class Npmauditparser():
def __init__(self):
self.es = elastic()
self.const = Constants()
self.utils = Utils()
self.config = Config()
def node_output(self, repo: str):
if os.path.exists('%s%s/node_results.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)):
with open('%s%s/node_results.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file:
res = json.loads(file.read())
if self.es.get('advisories'):
for i in res['advisories']:
try:
issue = {
'repo': repo,
'scanner': 'npm-audit',
'bug_type': '',
'language': 'nodejs',
'class_name': '',
'method_name': '',
'line_no_start': '',
'line_no_end': '',
'file_name': '',
'vulnerable_code': '',
'severity': '',
'module_name': '',
'advisories_url': '',
'vulnerable_versions': '',
'patched_versions': '',
'dependency_url': '',
'CVE': '',
'description': '',
'source_url': '',
'title': ''
}
issue["module_name"] = res['advisories'][i][
'module_name']
issue["title"] = res['advisories'][i]['title']
issue["severity"] = res['advisories'][i][
'severity']
issue["advisories_url"] = res['advisories'][i][
'url']
issue["vulnerable_versions"] = res['advisories'][
i]['vulnerable_versions']
issue["patched_versions"] = res['advisories'][i][
'patched_versions']
if self.utils.check_issue_exits(
repo,
str(issue)) == False and str(issue) != "":
self.utils.sent_result_to_db(
repo, str(issue), 'node-js', 'npm-audit')
self.es.push_data_to_elastic_search(issue)
self.utils.sent_to_slack(
repo, json.dumps(issue, indent=4))
except Exception as e:
print(e)
return
class Gosecparser():
def __init__(self):
self.es = elastic()
self.const = Constants()
self.utils = Utils()
self.config = Config()
def golang_output(self, repo: str):
if os.path.exists('%s%s/results.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)):
with open('%s%s/results.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file:
try:
res = json.loads(file.read())
except ValueError as e:
logging.debug(
'Error could not load the json file for the project: %s'
% (repo))
for i in res['Issues']:
issue = {
'repo': repo,
'scanner': 'gosec',
'bug_type': '',
'language': 'golang',
'class_name': '',
'method_name': '',
'line_no_start': '',
'line_no_end': '',
'file_name': '',
'vulnerable_code': '',
'severity': '',
'module_name': '',
'advisories_url': '',
'vulnerable_versions': '',
'patched_versions': '',
'dependency_url': '',
'CVE': '',
'description': '',
'source_url': '',
'title': ''
}
issue["issue"] = i['details']
issue["file_name"] = i['file']
issue["vulnerable_code"] = i['code']
issue["line_no"] = i['line']
if self.utils.check_issue_exits(
repo, str(issue)) == False and str(issue) != "":
self.utils.sent_result_to_db(repo, str(issue),
'golang', 'gosec')
self.es.push_data_to_elastic_search(issue)
self.utils.sent_to_slack(repo,
json.dumps(issue, indent=4))
return
class Gitleaksparser():
def __init__(self):
self.es = elastic()
self.utils = Utils()
self.config = Config()
def gitleaks_output(self, repo: str):
if os.path.exists('%s%s/gitleaks.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)):
with open('%s%s/gitleaks.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file:
res = json.loads(file.read())
for i in res['Issues']:
issue = {
'repo': repo,
'scanner': 'gosec',
'bug_type': '',
'language': 'golang',
'class_name': '',
'method_name': '',
'line_no_start': '',
'line_no_end': '',
'file_name': '',
'vulnerable_code': '',
'severity': '',
'module_name': '',
'advisories_url': '',
'vulnerable_versions': '',
'patched_versions': '',
'dependency_url': '',
'CVE': '',
'description': '',
'source_url': '',
'title': '',
'commit': '',
'tags': '',
'author': ''
}
issue["line_no_start"] = i['line']
issue["commit"] = i['commit']
issue["file_name"] = i['file']
issue["tags"] = i['tags']
issue["author"] = i['author']
if self.utils.check_issue_exits(
repo, str(issue)) == False and str(issue) != "":
self.utils.sent_result_to_db(repo, str(issue),
'gitleaks', 'gitleaks')
self.es.push_data_to_elastic_search(issue)
self.utils.sent_to_slack(repo,
json.dumps(issue, indent=4))
return
class Fsbparser():
def __init__(self):
self.es = elastic()
self.const = Constants()
self.utils = Utils()
self.config = Config()
def gradle_output(self, repo: str):
if os.path.exists('%s%s/build/reports/findbugs/main.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)):
with open('%s%s/build/reports/findbugs/main.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file:
res = json.loads(file.read())
if "BugInstance" in res['BugCollection']:
for i in res['BugCollection']['BugInstance']:
issue = {
'repo': repo,
'scanner': 'find-sec-bugs',
'bug_type': '',
'language': 'java',
'class_name': '',
'method_name': '',
'line_no_start': '',
'line_no_end': '',
