src/Controller/ClientController.php line 55

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\DarkOwl;
  6. use App\Entity\Domain;
  7. use App\Entity\ExposedIp;
  8. use App\Entity\ExposedSubDomain;
  9. use App\Entity\LeakedPassword;
  10. use App\Entity\Organisation;
  11. use App\Entity\User;
  12. use App\Entity\Vulnerability;
  13. use App\Entity\VulnerabilityLevel;
  14. use App\Manager\LeakedPasswordManager;
  15. use App\Repository\CronLogRepository;
  16. use App\Repository\DarkOwlRepository;
  17. use App\Repository\DomainRepository;
  18. use App\Repository\ExposedIpRepository;
  19. use App\Repository\ExposedSubDomainRepository;
  20. use App\Repository\LeakedPasswordRepository;
  21. use App\Repository\VulnerabilityRepository;
  22. use App\Service\Misc;
  23. use App\Service\ScoreService;
  24. use App\Service\Stats;
  25. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  26. use Symfony\Component\HttpFoundation\JsonResponse;
  27. use Symfony\Component\HttpFoundation\Request;
  28. use Symfony\Component\HttpFoundation\Response;
  29. use Symfony\Component\Routing\Annotation\Route;
  30. use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
  31. use Symfony\Component\HttpFoundation\BinaryFileResponse;
  32. use Symfony\Component\HttpFoundation\HeaderUtils;
  34. class ClientController extends AbstractController
  35. {
  36.     /**
  37.      * @var Stats $stats
  38.      */
  39.     private $stats;
  41.     /**
  42.      * @var Misc $misc
  43.      */
  44.     private $misc;
  46.     public function __construct(Stats $statsMisc $misc)
  47.     {
  48.         $this->stats $stats;
  49.         $this->misc $misc;
  50.     }
  52.     /**
  53.      * @Route("/", name="home")
  54.      */
  55.     public function index(DomainRepository $domainRepository)
  56.     {
  57.         if ($this->getUser()->isAdmin()) {
  58.             return $this->redirectToRoute('admin_dashboard');
  59.         }
  61.         /**
  62.          * @var User $user
  63.          */
  64.         $user $this->getUser();
  66.         $organisation $this->misc->getUserOrganisation($user);
  68.         $leakedPassword $this->stats->getLeakedPasswordStats($organisation);
  69.         $exposedSubDomain $this->stats->getExposedDomainStats($organisation);
  70.         $exposedIp $this->stats->getExposedIpStats($organisation);
  71.         $vulnerability $this->stats->getVulneranilityStats($organisation);
  73.         $score null;
  74.         /**
  75.          * @var Domain $domain
  76.          */
  77.         foreach ($domainRepository->findDomainsByOrga($organisation) as $domain) {
  78.             $score $domain->getLastScore();
  79.         }
  81.         $data = [];
  82.         if ($score) {
  83.             $value $score->getScore();
  84.             if ($value == 0) {
  85.                 $data = [
  86.                     "class" => "none",
  87.                     "label" => "Info",
  88.                 ];
  89.             } elseif ($value >= 0.1 && $value 4) {
  90.                 $data = [
  91.                     "class" => "low",
  92.                     "label" => "Low",
  93.                 ];
  94.             } elseif ($value >= && $value 7) {
  95.                 $data = [
  96.                     "class" => "medium",
  97.                     "label" => "Medium",
  98.                 ];
  99.             } elseif ($value >= && $value 9) {
  100.                 $data = [
  101.                     "class" => "high",
  102.                     "label" => "High",
  103.                 ];
  104.             } elseif ($value >= && $value <= 10) {
  105.                 $data = [
  106.                     "class" => "critical",
  107.                     "label" => "Critical",
  108.                 ];
  109.             }
  110.         }
  112.         return $this->render('client/index.html.twig', [
  113.             'leakedPassword' => $leakedPassword,
  114.             'exposedDomain' => $exposedSubDomain,
  115.             'exposedIp' => $exposedIp,
  116.             'vulnerability' => $vulnerability,
  117.             'score' => $score,
