sh.sh
#!/bin/sh
# rocedu (http://www.cnblogs.com/rocedu)
# Wechat Public Number: rocedu
clear
echo "//=====Today:====================================="
echo "code summary information:"
find . \( -name "*.py" -o -name "*.html" -o -name "*.php" \) -mtime 0 | xargs cat | grep -v ^$ | wc -l
echo "documents summary information:"
find . -name "*.md" -mtime 0 | xargs cat | grep -v ^$ | wc -l
echo ""
echo "//=====This Week:================================="
echo "code summary information:"
find . \( -name "*.py" -o -name "*.html" -o -name "*.php" \) -mtime -7 | xargs cat | grep -v ^$ | wc -l
echo "documents summary information:"
find . -name "*.md" -mtime -7 | xargs cat | grep -v ^$ | wc -l
git log --pretty=format:"%h - %an,%ci: %s " | grep `date +%F --date="-0 days"`
git log --pretty=format:"%h - %an,%ci: %s " | grep `date +%F --date="-1 days"`
git log --pretty=format:"%h - %an,%ci: %s " | grep `date +%F --date="-2 days"`
git log --pretty=format:"%h - %an,%ci: %s " | grep `date +%F --date="-3 days"`
git log --pretty=format:"%h - %an,%ci: %s " | grep `date +%F --date="-4 days"`
git log --pretty=format:"%h - %an,%ci: %s " | grep `date +%F --date="-5 days"`
git log --pretty=format:"%h - %an,%ci: %s " | grep `date +%F --date="-6 days"`
echo ""
echo ""
echo "//=====This Semester:=============================="
echo "code summary information:"
find . \( -name "*.py" -o -name "*.html" -o -name "*.php" \) | xargs cat | grep -v ^$ | wc -l
echo "documents summary information:"
find . -name "*.md" | xargs cat | grep -v ^$ | wc -l
echo "commit history:"
git log --pretty=format:"%h - %an,%ci: %s "
app.py
import streamlit as st
# streamlit是一个高效的可视化模块展示库
# 调用css,HTML的库
from htmlTemplates import css, bot_template
# 读取文件的库
from docx import Document
# 正则表达式规范上传文件
import re
# 调用openai库
import openai
# 导入时间性能测试
import time
# Openai地址,可代理
openai.api_base = "https://api.gpts.vin/v1"
# 使用chatGPT的API密钥
openai.api_key = "sk-HMGAfRVg1gGixBb28a8f8a89FfB74b5fB3E789Bc7eF6E34b"
# 设置提示模板
prompts = [
"安全漏洞",
"sql漏洞检测",
"缓冲区溢出漏洞检测",
"XSS漏洞检测",
"csrf漏洞检测",
"ssrf漏洞检测"
]
# 选择不同风格
prompts1 = [
"严肃庄重",
"和蔼可亲",
"幽默风趣"
]
# 选择几种方案
prompts2 = [
"1",
"2"
]
# 文本读取
# 经典初始化
def get_docx_text(docx_docs):
# 初始化
# 读取文本
text = ""
for docx in docx_docs:
doc = Document(docx)
for para in doc.paragraphs:
text += para.text + "\n"
return text
def handle_userinput(prompt, prompt1, prompt2, prompt3, prompt4, raw_text):
# Clean and normalize the input
# 将输入清理和正常化
cleaned_prompt = re.sub(r'[^\w\s]', '', prompt)
cleaned_prompt1 = re.sub(r'[^\w\s]', '', prompt1)
cleaned_prompt2 = re.sub(r'[^\w\s]', '', prompt2)
cleaned_prompt3 = re.sub(r'[^\w\s]', '', prompt3)
cleaned_prompt4 = re.sub(r'[^\w\s]', '', prompt4)
cleaned_text = re.sub(r'[^\w\s\n]', '', raw_text)
# 发送给大语言模型的问题
# 包括了前面的提示词
# 不仅可以有多重选项,还可以输入提示
combined_input = (f"请检查下面代码中具体在哪行存在{cleaned_prompt}和不足"
f"{cleaned_prompt3}。"
f"请你用{cleaned_prompt1}的风格指出,并进行改进。"
f"请给出{cleaned_prompt2}种方案。"
f"{cleaned_prompt4}。"
f"\n代码如下:\n{cleaned_text}")
# 获取系统运行时间和CPU时间
start_time = time.time()
start_cpu_time = time.process_time()
# Replace 'st.session_state.conversation' with the proper OpenAI API call
# 模型类别为gpt-3.5
# 先将它定义为代码漏洞分析师
# 再将上面的问题调进来。user就是发送用户的问题
# 这些都是提示词的作用
response = openai.ChatCompletion.create(
model="gpt-3.5-turbo",
messages=[{"role": "system",
"content": "你是一个非常优秀、老练的代码漏洞分析师!"},
