Hugging Face's logo

Spaces:
capta1n
/
sdlmax3
Running

App Files Community
sdlmax3 / index.html
capta1n's picture
capta1n
Add 3 files
83d31cc verified
raw
history blame contribute delete
66.3 kB
 <!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>AI SDL Security Guardian</title>
<script src="https://cdn.tailwindcss.com"></script>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.0/css/all.min.css">
<style>
@keyframes pulse {
0%, 100% { opacity: 1; }
50% { opacity: 0.5; }
}
@keyframes rotate {
0% { transform: rotate(0deg); }
100% { transform: rotate(360deg); }
}
@keyframes flow {
0% { stroke-dashoffset: 100; }
100% { stroke-dashoffset: 0; }
}
.pulse {
animation: pulse 2s infinite;
}
.flow-arrow {
animation: flow 3s linear infinite;
}
.progress-ring {
transform: rotate(-90deg);
}
.progress-ring-circle {
transition: stroke-dashoffset 0.5s ease;
}
.avatar-blink {
animation: pulse 3s infinite;
}
.risk-counter {
animation: pulse 1.5s infinite;
}
.fade-in {
animation: fadeIn 0.5s ease-in;
}
@keyframes fadeIn {
from { opacity: 0; transform: translateY(10px); }
to { opacity: 1; transform: translateY(0); }
}
.code-highlight {
background-color: rgba(255, 255, 0, 0.3);
transition: background-color 0.3s;
}
.code-highlight:hover {
background-color: rgba(255, 255, 0, 0.6);
}
</style>
</head>
<body class="bg-gray-900 text-gray-100 font-sans">
<!-- Header -->
<header class="bg-gray-800 py-4 px-6 shadow-lg">
<div class="flex justify-between items-center">
<div class="flex items-center space-x-4">
<div class="w-12 h-12 rounded-full bg-blue-500 flex items-center justify-center avatar-blink">
<i class="fas fa-robot text-2xl"></i>
</div>
<div>
<h1 class="text-2xl font-bold">AI SDL Security Guardian</h1>
<p class="text-gray-400 text-sm">Your digital security companion</p>
</div>
</div>
<div class="flex items-center space-x-4">
<div class="bg-gray-700 px-4 py-2 rounded-lg">
<p class="text-sm text-gray-300">Last updated: <span id="last-updated">Just now</span></p>
</div>
<button class="bg-blue-600 hover:bg-blue-700 px-4 py-2 rounded-lg flex items-center space-x-2 transition">
<i class="fas fa-sync-alt"></i>
<span>Refresh</span>
</button>
</div>
</div>
</header>
<!-- Real-time Analysis Stats -->
<section class="bg-gray-800 p-6 mb-6 shadow-lg">
<div class="grid grid-cols-1 md:grid-cols-4 gap-6">
<div class="bg-gray-700 p-4 rounded-lg">
<div class="flex justify-between items-center">
<h3 class="text-gray-400">Projects Analyzed</h3>
<i class="fas fa-project-diagram text-blue-400"></i>
</div>
<p class="text-3xl font-bold mt-2">1,248</p>
<p class="text-green-400 text-sm mt-1">+24 today</p>
</div>
<div class="bg-gray-700 p-4 rounded-lg">
<div class="flex justify-between items-center">
<h3 class="text-gray-400">Code Lines Scanned</h3>
<i class="fas fa-code text-blue-400"></i>
</div>
<p class="text-3xl font-bold mt-2">4.2M</p>
<p class="text-green-400 text-sm mt-1">+120K today</p>
</div>
<div class="bg-gray-700 p-4 rounded-lg">
<div class="flex justify-between items-center">
<h3 class="text-gray-400">Active Risks</h3>
<i class="fas fa-exclamation-triangle text-red-400"></i>
</div>
<p class="text-3xl font-bold mt-2">87</p>
<p class="text-red-400 text-sm mt-1">+12 new</p>
</div>
<div class="bg-gray-700 p-4 rounded-lg">
<div class="flex justify-between items-center">
<h3 class="text-gray-400">Security Score</h3>
<i class="fas fa-shield-alt text-blue-400"></i>
</div>
<div class="flex items-center mt-2">
<p class="text-3xl font-bold">92%</p>
<div class="ml-2 w-full bg-gray-600 rounded-full h-2.5">
<div class="bg-green-500 h-2.5 rounded-full" style="width: 92%"></div>
</div>
</div>
<p class="text-green-400 text-sm mt-1">+2% this week</p>
</div>
</div>
</section>
<div class="container mx-auto px-6">
<!-- Main Content -->
<div class="flex flex-col lg:flex-row gap-6">
<!-- Left Panel - SDL Process Visualization -->
<div class="lg:w-2/3 bg-gray-800 rounded-xl p-6 shadow-lg">
<h2 class="text-xl font-bold mb-6 flex items-center">
<i class="fas fa-shield-virus mr-2 text-blue-400"></i>
SDL Process Analysis
</h2>
<div class="relative h-96">
<!-- Circular SDL Process Visualization -->
<div class="absolute inset-0 flex items-center justify-center">
<svg width="400" height="400" viewBox="0 0 400 400" class="mx-auto">
<!-- Data Flow Arrows -->
<path id="flow1" d="M200,50 A150,150 0 0,1 350,200" fill="none" stroke="url(#gradient1)" stroke-width="2" stroke-dasharray="10,5" class="flow-arrow" />
<path id="flow2" d="M350,200 A150,150 0 0,1 200,350" fill="none" stroke="url(#gradient2)" stroke-width="2" stroke-dasharray="10,5" class="flow-arrow" />
<path id="flow3" d="M200,350 A150,150 0 0,1 50,200" fill="none" stroke="url(#gradient3)" stroke-width="2" stroke-dasharray="10,5" class="flow-arrow" />
<path id="flow4" d="M50,200 A150,150 0 0,1 200,50" fill="none" stroke="url(#gradient4)" stroke-width="2" stroke-dasharray="10,5" class="flow-arrow" />
<defs>
<linearGradient id="gradient1" x1="0%" y1="0%" x2="100%" y2="0%">
<stop offset="0%" stop-color="#3B82F6" />
