From 7eb5e5289fb93cdf89ac297264374490b644de21 Mon Sep 17 00:00:00 2001
From: itsdivyanshjain
Date: Sun, 18 Sep 2022 08:13:14 -0400
Subject: [PATCH 1/4] local html reports improved
---
core/graph.py | 15 +-
lib/graph/d3_tree_v1/engine.py | 1 +
lib/html_log/log_data.py | 7 +
web/static/index.html | 12 ++
web/static/js/renderjson.js | 216 ++++++++++++++++++++++++++++
web/static/report/d3_tree_v1.html | 220 +++++++++++++++++++++++++++++
web/static/report/html_table.css | 1 +
web/static/report/json_parse.js | 11 ++
web/static/report/table_items.html | 2 +-
web/static/report/table_title.html | 2 +-
10 files changed, 479 insertions(+), 8 deletions(-)
create mode 100644 web/static/js/renderjson.js
create mode 100644 web/static/report/json_parse.js
diff --git a/core/graph.py b/core/graph.py
index 7e16d5005..2e7a46728 100644
--- a/core/graph.py
+++ b/core/graph.py
@@ -11,6 +11,7 @@
from core.die import die_failure
from database.db import get_logs_by_scan_unique_id
from database.db import submit_report_to_db
+from core.utility import merge_logs_to_list
def build_graph(graph_name, events):
@@ -128,26 +129,28 @@ def create_report(options, scan_unique_id):
'date',
'target',
'module_name',
- 'scan_unique_id',
'port',
- 'event',
+ 'logs',
'json_event'
)
+ index=1
for event in all_scan_logs:
+ log = merge_logs_to_list(json.loads(event["json_event"]), [])
html_table_content += log_data.table_items.format(
event["date"],
event["target"],
event["module_name"],
- event["scan_unique_id"],
event["port"],
- event["event"],
+ "
".join(log) if log else "detected", #event["event"], #log
+ index,
event["json_event"]
)
- html_table_content += log_data.table_end + '' + str(index-1) + '
' + ''
+ ) + '
' + log_data.json_parse_js
with open(report_path_filename, 'w', encoding='utf-8') as save:
save.write(html_table_content + '\n')
save.close()
diff --git a/lib/graph/d3_tree_v1/engine.py b/lib/graph/d3_tree_v1/engine.py
index 051c6b238..098f80fa4 100644
--- a/lib/graph/d3_tree_v1/engine.py
+++ b/lib/graph/d3_tree_v1/engine.py
@@ -73,6 +73,7 @@ def start(events):
)
from config import nettacker_paths
+ print("ok\n",d3_structure)
data = open(
os.path.join(
nettacker_paths()['web_static_files_path'],
diff --git a/lib/html_log/log_data.py b/lib/html_log/log_data.py
index 759a3bd62..3be8dade1 100644
--- a/lib/html_log/log_data.py
+++ b/lib/html_log/log_data.py
@@ -11,6 +11,13 @@
)
).read()
+json_parse_js = open(
+ os.path.join(
+ nettacker_paths()['web_static_files_path'],
+ 'report/json_parse.js'
+ )
+).read()
+
table_title = open(
os.path.join(
nettacker_paths()['web_static_files_path'],
diff --git a/web/static/index.html b/web/static/index.html
index c3386ac41..b748e172e 100644
--- a/web/static/index.html
+++ b/web/static/index.html
@@ -28,6 +28,18 @@
+
+
diff --git a/web/static/js/renderjson.js b/web/static/js/renderjson.js
new file mode 100644
index 000000000..9d41d2d28
--- /dev/null
+++ b/web/static/js/renderjson.js
@@ -0,0 +1,216 @@
+// Copyright © 2013-2017 David Caldwell
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+// SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+// OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+// CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+// Usage
+// -----
+// The module exports one entry point, the `renderjson()` function. It takes in
+// the JSON you want to render as a single argument and returns an HTML
+// element.
+//
+// Options
+// -------
+// renderjson.set_icons("+", "-")
+// This Allows you to override the disclosure icons.
+//
+// renderjson.set_show_to_level(level)
+// Pass the number of levels to expand when rendering. The default is 0, which
+// starts with everything collapsed. As a special case, if level is the string
+// "all" then it will start with everything expanded.
+//
+// renderjson.set_max_string_length(length)
+// Strings will be truncated and made expandable if they are longer than
+// `length`. As a special case, if `length` is the string "none" then
+// there will be no truncation. The default is "none".