'file_name': '',
'vulnerable_code': '',
'severity': '',
'module_name': '',
'advisories_url': '',
'vulnerable_versions': '',
'patched_versions': '',
'dependency_url': '',
'CVE': '',
'description': '',
'source_url': '',
'title': ''
}
try:
if i['@category'] == "SECURITY":
issue['bug_type'] = i['@type']
issue['class_name'] = i['Class']['@classname']
if "Method" in i:
issue["method_name"] = i['Method']['@name']
if type(i['SourceLine']) == list:
issue["line_no_start"] = i['SourceLine'][
0]['@start']
issue["line_no_end"] = i['SourceLine'][0][
'@start']
if type(i['SourceLine']) == dict:
issue["line_no_start"] = i['SourceLine'][
'@start']
issue["line_no_end"] = i['SourceLine'][
'@start']
if self.utils.check_issue_exits(
repo, str(issue)
) == False and str(issue) != "":
self.utils.sent_result_to_db(
repo, str(issue), 'java',
'find-sec-bugs')
self.es.push_data_to_elastic_search(issue)
# self.utils.sent_to_slack(repo, json.dumps(issue, indent=4))
except Exception as e:
print(e)
if os.path.exists('%s%s/main.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)):
with open('%s%s/main.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file:
res = json.loads(file.read())
if "BugInstance" in res['BugCollection']:
for i in res['BugCollection']['BugInstance']:
issue = {
'repo': repo,
'scanner': 'find-sec-bugs',
'bug_type': '',
'language': 'java',
'class_name': '',
'method_name': '',
'line_no_start': '',
'line_no_end': '',
'file_name': '',
'vulnerable_code': '',
'severity': '',
'module_name': '',
'advisories_url': '',
'vulnerable_versions': '',
'patched_versions': '',
'dependency_url': '',
'CVE': '',
'description': '',
'source_url': '',
'title': ''
}
try:
if i['@category'] == "SECURITY":
issue['bug_type'] = i['@type']
issue['class_name'] = i['Class']['@classname']
if "Method" in i:
issue["method_name"] = i['Method']['@name']
if type(i['SourceLine']) == list:
issue["line_no_start"] = i['SourceLine'][
0]['@start']
issue["line_no_end"] = i['SourceLine'][0][
'@start']
if type(i['SourceLine']) == dict:
issue["line_no_start"] = i['SourceLine'][
'@start']
issue["line_no_end"] = i['SourceLine'][
'@start']
if self.utils.check_issue_exits(
repo, str(issue)
) == False and str(issue) != "":
self.utils.sent_result_to_db(
repo, str(issue), 'java',
'find-sec-bugs')
self.es.push_data_to_elastic_search(issue)
# self.utils.sent_to_slack(repo, json.dumps(issue, indent=4))
except Exception as e:
print(e)
return
def maven_output(self, repo: str):
if os.path.exists('%s%s/target/spotbugsXml.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)):
with open('%s%s/target/spotbugsXml.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file:
res = json.loads(file.read())
if "BugInstance" in res['aBugCollection']:
for i in res['BugCollection']['BugInstance']:
issue = {
'repo': repo,
'scanner': 'find-sec-bugs',
'bug_type': '',
'language': 'java',
'class_name': '',
'method_name': '',
'line_no_start': '',
'line_no_end': '',
'file_name': '',
'vulnerable_code': '',
'severity': '',
'module_name': '',
'advisories_url': '',
'vulnerable_versions': '',
'patched_versions': '',
'dependency_url': '',
'CVE': '',
'description': '',
'source_url': '',
'title': ''
}
try:
if type(i) is dict:
if i['@category'] == "SECURITY":
issue["issue"] = i['@type']
result["class_name"] = i['Class'][
'@classname']
issue["method_name"] = i['Method']['@name']
if type(i['SourceLine']) == list:
issue["line_no_start"] = i[
'SourceLine'][0]['@start']
issue["line_no_end"] + i['SourceLine'][
0]['@start']
if type(i['SourceLine']) == dict:
issue["line_no_end"] = i['SourceLine'][
'@start']
issue["line_no_end"] = i['SourceLine'][
'@start']
if self.utils.check_issue_exits(
repo, str(issue)
) == False and str(issue) != "":
self.utils.sent_result_to_db(
repo, str(issue), 'java',
'find-sec-bugs')
self.es.push_data_to_elastic_search(
issue)
self.utils.sent_to_slack(
repo, json.dumps(issue, indent=4))
except Exception as e:
print(e)
if os.path.exists('%s%s/spotbugsXml.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)):
with open('%s%s/spotbugsXml.json' %
(self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file:
res = json.loads(file.read())
if "BugInstance" in res['aBugCollection']:
for i in res['BugCollection']['BugInstance']:
issue = {
'repo': repo,
'scanner': 'find-sec-bugs',
'bug_type': '',
'language': 'java',
'class_name': '',
'method_name': '',
'line_no_start': '',
'line_no_end': '',
'file_name': '',
'vulnerable_code': '',
'severity': '',
'module_name': '',
'advisories_url': '',
'vulnerable_versions': '',
'patched_versions': '',
'dependency_url': '',
'CVE': '',
'description': '',
'source_url': '',
'title': ''
}
try:
if type(i) is dict:
