.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/core/graph.py b/core/graph.py index 2e7a46728..b6a7ae6fa 100644 --- a/core/graph.py +++ b/core/graph.py @@ -4,6 +4,7 @@ import json import csv import texttable +import html from core.alert import messages from core.alert import info from core.compatible import version_info @@ -143,7 +144,7 @@ def create_report(options, scan_unique_id): event["port"], "
".join(log) if log else "detected", #event["event"], #log index, - event["json_event"] + html.escape(event["json_event"]) ) index+=1 html_table_content += log_data.table_end + '
' + str(index-1) + '
' + '
{2}{3}{4}{5}{6}{7}