<stop offset="100%" stop-color="#10B981" />
</linearGradient>
<linearGradient id="gradient2" x1="0%" y1="0%" x2="100%" y2="0%">
<stop offset="0%" stop-color="#10B981" />
<stop offset="100%" stop-color="#F59E0B" />
</linearGradient>
<linearGradient id="gradient3" x1="0%" y1="0%" x2="100%" y2="0%">
<stop offset="0%" stop-color="#F59E0B" />
<stop offset="100%" stop-color="#EF4444" />
</linearGradient>
<linearGradient id="gradient4" x1="0%" y1="0%" x2="100%" y2="0%">
<stop offset="0%" stop-color="#EF4444" />
<stop offset="100%" stop-color="#8B5CF6" />
</linearGradient>
</defs>
<!-- SDL Process Nodes -->
<!-- Requirements -->
<g class="cursor-pointer hover:opacity-90 transition" onclick="showProcessDetail('requirements')">
<circle cx="200" cy="50" r="30" fill="#3B82F6" />
<text x="200" y="50" text-anchor="middle" fill="white" font-size="12" dy=".3em">Req</text>
<circle cx="200" cy="50" r="35" fill="none" stroke="#3B82F6" stroke-width="4" stroke-dasharray="78.5, 78.5" class="progress-ring-circle" stroke-dashoffset="17.27" />
<text x="200" y="90" text-anchor="middle" fill="#9CA3AF" font-size="10">78%</text>
<circle cx="230" cy="40" r="10" fill="#EF4444" class="risk-counter" />
<text x="230" y="40" text-anchor="middle" fill="white" font-size="8" dy=".3em">5</text>
</g>
<!-- Code -->
<g class="cursor-pointer hover:opacity-90 transition" onclick="showProcessDetail('code')">
<circle cx="350" cy="200" r="30" fill="#10B981" />
<text x="350" y="200" text-anchor="middle" fill="white" font-size="12" dy=".3em">Code</text>
<circle cx="350" cy="200" r="35" fill="none" stroke="#10B981" stroke-width="4" stroke-dasharray="78.5, 78.5" class="progress-ring-circle" stroke-dashoffset="31.4" />
<text x="350" y="240" text-anchor="middle" fill="#9CA3AF" font-size="10">60%</text>
<circle cx="380" cy="190" r="10" fill="#EF4444" class="risk-counter" />
<text x="380" y="190" text-anchor="middle" fill="white" font-size="8" dy=".3em">12</text>
</g>
<!-- Testing -->
<g class="cursor-pointer hover:opacity-90 transition" onclick="showProcessDetail('testing')">
<circle cx="200" cy="350" r="30" fill="#F59E0B" />
<text x="200" y="350" text-anchor="middle" fill="white" font-size="12" dy=".3em">Test</text>
<circle cx="200" cy="350" r="35" fill="none" stroke="#F59E0B" stroke-width="4" stroke-dasharray="78.5, 78.5" class="progress-ring-circle" stroke-dashoffset="47.1" />
<text x="200" y="390" text-anchor="middle" fill="#9CA3AF" font-size="10">40%</text>
<circle cx="230" cy="340" r="10" fill="#EF4444" class="risk-counter" />
<text x="230" y="340" text-anchor="middle" fill="white" font-size="8" dy=".3em">8</text>
</g>
<!-- Release -->
<g class="cursor-pointer hover:opacity-90 transition" onclick="showProcessDetail('release')">
<circle cx="50" cy="200" r="30" fill="#EF4444" />
<text x="50" y="200" text-anchor="middle" fill="white" font-size="12" dy=".3em">Release</text>
<circle cx="50" cy="200" r="35" fill="none" stroke="#EF4444" stroke-width="4" stroke-dasharray="78.5, 78.5" class="progress-ring-circle" stroke-dashoffset="23.55" />
<text x="50" y="240" text-anchor="middle" fill="#9CA3AF" font-size="10">70%</text>
<circle cx="80" cy="190" r="10" fill="#EF4444" class="risk-counter" />
<text x="80" y="190" text-anchor="middle" fill="white" font-size="8" dy=".3em">3</text>
</g>
<!-- Operations -->
<g class="cursor-pointer hover:opacity-90 transition" onclick="showProcessDetail('operations')">
<circle cx="110" cy="110" r="30" fill="#8B5CF6" />
<text x="110" y="110" text-anchor="middle" fill="white" font-size="12" dy=".3em">Ops</text>
<circle cx="110" cy="110" r="35" fill="none" stroke="#8B5CF6" stroke-width="4" stroke-dasharray="78.5, 78.5" class="progress-ring-circle" stroke-dashoffset="39.25" />
<text x="110" y="150" text-anchor="middle" fill="#9CA3AF" font-size="10">50%</text>
<circle cx="140" cy="100" r="10" fill="#EF4444" class="risk-counter" />
<text x="140" y="100" text-anchor="middle" fill="white" font-size="8" dy=".3em">7</text>
</g>
<!-- AI Avatar Center -->
<g>
<circle cx="200" cy="200" r="50" fill="#1F2937" />
<foreignObject x="150" y="150" width="100" height="100">
<div class="flex items-center justify-center h-full">
<div class="w-16 h-16 rounded-full bg-blue-500 flex items-center justify-center avatar-blink">
<i class="fas fa-robot text-2xl"></i>
</div>
</div>
</foreignObject>
<text x="200" y="220" text-anchor="middle" fill="white" font-size="10">Analyzing...</text>
</g>
</svg>
</div>
</div>
<div class="mt-8">
<h3 class="text-lg font-semibold mb-3 flex items-center">
<i class="fas fa-bolt mr-2 text-yellow-400"></i>
Analysis Insight
</h3>
<div class="bg-gray-700 rounded-lg p-4 h-40 overflow-y-auto">
<div class="space-y-3" id="analysis-insights">
<div class="fade-in flex items-start">
<div class="bg-blue-600 rounded-full w-6 h-6 flex items-center justify-center mr-2 mt-1">
<i class="fas fa-check text-xs"></i>
</div>
<div>
<p class="text-sm">Completed analysis: Alipay National Subsidy Project requirements</p>
