def test_file_name_aggregated_parse_file_with_different_sourceFilename_same_sinkFilename_is_aggregated(
self):
my_file_handle, product, engagement, test = self.init(
"dojo/unittests/scans/checkmarx/multiple_findings_different_sourceFilename_same_sinkFilename.xml"
)
self.parser = CheckmarxXMLParser(my_file_handle, test)
self.teardown(my_file_handle)
# aggregation is on sink filename so all vuln with different source filenames are aggregated
self.assertEqual(1, len(self.parser.items))
item = self.parser.items[0]
# nb_occurences counts the number of aggregated vulnerabilities from tool
self.assertEqual(2, self.parser.items[0].nb_occurences)
def import_parser_factory(file, test):
scan_type = test.test_type.name
if scan_type == "Burp Scan":
parser = BurpXmlParser(file, test)
elif scan_type == "Nessus Scan":
filename = file.name.lower()
if filename.endswith("csv"):
parser = NessusCSVParser(file, test)
elif filename.endswith("xml") or filename.endswith("nessus"):
parser = NessusXMLParser(file, test)
elif scan_type == "Nmap Scan":
parser = NmapXMLParser(file, test)
elif scan_type == "Nexpose Scan":
parser = NexposeFullXmlParser(file, test)
elif scan_type == "Veracode Scan":
parser = VeracodeXMLParser(file, test)
elif scan_type == "Checkmarx Scan":
parser = CheckmarxXMLParser(file, test)
elif scan_type == "Bandit Scan":
parser = BanditParser(file, test)
elif scan_type == "ZAP Scan":
parser = ZapXmlParser(file, test)
elif scan_type == "AppSpider Scan":
parser = AppSpiderXMLParser(file, test)
elif scan_type == "Arachni Scan":
parser = ArachniJSONParser(file, test)
elif scan_type == 'VCG Scan':
parser = VCGParser(file, test)
elif scan_type == 'Dependency Check Scan':
parser = DependencyCheckParser(file, test)
elif scan_type == 'Retire.js Scan':
parser = RetireJsParser(file, test)
elif scan_type == 'Node Security Platform Scan':
parser = NspParser(file, test)
elif scan_type == 'Generic Findings Import':
parser = GenericFindingUploadCsvParser(file, test)
elif scan_type == 'Qualys Scan':
parser = QualysParser(file, test)
elif scan_type == 'Qualys Webapp Scan':
parser = QualysWebAppParser(file, test)
elif scan_type == "OpenVAS CSV":
parser = OpenVASUploadCsvParser(file, test)
elif scan_type == 'Snyk Scan':
parser = SnykParser(file, test)
elif scan_type == 'SKF Scan':
parser = SKFCsvParser(file, test)
elif scan_type == 'SSL Labs Scan':
parser = SSLlabsParser(file, test)
else:
raise ValueError('Unknown Test Type')
return parser
def test_parse_file_with_multiple_vulnerabilities_has_multiple_findings(
self):
my_file_handle = open(
"dojo/unittests/scans/checkmarx/multiple_findings.xml")
product = Product()
engagement = Engagement()
test = Test()
engagement.product = product
test.engagement = engagement
self.parser = CheckmarxXMLParser(my_file_handle, test)
my_file_handle.close()
# checkmarx says 3 but we're down to 2 due to the aggregation on sink filename rather than source filename + source line number + sink filename + sink line number
self.assertEqual(2, len(self.parser.items))
def test_file_name_aggregated_parse_file_with_two_aggregated_findings_one_is_false_p(
self):
my_file_handle, product, engagement, test = self.init(
"dojo/unittests/scans/checkmarx/two_aggregated_findings_one_is_false_positive.xml"
)
self.parser = CheckmarxXMLParser(my_file_handle, test)
self.teardown(my_file_handle)
self.assertEqual(1, len(self.parser.items))
# check content for aggregated finding
item = self.parser.items[0]
# finding is never active/verified yet at this time
self.assertEqual(bool, type(item.active))
self.assertEqual(False, item.active)
self.assertEqual(bool, type(item.verified))
self.assertEqual(False, item.verified)
self.assertEqual(bool, type(item.false_p))
self.assertEqual(False, item.false_p)
def import_parser_factory(file, test):
scan_type = test.test_type.name
if scan_type == "Burp Scan":
parser = BurpXmlParser(file, test)
elif scan_type == "Nessus Scan":
filename = file.name.lower()
if filename.endswith("csv"):
parser = NessusCSVParser(file, test)
elif filename.endswith("xml") or filename.endswith("nessus"):
parser = NessusXMLParser(file, test)
elif scan_type == "Nexpose Scan":
parser = NexposeFullXmlParser(file, test)
elif scan_type == "Veracode Scan":
parser = VeracodeXMLParser(file, test)
elif scan_type == "Checkmarx Scan":
parser = CheckmarxXMLParser(file, test)
elif scan_type == "ZAP Scan":
parser = ZapXmlParser(file, test)
elif scan_type == "AppSpider Scan":
parser = AppSpiderXMLParser(file, test)
else:
raise ValueError('Unknown Test Type')
return parser
def import_parser_factory(file, test, active, verified, scan_type=None):
if scan_type is None:
scan_type = test.test_type.name
if scan_type == "Burp Scan":
parser = BurpXmlParser(file, test)
elif scan_type == "Nessus Scan":
filename = file.name.lower()
if filename.endswith("csv"):
parser = NessusCSVParser(file, test)
elif filename.endswith("xml") or filename.endswith("nessus"):
parser = NessusXMLParser(file, test)
elif scan_type == "Clair Scan":
parser = ClairParser(file, test)