{"role": "user",
"content": combined_input}]
)
# 结束运行时间和CPU时间
end_time = time.time()
end_cpu_time = time.process_time()
# 结束运行时间和CPU时间
run_time = end_time - start_time
cpu_time = end_cpu_time - start_cpu_time
# Process and display the responses
if 'choices' in response and len(response['choices']) > 0 and 'message' in response['choices'][0]:
# 大语言模型的回复
bot_response = response['choices'][0]['message']['content']
# 显示系统运行时间和CPU时间
st.write(f"系统运行时间: {run_time:.2f} 秒, CPU时间: {cpu_time:.2f} 秒")
# 显示大语言模型的回答
# 更新占位符
st.write(bot_template.replace("{{MSG}}", bot_response),
unsafe_allow_html=True)
def main():
# 导航栏
st.set_page_config(page_title="漏洞检测机器人",
page_icon=":books:")
# 调用htmlTemplates.py中的功能显示格式
st.write(css, unsafe_allow_html=True)
# 初始化对话
if "conversation" not in st.session_state:
st.session_state.conversation = None
# 界面标题
st.header("DOCX文件代码漏洞检测:books:")
# 创建左侧栏和右侧栏
# 左侧栏和右侧栏长度比为一比三
left_col, right_col = st.columns([1, 3])
# 选择即将检测的漏洞类型
with left_col:
st.subheader("选择功能模板")
# 四个提示词选项
# 前三个可以选
# 第四个可以输入其他提示选项
selected_prompt = st.selectbox("请选择一种待检测漏洞", prompts)
selected_prompt1 = st.selectbox("请选择一种系统输出风格", prompts1)
selected_prompt2 = st.selectbox("你想让系统提供几种方案", prompts2)
with right_col:
# 功能补充输入
st.subheader("补充输入框")
input_prompt3 = st.text_input("如果代码能继续详细分类,请指出,没有就空着", "")
input_prompt4 = st.text_input("请输入其他需要强调的信息,没有就空着", "")
# 上传文件区域
st.subheader("上传文件")
# 既可以点击上传,又可以拖入上传
docx_docs = st.file_uploader("在此上传你的DOCX文件并点击'检测'",
accept_multiple_files=True)
# 检测按钮
if st.button("检测"):
# 点击按钮后执行
# 类似于执行的时候等待
with st.spinner("检测中"):
# 获取docx文本
# 调用读取文本函数
raw_text = get_docx_text(docx_docs)
# 调用handle_userinput函数
# 包括了性能检测、交互模块
# 综合选项提示词和输入提示词
handle_userinput(selected_prompt,
selected_prompt1,
selected_prompt2,
input_prompt3,
input_prompt4,
raw_text)
if __name__ == '__main__':
main()
htmlTemplates.py
css = '''
<style>
.chat-message {
padding: 1.5rem;
border-radius: 0.5rem;
margin-bottom: 1rem;
display: flex
}
.chat-message.user {
background-color: #2b313e
}
.chat-message.bot {
background-color: #475063
}
.chat-message .avatar {
width: 20%;
}
.chat-message .avatar img {
max-width: 78px;
max-height: 78px;
border-radius: 50%;
object-fit: cover;
}
.chat-message .message {
width: 80%;
padding: 0 1.5rem;
color: #fff;
}
'''
# .chat-message: 这是一个基础样式,应用于所有的聊天消息气泡,
# 设置了内边距、圆角、外边距以及使用Flex布局来方便排列内部元素。
# .chat-message.bot: 特定于机器人的聊天气泡,背景颜色稍浅(#475063)。
# .chat-message .avatar: 每个消息气泡内的头像容器
# .chat-message .avatar img:
# 对头像图片的具体样式设定,限制最大宽高为78px,
# 确保圆形显示(通过border-radius: 50%),
# 并使用object-fit: cover来保持图片的原始比例并填充容器。
# .chat-message .message: 消息文本部分的样式,占80%的宽度,有内边距,
# 并将文字颜色设置为白色,以确保在不同背景色下都清晰可读。
bot_template = '''
<div class="chat-message bot">
<div class="avatar">
<img src="https://i.ibb.co/cN0nmSj/Screenshot-2023-05-28-at-02-37-21.png"
style="max-height: 78px;
max-width: 78px;
border-radius: 50%;
object-fit: cover;">
</div>
<div class="message">{{MSG}}</div>
</div>
'''
# 定义了机器人消息的HTML结构,
# 包含一个头像(图片链接指向一个截图图像)
# 和一个用于显示消息文本的容器
# 文本由{{MSG}}占位符表示。
# 开发者会动态替换模板中的{{MSG}}占位符为实际的聊天内容,
# 有时候网太卡了连接头像连接不上
# https://i.ibb.co/cN0nmSj/Screenshot-2023-05-28-at-02-37-21.png
login.php
<?php
header("content-type:text/html;charset=utf-8");
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
// 创建连接
$conn = new mysqli($servername, $username, $password, $dbname);