  118.             'data' => $data,
  119.             'organisation' => $organisation,
  120.             'sub' => $this->misc->getActifSubsription($organisation),
  121.         ]);
  122.     }
  124.     /**
  125.      * @IsGranted("leaked-passwords")
  126.      * @Route("/leaked-passwords", name="leakedpassowrds")
  127.      */
  128.     public function leakedPassword(
  129.         Request $request,
  130.         LeakedPasswordRepository $leakedPasswordRepository,
  131.         ScoreService $service
  132.     )
  133.     {
  134.         /**
  135.          * @var User $user
  136.          */
  137.         $user $this->getUser();
  138.         $organisation $this->misc->getUserOrganisation($user);
  140.         $today $request->query->get('today'false) === "1";
  141.         $leakedPasswords $leakedPasswordRepository->findLeakedPasswordsByDate(
  142.             $organisation,
  143.             $today date('Y-m-d') : null
  144.         );
  146.         return $this->render('client/leakedpasswords.html.twig', [
  147.             'leakedpasswords' => $leakedPasswords,
  148.         ]);
  149.     }
  151.     /**
  152.      * @IsGranted("leaked-passwords")
  153.      * @Route("/leaked-password/{id}/notify", name="leakedpassowrd_notify")
  154.      */
  155.     public function notifyLeakedPassword(
  156.         LeakedPassword $leakedPassword,
  157.         LeakedPasswordManager $leakedPasswordManager,
  158.         Request $request
  159.     ): Response {
  160.         $notify filter_var($request->query->get('notify'false), FILTER_VALIDATE_BOOLEAN);
  161.         $leakedPasswordManager->notifyLeakedPassword(
  162.             $leakedPassword,
  163.             $this->getUser(),
  164.             $notify
  165.         );
  166.         return new JsonResponse(['response' => 'ok']);
  167.     }
  169.     /**
  170.      * @IsGranted("exposed-sub-domains")
  171.      * @Route("/exposed-domains/{id}/normal", name="normal_exposed_domain")
  172.      */
  173.     public function normalExposedDomain(
  174.         ExposedSubDomain $exposedSubDomain,
  175.         Request $request
  176.     ): Response {
  177.         $user $this->getUser();
  178.         $status filter_var($request->query->get('status'false), FILTER_VALIDATE_BOOLEAN);
  179.         if ($exposedSubDomain->getDomain()->getOrganisation()->getId() === $this->misc->getUserOrganisation($user)->getId()) {
  180.             $exposedSubDomain->setIsNormal($status);
  181.             $this->getDoctrine()->getManager()->flush();
  182.         }
  183.         return new JsonResponse(['response' => 'ok']);
  184.     }
  186.     /**
  187.      * @IsGranted("exposed-sub-domains")
  188.      * @Route("/exposed-subdomains", name="exposedsubdomains")
  189.      */
  190.     public function exposedSubDomains(Request $requestExposedSubDomainRepository $exposedSubDomainRepository)
  191.     {
  192.         /**
  193.          * @var User $user
  194.          */
  195.         $user $this->getUser();
  196.         $organisation $this->misc->getUserOrganisation($user) ;
  197.         return $this->render('client/exposedsubdomains.html.twig', [
  198.             'subdomains' => $exposedSubDomainRepository->findExposedSubDomainsByOrganisationAndDate($organisation),
  199.             'today' =>  $request->query->get('today'false) === "1"
  200.         ]);
  201.     }
  203.     /**
  204.      * @IsGranted("exposed-ips-and-ports")
  205.      * @Route("/exposed-ips-ports/{id}/normal", name="normal_exposed_ip")
  206.      */
  207.     public function normalExposedIp(
  208.         ExposedIp $exposedIp,
  209.         Request $request
  210.     ): Response {
  211.         $user $this->getUser();
  212.         $status filter_var($request->query->get('normal'false), FILTER_VALIDATE_BOOLEAN);
  213.         if ($exposedIp->getOrganisation()->getId() === $this->misc->getUserOrganisation($user)->getId()) {
  214.             $exposedIp->setIsNormal(!$status);
  215.             $this->getDoctrine()->getManager()->flush();
  216.         }
  217.         return new JsonResponse([
