Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/momosecurity/mosec-x-plugin-backend
MOSEC-X-PLUGIN 后端API服务
https://github.com/momosecurity/mosec-x-plugin-backend
Last synced: about 1 month ago
JSON representation
MOSEC-X-PLUGIN 后端API服务
- Host: GitHub
- URL: https://github.com/momosecurity/mosec-x-plugin-backend
- Owner: momosecurity
- License: apache-2.0
- Created: 2020-07-29T07:23:14.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2020-08-11T07:18:28.000Z (over 4 years ago)
- Last Synced: 2024-08-05T17:35:47.878Z (4 months ago)
- Language: Python
- Size: 43 KB
- Stars: 24
- Watchers: 1
- Forks: 8
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - momosecurity/mosec-x-plugin-backend - MOSEC-X-PLUGIN 后端API服务 (Python)
README
# MOSEC-X-PLUGIN Backend
MOSEC-X-PLUGIN 后端检测API
## 关于我们
Website:https://security.immomo.com
WeChat:
## 版本要求
Python 3.7.x
## 安装
```shell script
> pip install -r requirements.txt
```
## 运行
```shell script
> python website.py
# will run on http://127.0.0.1:9000/
```
## 开发
#### 漏洞规则数据表
```sqlite
CREATE TABLE IF NOT EXISTS "vulrules" (
"title" TEXT(255), -- 漏洞标题
"name" TEXT(255), -- 漏洞组件名称 ( vendor / groupId:artifactId )
"severity" TEXT(10), -- 漏洞危害等级 ( High / Medium / Low )
"type" TEXT(10), -- 构建工具类型 ( Maven / pip / npm / Composer )
"cve" TEXT(20), -- 漏洞对应CVE编号
"cvss3" TEXT(10), -- 漏洞对应CVSS3分数
"vul_version_fr" TEXT(255), -- 漏洞组件最低版本 ( vul_version_fr <= 使用的组件版本 )
"vul_version_to" TEXT(255), -- 漏洞组件最高版本 ( 使用的组件版本 <= vul_version_to )
"target_version" TEXT(255) -- 漏洞组件安全版本 ( 数据类型是json.dumps(list) )
);
```
#### 检测流程
### API
#### POST /api/plugin
```json
{
"type": "Maven",
"language": "java",
"severityLevel": "High",
"name": "name1",
"version": "version1",
"from": [
"name1@version1"
],
"dependencies": {
"name2": {
"name": "name2",
"version": "version2",
"from": [
"name1@version1",
"name2@version2"
],
"dependencies": {
"name4": {
"name": "name4",
"version": "version4",
"from": [
"name1@version1",
"name2@version2",
"name4@version4"
],
"dependencies": {}
}
}
},
"name3": {
"name": "name3",
"version": "version3",
"from": [
"name1@version1",
"name3@version3"
],
"dependencies": {}
}
}
}
```
#### Response
```json
{
"ok": false,
"dependencyCount": 2,
"vulnerabilities": [
{
"title": "title",
"severity": "High",
"packageName": "name2",
"version": "version2",
"from": [
"name1@version1",
"name2@version2"
],
"cve": "cve",
"target_version": [
"version2.1",
"version3.0"
]
}
]
}
```