elif scan_type == "Nmap Scan":
parser = NmapXMLParser(file, test)
elif scan_type == "Nikto Scan":
parser = NiktoXMLParser(file, test)
elif scan_type == "Nexpose Scan":
parser = NexposeFullXmlParser(file, test)
elif scan_type == "Veracode Scan":
parser = VeracodeXMLParser(file, test)
elif scan_type == "Checkmarx Scan":
parser = CheckmarxXMLParser(file, test)
elif scan_type == "Contrast Scan":
parser = ContrastCSVParser(file, test)
elif scan_type == "Crashtest Security Scan":
parser = CrashtestSecurityXmlParser(file, test)
elif scan_type == "Bandit Scan":
parser = BanditParser(file, test)
elif scan_type == "ZAP Scan":
parser = ZapXmlParser(file, test)
elif scan_type == "AppSpider Scan":
parser = AppSpiderXMLParser(file, test)
elif scan_type == "Arachni Scan":
parser = ArachniJSONParser(file, test)
elif scan_type == 'VCG Scan':
parser = VCGParser(file, test)
elif scan_type == 'Dependency Check Scan':
parser = DependencyCheckParser(file, test)
elif scan_type == 'Retire.js Scan':
parser = RetireJsParser(file, test)
elif scan_type == 'Node Security Platform Scan':
parser = NspParser(file, test)
elif scan_type == 'NPM Audit Scan':
parser = NpmAuditParser(file, test)
elif scan_type == 'Symfony Security Check':
parser = PhpSymfonySecurityCheckParser(file, test)
elif scan_type == 'Generic Findings Import':
parser = GenericFindingUploadCsvParser(file, test, active, verified)
elif scan_type == 'Qualys Scan':
parser = QualysParser(file, test)
elif scan_type == 'Qualys Webapp Scan':
parser = QualysWebAppParser(file, test)
elif scan_type == "OpenVAS CSV":
parser = OpenVASUploadCsvParser(file, test)
elif scan_type == 'Snyk Scan':
parser = SnykParser(file, test)
elif scan_type == 'SKF Scan':
parser = SKFCsvParser(file, test)
elif scan_type == 'SSL Labs Scan':
parser = SSLlabsParser(file, test)
elif scan_type == 'Trufflehog Scan':
parser = TruffleHogJSONParser(file, test)
elif scan_type == 'Clair Klar Scan':
parser = ClairKlarParser(file, test)
elif scan_type == 'Gosec Scanner':
parser = GosecScannerParser(file, test)
elif scan_type == 'Trustwave Scan (CSV)':
parser = TrustwaveUploadCsvParser(file, test)
elif scan_type == 'Netsparker Scan':
parser = NetsparkerParser(file, test)
elif scan_type == 'PHP Security Audit v2':
parser = PhpSecurityAuditV2(file, test)
elif scan_type == 'Acunetix Scan':
parser = AcunetixScannerParser(file, test)
elif scan_type == 'Fortify Scan':
parser = FortifyXMLParser(file, test)
elif scan_type == 'SonarQube Scan':
parser = SonarQubeHtmlParser(file, test)
elif scan_type == 'MobSF Scan':
parser = MobSFParser(file, test)
elif scan_type == 'AWS Scout2 Scan':
parser = AWSScout2Parser(file, test)
elif scan_type == 'AWS Prowler Scan':
parser = AWSProwlerParser(file, test)
elif scan_type == 'Brakeman Scan':
parser = BrakemanScanParser(file, test)
elif scan_type == 'SpotBugs Scan':
parser = SpotbugsXMLParser(file, test)
elif scan_type == 'Safety Scan':
parser = SafetyParser(file, test)
elif scan_type == 'DawnScanner Scan':
parser = DawnScannerParser(file, test)
elif scan_type == 'Anchore Engine Scan':
parser = AnchoreEngineScanParser(file, test)
elif scan_type == 'Bundler-Audit Scan':
parser = BundlerAuditParser(file, test)
elif scan_type == 'Twistlock Image Scan':
parser = TwistlockParser(file, test)
elif scan_type == 'IBM AppScan DAST':
parser = IbmAppScanDASTXMLParser(file, test)
elif scan_type == 'Kiuwan Scan':
parser = KiuwanCSVParser(file, test)
elif scan_type == 'Blackduck Hub Scan':
parser = BlackduckHubCSVParser(file, test)
elif scan_type == 'Sonatype Application Scan':
parser = SonatypeJSONParser(file, test)
elif scan_type == 'Openscap Vulnerability Scan':
parser = OpenscapXMLParser(file, test)
elif scan_type == 'Immuniweb Scan':
parser = ImmuniwebXMLParser(file, test)
elif scan_type == 'Wapiti Scan':
parser = WapitiXMLParser(file, test)
elif scan_type == 'Cobalt.io Scan':
parser = CobaltCSVParser(file, test)
elif scan_type == 'Mozilla Observatory Scan':
parser = MozillaObservatoryJSONParser(file, test)
elif scan_type == 'Whitesource Scan':
parser = WhitesourceJSONParser(file, test)
elif scan_type == 'Microfocus Webinspect Scan':
parser = MicrofocusWebinspectXMLParser(file, test)
elif scan_type == 'Wpscan':
parser = WpscanJSONParser(file, test)
elif scan_type == 'Sslscan':
parser = SslscanXMLParser(file, test)
elif scan_type == 'JFrog Xray Scan':
parser = XrayJSONParser(file, test)
elif scan_type == 'Sslyze Scan':
parser = SslyzeXmlParser(file, test)
elif scan_type == 'Testssl Scan':
parser = TestsslCSVParser(file, test)
elif scan_type == 'Hadolint Dockerfile check':
parser = HadolintParser(file, test)
else:
raise ValueError('Unknown Test Type')
return parser
def test_detailed_parse_file_with_single_vulnerability_has_single_finding(self):
my_file_handle, product, engagement, test = self.init("dojo/unittests/scans/checkmarx/single_finding.xml")
self.parser = CheckmarxXMLParser(my_file_handle, test, 'detailed')
self.teardown(my_file_handle)
