def get_findings(self, filename, test):
cxscan = ElementTree.parse(filename)
root = cxscan.getroot()
dupes = dict()
language_list = dict()
for query in root.findall('Query'):
name, cwe, categories, queryId = self.getQueryElements(query)
language = ''
findingdetail = ''
group = ''
find_date = parser.parse(root.get("ScanStart"))
if query.get('Language') is not None:
language = query.get('Language')
if query.get('group') is not None:
group = query.get('group').replace('_', ' ')
for result in query.findall('Result'):
if categories is not None:
findingdetail = "{}**Category:** {}\n".format(
findingdetail, categories)
if language is not None:
findingdetail = "{}**Language:** {}\n".format(
findingdetail, language)
if language not in language_list:
language_list[language] = 1
else:
language_list[language] = language_list[language] + 1
if group is not None:
findingdetail = "{}**Group:** {}\n".format(
findingdetail, group)
if result.get('Status') is not None:
findingdetail = "{}**Status:** {}\n".format(
findingdetail, result.get('Status'))
deeplink = "[{}]({})".format(result.get('DeepLink'),
result.get('DeepLink'))
findingdetail = "{}**Finding Link:** {}\n".format(
findingdetail, deeplink)
if self.mode == 'detailed':
self._process_result_detailed(test, dupes, findingdetail,
query, result, find_date)
else:
self._process_result_file_name_aggregated(
test, dupes, findingdetail, query, result, find_date)
findingdetail = ''
for lang in language_list:
add_language(test.engagement.product,
lang,
files=language_list[lang])
return list(dupes.values())
def get_findings(self, filename, test):
cxscan = ElementTree.parse(filename)
self.test = test
root = cxscan.getroot()
# Dictonary to hold the aggregated findings with:
# - key: the concatenated aggregate keys
# - value: the finding
dupes = dict()
for query in root.findall('Query'):
name, cwe, categories = self.getQueryElements(query)
language = ''
findingdetail = ''
group = ''
find_date = parser.parse(root.get("ScanStart"))
if query.get('Language') is not None:
language = query.get('Language')
if query.get('group') is not None:
group = query.get('group').replace('_', ' ')
for result in query.findall('Result'):
if categories is not None:
findingdetail = "{}**Category:** {}\n".format(
findingdetail, categories)
if language is not None:
findingdetail = "{}**Language:** {}\n".format(
findingdetail, language)
if language not in self.language_list:
self.language_list.append(language)
if group is not None:
findingdetail = "{}**Group:** {}\n".format(
findingdetail, group)
if result.get('Status') is not None:
findingdetail = "{}**Status:** {}\n".format(
findingdetail, result.get('Status'))
deeplink = "[{}]({})".format(result.get('DeepLink'),
result.get('DeepLink'))
findingdetail = "{}**Finding Link:** {}\n\n".format(
findingdetail, deeplink)
if self.mode == 'detailed':
self.process_result_detailed(dupes, findingdetail, query,
result, find_date)
else:
self.process_result_file_name_aggregated(
dupes, findingdetail, query, result, find_date)
findingdetail = ''
for lang in self.language_list:
add_language(test.engagement.product, lang)
return list(dupes.values())
def __init__(self, filename, test):
cxscan = ElementTree.parse(filename)
root = cxscan.getroot()
dupes = dict()
for query in root.findall('Query'):
categories = ''
language = ''
mitigation = 'N/A'
impact = 'N/A'
references = ''
findingdetail = ''
title = ''
group = ''
status = ''
self.result_dupes = dict()
find_date = parser.parse(root.get("ScanStart"))
name = query.get('name')
cwe = query.get('cweId')
if query.get('categories') is not None:
categories = query.get('categories')
if query.get('Language') is not None:
language = query.get('Language')
if query.get('group') is not None:
group = query.get('group').replace('_', ' ')
for result in query.findall('Result'):
if categories is not None:
findingdetail = "{}**Category:** {}\n".format(findingdetail, categories)
if language is not None:
findingdetail = "{}**Language:** {}\n".format(findingdetail, language)
if language not in self.language_list:
self.language_list.append(language)
if group is not None:
findingdetail = "{}**Group:** {}\n".format(findingdetail, group)
if result.get('Status') is not None:
findingdetail = "{}**Status:** {}\n".format(findingdetail, result.get('Status'))
deeplink = "[{}]({})".format(result.get('DeepLink'), result.get('DeepLink'))
findingdetail = "{}**Finding Link:** {}\n\n".format(findingdetail, deeplink)
dupe_key = "{}{}{}{}".format(categories, cwe, name, result.get('FileName'))
if dupe_key in dupes:
find = dupes[dupe_key]
title, description, pathnode = self.get_finding_detail(query, result)
"{}\n{}".format(find.description, description)
dupes[dupe_key] = find
else:
dupes[dupe_key] = True
sev = result.get('Severity')
result.get('FileName')
title, description, pathnode = self.get_finding_detail(query, result)
find = Finding(title=title,
cwe=int(cwe),
test=test,
active=False,
verified=False,
description=findingdetail + description,
severity=sev,
numerical_severity=Finding.get_numerical_severity(sev),
mitigation=mitigation,
impact=impact,
references=references,
file_path=pathnode.find('FileName').text,
line=pathnode.find('Line').text,
url='N/A',
date=find_date,
static_finding=True)
dupes[dupe_key] = find
findingdetail = ''
for lang in self.language_list:
add_language(test.engagement.product, lang)
self.items = dupes.values()