<p class="text-xs text-gray-400">Identified 2 risks (SQLi, Auth Bypass)</p>
</div>
</div>
<div class="fade-in flex items-start">
<div class="bg-blue-600 rounded-full w-6 h-6 flex items-center justify-center mr-2 mt-1">
<i class="fas fa-check text-xs"></i>
</div>
<div>
<p class="text-sm">Completed analysis: Cloud Storage Optimization Project code</p>
<p class="text-xs text-gray-400">Found 3 vulnerabilities (XSS, IDOR, Hardcoded Secrets)</p>
</div>
</div>
<div class="fade-in flex items-start">
<div class="bg-blue-600 rounded-full w-6 h-6 flex items-center justify-center mr-2 mt-1">
<i class="fas fa-spinner fa-spin text-xs"></i>
</div>
<div>
<p class="text-sm">Analyzing: Payment Gateway API security tests</p>
<p class="text-xs text-gray-400">45% completed</p>
</div>
</div>
<div class="fade-in flex items-start">
<div class="bg-blue-600 rounded-full w-6 h-6 flex items-center justify-center mr-2 mt-1">
<i class="fas fa-check text-xs"></i>
</div>
<div>
<p class="text-sm">Completed analysis: User Profile Service release</p>
<p class="text-xs text-gray-400">Verified 12/15 fixes implemented</p>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Right Panel - Risk Alerts -->
<div class="lg:w-1/3 bg-gray-800 rounded-xl p-6 shadow-lg">
<div class="flex justify-between items-center mb-6">
<h2 class="text-xl font-bold flex items-center">
<i class="fas fa-exclamation-triangle mr-2 text-red-400"></i>
Risk Alerts
</h2>
<span class="bg-red-500 text-white text-xs px-2 py-1 rounded-full">87 Active</span>
</div>
<div class="space-y-4" id="risk-alerts">
<!-- Sample Risk Alert 1 -->
<div class="bg-gray-700 rounded-lg p-4 border-l-4 border-red-500 cursor-pointer hover:bg-gray-600 transition" onclick="showRiskDetail('alipay')">
<div class="flex justify-between items-start">
<div>
<h3 class="font-semibold">Alipay National Subsidy Project</h3>
<p class="text-sm text-gray-400">Project ID: PROJ-2023-048</p>
</div>
<span class="bg-red-500 text-white text-xs px-2 py-1 rounded-full">Critical</span>
</div>
<div class="mt-2">
<div class="flex flex-wrap gap-1">
<span class="bg-gray-600 text-xs px-2 py-1 rounded">Requirements</span>
<span class="bg-gray-600 text-xs px-2 py-1 rounded">Code</span>
</div>
</div>
<div class="mt-3">
<p class="text-sm">Risks: SQL Injection, Authorization Bypass</p>
<p class="text-xs text-gray-400 mt-1">Last detected: 15 minutes ago</p>
</div>
</div>
<!-- Sample Risk Alert 2 -->
<div class="bg-gray-700 rounded-lg p-4 border-l-4 border-orange-500 cursor-pointer hover:bg-gray-600 transition" onclick="showRiskDetail('cloud')">
<div class="flex justify-between items-start">
<div>
<h3 class="font-semibold">Cloud Storage Optimization</h3>
<p class="text-sm text-gray-400">Project ID: PROJ-2023-056</p>
</div>
<span class="bg-orange-500 text-white text-xs px-2 py-1 rounded-full">High</span>
</div>
<div class="mt-2">
<div class="flex flex-wrap gap-1">
<span class="bg-gray-600 text-xs px-2 py-1 rounded">Code</span>
<span class="bg-gray-600 text-xs px-2 py-1 rounded">Testing</span>
</div>
</div>
<div class="mt-3">
<p class="text-sm">Risks: XSS, Insecure Direct Object Reference</p>
<p class="text-xs text-gray-400 mt-1">Last detected: 1 hour ago</p>
</div>
</div>
<!-- Sample Risk Alert 3 -->
<div class="bg-gray-700 rounded-lg p-4 border-l-4 border-yellow-500 cursor-pointer hover:bg-gray-600 transition" onclick="showRiskDetail('payment')">
<div class="flex justify-between items-start">
<div>
<h3 class="font-semibold">Payment Gateway API</h3>
<p class="text-sm text-gray-400">Project ID: PROJ-2023-062</p>
</div>
<span class="bg-yellow-500 text-white text-xs px-2 py-1 rounded-full">Medium</span>
</div>
<div class="mt-2">
<div class="flex flex-wrap gap-1">
<span class="bg-gray-600 text-xs px-2 py-1 rounded">Testing</span>
<span class="bg-gray-600 text-xs px-2 py-1 rounded">Release</span>
</div>
</div>
<div class="mt-3">
<p class="text-sm">Risks: CSRF, Sensitive Data Exposure</p>
<p class="text-xs text-gray-400 mt-1">Last detected: 2 hours ago</p>
</div>
</div>
<!-- Sample Risk Alert 4 -->
<div class="bg-gray-700 rounded-lg p-4 border-l-4 border-blue-500 cursor-pointer hover:bg-gray-600 transition" onclick="showRiskDetail('user')">
<div class="flex justify-between items-start">
<div>
<h3 class="font-semibold">User Profile Service</h3>
<p class="text-sm text-gray-400">Project ID: PROJ-2023-071</p>
</div>
<span class="bg-blue-500 text-white text-xs px-2 py-1 rounded-full">Low</span>
</div>
<div class="mt-2">
<div class="flex flex-wrap gap-1">
<span class="bg-gray-600 text-xs px-2 py-1 rounded">Release</span>
<span class="bg-gray-600 text-xs px-2 py-1 rounded">Operations</span>
</div>
</div>
<div class="mt-3">
<p class="text-sm">Risks: Missing Security Headers</p>
<p class="text-xs text-gray-400 mt-1">Last detected: 4 hours ago</p>
</div>
</div>
</div>
<div class="mt-6">
<button class="w-full bg-blue-600 hover:bg-blue-700 py-2 rounded-lg flex items-center justify-center space-x-2 transition">
<i class="fas fa-file-alt"></i>