# Verifications common to both parsers
self.check_parse_file_with_single_vulnerability_has_single_finding(self.parser)
# Fields that differ from aggregated scanner
item = self.parser.items[0]
self.assertEqual(str, type(item.description))
self.assertMultiLineEqual("**Category:** PCI DSS v3.2;PCI DSS (3.2) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS),FISMA 2014;System And Information Integrity,NIST SP 800-53;SI-15 Information Output Filtering (P0),OWASP Top 10 2017;A7-Cross-Site Scripting (XSS)\n"
"**Language:** Java\n"
"**Group:** Java High Risk\n"
"**Status:** New\n"
"**Finding Link:** [https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227&projectid=121&pathid=28](https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227&projectid=121&pathid=28)\n"
"\n"
"-----\n"
"**Line Number:** 39\n"
"**Column:** 59\n"
"**Source Object:** executeQuery\n"
"**Number:** 39\n"
"**Code:** ResultSet results = statement.executeQuery(query);\n"
"-----\n"
"**Line Number:** 39\n"
"**Column:** 27\n"
"**Source Object:** results\n"
"**Number:** 39\n"
"**Code:** ResultSet results = statement.executeQuery(query);\n"
"-----\n"
"**Line Number:** 46\n"
"**Column:** 28\n"
"**Source Object:** results\n"
"**Number:** 46\n"
"**Code:** while (results.next()) {\n"
"-----\n"
"**Line Number:** 47\n"
"**Column:** 34\n"
"**Source Object:** results\n"
"**Number:** 47\n"
"**Code:** int id = results.getInt(0);\n"
"-----\n"
"**Line Number:** 53\n"
"**Column:** 64\n"
"**Source Object:** getString\n"
"**Number:** 53\n"
"**Code:** userMap.put(\"cookie\", results.getString(5));\n"
"-----\n"
"**Line Number:** 53\n"
"**Column:** 36\n"
"**Source Object:** put\n"
"**Number:** 53\n"
"**Code:** userMap.put(\"cookie\", results.getString(5));\n"
"-----\n"
"**Line Number:** 54\n"
"**Column:** 25\n"
"**Source Object:** userMap\n"
"**Number:** 54\n"
"**Code:** userMap.put(\"loginCOunt\",Integer.toString(results.getInt(6)));\n"
"-----\n"
"**Line Number:** 55\n"
"**Column:** 44\n"
"**Source Object:** userMap\n"
"**Number:** 55\n"
"**Code:** allUsersMap.put(id,userMap);\n"
"-----\n"
"**Line Number:** 55\n"
"**Column:** 40\n"
"**Source Object:** put\n"
"**Number:** 55\n"
"**Code:** allUsersMap.put(id,userMap);\n"
"-----\n"
"**Line Number:** 58\n"
"**Column:** 28\n"
"**Source Object:** allUsersMap\n"
"**Number:** 58\n"
"**Code:** return allUsersMap;\n"
"-----\n",
item.description)
self.assertEqual(str, type(item.line))
self.assertEqual("58", item.line)
# Added field for detailed scanner
self.assertEqual(str, type(item.unique_id_from_tool))
self.assertEqual("28", item.unique_id_from_tool)
self.assertEqual(str, type(item.sast_source_object))
self.assertEqual("executeQuery", item.sast_source_object)
self.assertEqual(str, type(item.sast_sink_object))
self.assertEqual("allUsersMap", item.sast_sink_object)
self.assertEqual(str, type(item.sast_source_line))
self.assertEqual("39", item.sast_source_line)
self.assertEqual(str, type(item.sast_source_file_path))
self.assertEqual("WebGoat/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/Users.java", item.sast_source_file_path)
self.assertIsNone(item.nb_occurences)
def test_detailed_parse_file_with_utf8_various_non_ascii_char(self):
my_file_handle, product, engagement, test = self.init("dojo/unittests/scans/checkmarx/utf8_various_non_ascii_char.xml")
self.parser = CheckmarxXMLParser(my_file_handle, test, 'detailed')
self.teardown(my_file_handle)
# Verifications common to both parsers
self.check_parse_file_with_utf8_various_non_ascii_char(self.parser)
# Fields that differ from aggregated scanner
item = self.parser.items[0]
self.assertEqual(str, type(item.description))
self.assertMultiLineEqual("**Category:** PCI DSS v3.2;PCI DSS (3.2) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS),FISMA 2014;System And Information Integrity,NIST SP 800-53;SI-15 Information Output Filtering (P0),OWASP Top 10 2017;A7-Cross-Site Scripting (XSS)\n"
"**Language:** Java\n"
"**Group:** Java High Risk\n"
"**Status:** New\n"
"**Finding Link:** [https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227&projectid=121&pathid=28](https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227&projectid=121&pathid=28)\n"
"\n"
"-----\n"
"**Line Number:** 39\n"
"**Column:** 59\n"
"**Source Object:** executeQuery¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂ㥹ĆćĈĉĊċČčĎďĐđĒēĔĕĖėĘęĚěĜĝĞğĠġĢģĤĥĦħĨĩĪīĬĭĮįİıIJijĴĵĶķĸĹĺĻļĽľĿŀŁłŃńŅņŇňʼnŊŋŌōŎŏŐőŒœŔŕŖŗŘřŚśŜŝŞşŠšŢţŤťŦŧŨũŪūŬŭŮůŰűŲųŴŵŶŷŸŹźŻżŽžſ\n"
"**Number:** 39\n"
"**Code:** ResultSet results = statement.executeQuery(query);\n"
"-----\n"
"**Line Number:** 39\n"
"**Column:** 27\n"
"**Source Object:** results\n"
"**Number:** 39\n"
"**Code:** ResultSet results = statement.executeQuery(query);//all latins non ascii with extended: U+00A1 to U+017F (ref https://www.utf8-chartable.de/unicode-utf8-table.pl): ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂ㥹ĆćĈĉĊċČčĎďĐđĒēĔĕĖėĘęĚěĜĝĞğĠġĢģĤĥĦħĨĩĪīĬĭĮįİıIJijĴĵĶķĸĹĺĻļĽľĿŀŁłŃńŅņŇňʼnŊŋŌōŎŏŐőŒœŔŕŖŗŘřŚśŜŝŞşŠšŢţŤťŦŧŨũŪūŬŭŮůŰűŲųŴŵŶŷŸŹźŻżŽžſ\n"
"-----\n"
"**Line Number:** 46\n"
"**Column:** 28\n"