+//
+// renderjson.set_sort_objects(sort_bool)
+// Sort objects by key (default: false)
+//
+// renderjson.set_replacer(replacer_function)
+// Equivalent of JSON.stringify() `replacer` argument when it's a function
+//
+// renderjson.set_collapse_msg(collapse_function)
+// Accepts a function (len:number):string => {} where len is the length of the
+// object collapsed. Function should return the message displayed when a
+// object is collapsed. The default message is "X items"
+//
+// renderjson.set_property_list(property_list)
+// Equivalent of JSON.stringify() `replacer` argument when it's an array
+//
+// Theming
+// -------
+// The HTML output uses a number of classes so that you can theme it the way
+// you'd like:
+// .disclosure ("⊕", "⊖")
+// .syntax (",", ":", "{", "}", "[", "]")
+// .string (includes quotes)
+// .number
+// .boolean
+// .key (object key)
+// .keyword ("null", "undefined")
+// .object.syntax ("{", "}")
+// .array.syntax ("[", "]")
+
+var module, window, define, renderjson=(function() {
+ var themetext = function(/* [class, text]+ */) {
+ var spans = [];
+ while (arguments.length)
+ spans.push(append(span(Array.prototype.shift.call(arguments)),
+ text(Array.prototype.shift.call(arguments))));
+ return spans;
+ };
+ var append = function(/* el, ... */) {
+ var el = Array.prototype.shift.call(arguments);
+ for (var a=0; a 0 && type != "string")
+ show();
+ return el;
+ };
+
+ if (json === null) return themetext(null, my_indent, "keyword", "null");
+ if (json === void 0) return themetext(null, my_indent, "keyword", "undefined");
+
+ if (typeof(json) == "string" && json.length > options.max_string_length)
+ return disclosure('"', json.substr(0,options.max_string_length)+" ...", '"', "string", function () {
+ return append(span("string"), themetext(null, my_indent, "string", JSON.stringify(json)));
+ });
+
+ if (typeof(json) != "object" || [Number, String, Boolean, Date].indexOf(json.constructor) >= 0) // Strings, numbers and bools
+ return themetext(null, my_indent, typeof(json), JSON.stringify(json));
+
+ if (json.constructor == Array) {
+ if (json.length == 0) return themetext(null, my_indent, "array syntax", "[]");
+
+ return disclosure("[", options.collapse_msg(json.length), "]", "array", function () {
+ var as = append(span("array"), themetext("array syntax", "[", null, "\n"));
+ for (var i=0; i__title_to_replace__
font-size:small;
}
+
+
+
\ No newline at end of file
diff --git a/web/static/report/table_items.html b/web/static/report/table_items.html
index decbfc1f2..7218e73fa 100644
--- a/web/static/report/table_items.html
+++ b/web/static/report/table_items.html
@@ -1 +1 @@
-{0} | {1} | {2} | {3} | {4} | {5} | {6} |
\ No newline at end of file
+{0} | {1} | {2} | {3} | {4} | {6} |
\ No newline at end of file
diff --git a/web/static/report/table_title.html b/web/static/report/table_title.html
index 2835c3e1c..c95450187 100644
--- a/web/static/report/table_title.html
+++ b/web/static/report/table_title.html
@@ -1 +1 @@
-{0}{1}
{2} | {3} | {4} | {5} | {6} | {7} | {8} |
\ No newline at end of file
+{0}{1}
{2} | {3} | {4} | {5} | {6} | {7} |
\ No newline at end of file
From fae8f948b866aa9393e2736f52a3ee001d861fd4 Mon Sep 17 00:00:00 2001
From: itsdivyanshjain
Date: Sun, 18 Sep 2022 08:16:40 -0400
Subject: [PATCH 2/4] removed print
---
lib/graph/d3_tree_v1/engine.py | 1 -
1 file changed, 1 deletion(-)
diff --git a/lib/graph/d3_tree_v1/engine.py b/lib/graph/d3_tree_v1/engine.py
index 098f80fa4..051c6b238 100644
--- a/lib/graph/d3_tree_v1/engine.py
+++ b/lib/graph/d3_tree_v1/engine.py
@@ -73,7 +73,6 @@ def start(events):
)
from config import nettacker_paths
- print("ok\n",d3_structure)
data = open(
os.path.join(
nettacker_paths()['web_static_files_path'],
From c544ab4fbbcedb908f372d78bdf71a60262d6967 Mon Sep 17 00:00:00 2001
From: itsdivyanshjain
Date: Sun, 18 Sep 2022 09:39:06 -0400
Subject: [PATCH 3/4] improved html log by implementing html output encoding
---
core/graph.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/core/graph.py b/core/graph.py
index 2e7a46728..b6a7ae6fa 100644
--- a/core/graph.py
+++ b/core/graph.py
@@ -4,6 +4,7 @@
import json
import csv
import texttable
+import html
from core.alert import messages
from core.alert import info
from core.compatible import version_info
@@ -143,7 +144,7 @@ def create_report(options, scan_unique_id):
event["port"],
"
".join(log) if log else "detected", #event["event"], #log
index,
- event["json_event"]
+ html.escape(event["json_event"])
)
index+=1
html_table_content += log_data.table_end + '' + str(index-1) + '
' + '