<span>Generate Security Report</span>
</button>
</div>
</div>
</div>
</div>
<!-- Risk Detail Modal -->
<div id="risk-detail-modal" class="fixed inset-0 bg-black bg-opacity-50 flex items-center justify-center z-50 hidden">
<div class="bg-gray-800 rounded-xl w-11/12 max-w-6xl max-h-screen overflow-y-auto" style="height: 90vh;">
<div class="p-6">
<div class="flex justify-between items-center mb-6">
<div>
<h2 class="text-2xl font-bold" id="risk-project-name">Alipay National Subsidy Project</h2>
<p class="text-gray-400" id="risk-project-id">PROJ-2023-048</p>
</div>
<div class="flex items-center space-x-4">
<span class="bg-red-500 text-white px-3 py-1 rounded-full text-sm" id="risk-severity">Critical</span>
<button onclick="closeRiskDetail()" class="text-gray-400 hover:text-white">
<i class="fas fa-times"></i>
</button>
</div>
</div>
<div class="grid grid-cols-1 md:grid-cols-5 gap-4 mb-6">
<button class="bg-blue-600 py-2 rounded-lg font-medium sdl-tab active" data-tab="requirements">Requirements</button>
<button class="bg-gray-700 hover:bg-gray-600 py-2 rounded-lg font-medium sdl-tab" data-tab="code">Code</button>
<button class="bg-gray-700 hover:bg-gray-600 py-2 rounded-lg font-medium sdl-tab" data-tab="testing">Testing</button>
<button class="bg-gray-700 hover:bg-gray-600 py-2 rounded-lg font-medium sdl-tab" data-tab="release">Release</button>
<button class="bg-gray-700 hover:bg-gray-600 py-2 rounded-lg font-medium sdl-tab" data-tab="operations">Operations</button>
</div>
<!-- Requirements Tab Content -->
<div id="requirements-content" class="sdl-tab-content">
<div class="grid grid-cols-1 lg:grid-cols-2 gap-6">
<div class="bg-gray-700 rounded-lg p-4">
<h3 class="font-semibold mb-3 flex items-center">
<i class="fas fa-file-alt mr-2 text-blue-400"></i>
Requirements Document
</h3>
<div class="bg-gray-800 p-4 rounded h-64 overflow-y-auto">
<h4 class="font-medium mb-2">Project Overview</h4>
<p class="text-sm mb-4">The Alipay National Subsidy Project aims to distribute government subsidies to eligible citizens through the Alipay platform. The system will integrate with multiple government databases to verify eligibility and process payments.</p>
<h4 class="font-medium mb-2">Technical Architecture</h4>
<div class="bg-gray-900 p-3 rounded mb-4">
<img src="https://via.placeholder.com/600x300?text=Technical+Architecture+Diagram" alt="Architecture Diagram" class="w-full rounded">
</div>
<h4 class="font-medium mb-2">Key Features</h4>
<ul class="text-sm list-disc pl-5 space-y-1">
<li>User eligibility verification via national ID</li>
<li>Direct subsidy transfer to verified Alipay accounts</li>
<li>Real-time transaction reporting to government systems</li>
<li>Multi-level approval workflow for large subsidies</li>
</ul>
</div>
</div>
<div class="bg-gray-700 rounded-lg p-4">
<h3 class="font-semibold mb-3 flex items-center">
<i class="fas fa-shield-alt mr-2 text-red-400"></i>
Security Analysis Results
</h3>
<div class="bg-gray-800 p-4 rounded h-64 overflow-y-auto">
<h4 class="font-medium mb-2">Threat Model</h4>
<div class="bg-gray-900 p-3 rounded mb-4">
<img src="https://via.placeholder.com/600x300?text=Threat+Model+Diagram" alt="Threat Model" class="w-full rounded">
</div>
<h4 class="font-medium mb-2">Identified Risks</h4>
<div class="space-y-3">
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium text-red-400">SQL Injection</h5>
<span class="bg-red-500 text-white text-xs px-2 py-1 rounded">Critical</span>
</div>
<p class="text-sm mt-1">Eligibility verification query concatenates user input without parameterization.</p>
<p class="text-xs text-gray-400 mt-2"><span class="font-medium">Recommendation:</span> Use prepared statements with parameterized queries.</p>
</div>
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium text-orange-400">Authorization Bypass</h5>
<span class="bg-orange-500 text-white text-xs px-2 py-1 rounded">High</span>
</div>
<p class="text-sm mt-1">Approval workflow lacks proper role validation, allowing lower-privileged users to approve large subsidies.</p>
<p class="text-xs text-gray-400 mt-2"><span class="font-medium">Recommendation:</span> Implement proper role-based access control with multi-factor approval for sensitive actions.</p>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Code Tab Content -->
<div id="code-content" class="sdl-tab-content hidden">
<div class="grid grid-cols-1 lg:grid-cols-2 gap-6">
<div class="bg-gray-700 rounded-lg p-4">
<h3 class="font-semibold mb-3 flex items-center">
<i class="fas fa-code mr-2 text-green-400"></i>
Code Review
</h3>
<div class="bg-gray-800 p-4 rounded h-96 overflow-y-auto">
<div class="mb-4">
<h4 class="font-medium mb-2">EligibilityService.java</h4>
<pre class="bg-gray-900 p-3 rounded text-sm overflow-x-auto"><code>public class EligibilityService {
public boolean checkEligibility(String nationalId) {
// Vulnerable SQL query - concatenates user input directly
String query = "SELECT * FROM citizens WHERE id = '" + nationalId + "' AND status = 'eligible'";