"**Source Object:** results\n"
"**Number:** 46\n"
"**Code:** while (results.next()) { // other: ƒ\n"
"-----\n"
"**Line Number:** 47\n"
"**Column:** 34\n"
"**Source Object:** results\n"
"**Number:** 47\n"
"**Code:** int id = results.getInt(0);\n"
"-----\n"
"**Line Number:** 53\n"
"**Column:** 64\n"
"**Source Object:** getString\n"
"**Number:** 53\n"
"**Code:** userMap.put(\"cookie\", results.getString(5));\n"
"-----\n"
"**Line Number:** 53\n"
"**Column:** 36\n"
"**Source Object:** put\n"
"**Number:** 53\n"
"**Code:** userMap.put(\"cookie\", results.getString(5));\n"
"-----\n"
"**Line Number:** 54\n"
"**Column:** 25\n"
"**Source Object:** userMap\n"
"**Number:** 54\n"
"**Code:** userMap.put(\"loginCOunt\",Integer.toString(results.getInt(6)));\n"
"-----\n"
"**Line Number:** 55\n"
"**Column:** 44\n"
"**Source Object:** userMap\n"
"**Number:** 55\n"
"**Code:** allUsersMap.put(id,userMap);\n"
"-----\n"
"**Line Number:** 55\n"
"**Column:** 40\n"
"**Source Object:** put\n"
"**Number:** 55\n"
"**Code:** allUsersMap.put(id,userMap);\n"
"-----\n"
"**Line Number:** 58\n"
"**Column:** 28\n"
"**Source Object:** allUsersMap¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂ㥹ĆćĈĉĊċČčĎďĐđĒēĔĕĖėĘęĚěĜĝĞğĠġĢģĤĥĦħĨĩĪīĬĭĮįİıIJijĴĵĶķĸĹĺĻļĽľĿŀŁłŃńŅņŇňʼnŊŋŌōŎŏŐőŒœŔŕŖŗŘřŚśŜŝŞşŠšŢţŤťŦŧŨũŪūŬŭŮůŰűŲųŴŵŶŷŸŹźŻżŽžſ\n"
"**Number:** 58\n"
"**Code:** return allUsersMap;\n"
"-----\n",
item.description)
self.assertEqual(str, type(item.line))
self.assertEqual("58", item.line)
def test_detailed_parse_file_with_utf8_replacement_char(self):
my_file_handle, product, engagement, test = self.init("dojo/unittests/scans/checkmarx/utf8_replacement_char.xml")
self.parser = CheckmarxXMLParser(my_file_handle, test, 'detailed')
self.teardown(my_file_handle)
# Verifications common to both parsers
self.check_parse_file_with_utf8_replacement_char(self.parser)
# Fields that differ from aggregated scanner
item = self.parser.items[0]
self.assertEqual(str, type(item.description))
self.assertMultiLineEqual("**Category:** PCI DSS v3.2;PCI DSS (3.2) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS),FISMA 2014;System And Information Integrity,NIST SP 800-53;SI-15 Information Output Filtering (P0),OWASP Top 10 2017;A7-Cross-Site Scripting (XSS)\n"
"**Language:** Java\n"
"**Group:** Java High Risk\n"
"**Status:** New\n"
"**Finding Link:** [https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227&projectid=121&pathid=28](https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227&projectid=121&pathid=28)\n"
"\n"
"-----\n"
"**Line Number:** 39\n"
"**Column:** 59\n"
"**Source Object:** executeQuery�\n"
"**Number:** 39\n"
"**Code:** ResultSet results = statement.executeQuery(query);//�\n"
"-----\n"
"**Line Number:** 39\n"
"**Column:** 27\n"
"**Source Object:** results\n"
"**Number:** 39\n"
"**Code:** ResultSet results = statement.executeQuery(query);\n"
"-----\n"
"**Line Number:** 46\n"
"**Column:** 28\n"
"**Source Object:** results\n"
"**Number:** 46\n"
"**Code:** while (results.next()) {\n"
"-----\n"
"**Line Number:** 47\n"
"**Column:** 34\n"
"**Source Object:** results\n"
"**Number:** 47\n"
"**Code:** int id = results.getInt(0);\n"
"-----\n"
"**Line Number:** 53\n"
"**Column:** 64\n"
"**Source Object:** getString\n"
"**Number:** 53\n"
"**Code:** userMap.put(\"cookie\", results.getString(5));\n"
"-----\n"
"**Line Number:** 53\n"
"**Column:** 36\n"
"**Source Object:** put\n"
"**Number:** 53\n"
"**Code:** userMap.put(\"cookie\", results.getString(5));\n"
"-----\n"
"**Line Number:** 54\n"
"**Column:** 25\n"
"**Source Object:** userMap\n"
"**Number:** 54\n"
"**Code:** userMap.put(\"loginCOunt\",Integer.toString(results.getInt(6)));\n"
"-----\n"
"**Line Number:** 55\n"
"**Column:** 44\n"
"**Source Object:** userMap\n"
"**Number:** 55\n"
"**Code:** allUsersMap.put(id,userMap);\n"
"-----\n"
"**Line Number:** 55\n"
"**Column:** 40\n"
"**Source Object:** put\n"
"**Number:** 55\n"
"**Code:** allUsersMap.put(id,userMap);\n"
"-----\n"
"**Line Number:** 58\n"
"**Column:** 28\n"
"**Source Object:** allUsersMap�\n"
"**Number:** 58\n"
"**Code:** return allUsersMap;\n"
"-----\n",
item.description)
self.assertEqual(str, type(item.line))
self.assertEqual("58", item.line)
def test_detailed_parse_file_with_same_sourceFilename_different_sinkFilename_is_not_aggregated(self):
my_file_handle, product, engagement, test = self.init("dojo/unittests/scans/checkmarx/multiple_findings_same_sourceFilename_different_sinkFilename.xml")
self.parser = CheckmarxXMLParser(my_file_handle, test, 'detailed')
self.teardown(my_file_handle)
self.assertEqual(2, len(self.parser.items))
def test_detailed_parse_file_with_multiple_vulnerabilities_has_multiple_findings(self):
my_file_handle, product, engagement, test = self.init("dojo/unittests/scans/checkmarx/multiple_findings.xml")
self.parser = CheckmarxXMLParser(my_file_handle, test, 'detailed')
self.teardown(my_file_handle)
self.assertEqual(3, len(self.parser.items))
def test_file_name_aggregated_parse_file_with_multiple_vulnerabilities_has_multiple_findings(self):
