SELECT * FROM `vulnerabilities` where rule_name='MySQL Execute Functions可能导致SQL注入'
查看XSS漏洞
1
SELECT * FROM `vulnerabilities` where rule_name='直接输出入参可能导致XSS'
统计每个小组的漏洞数量
1 2 3 4
SELECT p.manager,count(*) FROM `vulnerabilities` as v left join scan_record as s on v.`key`=s.`key` left join project as p on s.path=p.path group by p.manager;
SELECT REPLACE ( CONCAT(s.path, '/', v.file_path), '/web/product/', '' ) AS file, v.line_number, v.rule_name, v. LANGUAGE, v.code_content, v.id AS vulnerability_id, v.analysis, v. LEVEL, v.solution FROM `vulnerabilities` AS v LEFT JOIN scan_record AS s ON v.`key` = s.`key` LEFT JOIN project AS p ON s.path = p.path WHERE p.manager = '张三'
统计每种漏洞的数量,按照严重等级排序
1 2 3 4 5 6 7 8 9 10 11 12 13 14
SELECT rule_name, v. LEVEL, count(*) AS num FROM `vulnerabilities` AS v LEFT JOIN scan_record AS s ON v.`key` = s.`key` LEFT JOIN project AS p ON s.path = p.path WHERE p.manager = '张三' GROUP BY rule_name ORDER BY v. LEVEL DESC