try (Connection conn = DriverManager.getConnection(DB_URL);
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery(query)) {
return rs.next();
} catch (SQLException e) {
logger.error("Error checking eligibility", e);
return false;
}
}
public void approveSubsidy(long userId, BigDecimal amount) {
// Missing proper authorization check
if (amount.compareTo(MAX_AUTO_APPROVAL) > 0) {
// Should verify user has APPROVER role
subsidyDao.approve(userId, amount);
} else {
subsidyDao.autoApprove(userId, amount);
}
}
}</code></pre>
</div>
<div>
<h4 class="font-medium mb-2">SubsidyController.java</h4>
<pre class="bg-gray-900 p-3 rounded text-sm overflow-x-auto"><code>@RestController
@RequestMapping("/api/subsidy")
public class SubsidyController {
@PostMapping("/approve")
public ResponseEntity approve(
@RequestParam long userId,
@RequestParam BigDecimal amount) {
// No CSRF protection
eligibilityService.approveSubsidy(userId, amount);
return ResponseEntity.ok().build();
}
}</code></pre>
</div>
</div>
</div>
<div class="bg-gray-700 rounded-lg p-4">
<h3 class="font-semibold mb-3 flex items-center">
<i class="fas fa-bug mr-2 text-red-400"></i>
Vulnerability Analysis
</h3>
<div class="bg-gray-800 p-4 rounded h-96 overflow-y-auto">
<div class="space-y-3">
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium text-red-400">SQL Injection</h5>
<span class="bg-red-500 text-white text-xs px-2 py-1 rounded">Critical</span>
</div>
<p class="text-sm mt-1">Found in EligibilityService.java (line 5)</p>
<p class="text-xs text-gray-400 mt-2"><span class="font-medium">Recommendation:</span> Replace with prepared statement: <code class="bg-gray-800 px-1 rounded">PreparedStatement ps = conn.prepareStatement("SELECT * FROM citizens WHERE id = ? AND status = 'eligible'");</code></p>
</div>
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium text-orange-400">Authorization Bypass</h5>
<span class="bg-orange-500 text-white text-xs px-2 py-1 rounded">High</span>
</div>
<p class="text-sm mt-1">Found in EligibilityService.java (line 16)</p>
<p class="text-xs text-gray-400 mt-2"><span class="font-medium">Recommendation:</span> Add role check: <code class="bg-gray-800 px-1 rounded">if (!userService.hasRole(currentUser, "APPROVER")) throw new AccessDeniedException();</code></p>
</div>
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium text-yellow-400">Missing CSRF Protection</h5>
<span class="bg-yellow-500 text-white text-xs px-2 py-1 rounded">Medium</span>
</div>
<p class="text-sm mt-1">Found in SubsidyController.java (line 8)</p>
<p class="text-xs text-gray-400 mt-2"><span class="font-medium">Recommendation:</span> Add Spring Security's CSRF protection or require CSRF token in request.</p>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Testing Tab Content -->
<div id="testing-content" class="sdl-tab-content hidden">
<div class="grid grid-cols-1 lg:grid-cols-2 gap-6">
<div class="bg-gray-700 rounded-lg p-4">
<h3 class="font-semibold mb-3 flex items-center">
<i class="fas fa-vial mr-2 text-yellow-400"></i>
Security Test Cases
</h3>
<div class="bg-gray-800 p-4 rounded h-96 overflow-y-auto">
<div class="mb-4">
<h4 class="font-medium mb-2">SQL Injection Test</h4>
<div class="bg-gray-900 p-3 rounded">
<p class="text-sm mb-2"><span class="font-medium">Endpoint:</span> POST /api/eligibility/check</p>
<p class="text-sm mb-2"><span class="font-medium">Payload:</span> <code class="bg-gray-800 px-1 rounded">{"nationalId": "123' OR '1'='1'--"}</code></p>
<p class="text-sm"><span class="font-medium">Result:</span> <span class="text-red-400">Vulnerable</span> - Returned eligibility for invalid ID</p>
</div>
</div>
<div class="mb-4">
<h4 class="font-medium mb-2">Authorization Bypass Test</h4>
<div class="bg-gray-900 p-3 rounded">
<p class="text-sm mb-2"><span class="font-medium">Endpoint:</span> POST /api/subsidy/approve?userId=456&amount=10000</p>
<p class="text-sm mb-2"><span class="font-medium">Headers:</span> Regular user token without approver role</p>
<p class="text-sm"><span class="font-medium">Result:</span> <span class="text-red-400">Vulnerable</span> - Allowed approval without proper role</p>
</div>
</div>
<div>
<h4 class="font-medium mb-2">CSRF Test</h4>
<div class="bg-gray-900 p-3 rounded">
<p class="text-sm mb-2"><span class="font-medium">Endpoint:</span> POST /api/subsidy/approve</p>
<p class="text-sm mb-2"><span class="font-medium">Test:</span> Replayed request without CSRF token</p>
<p class="text-sm"><span class="font-medium">Result:</span> <span class="text-red-400">Vulnerable</span> - Request processed without token validation</p>
</div>
</div>
</div>
</div>
<div class="bg-gray-700 rounded-lg p-4">
<h3 class="font-semibold mb-3 flex items-center">
<i class="fas fa-chart-bar mr-2 text-purple-400"></i>
Test Results Analysis
</h3>
<div class="bg-gray-800 p-4 rounded h-96 overflow-y-auto">
<div class="space-y-3">
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium text-red-400">SQL Injection</h5>