$conn->set_charset('utf8'); // 设置客户端字符集为utf8
// 检查连接
if ($conn->connect_error) {
die("连接失败: " . $conn->connect_error);
} else {
//echo "连接成功";
// 获取前端传来的所有用户输入数据
$name = $_POST['name'];
$pw = $_POST['pw'];
$tele = $_POST['tele'];
$email = $_POST['email'];
$idCard = $_POST['shenfen'];
$query = "SELECT * FROM users WHERE username = '$name' LIMIT 1";
$result = $conn->query($query);
$row = $result->fetch_assoc();
if($row['id']!=null){
if ($pw==$row['password_ha']&&$tele==$row['telephone']&&$email==$row['email']&&$idCard==$row['shenfen']){
header('Location: http://192.168.0.156:8501');
}else{
echo '登录失败,用户名、密码、电话、邮箱或身份证号码不匹配!';
}
}else{
echo '登录失败,用户不存在!';
}
// 执行查询
}
exit();
?>
loudongjiance.html
<!DOCTYPE html>
<html lang="en">
<!-- https://codepen.io/danielkvist/pen/LYNVyPL -->
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
<script type="text/javascript" src='js/jquery.js'></script>
<style>
:root {
/* COLORS */
--white: #e9e9e9;
--gray: #333;
--blue: #0367a6;
--lightblue: #008997;
/* RADII */
--button-radius: 0.7rem;
/* SIZES */
--max-width: 758px;
--max-height: 500px;
font-size: 16px;
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen,
Ubuntu, Cantarell, "Open Sans", "Helvetica Neue", sans-serif;
}
body {
align-items: center;
background-color: var(--white);
background: url("https://res.cloudinary.com/dbhnlktrv/image/upload/v1599997626/background_oeuhe7.jpg");
/* 决定背景图像的位置是在视口内固定,或者随着包含它的区块滚动。 */
/* https://developer.mozilla.org/zh-CN/docs/Web/CSS/background-attachment */
background-attachment: fixed;
background-position: center;
background-repeat: no-repeat;
background-size: cover;
display: grid;
height: 100vh;
place-items: center;
}
.form__title {
font-weight: 300;
margin: 0;
margin-bottom: 1.25rem;
}
.link {
color: var(--gray);
font-size: 0.9rem;
margin: 1.5rem 0;
text-decoration: none;
}
.container {
background-color: var(--white);
border-radius: var(--button-radius);
box-shadow: 0 0.9rem 1.7rem rgba(0, 0, 0, 0.25),
0 0.7rem 0.7rem rgba(0, 0, 0, 0.22);
height: var(--max-height);
max-width: var(--max-width);
overflow: hidden;
position: relative;
width: 100%;
}
.container__form {
height: 100%;
position: absolute;
top: 0;
transition: all 0.6s ease-in-out;
}
.container--signin {
left: 0;
width: 50%;
z-index: 2;
}
.container.right-panel-active .container--signin {
transform: translateX(100%);
}
.container--signup {
left: 0;
opacity: 0;
width: 50%;
z-index: 1;
}
.container.right-panel-active .container--signup {
animation: show 0.6s;
opacity: 1;
transform: translateX(100%);
z-index: 5;
}
.container__overlay {
height: 100%;
left: 50%;
overflow: hidden;
position: absolute;
top: 0;
transition: transform 0.6s ease-in-out;
width: 50%;
z-index: 100;
}
.container.right-panel-active .container__overlay {
transform: translateX(-100%);
}
.overlay {
background-color: var(--lightblue);
background: url("https://cdn.pixabay.com/photo/2018/08/14/13/23/ocean-3605547_1280.jpg");
background-attachment: fixed;
background-position: center;
background-repeat: no-repeat;
background-size: cover;
height: 100%;
left: -100%;
position: relative;
transform: translateX(0);
transition: transform 0.6s ease-in-out;
width: 200%;
}
.container.right-panel-active .overlay {
transform: translateX(50%);
}
.overlay__panel {
align-items: center;
display: flex;
flex-direction: column;
height: 100%;
