Skip to content

Commit

Permalink
添加漏洞分类
Browse files Browse the repository at this point in the history
  • Loading branch information
guanyufen committed Apr 24, 2023
1 parent bd02c49 commit ec4f197
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 4 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,6 @@ publish
.idea
.DS_Store
*.tar.gz
*.go
.gitgnore
vendor
3 changes: 2 additions & 1 deletion mongo/init/Engine_Category.json
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
{"_id":{"$oid":"63bfd22e69b35a192a416dc1"},"name":"多线程并发","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf91","riskDesc":"在对敏感资源进行操作的场景中,如抽奖、下单、领取优惠券等,在短时间内多次进行相同请求时,服务端在业务处理过程中,对关键数据操作并未保证原子性,导致产生并发问题。","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.899Z"},"createTime":{"$date":"2023-01-12T09:26:06.899Z"}}
{"_id":{"$oid":"63bfd22e69b35a192a416dc2"},"name":"Java反序列化","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf91","riskDesc":"Java程序使用ObjectInputStream对象的readObject方法将反序列化数据转换为java对象。但当输入的反序列化的数据可被用户控制,那么攻击者即可通过构造恶意输入,让反序列化产生非预期的对象,在此过程中执行构造的任意代码。","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.899Z"},"createTime":{"$date":"2023-01-12T09:26:06.899Z"}}
{"_id":{"$oid":"63bfd22e69b35a192a416dc3"},"name":"配置错误","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf91","riskDesc":"应用配置错误可能导致验证的信息泄露、内网沦陷事件","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.899Z"},"createTime":{"$date":"2023-01-12T09:26:06.899Z"}}
{"_id":{"$oid":"63bfd22e69b35a192a416dc4"},"name":"其他","sortNo":1.0,"pid":"63bfd0c069b35a18580fbf91","advice":"其他","riskDesc":"其他","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.899Z"},"createTime":{"$date":"2023-01-12T09:26:06.899Z"}}
{"_id":{"$oid":"63bfd22e69b35a192a416dc4"},"name":"其他","sortNo":9.0,"pid":"63bfd0c069b35a18580fbf91","advice":"其他","riskDesc":"其他","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.899Z"},"createTime":{"$date":"2023-01-12T09:26:06.899Z"}}
{"_id":{"$oid":"63bfd22e69b35a192a416dc5"},"name":"远程代码执行","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf92","advice":"及时更新系统补丁,关闭敏感端口","riskDesc":"攻击者可以直接远程控制服务器进行敏感命令操作","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.9Z"},"createTime":{"$date":"2023-01-12T09:26:06.9Z"}}
{"_id":{"$oid":"63bfd22e69b35a192a416dc6"},"name":"配置缺陷","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf92","advice":"及时更改配置,确保配置符合安全要求","riskDesc":"存在信息泄露的可能性,攻击者可以根据该信息进行进一步的渗透操作","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.9Z"},"createTime":{"$date":"2023-01-12T09:26:06.9Z"}}
{"_id":{"$oid":"63bfd22e69b35a192a416dc7"},"name":"系统弱口令","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf92","riskDesc":"攻击者可以直接登录系统进行敏感操作","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.9Z"},"createTime":{"$date":"2023-01-12T09:26:06.9Z"}}
Expand All @@ -48,3 +48,4 @@
{"_id":{"$oid":"63bfd22e69b35a192a416de1"},"name":"敏感数据明文传输","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf95","advice":"敏感数据禁止使用明文传输","riskDesc":"敏感信息使用明文传输,存在数据泄露风险","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.901Z"},"createTime":{"$date":"2023-01-12T09:26:06.901Z"}}
{"_id":{"$oid":"63bfd22e69b35a192a416de2"},"name":"敏感信息泄露","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf95","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.901Z"},"createTime":{"$date":"2023-01-12T09:26:06.901Z"}}
{"_id":{"$oid":"63bfd22e69b35a192a416de5"},"name":"其他","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf95","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.901Z"},"createTime":{"$date":"2023-01-12T09:26:06.901Z"}}
{"_id":{"$oid":"6444f06669b35a4909a6bb8a"},"name":"表达式注入","pid":"63bfd0c069b35a18580fbf91","deleted":false,"sortNo":3.0,"createBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-04-23T08:46:30.844Z"},"createTime":{"$date":"2023-04-23T08:46:30.844Z"}}
17 changes: 14 additions & 3 deletions mongo/init/db.js
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,8 @@ db.System_UserRole.insert([
]);


db.Message_Template.insert([{
db.Message_Template.insert([
{
"_id": ObjectId("6310636a69b35a49e396ffe8"),
"name": "黑盒扫描器任务完成提醒",
"code": 2,
Expand All @@ -59,7 +60,7 @@ db.Message_Template.insert([{
"createTime": ISODate("2022-09-01T07:46:50.913Z"),
"enable": true,
"subject": "黑盒扫描器任务完成"
}, {
},{
"_id": ObjectId("63849d3169b35abc2d329504"),
"name": "agent离线通知",
"code": 1,
Expand Down Expand Up @@ -613,7 +614,7 @@ db.Engine_Category.insert([
{
"_id": ObjectId("63bfd22e69b35a192a416dc4"),
"name": "其他",
"sortNo": 1.0,
"sortNo": 9.0,
"pid": "63bfd0c069b35a18580fbf91",
"advice": "其他",
"riskDesc": "其他",
Expand Down Expand Up @@ -800,6 +801,16 @@ db.Engine_Category.insert([
"updateBy": "5db002504da8ad2e24d0052d",
"updateTime": ISODate("2023-01-12T09:26:06.901Z"),
"createTime": ISODate("2023-01-12T09:26:06.901Z")
},
{
"_id": ObjectId("6444f06669b35a4909a6bb8a"),
"name": "表达式注入",
"pid": "63bfd0c069b35a18580fbf91",
"deleted": false,
"sortNo": 3.0,
"createBy": "5db002504da8ad2e24d0052d",
"updateTime": ISODate("2023-04-23T08:46:30.844Z"),
"createTime": ISODate("2023-04-23T08:46:30.844Z")
}
]);

Expand Down

0 comments on commit ec4f197

Please sign in to comment.