<span class="bg-red-500 text-white text-xs px-2 py-1 rounded">Critical</span>
</div>
<p class="text-sm mt-1">Confirmed via automated testing and manual verification.</p>
<p class="text-xs text-gray-400 mt-2"><span class="font-medium">Impact:</span> Allows attackers to bypass eligibility checks and potentially extract all citizen data.</p>
</div>
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium text-orange-400">Authorization Bypass</h5>
<span class="bg-orange-500 text-white text-xs px-2 py-1 rounded">High</span>
</div>
<p class="text-sm mt-1">Verified through role manipulation tests.</p>
<p class="text-xs text-gray-400 mt-2"><span class="font-medium">Impact:</span> Could allow fraudulent subsidy approvals leading to financial losses.</p>
</div>
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium text-yellow-400">CSRF Vulnerability</h5>
<span class="bg-yellow-500 text-white text-xs px-2 py-1 rounded">Medium</span>
</div>
<p class="text-sm mt-1">Confirmed via automated CSRF test suite.</p>
<p class="text-xs text-gray-400 mt-2"><span class="font-medium">Impact:</span> Could lead to unauthorized subsidy approvals if user visits malicious site while authenticated.</p>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Release Tab Content -->
<div id="release-content" class="sdl-tab-content hidden">
<div class="grid grid-cols-1 lg:grid-cols-2 gap-6">
<div class="bg-gray-700 rounded-lg p-4">
<h3 class="font-semibold mb-3 flex items-center">
<i class="fas fa-upload mr-2 text-red-400"></i>
Release Checklist
</h3>
<div class="bg-gray-800 p-4 rounded h-96 overflow-y-auto">
<div class="space-y-4">
<div class="flex items-start">
<div class="mr-3 mt-1">
<input type="checkbox" class="rounded text-blue-500" checked>
</div>
<div>
<p class="font-medium">Code Review Completed</p>
<p class="text-sm text-gray-400">All code has been reviewed by at least one other developer</p>
</div>
</div>
<div class="flex items-start">
<div class="mr-3 mt-1">
<input type="checkbox" class="rounded text-blue-500">
</div>
<div>
<p class="font-medium">SQL Injection Fix Verified</p>
<p class="text-sm text-gray-400">Parameterized queries implemented for all database access</p>
</div>
</div>
<div class="flex items-start">
<div class="mr-3 mt-1">
<input type="checkbox" class="rounded text-blue-500">
</div>
<div>
<p class="font-medium">Authorization Controls Implemented</p>
<p class="text-sm text-gray-400">Role checks added for subsidy approval workflow</p>
</div>
</div>
<div class="flex items-start">
<div class="mr-3 mt-1">
<input type="checkbox" class="rounded text-blue-500" checked>
</div>
<div>
<p class="font-medium">Security Tests Passed</p>
<p class="text-sm text-gray-400">All automated security tests show no critical vulnerabilities</p>
</div>
</div>
<div class="flex items-start">
<div class="mr-3 mt-1">
<input type="checkbox" class="rounded text-blue-500">
</div>
<div>
<p class="font-medium">CSRF Protection Added</p>
<p class="text-sm text-gray-400">CSRF tokens required for all state-changing requests</p>
</div>
</div>
</div>
</div>
</div>
<div class="bg-gray-700 rounded-lg p-4">
<h3 class="font-semibold mb-3 flex items-center">
<i class="fas fa-exclamation-circle mr-2 text-orange-400"></i>
Outstanding Risks
</h3>
<div class="bg-gray-800 p-4 rounded h-96 overflow-y-auto">
<div class="space-y-3">
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium text-orange-400">Authorization Bypass</h5>
<span class="bg-orange-500 text-white text-xs px-2 py-1 rounded">High</span>
</div>
<p class="text-sm mt-1">Role checks implemented but not fully tested in all scenarios.</p>
<p class="text-xs text-gray-400 mt-2"><span class="font-medium">Action Required:</span> Complete end-to-end testing of approval workflow with different user roles.</p>
</div>
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium text-yellow-400">CSRF Protection</h5>
<span class="bg-yellow-500 text-white text-xs px-2 py-1 rounded">Medium</span>
</div>
<p class="text-sm mt-1">Tokens implemented but not yet verified in production-like environment.</p>
<p class="text-xs text-gray-400 mt-2"><span class="font-medium">Action Required:</span> Verify CSRF token behavior in staging environment before production release.</p>
</div>
</div>
<div class="mt-6">
<h4 class="font-medium mb-2">Release Recommendation</h4>
<div class="bg-gray-900 p-3 rounded">
<div class="flex items-start">
<div class="mr-3 text-yellow-400">
<i class="fas fa-exclamation-triangle"></i>
</div>
<div>
<p class="text-sm">Proceed with caution - 2 high/medium risks remain unverified. Recommend additional testing before production release.</p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Operations Tab Content -->
<div id="operations-content" class="sdl-tab-content hidden">
<div class="grid grid-cols-1 lg:grid-cols-2 gap-6">
<div class="bg-gray-700 rounded-lg p-4">
<h3 class="font-semibold mb-3 flex items-center">
<i class="fas fa-server mr-2 text-purple-400"></i>
Production Monitoring
</h3>
