feat: Burp插件任务创建后自动保存历史配置，优化历史去重逻辑

lanshuizhiyue · lanshuizhiyue · commit fdcce14c7835 · 2026-02-27T17:01:01.000+08:00
diff --git a/src/backEnd/api/burpSuiteExApi/admin.py b/src/backEnd/api/burpSuiteExApi/admin.py
@@ -1,6 +1,7 @@
 # 使用标准库的logging模块
 import logging
 from datetime import datetime
+from urllib.parse import urlparse
 
 from fastapi import HTTPException
 from fastapi import APIRouter, Depends, Request, Query
@@ -9,6 +10,7 @@
 from model.BaseResponseMsg import BaseResponseMsg
 from model.requestModel.TaskRequest import TaskAddRequest
 from service.taskService import taskService
+from service.scanPresetService import scanPresetService
 from utils.auth import get_current_user
 
 logger = logging.getLogger(__name__)
@@ -19,19 +21,42 @@
 async def add_task(taskAddRequest: TaskAddRequest, request: Request, current_user: dict = Depends(get_current_user)):
     try:
         if request.client:
-            # pdb.set_trace()
             task_dict = taskAddRequest.model_dump()
             if 'options' not in task_dict or task_dict['options'] is None:
                 return BaseResponseMsg(success=False, msg="options is required", code=status.HTTP_400_BAD_REQUEST, data=None)
-            logger.info(f"request.client: {request.client}")
+            logger.info(f"[Burp] request.client: {request.client}")
             remote_ip = request.client.host
-            # pdb.set_trace()
-            res = await taskService.star_task(remote_addr=remote_ip, scanUrl=taskAddRequest.scanUrl, host=taskAddRequest.host, method=taskAddRequest.method, headers=taskAddRequest.headers, body=taskAddRequest.body, options=taskAddRequest.options)
+            
+            res = await taskService.star_task(
+                remote_addr=remote_ip, 
+                scanUrl=taskAddRequest.scanUrl, 
+                host=taskAddRequest.host, 
+                method=taskAddRequest.method, 
+                headers=taskAddRequest.headers, 
+                body=taskAddRequest.body, 
+                options=taskAddRequest.options
+            )
+            
+            # 任务创建成功后，保存到历史配置
+            if res.success and taskAddRequest.options:
+                try:
+                    # 生成历史配置名称（与 Web 端格式一致）
+                    parsed_url = urlparse(taskAddRequest.scanUrl)
+                    path = parsed_url.path or '/'
+                    history_name = f"{taskAddRequest.method} {taskAddRequest.host}{path}"
+                    history_name = history_name[:50]  # 限制长度
+                    
+                    scanPresetService.add_to_history(history_name, taskAddRequest.options)
+                    logger.info(f"[Burp] Saved scan config to history: {history_name}")
+                except Exception as e:
+                    logger.warning(f"[Burp] Failed to save history config: {e}")
+                    # 不影响任务创建结果
+            
             return res
         else:
             remote_ip = None
-            logger.warning("request.client is None")
-            return BaseResponseMsg(success=False, msg="options is required", code=status.HTTP_400_BAD_REQUEST, data=None)
+            logger.warning("[Burp] request.client is None")
+            return BaseResponseMsg(success=False, msg="Unable to determine client address", code=status.HTTP_400_BAD_REQUEST, data=None)
     except Exception as e:
-        logger.error(f"Error: {e}")
+        logger.error(f"[Burp] Error: {e}")
         raise HTTPException(status_code=500, detail="Error accessing request.client")
diff --git a/src/backEnd/model/ScanPresetDatabase.py b/src/backEnd/model/ScanPresetDatabase.py
@@ -377,20 +377,29 @@ def record_preset_usage(self, preset_id: int):
     def add_to_history(self, name: str, options: dict, max_history: int = 20) -> Optional[ScanPreset]:
         """添加到历史记录"""
         try:
-            # 检查是否已存在相同名称的历史记录
+            # 生成 parameter_string
+            parameter_string = self._generate_parameter_string(options)
+            
+            # 检查是否已存在相同名称且相同参数的历史记录
+            # 只有名称和参数都相同才更新，否则创建新记录
             existing = self.get_preset_by_name(name)
             if existing and existing.preset_type == PresetType.HISTORY:
-                # 更新现有记录
-                return self.update_preset(existing.id, ScanPresetUpdate(
-                    options=options
-                ))
+                # 比较参数是否相同（通过 parameter_string）
+                existing_params = existing.parameter_string or ""
+                if existing_params == parameter_string:
+                    # 参数相同，只更新使用时间
+                    self.record_preset_usage(existing.id)
+                    return existing
+                # 参数不同，创建新记录（名称添加时间戳避免重复）
+                name = f"{name} ({datetime.now().strftime('%H:%M:%S')})"
             