my_file_handle, product, engagement, test = self.init("dojo/unittests/scans/checkmarx/multiple_findings.xml")
self.parser = CheckmarxXMLParser(my_file_handle, test)
self.teardown(my_file_handle)
# checkmarx says 3 but we're down to 2 due to the aggregation on sink filename rather than source filename + source line number + sink filename + sink line number
self.assertEqual(2, len(self.parser.items))
def test_detailed_parse_file_with_false_positive_is_false_positive(self):
my_file_handle, product, engagement, test = self.init("dojo/unittests/scans/checkmarx/single_finding_false_positive.xml")
self.parser = CheckmarxXMLParser(my_file_handle, test, 'detailed')
self.teardown(my_file_handle)
# Verifications common to both parsers
self.check_parse_file_with_false_positive_is_false_positive(self.parser)
def test_parse_file_with_utf8_various_non_ascii_char(self):
my_file_handle = open(
"dojo/unittests/scans/checkmarx/utf8_various_non_ascii_char.xml")
product = Product()
engagement = Engagement()
test = Test()
engagement.product = product
test.engagement = engagement
self.parser = CheckmarxXMLParser(my_file_handle, test)
my_file_handle.close()
self.assertEqual(1, len(self.parser.items))
# check content
item = self.parser.items[0]
self.assertEqual(str, type(self.parser.items[0].title))
self.assertEqual("Stored XSS (Users.java)", item.title)
self.assertEqual(int, type(item.cwe))
self.assertEqual(79, item.cwe)
self.assertEqual(bool, type(item.active))
self.assertEqual(False, item.active)
self.assertEqual(bool, type(item.verified))
self.assertEqual(False, item.verified)
self.assertEqual(str, type(item.description))
self.assertMultiLineEqual(
"**Category:** PCI DSS v3.2;PCI DSS (3.2) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS),FISMA 2014;System And Information Integrity,NIST SP 800-53;SI-15 Information Output Filtering (P0),OWASP Top 10 2017;A7-Cross-Site Scripting (XSS)\n"
"**Language:** Java\n"
"**Group:** Java High Risk\n"
"**Status:** New\n"
"**Finding Link:** [https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227&projectid=121&pathid=28](https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227&projectid=121&pathid=28)\n"
"\n"
"**Line Number:** 39\n"
"**Column:** 59\n"
"**Source Object:** executeQuery\n"
"**Number:** 39\n"
"**Code:** ResultSet results = statement.executeQuery(query);\n"
"-----\n"
"**Line Number:** 39\n"
"**Column:** 27\n"
"**Source Object:** results\n"
"**Number:** 39\n"
"**Code:** ResultSet results = statement.executeQuery(query);//all latins non ascii with extended: U+00A1 to U+017F (ref https://www.utf8-chartable.de/unicode-utf8-table.pl): ¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂ㥹ĆćĈĉĊċČčĎďĐđĒēĔĕĖėĘęĚěĜĝĞğĠġĢģĤĥĦħĨĩĪīĬĭĮįİıIJijĴĵĶķĸĹĺĻļĽľĿŀŁłŃńŅņŇňʼnŊŋŌōŎŏŐőŒœŔŕŖŗŘřŚśŜŝŞşŠšŢţŤťŦŧŨũŪūŬŭŮůŰűŲųŴŵŶŷŸŹźŻżŽžſ\n"
"-----\n"
"**Line Number:** 46\n"
"**Column:** 28\n"
"**Source Object:** results\n"
"**Number:** 46\n"
"**Code:** while (results.next()) { // other: ƒ\n"
"-----\n"
"**Line Number:** 47\n"
"**Column:** 34\n"
"**Source Object:** results\n"
"**Number:** 47\n"
"**Code:** int id = results.getInt(0);\n"
"-----\n"
"**Line Number:** 53\n"
"**Column:** 64\n"
"**Source Object:** getString\n"
"**Number:** 53\n"
"**Code:** userMap.put(\"cookie\", results.getString(5));\n"
"-----\n"
"**Line Number:** 53\n"
"**Column:** 36\n"
"**Source Object:** put\n"
"**Number:** 53\n"
"**Code:** userMap.put(\"cookie\", results.getString(5));\n"
"-----\n"
"**Line Number:** 54\n"
"**Column:** 25\n"
"**Source Object:** userMap\n"
"**Number:** 54\n"
"**Code:** userMap.put(\"loginCOunt\",Integer.toString(results.getInt(6)));\n"
"-----\n"
"**Line Number:** 55\n"
"**Column:** 44\n"
"**Source Object:** userMap\n"
"**Number:** 55\n"
"**Code:** allUsersMap.put(id,userMap);\n"
"-----\n"
"**Line Number:** 55\n"
"**Column:** 40\n"
"**Source Object:** put\n"
"**Number:** 55\n"
"**Code:** allUsersMap.put(id,userMap);\n"
"-----\n"
"**Line Number:** 58\n"
"**Column:** 28\n"
"**Source Object:** allUsersMap\n"
"**Number:** 58\n"
"**Code:** return allUsersMap;\n"
"-----\n", item.description)
self.assertEqual(str, type(item.severity))
self.assertEqual("High", item.severity)
self.assertEqual(str, type(item.numerical_severity))
self.assertEqual("S1", item.numerical_severity)
self.assertEqual(str, type(item.mitigation))
self.assertEqual("N/A", item.mitigation)
self.assertEqual(str, type(item.references))
self.assertEqual("", item.references)
self.assertEqual(str, type(item.file_path))
self.assertEqual(
"WebGoat/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/¡¢£¤¥¦§¨©ª«¬®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀāĂ㥹ĆćĈĉĊċČčĎďĐđĒēĔĕĖėĘęĚěĜĝĞğĠġĢģĤĥĦħĨĩĪīĬĭĮįİıIJijĴĵĶķĸĹĺĻļĽľĿŀŁłŃńŅņŇňʼnŊŋŌōŎŏŐőŒœŔŕŖŗŘřŚśŜŝŞşŠšŢţŤťŦŧŨũŪūŬŭŮůŰűŲųŴŵŶŷŸŹźŻżŽžſ/Users.java",
item.file_path)
self.assertEqual(str, type(item.line))
self.assertEqual("58", item.line)
self.assertEqual(str, type(item.url))
self.assertEqual("N/A", item.url)
# ScanStart
self.assertEqual(datetime.datetime, type(item.date))