<div class="bg-gray-800 p-4 rounded h-96 overflow-y-auto">
<div class="mb-6">
<h4 class="font-medium mb-2">Security Events</h4>
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-center mb-2">
<p class="text-sm">SQL Injection Attempts</p>
<span class="bg-red-500 text-white text-xs px-2 py-1 rounded">12 detected</span>
</div>
<div class="flex justify-between items-center mb-2">
<p class="text-sm">Unauthorized Access Attempts</p>
<span class="bg-orange-500 text-white text-xs px-2 py-1 rounded">8 detected</span>
</div>
<div class="flex justify-between items-center">
<p class="text-sm">CSRF Attempts Blocked</p>
<span class="bg-green-500 text-white text-xs px-2 py-1 rounded">24 blocked</span>
</div>
</div>
</div>
<div>
<h4 class="font-medium mb-2">System Health</h4>
<div class="grid grid-cols-2 gap-3">
<div class="bg-gray-900 p-3 rounded">
<p class="text-sm mb-1">Uptime</p>
<p class="font-medium">99.98%</p>
</div>
<div class="bg-gray-900 p-3 rounded">
<p class="text-sm mb-1">Response Time</p>
<p class="font-medium">142ms</p>
</div>
<div class="bg-gray-900 p-3 rounded">
<p class="text-sm mb-1">Error Rate</p>
<p class="font-medium">0.12%</p>
</div>
<div class="bg-gray-900 p-3 rounded">
<p class="text-sm mb-1">Security Patches</p>
<p class="font-medium">3 pending</p>
</div>
</div>
</div>
</div>
</div>
<div class="bg-gray-700 rounded-lg p-4">
<h3 class="font-semibold mb-3 flex items-center">
<i class="fas fa-tasks mr-2 text-blue-400"></i>
Vulnerability Management
</h3>
<div class="bg-gray-800 p-4 rounded h-96 overflow-y-auto">
<div class="space-y-3">
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium">Log4j Vulnerability</h5>
<span class="bg-green-500 text-white text-xs px-2 py-1 rounded">Patched</span>
</div>
<p class="text-sm mt-1">Updated to log4j 2.17.1 in all services</p>
<p class="text-xs text-gray-400 mt-2">Patched on 2023-01-15</p>
</div>
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium">Spring Framework RCE</h5>
<span class="bg-green-500 text-white text-xs px-2 py-1 rounded">Patched</span>
</div>
<p class="text-sm mt-1">Updated to Spring Framework 5.3.18</p>
<p class="text-xs text-gray-400 mt-2">Patched on 2023-04-02</p>
</div>
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium">OpenSSL Vulnerability</h5>
<span class="bg-yellow-500 text-white text-xs px-2 py-1 rounded">Pending</span>
</div>
<p class="text-sm mt-1">Upgrade to OpenSSL 3.0.7 required</p>
<p class="text-xs text-gray-400 mt-2">Scheduled for 2023-05-20 maintenance window</p>
</div>
<div class="bg-gray-900 p-3 rounded">
<div class="flex justify-between items-start">
<h5 class="font-medium">Nginx Security Updates</h5>
<span class="bg-yellow-500 text-white text-xs px-2 py-1 rounded">Pending</span>
</div>
<p class="text-sm mt-1">Multiple security fixes in latest stable release</p>
<p class="text-xs text-gray-400 mt-2">Scheduled for 2023-05-20 maintenance window</p>
</div>
</div>
<div class="mt-6">
<h4 class="font-medium mb-2">Security Recommendations</h4>
<div class="bg-gray-900 p-3 rounded">
<p class="text-sm">1. Schedule immediate maintenance window to address OpenSSL and Nginx vulnerabilities.</p>
<p class="text-sm mt-2">2. Enable additional WAF rules to detect and block suspicious subsidy approval patterns.</p>
<p class="text-sm mt-2">3. Implement more granular logging for authorization decisions to detect potential bypass attempts.</p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<script>
// Simulate real-time updates
function simulateUpdates() {
// Update last updated time
const now = new Date();
document.getElementById('last-updated').textContent = now.toLocaleTimeString();
// Add new analysis insights
const insights = [
"Completed security review: Payment Processing Microservice",
"Detected potential XSS vulnerability in User Feedback Component",
"Started analysis: New Authentication Service Integration",
"Verified fixes for 3 critical vulnerabilities in Inventory Service"
];
const randomInsight = insights[Math.floor(Math.random() * insights.length)];
const insightDiv = document.createElement('div');
insightDiv.className = 'fade-in flex items-start';
insightDiv.innerHTML = `
<div class="bg-blue-600 rounded-full w-6 h-6 flex items-center justify-center mr-2 mt-1">
<i class="fas fa-check text-xs"></i>
</div>
<div>
<p class="text-sm">${randomInsight}</p>
<p class="text-xs text-gray-400">${now.toLocaleTimeString()}</p>
</div>
`;
const insightsContainer = document.getElementById('analysis-insights');
insightsContainer.insertBefore(insightDiv, insightsContainer.firstChild);
// Keep only 5 insights
if (insightsContainer.children.length > 5) {
insightsContainer.removeChild(insightsContainer.lastChild);
}
// Randomly update progress rings
const rings = document.querySelectorAll('.progress-ring-circle');
rings.forEach(ring => {
const currentOffset = parseFloat(ring.getAttribute('stroke-dashoffset'));
const newOffset = Math.max(0, currentOffset + (Math.random() * 10 - 5));
ring.setAttribute('stroke-dashoffset', newOffset);
