diff --git a/.gitignore b/.gitignore index cd61ba8..fe971c6 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,6 @@ publish .idea .DS_Store *.tar.gz +*.go +.gitgnore +vendor diff --git a/mongo/init/Engine_Category.json b/mongo/init/Engine_Category.json index b707f71..f2c26fd 100644 --- a/mongo/init/Engine_Category.json +++ b/mongo/init/Engine_Category.json @@ -31,7 +31,7 @@ {"_id":{"$oid":"63bfd22e69b35a192a416dc1"},"name":"多线程并发","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf91","riskDesc":"在对敏感资源进行操作的场景中,如抽奖、下单、领取优惠券等,在短时间内多次进行相同请求时,服务端在业务处理过程中,对关键数据操作并未保证原子性,导致产生并发问题。","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.899Z"},"createTime":{"$date":"2023-01-12T09:26:06.899Z"}} {"_id":{"$oid":"63bfd22e69b35a192a416dc2"},"name":"Java反序列化","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf91","riskDesc":"Java程序使用ObjectInputStream对象的readObject方法将反序列化数据转换为java对象。但当输入的反序列化的数据可被用户控制,那么攻击者即可通过构造恶意输入,让反序列化产生非预期的对象,在此过程中执行构造的任意代码。","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.899Z"},"createTime":{"$date":"2023-01-12T09:26:06.899Z"}} {"_id":{"$oid":"63bfd22e69b35a192a416dc3"},"name":"配置错误","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf91","riskDesc":"应用配置错误可能导致验证的信息泄露、内网沦陷事件","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.899Z"},"createTime":{"$date":"2023-01-12T09:26:06.899Z"}} -{"_id":{"$oid":"63bfd22e69b35a192a416dc4"},"name":"其他","sortNo":1.0,"pid":"63bfd0c069b35a18580fbf91","advice":"其他","riskDesc":"其他","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.899Z"},"createTime":{"$date":"2023-01-12T09:26:06.899Z"}} +{"_id":{"$oid":"63bfd22e69b35a192a416dc4"},"name":"其他","sortNo":9.0,"pid":"63bfd0c069b35a18580fbf91","advice":"其他","riskDesc":"其他","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.899Z"},"createTime":{"$date":"2023-01-12T09:26:06.899Z"}} {"_id":{"$oid":"63bfd22e69b35a192a416dc5"},"name":"远程代码执行","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf92","advice":"及时更新系统补丁,关闭敏感端口","riskDesc":"攻击者可以直接远程控制服务器进行敏感命令操作","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.9Z"},"createTime":{"$date":"2023-01-12T09:26:06.9Z"}} {"_id":{"$oid":"63bfd22e69b35a192a416dc6"},"name":"配置缺陷","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf92","advice":"及时更改配置,确保配置符合安全要求","riskDesc":"存在信息泄露的可能性,攻击者可以根据该信息进行进一步的渗透操作","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.9Z"},"createTime":{"$date":"2023-01-12T09:26:06.9Z"}} {"_id":{"$oid":"63bfd22e69b35a192a416dc7"},"name":"系统弱口令","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf92","riskDesc":"攻击者可以直接登录系统进行敏感操作","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.9Z"},"createTime":{"$date":"2023-01-12T09:26:06.9Z"}} @@ -48,3 +48,4 @@ {"_id":{"$oid":"63bfd22e69b35a192a416de1"},"name":"敏感数据明文传输","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf95","advice":"敏感数据禁止使用明文传输","riskDesc":"敏感信息使用明文传输,存在数据泄露风险","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.901Z"},"createTime":{"$date":"2023-01-12T09:26:06.901Z"}} {"_id":{"$oid":"63bfd22e69b35a192a416de2"},"name":"敏感信息泄露","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf95","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.901Z"},"createTime":{"$date":"2023-01-12T09:26:06.901Z"}} {"_id":{"$oid":"63bfd22e69b35a192a416de5"},"name":"其他","sortNo":0.0,"pid":"63bfd0c069b35a18580fbf95","deleted":false,"createBy":"5db002504da8ad2e24d0052d","updateBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-01-12T09:26:06.901Z"},"createTime":{"$date":"2023-01-12T09:26:06.901Z"}} +{"_id":{"$oid":"6444f06669b35a4909a6bb8a"},"name":"表达式注入","pid":"63bfd0c069b35a18580fbf91","deleted":false,"sortNo":3.0,"createBy":"5db002504da8ad2e24d0052d","updateTime":{"$date":"2023-04-23T08:46:30.844Z"},"createTime":{"$date":"2023-04-23T08:46:30.844Z"}} diff --git a/mongo/init/db.js b/mongo/init/db.js index 23f141c..d04e3a4 100644 --- a/mongo/init/db.js +++ b/mongo/init/db.js @@ -47,7 +47,8 @@ db.System_UserRole.insert([ ]); -db.Message_Template.insert([{ +db.Message_Template.insert([ + { "_id": ObjectId("6310636a69b35a49e396ffe8"), "name": "黑盒扫描器任务完成提醒", "code": 2, @@ -59,7 +60,7 @@ db.Message_Template.insert([{ "createTime": ISODate("2022-09-01T07:46:50.913Z"), "enable": true, "subject": "黑盒扫描器任务完成" -}, { +},{ "_id": ObjectId("63849d3169b35abc2d329504"), "name": "agent离线通知", "code": 1, @@ -613,7 +614,7 @@ db.Engine_Category.insert([ { "_id": ObjectId("63bfd22e69b35a192a416dc4"), "name": "其他", - "sortNo": 1.0, + "sortNo": 9.0, "pid": "63bfd0c069b35a18580fbf91", "advice": "其他", "riskDesc": "其他", @@ -800,6 +801,16 @@ db.Engine_Category.insert([ "updateBy": "5db002504da8ad2e24d0052d", "updateTime": ISODate("2023-01-12T09:26:06.901Z"), "createTime": ISODate("2023-01-12T09:26:06.901Z") + }, + { + "_id": ObjectId("6444f06669b35a4909a6bb8a"), + "name": "表达式注入", + "pid": "63bfd0c069b35a18580fbf91", + "deleted": false, + "sortNo": 3.0, + "createBy": "5db002504da8ad2e24d0052d", + "updateTime": ISODate("2023-04-23T08:46:30.844Z"), + "createTime": ISODate("2023-04-23T08:46:30.844Z") } ]);