self.assertEqual(datetime.datetime(2018, 2, 25, 11, 35, 52), item.date)
self.assertEqual(bool, type(item.static_finding))
self.assertEqual(True, item.static_finding)
def test_parse_file_with_single_vulnerability_has_single_finding(self):
my_file_handle = open(
"dojo/unittests/scans/checkmarx/single_finding.xml")
product = Product()
engagement = Engagement()
test = Test()
engagement.product = product
test.engagement = engagement
self.parser = CheckmarxXMLParser(my_file_handle, test)
my_file_handle.close()
self.assertEqual(1, len(self.parser.items))
# check content
item = self.parser.items[0]
self.assertEqual(str, type(self.parser.items[0].title))
self.assertEqual("Stored XSS (Users.java)", item.title)
self.assertEqual(int, type(item.cwe))
self.assertEqual(79, item.cwe)
self.assertEqual(bool, type(item.active))
self.assertEqual(False, item.active)
self.assertEqual(bool, type(item.verified))
self.assertEqual(False, item.verified)
self.assertEqual(str, type(item.description))
self.assertMultiLineEqual(
"**Category:** PCI DSS v3.2;PCI DSS (3.2) - 6.5.7 - Cross-site scripting (XSS),OWASP Top 10 2013;A3-Cross-Site Scripting (XSS),FISMA 2014;System And Information Integrity,NIST SP 800-53;SI-15 Information Output Filtering (P0),OWASP Top 10 2017;A7-Cross-Site Scripting (XSS)\n"
"**Language:** Java\n"
"**Group:** Java High Risk\n"
"**Status:** New\n"
"**Finding Link:** [https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227&projectid=121&pathid=28](https://checkmarxserver.com/CxWebClient/ViewerMain.aspx?scanid=1000227&projectid=121&pathid=28)\n"
"\n"
"**Line Number:** 39\n"
"**Column:** 59\n"
"**Source Object:** executeQuery\n"
"**Number:** 39\n"
"**Code:** ResultSet results = statement.executeQuery(query);\n"
"-----\n"
"**Line Number:** 39\n"
"**Column:** 27\n"
"**Source Object:** results\n"
"**Number:** 39\n"
"**Code:** ResultSet results = statement.executeQuery(query);\n"
"-----\n"
"**Line Number:** 46\n"
"**Column:** 28\n"
"**Source Object:** results\n"
"**Number:** 46\n"
"**Code:** while (results.next()) {\n"
"-----\n"
"**Line Number:** 47\n"
"**Column:** 34\n"
"**Source Object:** results\n"
"**Number:** 47\n"
"**Code:** int id = results.getInt(0);\n"
"-----\n"
"**Line Number:** 53\n"
"**Column:** 64\n"
"**Source Object:** getString\n"
"**Number:** 53\n"
"**Code:** userMap.put(\"cookie\", results.getString(5));\n"
"-----\n"
"**Line Number:** 53\n"
"**Column:** 36\n"
"**Source Object:** put\n"
"**Number:** 53\n"
"**Code:** userMap.put(\"cookie\", results.getString(5));\n"
"-----\n"
"**Line Number:** 54\n"
"**Column:** 25\n"
"**Source Object:** userMap\n"
"**Number:** 54\n"
"**Code:** userMap.put(\"loginCOunt\",Integer.toString(results.getInt(6)));\n"
"-----\n"
"**Line Number:** 55\n"
"**Column:** 44\n"
"**Source Object:** userMap\n"
"**Number:** 55\n"
"**Code:** allUsersMap.put(id,userMap);\n"
"-----\n"
"**Line Number:** 55\n"
"**Column:** 40\n"
"**Source Object:** put\n"
"**Number:** 55\n"
"**Code:** allUsersMap.put(id,userMap);\n"
"-----\n"
"**Line Number:** 58\n"
"**Column:** 28\n"
"**Source Object:** allUsersMap\n"
"**Number:** 58\n"
"**Code:** return allUsersMap;\n"
"-----\n", item.description)
self.assertEqual(str, type(item.severity))
self.assertEqual("High", item.severity)
self.assertEqual(str, type(item.numerical_severity))
self.assertEqual("S1", item.numerical_severity)
self.assertEqual(str, type(item.mitigation))
self.assertEqual("N/A", item.mitigation)
self.assertEqual(str, type(item.references))
self.assertEqual("", item.references)
self.assertEqual(str, type(item.file_path))
self.assertEqual(
"WebGoat/webgoat-lessons/missing-function-ac/src/main/java/org/owasp/webgoat/plugin/Users.java",
item.file_path)
self.assertEqual(str, type(item.line))
self.assertEqual("58", item.line)
self.assertEqual(str, type(item.url))
self.assertEqual("N/A", item.url)
# ScanStart
self.assertEqual(datetime.datetime, type(item.date))
self.assertEqual(datetime.datetime(2018, 2, 25, 11, 35, 52), item.date)
self.assertEqual(bool, type(item.static_finding))
self.assertEqual(True, item.static_finding)
def import_parser_factory(file, test, active, verified, scan_type=None):
if scan_type is None:
scan_type = test.test_type.name
if scan_type == "Burp Scan":
parser = BurpXmlParser(file, test)
elif scan_type == "Burp Enterprise Scan":
parser = BurpEnterpriseHtmlParser(file, test)
elif scan_type == "Nessus Scan":
filename = file.name.lower()
if filename.endswith("csv"):
parser = NessusCSVParser(file, test)
elif filename.endswith("xml") or filename.endswith("nessus"):
parser = NessusXMLParser(file, test)
elif scan_type == "Clair Scan":
parser = ClairParser(file, test)
elif scan_type == "Nmap Scan":
parser = NmapXMLParser(file, test)
elif scan_type == "Nikto Scan":
parser = NiktoXMLParser(file, test)
elif scan_type == "Nexpose Scan":
parser = NexposeFullXmlParser(file, test)
elif scan_type == "Veracode Scan":
parser = VeracodeXMLParser(file, test)
elif scan_type == "Checkmarx Scan":
parser = CheckmarxXMLParser(file, test)