             # 创建新历史记录
             preset = self.create_preset(ScanPresetCreate(
                 name=name,
                 description=f"历史配置 - {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}",
                 preset_type=PresetType.HISTORY,
-                options=options
+                options=options,
+                parameter_string=parameter_string
             ))
             
             if preset:
@@ -406,6 +415,60 @@ def add_to_history(self, name: str, options: dict, max_history: int = 20) -> Opt
             logger.error(f"Failed to add to history: {getSafeExString(e)}")
             return None
     
+    def _generate_parameter_string(self, options: dict) -> str:
+        """从 options 生成命令行参数字符串"""
+        if not options:
+            return ""
+        
+        # 默认值定义（与前端保持一致）
+        defaults = {
+            'level': 1, 'risk': 1, 'technique': 'BEUSTQ', 'timeSec': 5,
+            'timeout': 30, 'retries': 3, 'delay': 0, 'threads': 1,
+            'verbose': 1, 'batch': True, 'crawlDepth': 0
+        }
+        
+        # 参数名到 CLI 选项的映射
+        param_map = {
+            'level': 'level', 'risk': 'risk', 'technique': 'technique',
+            'timeSec': 'time-sec', 'timeout': 'timeout', 'retries': 'retries',
+            'delay': 'delay', 'threads': 'threads', 'verbose': 'v',
+            'dbms': 'dbms', 'os': 'os', 'prefix': 'prefix', 'suffix': 'suffix',
+            'tamper': 'tamper', 'proxy': 'proxy', 'testParameter': 'p',
+            'string': 'string', 'notString': 'not-string', 'regexp': 'regexp',
+            'randomAgent': 'random-agent', 'tor': 'tor', 'smart': 'smart',
+            'textOnly': 'text-only', 'titles': 'titles', 'forms': 'forms',
+            'flushSession': 'flush-session', 'freshQueries': 'fresh-queries',
+            'getBanner': 'banner', 'getCurrentUser': 'current-user',
+            'getCurrentDb': 'current-db', 'getDbs': 'dbs', 'getTables': 'tables',
+            'getColumns': 'columns', 'dumpTable': 'dump', 'dumpAll': 'dump-all',
+            'db': 'D', 'tbl': 'T', 'col': 'C', 'answers': 'answers'
+        }
+        
+        parts = []
+        for key, value in options.items():
+            if value is None or value == '':
+                continue
+            
+            # 跳过默认值
+            if key in defaults and value == defaults[key]:
+                continue
+            
+            cli_opt = param_map.get(key, key)
+            
+            # 布尔值处理
+            if isinstance(value, bool):
+                if value:
+                    parts.append(f"--{cli_opt}")
+            # 字符串/数字处理
+            else:
+                # 短选项使用不同格式
+                if len(cli_opt) == 1:
+                    parts.append(f"-{cli_opt}={value}")
+                else:
+                    parts.append(f"--{cli_opt}={value}")
+        
+        return ' '.join(parts)
+    
     def _cleanup_old_history(self, max_history: int):
         """清理旧的历史记录"""
         try:
diff --git a/src/frontEnd/src/stores/scanPreset.ts b/src/frontEnd/src/stores/scanPreset.ts
@@ -227,10 +227,14 @@ export const useScanPresetStore = defineStore('scanPreset', () => {
   
   /**
    * 添加到历史记录
+   * @param name 历史记录名称
+   * @param options 可选的扫描配置，未提供则使用当前 Store 状态
    */
-  async function addToHistory(name: string): Promise<ScanPreset | null> {
+  async function addToHistory(name: string, options?: ScanOptions): Promise<ScanPreset | null> {
     try {
-      const result = await scanPresetApi.addToHistory(name, currentOptions.value)
+      // 使用传入的配置，或回退到 Store 状态
+      const effectiveOptions = options ?? currentOptions.value
+      const result = await scanPresetApi.addToHistory(name, effectiveOptions)
       if (result) {
         await loadConfigOptions()
       }
diff --git a/src/frontEnd/src/views/AddTask/index.vue b/src/frontEnd/src/views/AddTask/index.vue
@@ -308,21 +308,25 @@ async function submitTask() {
   submitting.value = true
   
   try {
+    // 获取实际使用的配置
+    const taskOptions = getEffectiveOptions()
+    
     const taskData = {
       scanUrl: requestInfo.url,
       host: requestInfo.host,
       method: requestInfo.method,
       headers: requestInfo.headers,
       body: requestInfo.body,
-      options: getEffectiveOptions()
+      options: taskOptions
     }
     
     await apiRequest.post('/web/admin/task/add', taskData)
     
     const urlPath = requestInfo.url.split('?')[0] || ''
     const hostPart = requestInfo.host && urlPath ? urlPath.split(requestInfo.host)[1] : ''
     const historyName = `${requestInfo.method} ${requestInfo.host}${hostPart || '/'}`
-    await presetStore.addToHistory(historyName.substring(0, 50))
+    // 传递实际使用的配置到历史记录
+    await presetStore.addToHistory(historyName.substring(0, 50), taskOptions as ScanOptions)
     
     toast.add({
       severity: 'success',