  218.             'response' => 'ok',
  219.             'class' => !$status 'normal' 'abnormal',
  220.             'html' => !$status 'Normal' 'Abnormal',
  221.         ]);
  222.     }
  224.     /**
  225.      * @IsGranted("exposed-ips-and-ports")
  226.      * @Route("/exposed-ips-ports", name="exposedipsports")
  227.      */
  228.     public function exposedIpsPorts(ExposedIpRepository $exposedIpRepository)
  229.     {
  230.         /**
  231.          * @var User $user
  232.          */
  233.         $user $this->getUser();
  234.         /**
  235.          * @var Organisation $organisation
  236.          */
  237.         $organisation  $this->misc->getUserOrganisation($user);
  238.         return $this->render(
  239.             'client/exposedipsports.html.twig',
  240.             [
  241.                 "ips" => $exposedIpRepository->findExposedIpsByOrgaAndDate($organisation)
  242.             ]
  243.         );
  244.     }
  246.     /**
  247.      * @IsGranted("potential-vulnerabilities")
  248.      * @Route("/potential-vulnerabilities", name="potentialvulnerabilities")
  249.      */
  250.     public function potentialVulnerabilities(
  251.         Request $request,
  252.         CronLogRepository $cronLogRepository,
  253.         DomainRepository $domainRepository
  254.     ) {
  255.         $today $request->query->get('today'false) === "1";
  256.         /**
  257.          * @var User $user
  258.          */
  259.         $user $this->getUser();
  260.         $organisation $this->misc->getUserOrganisation($user);
  262.         $lastExec $cronLogRepository
  263.             ->findOneBy(
  264.                 ['organisation' => $organisation'commandName' => 'app:processing-organization'],
  265.                 ['id' => 'DESC']
  266.             );
  268.         $domains = [];
  269.         /**
  270.          * @var Domain $domain
  271.          */
  272.         foreach ($domainRepository->findDomainsByOrga($organisation) as $domain) {
  273.             if (!isset($domains[$domain->getUrl()])) {
  274.                 $domains[$domain->getUrl()] = [];
  275.             }
  277.             /**
  278.              * @var Vulnerability $vul
  279.              */
  280.             foreach ($domain->getVulnerabilities() as $vul) {
  281.                 if ($today && $vul->getCreatedAt()->format('Y-m-d') != date('Y-m-d')) {
  282.                     continue;
  283.                 }
  284.                 $key $this->getUrl($vul->getMetadata()) ;
  285.                 if (!isset($domains[$key][$vul->getLevel()->getSlug()])) {
  286.                     $domains[$key][$vul->getLevel()->getSlug()] = [];
  287.                 }
  288.                 $domains[$key][$vul->getLevel()->getSlug()] = $vul->getLevel();
  289.             }
  290.         }
  292.         return $this->render('client/potentialvulnerabilities.html.twig', [
  293.             'domains' => $domains,
  294.             'today' => $today,
  295.             'lastExec' => $lastExec,
  296.         ]);
  297.     }
  299.     /**
  300.      * @IsGranted("potential-vulnerabilities")
  301.      * @Route("/get-vulnerabilities", name="getvulnerabilities")
  302.      */
  303.     public function getVulnerabilities(
  304.         Request $request,
  305.         VulnerabilityRepository $vulnerabilityRepository
  306.     ) {
  307.         /**
  308.          * @var User $user
  309.          */
  310.         $user $this->getUser();
  312.         $domain_url $request->query->get('domain');
  313.         $level_id $request->query->get('level'\false);
  314.         $today $request->query->get('today'\false);
  316.         $vuls $vulnerabilityRepository->findVulnerabilitiesByDomainAndLevel($domain_url$level_id$today);
  317.         if (!empty($vuls)) {
  318.             $v $vuls[0];
  319.             if ($v->getDomain()->getOrganisation()->getId() !== $this->misc->getUserOrganisation($user)->getId()) {
  320.                 $vuls = [];
  321.             }
  322.         }
  324.         $levels = [];
  325.         foreach ($vuls as $vul) {