justify-content: center;
position: absolute;
text-align: center;
top: 0;
transform: translateX(0);
transition: transform 0.6s ease-in-out;
width: 50%;
}
.overlay--left {
transform: translateX(-20%);
}
.container.right-panel-active .overlay--left {
transform: translateX(0);
}
.overlay--right {
right: 0;
transform: translateX(0);
}
.container.right-panel-active .overlay--right {
transform: translateX(20%);
}
.btn {
background-color: var(--blue);
background-image: linear-gradient(90deg, var(--blue) 0%, var(--lightblue) 74%);
border-radius: 20px;
border: 1px solid var(--blue);
color: var(--white);
cursor: pointer;
font-size: 0.8rem;
font-weight: bold;
letter-spacing: 0.1rem;
padding: 0.9rem 4rem;
text-transform: uppercase;
transition: transform 80ms ease-in;
}
.form>.btn {
margin-top: 1.5rem;
}
.btn:active {
transform: scale(0.95);
}
.btn:focus {
outline: none;
}
.form {
background-color: var(--white);
display: flex;
align-items: center;
justify-content: center;
flex-direction: column;
padding: 0 3rem;
height: 100%;
text-align: center;
}
.input {
background-color: #fff;
border: none;
padding: 0.9rem 0.9rem;
margin: 0.5rem 0;
width: 100%;
}
@keyframes show {
0%,
49.99% {
opacity: 0;
z-index: 1;
}
50%,
100% {
opacity: 1;
z-index: 5;
}
}
</style>
</head>
<h1> 您好!欢迎使用自动化漏洞检测系统!</h1>
<body>
<div class="container right-panel-active">
<!-- 简介 -->
<div class="container__form container--signup">
<form action="#" class="form" id="form1">
<div id="jieshao">
<div>
<h4>系统简介:</h4>
<p class="p1">
本系统可以辅助检测源代码中的缓冲区溢出漏洞、SQL注入漏洞、XSS漏洞、CSRF漏洞和SSRF漏洞!
</p>
<p class="p1">
你可以在使用界面选择你要检测的漏洞,然后点击上传文件,或者直接把文件拖到待检测区域。
注意,一定要把代码放到docx文件中哦!
另外,请注意使用次数,不要过多使用,更不要让未经允许的第三方使用哦!
这是要花钱的!每和大语言模型对一次话都要花钱哟!
</p>
</div>
</div>
</form>
</div>
<!-- 登录 -->
<div class="container__form container--signin">
<form action="login.php" class="form" method="post" >
<h2 class="form__title">登录</h2>
<div class="input_box">
<input type="text" placeholder="请输入用户名" class="input" id="name">
</div>
<div class="input_box">
<input type="password" placeholder="请输入密码" class="input" id="pw">
</div>
<div class="input_box">
<input type="text" placeholder="请输入电话号码" class="input" id="tele">
</div>
<div class="input_box">
<input type="text" placeholder="请输入邮箱" class="input" id="email">
</div>
<div id="input_box">
<input type="text" placeholder="请输入身份证号码" class="input" id="shenfen">
</div>
<button class="btn">登录</button>
</form>
</div>
<!-- Overlay -->
<div class="container__overlay">
<div class="overlay">
<div class="overlay__panel overlay--left">
<button class="btn" id="signIn">返回登录界面</button>
</div>
<div class="overlay__panel overlay--right">
<button class="btn" id="signUp">系统简介</button>
</div>
</div>
</div>
</div>
<script>
const signInBtn = document.getElementById("signIn");
const signUpBtn = document.getElementById("signUp");
const fistForm = document.getElementById("form1");
const secondForm = document.getElementById("form2");
const container = document.querySelector(".container");
signInBtn.addEventListener("click", () => {
container.classList.remove("right-panel-active");
});
signUpBtn.addEventListener("click", () => {
container.classList.add("right-panel-active");
});
fistForm.addEventListener("submit", (e) => e.preventDefault());
secondForm.addEventListener("submit", (e) => e.preventDefault());
</script>
</body>
</html>