elif scan_type == "Checkmarx Scan detailed":
parser = CheckmarxXMLParser(file, test, 'detailed')
elif scan_type == "Contrast Scan":
parser = ContrastCSVParser(file, test)
elif scan_type == "Crashtest Security JSON File":
parser = CrashtestSecurityJsonParser(file, test)
elif scan_type == "Crashtest Security XML File":
parser = CrashtestSecurityXmlParser(file, test)
elif scan_type == "Bandit Scan":
parser = BanditParser(file, test)
elif scan_type == "ESLint Scan":
parser = ESLintParser(file, test)
elif scan_type == "ZAP Scan":
parser = ZapXmlParser(file, test)
elif scan_type == "AppSpider Scan":
parser = AppSpiderXMLParser(file, test)
elif scan_type == "Arachni Scan":
parser = ArachniJSONParser(file, test)
elif scan_type == 'VCG Scan':
parser = VCGParser(file, test)
elif scan_type == 'Dependency Check Scan':
parser = DependencyCheckParser(file, test)
elif scan_type == 'Dependency Track Finding Packaging Format (FPF) Export':
parser = DependencyTrackParser(file, test)
elif scan_type == 'Retire.js Scan':
parser = RetireJsParser(file, test)
elif scan_type == 'Node Security Platform Scan':
parser = NspParser(file, test)
elif scan_type == 'NPM Audit Scan':
parser = NpmAuditParser(file, test)
elif scan_type == 'PHP Symfony Security Check':
parser = PhpSymfonySecurityCheckParser(file, test)
elif scan_type == 'Generic Findings Import':
parser = GenericFindingUploadCsvParser(file, test, active, verified)
elif scan_type == 'Qualys Scan':
parser = QualysParser(file, test)
elif scan_type == 'Qualys Infrastructure Scan (WebGUI XML)':
parser = QualysInfraScanParser(file, test)
elif scan_type == 'Qualys Webapp Scan':
parser = QualysWebAppParser(file, test)
elif scan_type == "OpenVAS CSV":
parser = OpenVASUploadCsvParser(file, test)
elif scan_type == 'Snyk Scan':
parser = SnykParser(file, test)
elif scan_type == 'SKF Scan':
parser = SKFCsvParser(file, test)
elif scan_type == 'SSL Labs Scan':
parser = SSLlabsParser(file, test)
elif scan_type == 'Trufflehog Scan':
parser = TruffleHogJSONParser(file, test)
elif scan_type == 'Clair Klar Scan':
parser = ClairKlarParser(file, test)
elif scan_type == 'Gosec Scanner':
parser = GosecScannerParser(file, test)
elif scan_type == 'Trustwave Scan (CSV)':
parser = TrustwaveUploadCsvParser(file, test)
elif scan_type == 'Netsparker Scan':
parser = NetsparkerParser(file, test)
elif scan_type == 'PHP Security Audit v2':
parser = PhpSecurityAuditV2(file, test)
elif scan_type == 'Acunetix Scan':
parser = AcunetixScannerParser(file, test)
elif scan_type == 'Fortify Scan':
parser = FortifyXMLParser(file, test)
elif scan_type == 'SonarQube Scan':
parser = SonarQubeHtmlParser(file, test)
elif scan_type == 'SonarQube Scan detailed':
parser = SonarQubeHtmlParser(file, test, 'detailed')
elif scan_type == SCAN_SONARQUBE_API:
parser = SonarQubeApiImporter(test)
elif scan_type == 'MobSF Scan':
parser = MobSFParser(file, test)
elif scan_type == 'AWS Scout2 Scan':
parser = AWSScout2Parser(file, test)
elif scan_type == 'AWS Prowler Scan':
parser = AWSProwlerParser(file, test)
elif scan_type == 'Brakeman Scan':
parser = BrakemanScanParser(file, test)
elif scan_type == 'SpotBugs Scan':
parser = SpotbugsXMLParser(file, test)
elif scan_type == 'Safety Scan':
parser = SafetyParser(file, test)
elif scan_type == 'DawnScanner Scan':
parser = DawnScannerParser(file, test)
elif scan_type == 'Anchore Engine Scan':
parser = AnchoreEngineScanParser(file, test)
elif scan_type == 'Bundler-Audit Scan':
parser = BundlerAuditParser(file, test)
elif scan_type == 'Twistlock Image Scan':
parser = TwistlockParser(file, test)
elif scan_type == 'IBM AppScan DAST':
parser = IbmAppScanDASTXMLParser(file, test)
elif scan_type == 'Kiuwan Scan':
parser = KiuwanCSVParser(file, test)
elif scan_type == 'Blackduck Hub Scan':
parser = BlackduckHubCSVParser(file, test)
elif scan_type == 'Blackduck Component Risk':
parser = BlackduckHubParser(file, test)
elif scan_type == 'Sonatype Application Scan':
parser = SonatypeJSONParser(file, test)
elif scan_type == 'Openscap Vulnerability Scan':
parser = OpenscapXMLParser(file, test)
elif scan_type == 'Immuniweb Scan':
parser = ImmuniwebXMLParser(file, test)
elif scan_type == 'Wapiti Scan':
parser = WapitiXMLParser(file, test)
elif scan_type == 'Cobalt.io Scan':
parser = CobaltCSVParser(file, test)
elif scan_type == 'Mozilla Observatory Scan':
parser = MozillaObservatoryJSONParser(file, test)
elif scan_type == 'Whitesource Scan':
parser = WhitesourceJSONParser(file, test)
elif scan_type == 'Microfocus Webinspect Scan':
parser = MicrofocusWebinspectXMLParser(file, test)
elif scan_type == 'Wpscan':
parser = WpscanJSONParser(file, test)
elif scan_type == 'Sslscan':
parser = SslscanXMLParser(file, test)
elif scan_type == 'JFrog Xray Scan':
parser = XrayJSONParser(file, test)
elif scan_type == 'Sslyze Scan':
parser = SslyzeXmlParser(file, test)
elif scan_type == 'Testssl Scan':
parser = TestsslCSVParser(file, test)
elif scan_type == 'Hadolint Dockerfile check':
parser = HadolintParser(file, test)