  326.             $levels[] = $vul->getLevel()->getSlug();
  327.         }
  329.         return $this->render('client/tablevulnerabilities.html.twig', [
  330.             'vuls' => $vuls,
  331.             'levels' => \array_unique($levels),
  332.         ]);
  333.     }
  335.     /**
  336.      * @Route("/notifications", name="notifications")
  337.      */
  338.     public function notifications()
  339.     {
  340.         /**
  341.          * @var User $user
  342.          */
  343.         $user $this->getUser();
  344.         $em $this->getDoctrine()->getManager();
  346.         $leakedPassword $em->getRepository(LeakedPassword::class)->findLeakedPasswordsByDate(
  347.             $this->misc->getUserOrganisation($user),
  348.             date('Y-m-d'),
  349.             '%Y-%m-%d'
  350.         );
  351.         $exposedSubDomain $em->getRepository(ExposedSubDomain::class)->findExposedSubDomainsByOrganisationAndDate(
  352.             $this->misc->getUserOrganisation($user),
  353.             date('Y-m-d'),
  354.             '%Y-%m-%d'
  355.         );
  356.         $vulnerability $em->getRepository(Vulnerability::class)->findVulnerabilitiesByOrganisationAndDate(
  357.             $this->misc->getUserOrganisation($user),
  358.             date('Y-m-d'),
  359.             '%Y-%m-%d'
  360.         );
  362.         $count 0;
  363.         if (count($leakedPassword)>0) {
  364.             $count++;
  365.         }
  366.         if (count($exposedSubDomain)>0) {
  367.             $count++;
  368.         }
  369.         if (count($vulnerability)>0) {
  370.             $count++;
  371.         }
  373.         return $this->render('partials/customer/notifications.html.twig', [
  374.             'count' => $count,
  375.             'leakedPassword' => count($leakedPassword),
  376.             'exposedSubDomain' => count($exposedSubDomain),
  377.             'vulnerability' => count($vulnerability),
  378.         ]);
  379.     }
  381.     /**
  382.      * @IsGranted("dark-web-exposure")
  383.      * @Route("/dark-web-exposure", name="darkwebexposure")
  384.      */
  385.     public function darkwebexposure(Request $requestDarkOwlRepository $darkOwlRepository)
  386.     {
  387.         /**
  388.         * @var User $user
  389.         */
  390.         $user $this->getUser();
  391.         $datas $darkOwlRepository->findByOrganisation($this->misc->getUserOrganisation($user));
  393.         return $this->render('client/darkwebexposure.html.twig', [
  394.             'darkOwls' => $datas
  395.         ]);
  396.     }
  398.     /**
  399.      * @IsGranted("dark-web-exposure")
  400.      * @Route("/dark-web-exposure/{documentID}", name="darkwebexposure-details")
  401.      */
  402.     public function darkwebexposureDetails(Request $requestDarkOwl $darkOwl)
  403.     {
  404.         return $this->render('client/darkwebexposure-details.html.twig', [
  405.             'darkowl' => $darkOwl
  406.         ]);
  407.     }
  409.     /**
  410.      * @IsGranted("dark-web-exposure")
  411.      * @Route("/dark-web-exposure/{documentID}/download", name="darkwebexposure-download")
  412.      */
  413.     public function downloadDarkwebexposureDetails(Request $requestDarkOwl $darkOwl)
  414.     {
  415.         $body \str_replace('\n'"\n"$darkOwl->getBody());
  416.         $filename 'cypherleak-'.$darkOwl->getDocumentID().'.txt';
  417.         $filepath sys_get_temp_dir().\DIRECTORY_SEPARATOR.$filename;
  419.         $file \fopen($filepath'w');
  420.         \fwrite($file$body);
  421.         \fclose($file);
  423.         $response = new BinaryFileResponse($filepath);
  425.         $disposition HeaderUtils::makeDisposition(
  426.             HeaderUtils::DISPOSITION_ATTACHMENT,
  427.             $filename
  428.         );
  430.         $response->headers->set('Content-Disposition'$disposition);
  432.         return $response;
  433.     }
  435.     
  437.     private function getUrl($url)
  438.     {
  439.         $parts \explode('/'$url);
  440.         return count($parts)>= $parts[0].'//'.$parts[2] : $url;
  441.     }
  442. }