if i['@category'] == "SECURITY":
issue["issue"] = i['@type']
result["class_name"] = i['Class'][
'@classname']
issue["method_name"] = i['Method']['@name']
if type(i['SourceLine']) == list:
issue["line_no_start"] = i[
'SourceLine'][0]['@start']
issue["line_no_end"] + i['SourceLine'][
0]['@start']
if type(i['SourceLine']) == dict:
issue["line_no_end"] = i['SourceLine'][
'@start']
issue["line_no_end"] = i['SourceLine'][
'@start']
if self.utils.check_issue_exits(
repo, str(issue)
) == False and str(issue) != "":
self.utils.sent_result_to_db(
repo, str(issue), 'java',
'find-sec-bugs')
self.es.push_data_to_elastic_search(
issue)
self.utils.sent_to_slack(
repo, json.dumps(issue, indent=4))
except Exception as e:
print(e)
return
class Dependencycheckparser():
def __init__(self):
self.es = elastic()
self.const = Constants()
self.utils = Utils()
self.config = Config()
def dependency_check_results_gradle(self, repo:str):
if os.path.exists('%s%s/build/reports/dependency-check-report.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)):
with open('%s%s/build/reports/dependency-check-report.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file:
res = json.loads(file.read())
for i in res['dependencies']:
issue = {'repo':repo, 'scanner': 'dependency-check', 'bug_type':'','language': 'java', 'class_name':'', 'method_name':'', 'line_no_start':'', 'line_no_end':'','file_name': '', 'vulnerable_code':'', 'severity':'', 'module_name':'', 'advisories_url':'', 'vulnerable_versions':'', 'patched_versions':'', 'dependency_url':'', 'CVE':'', 'description':'', 'source_url':'', 'title':''}
if i.get('vulnerabilities'):
for j in i['vulnerabilities']:
if j['severity'] == "HIGH" or j['severity'] == "CRITICAL":
issue["dependency_url"] = i['packages'][0]['url']
issue["CVE"] = j['name']
issue["description"] = j['description']
issue["source_url"] = j['references'][0]['url']
if self.utils.check_issue_exits(repo, str(issue)) == False and str(issue) != "":
self.utils.sent_result_to_db(repo, str(issue), 'java', 'dependency-check')
self.es.push_data_to_elastic_search(issue)
self.utils.sent_to_slack(repo, json.dumps(issue, indent=4))
return
def dependency_check_results_maven(self, repo:str):
result = ""
if os.path.exists('%s%s/target/dependency-check-report.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)):
with open('%s%s/target/dependency-check-report.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file:
res = json.loads(file.read())
for i in res['dependencies']:
issue = {'repo':repo, 'scanner': 'dependency-check', 'bug_type':'','language': 'java', 'class_name':'', 'method_name':'', 'line_no_start':'', 'line_no_end':'','file_name': '', 'vulnerable_code':'', 'severity':'', 'module_name':'', 'advisories_url':'', 'vulnerable_versions':'', 'patched_versions':'', 'dependency_url':'', 'CVE':'', 'description':'', 'source_url':'', 'title':''}
if i.get('vulnerabilities'):
for j in i['vulnerabilities']:
if j['severity'] == "HIGH" or j['severity'] == "CRITICAL":
issue["dependency_url"] = i['packages'][0]['url']
issue["CVE"] = j['name']
issue["description"] = j['description']
issue["source_url"] = j['references'][0]['url']
if self.utils.check_issue_exits(repo, str(issue)) == False and str(issue) != "":
self.utils.sent_result_to_db(repo, str(issue), 'java', 'dependency-check')
self.es.push_data_to_elastic_search(issue)
self.utils.sent_to_slack(repo, json.dumps(issue, indent=4))
return
def node_results(self, repo:str):
result = ""
if os.path.exists('%s%s/target/dependency-check-report.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)):
with open('%s%s/target/dependency-check-report.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file:
res = json.loads(file.read())
for i in res['dependencies']:
issue = {'repo':repo, 'scanner': 'dependency-check', 'bug_type':'','language': 'node-js', 'class_name':'', 'method_name':'', 'line_no_start':'', 'line_no_end':'','file_name': '', 'vulnerable_code':'', 'severity':'', 'module_name':'', 'advisories_url':'', 'vulnerable_versions':'', 'patched_versions':'', 'dependency_url':'', 'CVE':'', 'description':'', 'source_url':'', 'title':''}
if i.get('vulnerabilities'):
for j in i['vulnerabilities']:
if j['severity'] == "HIGH" or j['severity'] == "CRITICAL":
issue["dependency_url"] = i['packages'][0]['url']
issue["CVE"] = j['name']
issue["description"] = j['description']
issue["source_url"] = j['references'][0]['url']
if self.utils.check_issue_exits(repo, str(issue)) == False and str(issue) != "":
self.utils.sent_result_to_db(repo, str(issue), 'java', 'dependency-check')
self.es.push_data_to_elastic_search(issue)
self.utils.sent_to_slack(repo, json.dumps(issue, indent=4))
return