elif scan_type == 'Aqua Scan':
parser = AquaJSONParser(file, test)
elif scan_type == 'HackerOne Cases':
parser = HackerOneJSONParser(file, test)
elif scan_type == 'Xanitizer Scan':
parser = XanitizerXMLParser(file, test)
elif scan_type == 'Trivy Scan':
parser = TrivyParser(file, test)
elif scan_type == 'Outpost24 Scan':
parser = Outpost24Parser(file, test)
elif scan_type == 'DSOP Scan':
parser = DsopParser(file, test)
elif scan_type == 'Anchore Enterprise Policy Check':
parser = AnchoreEnterprisePolicyCheckParser(file, test)
elif scan_type == 'Gitleaks Scan':
parser = GitleaksJSONParser(file, test)
elif scan_type == 'Harbor Vulnerability Scan':
parser = HarborVulnerabilityParser(file, test)
elif scan_type == 'Github Vulnerability Scan':
parser = GithubVulnerabilityParser(file, test)
elif scan_type == 'Choctaw Hog Scan':
parser = ChoctawhogParser(file, test)
elif scan_type == 'GitLab SAST Report':
parser = GitlabSastReportParser(file, test)
elif scan_type == 'Yarn Audit Scan':
parser = YarnAuditParser(file, test)
elif scan_type == 'BugCrowd Scan':
parser = BugCrowdCSVParser(file, test)
elif scan_type == 'HuskyCI Report':
parser = HuskyCIReportParser(file, test)
elif scan_type == 'CCVS Report':
parser = CCVSReportParser(file, test)
else:
raise ValueError('Unknown Test Type')
return parser
def import_parser_factory(file, test, scan_type=None):
if scan_type is None:
scan_type = test.test_type.name
if scan_type == "Burp Scan":
parser = BurpXmlParser(file, test)
elif scan_type == "Nessus Scan":
filename = file.name.lower()
if filename.endswith("csv"):
parser = NessusCSVParser(file, test)
elif filename.endswith("xml") or filename.endswith("nessus"):
parser = NessusXMLParser(file, test)
elif scan_type == "Clair Scan":
parser = ClairParser(file, test)
elif scan_type == "Nmap Scan":
parser = NmapXMLParser(file, test)
elif scan_type == "Nikto Scan":
parser = NiktoXMLParser(file, test)
elif scan_type == "Nexpose Scan":
parser = NexposeFullXmlParser(file, test)
elif scan_type == "Veracode Scan":
parser = VeracodeXMLParser(file, test)
elif scan_type == "Checkmarx Scan":
parser = CheckmarxXMLParser(file, test)
elif scan_type == "Contrast Scan":
parser = ContrastCSVParser(file, test)
elif scan_type == "Crashtest Security Scan":
parser = CrashtestSecurityXmlParser(file, test)
elif scan_type == "Bandit Scan":
parser = BanditParser(file, test)
elif scan_type == "ZAP Scan":
parser = ZapXmlParser(file, test)
elif scan_type == "AppSpider Scan":
parser = AppSpiderXMLParser(file, test)
elif scan_type == "Arachni Scan":
parser = ArachniJSONParser(file, test)
elif scan_type == 'VCG Scan':
parser = VCGParser(file, test)
elif scan_type == 'Dependency Check Scan':
parser = DependencyCheckParser(file, test)
elif scan_type == 'Retire.js Scan':
parser = RetireJsParser(file, test)
elif scan_type == 'Node Security Platform Scan':
parser = NspParser(file, test)
elif scan_type == 'NPM Audit Scan':
parser = NpmAuditParser(file, test)
elif scan_type == 'Generic Findings Import':
parser = GenericFindingUploadCsvParser(file, test)
elif scan_type == 'Qualys Scan':
parser = QualysParser(file, test)
elif scan_type == 'Qualys Webapp Scan':
parser = QualysWebAppParser(file, test)
elif scan_type == "OpenVAS CSV":
parser = OpenVASUploadCsvParser(file, test)
elif scan_type == 'Snyk Scan':
parser = SnykParser(file, test)
elif scan_type == 'SKF Scan':
parser = SKFCsvParser(file, test)
elif scan_type == 'SSL Labs Scan':
parser = SSLlabsParser(file, test)
elif scan_type == 'Trufflehog Scan':
parser = TruffleHogJSONParser(file, test)
elif scan_type == 'Clair Klar Scan':
parser = ClairKlarParser(file, test)
elif scan_type == 'Gosec Scanner':
parser = GosecScannerParser(file, test)
elif scan_type == 'Trustwave Scan (CSV)':
parser = TrustwaveUploadCsvParser(file, test)
elif scan_type == 'Netsparker Scan':
parser = NetsparkerParser(file, test)
elif scan_type == 'PHP Security Audit v2':
parser = PhpSecurityAuditV2(file, test)
elif scan_type == 'Acunetix Scan':
parser = AcunetixScannerParser(file, test)
elif scan_type == 'Fortify Scan':
parser = FortifyXMLParser(file, test)
elif scan_type == 'SonarQube Scan':
parser = SonarQubeHtmlParser(file, test)
elif scan_type == 'MobSF Scan':
parser = MobSFParser(file, test)
elif scan_type == 'AWS Scout2 Scan':
parser = AWSScout2Parser(file, test)
elif scan_type == 'AWS Prowler Scan':
parser = AWSProwlerParser(file, test)
elif scan_type == 'Brakeman Scan':
parser = BrakemanScanParser(file, test)
elif scan_type == 'SpotBugs Scan':
parser = SpotbugsXMLParser(file, test)
elif scan_type == 'Safety Scan':
parser = SafetyParser(file, test)
else:
raise ValueError('Unknown Test Type')
return parser
def test_detailed_parse_file_with_no_vulnerabilities_has_no_findings(self):
my_file_handle, product, engagement, test = self.init("dojo/unittests/scans/checkmarx/no_finding.xml")
self.parser = CheckmarxXMLParser(my_file_handle, test, 'detailed')
self.teardown(my_file_handle)
self.check_parse_file_with_no_vulnerabilities_has_no_findings(self.parser)