// Update percentage text
const percent = Math.round((78.5 - newOffset) / 78.5 * 100);
ring.parentElement.querySelector('text:nth-of-type(2)').textContent = `${percent}%`;
});
// Randomly update risk counters
const counters = document.querySelectorAll('.risk-counter');
counters.forEach(counter => {
const currentCount = parseInt(counter.nextElementSibling.textContent);
const change = Math.floor(Math.random() * 3) - 1; // -1, 0, or 1
const newCount = Math.max(0, currentCount + change);
counter.nextElementSibling.textContent = newCount;
// Pulse if count increased
if (change > 0) {
counter.classList.add('pulse');
setTimeout(() => counter.classList.remove('pulse'), 2000);
}
});
}
// Show risk detail modal
function showRiskDetail(project) {
const modal = document.getElementById('risk-detail-modal');
modal.classList.remove('hidden');
// Set project details based on selection
if (project === 'alipay') {
document.getElementById('risk-project-name').textContent = 'Alipay National Subsidy Project';
document.getElementById('risk-project-id').textContent = 'PROJ-2023-048';
document.getElementById('risk-severity').textContent = 'Critical';
document.getElementById('risk-severity').className = 'bg-red-500 text-white px-3 py-1 rounded-full text-sm';
} else if (project === 'cloud') {
document.getElementById('risk-project-name').textContent = 'Cloud Storage Optimization';
document.getElementById('risk-project-id').textContent = 'PROJ-2023-056';
document.getElementById('risk-severity').textContent = 'High';
document.getElementById('risk-severity').className = 'bg-orange-500 text-white px-3 py-1 rounded-full text-sm';
} else if (project === 'payment') {
document.getElementById('risk-project-name').textContent = 'Payment Gateway API';
document.getElementById('risk-project-id').textContent = 'PROJ-2023-062';
document.getElementById('risk-severity').textContent = 'Medium';
document.getElementById('risk-severity').className = 'bg-yellow-500 text-white px-3 py-1 rounded-full text-sm';
} else if (project === 'user') {
document.getElementById('risk-project-name').textContent = 'User Profile Service';
document.getElementById('risk-project-id').textContent = 'PROJ-2023-071';
document.getElementById('risk-severity').textContent = 'Low';
document.getElementById('risk-severity').className = 'bg-blue-500 text-white px-3 py-1 rounded-full text-sm';
}
}
// Close risk detail modal
function closeRiskDetail() {
document.getElementById('risk-detail-modal').classList.add('hidden');
}
// Show SDL process detail
function showProcessDetail(process) {
// In a real app, this would load specific content for the selected process
console.log(`Showing detail for ${process} process`);
}
// Tab switching in risk detail modal
document.querySelectorAll('.sdl-tab').forEach(tab => {
tab.addEventListener('click', () => {
// Remove active class from all tabs
document.querySelectorAll('.sdl-tab').forEach(t => {
t.classList.remove('active');
t.classList.add('bg-gray-700', 'hover:bg-gray-600');
t.classList.remove('bg-blue-600');
});
// Add active class to clicked tab
tab.classList.add('active', 'bg-blue-600');
tab.classList.remove('bg-gray-700', 'hover:bg-gray-600');
// Hide all content
document.querySelectorAll('.sdl-tab-content').forEach(content => {
content.classList.add('hidden');
});
// Show selected content
const tabName = tab.getAttribute('data-tab');
document.getElementById(`${tabName}-content`).classList.remove('hidden');
});
});
// Highlight code when vulnerability is clicked
document.querySelectorAll('.code-highlightable').forEach(item => {
item.addEventListener('click', () => {
const codeId = item.getAttribute('data-code-id');
const lineNumber = item.getAttribute('data-line');
// Remove all highlights
document.querySelectorAll('.code-highlight').forEach(hl => {
hl.classList.remove('code-highlight');
});
// Add highlight to target code
const codeElement = document.querySelector(`#${codeId} .line-${lineNumber}`);
if (codeElement) {
codeElement.classList.add('code-highlight');
codeElement.scrollIntoView({ behavior: 'smooth', block: 'center' });
}
});
});
// Initialize
document.addEventListener('DOMContentLoaded', () => {
// Simulate real-time updates every 5 seconds
setInterval(simulateUpdates, 5000);
// Initial update
simulateUpdates();
});
</script>
<p style="border-radius: 8px; text-align: center; font-size: 12px; color: #fff; margin-top: 16px;position: fixed; left: 8px; bottom: 8px; z-index: 10; background: rgba(0, 0, 0, 0.8); padding: 4px 8px;">Made with <img src="https://enzostvs-deepsite.hf.space/logo.svg" alt="DeepSite Logo" style="width: 16px; height: 16px; vertical-align: middle;display:inline-block;margin-right:3px;filter:brightness(0) invert(1);"><a href="https://enzostvs-deepsite.hf.space" style="color: #fff;text-decoration: underline;" target="_blank" >DeepSite</a> - 🧬 <a href="https://enzostvs-deepsite.hf.space?remix=capta1n/sdlmax3" style="color: #fff;text-decoration: underline;" target="_blank" >Remix</a></p></body>
</html>