-
Notifications
You must be signed in to change notification settings - Fork 49
Expand file tree
/
Copy pathdatabase.js
More file actions
103 lines (90 loc) · 2.61 KB
/
database.js
File metadata and controls
103 lines (90 loc) · 2.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
const qryCreateTableRequest = `
CREATE TABLE request (
id INTEGER PRIMARY KEY AUTOINCREMENT,
type TEXT,
method TEXT,
url TEXT,
headers TEXT,
data TEXT,
trigger TEXT,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
)
`;
const qryCreateTableScanInfo = `
CREATE TABLE scan_info (
id INTEGER PRIMARY KEY AUTOINCREMENT,
status TEXT,
completed BOOLEAN NOT NULL DEFAULT false,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
)
`;
const qryCreateTableVulnerability = `
CREATE TABLE vulnerability (
id INTEGER PRIMARY KEY AUTOINCREMENT,
type TEXT,
description TEXT,
element TEXT,
payload TEXT,
url TEXT,
confirmed BOOLEAN,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
)
`;
const qryCreateTableScanSettings = `
CREATE TABLE scan_settings (
id INTEGER PRIMARY KEY AUTOINCREMENT,
parameter TEXT,
value TEXT,
created_at DATETIME DEFAULT CURRENT_TIMESTAMP
)
`;
exports.Database = class {
constructor(dbName){
this.dbName = dbName;
}
connect(){
return require('better-sqlite3')(this.dbName);
}
run(qry, pars){
const db = this.connect();
if(pars){
for(let i = 0; i < pars.length; i++){
if(typeof pars[i] == 'boolean'){
pars[i] = pars[i] ? 1 : 0;
}
}
}
const ret = db.prepare(qry).run(pars);
db.close();
return ret;
}
init(){
const db = this.connect();
db.exec(qryCreateTableRequest);
db.exec(qryCreateTableScanInfo);
db.exec(qryCreateTableVulnerability);
db.exec(qryCreateTableScanSettings);
db.close();
}
updateStatus(status, completed){
this.run("INSERT INTO scan_info (status, completed) values (?, ?)", [status, completed]);
}
addRequest(request){
const qry = "INSERT INTO request (type, method, url, headers, data, trigger) values (?, ?, ?, ?, ?, ?)";
this.run(qry, [request.type, request.method, request.url, JSON.stringify(request.extra_headers), request.data, JSON.stringify(request.trigger)]);
}
addVulnerability(vulnerability){
const qry = "INSERT INTO vulnerability (type, description, element, payload, url, confirmed) values (?, ?, ?, ?, ?, ?)";
this.run(qry, [vulnerability.type, vulnerability.message, vulnerability.element, vulnerability.payload, vulnerability.url, vulnerability.confirmed]);
}
updateVulnerability(vulnerability){
const qry = "UPDATE vulnerability set confirmed=? where type=? and payload=? and element=? and url=?";
this.run(qry, [vulnerability.confirmed, vulnerability.type, vulnerability.payload, vulnerability.element, vulnerability.url]);
}
addScanArguments(args){
const qry = "INSERT INTO scan_settings (parameter, value) values (?, ?)";
for(const arg of args){
this.run(qry, arg);
}
}
}