def burp_scan_data(self, scan_data):
"""
The function parse the burp result as xml data
and stored into archery database.
:param xml_data:
:return:
"""
global name, origin, confidence, caption, \
type_index, internal_data, \
serial_number, path, severity, \
url, request_type, request_datas, \
response_type, response_datas, was_redirect_followed, issue_description, \
issue_remediation, issue_reference, issue_vulnerability_classifications
for data in scan_data:
for key, value in data['issue'].viewitems():
if key == 'name':
name = value
if key == 'origin':
origin = value
if key == 'confidence':
confidence = value
if key == 'evidence':
# print value
evidence = value
if evidence is None:
print "Evidence not found"
else:
try:
for e in evidence:
for key, value in e.viewitems():
if key == 'request_response':
url = value['url']
was_redirect_followed = value['was_redirect_followed']
for request_data in value['request']:
request_type = request_data['type']
request_datas = base64.b64decode((request_data['data']))
for request_data in value['response']:
response_type = request_data['type']
response_datas = base64.b64decode(request_data['data'])
except Exception as e:
print e
if key == 'caption':
caption = value
if key == 'type_index':
type_index = value
if key == 'internal_data':
internal_data = value
if key == 'serial_number':
serial_number = value
if key == 'path':
path = value
if key == 'severity':
severity = value
all_issue_definitions = burp_issue_definitions.objects.filter(issue_type_id=type_index)
for def_data in all_issue_definitions:
issue_description = def_data.description
issue_remediation = def_data.remediation
issue_vulnerability_classifications = def_data.vulnerability_classifications
issue_reference = def_data.reference
global vul_col
if severity == 'high':
severity = 'High'
vul_col = "important"
elif severity == 'medium':
severity = 'Medium'
vul_col = "warning"
elif severity == 'low':
severity = 'Low'
vul_col = "info"
elif severity == 'info':
severity = 'Info'
vul_col = "info"
else:
vul_col = "info"
vuln_id = uuid.uuid4()
dup_data = name + path + severity
duplicate_hash = hashlib.sha256(dup_data).hexdigest()
match_dup = burp_scan_result_db.objects.filter(
dup_hash=duplicate_hash).values('dup_hash').distinct()
lenth_match = len(match_dup)
if lenth_match == 1:
duplicate_vuln = 'Yes'
elif lenth_match == 0:
duplicate_vuln = 'No'
else:
duplicate_vuln = 'None'
false_p = burp_scan_result_db.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
global false_positive
if fp_lenth_match == 1:
false_positive = 'Yes'
elif lenth_match == 0:
false_positive = 'No'
else:
false_positive = 'No'
try:
data_dump = burp_scan_result_db(
scan_id=self.scan_id,
project_id=self.project_id,
vuln_id=vuln_id,
name=name,
path=path,
severity=severity,
severity_color=vul_col,
confidence=confidence,
false_positive=false_positive,
vuln_status='Open',
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
type_index=type_index,
serial_number=serial_number,
origin=origin,
caption=caption,
request_response_url=url,
request_response_request_type=request_type,
request_response_request_data=request_datas,
request_response_response_type=response_type,
request_response_response_data=response_datas,
was_redirect_followed=was_redirect_followed,
description=issue_description,
remediation=issue_remediation,
reference=issue_reference,
vulnerability_classifications=issue_vulnerability_classifications
)
data_dump.save()
except Exception as e:
print e
burp_all_vul = burp_scan_result_db.objects.filter(scan_id=self.scan_id).values('name', 'severity'
).distinct()
total_vul = len(burp_all_vul)
total_high = len(burp_all_vul.filter(severity="High"))
total_medium = len(burp_all_vul.filter(severity="Medium"))
total_low = len(burp_all_vul.filter(severity="Low"))
total_info = len(burp_all_vul.filter(severity="Info"))
total_duplicate = len(burp_all_vul.filter(vuln_duplicate='Yes'))
burp_scan_db.objects.filter(scan_id=self.scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
info_vul=total_info,
total_dup=total_duplicate
)
try:
email_notification.email_notify()
except Exception as e:
print e
HttpResponse(status=201)
def burp_scan_data(root, project_id, scan_id):
"""
The function parse the burp result as xml data
and stored into archery database.
:param xml_data:
:return:
"""
global vuln_id, burp_status, vul_col, \
issue_description, \
issue_remediation, \
issue_reference, \
issue_vulnerability_classifications
for issue in root:
for data in issue.getchildren():
vuln_id = uuid.uuid4()
if data.tag == "serialNumber":
global serialNumber
if data.text is None:
serialNumber = "NA"
else:
serialNumber = data.text
if data.tag == "type":
global types
if data.text is None:
types = "NA"
else:
types = data.text
if data.tag == "name":
global name
if data.text is None:
name = "NA"
else:
name = data.text
if data.tag == "host":
global host
if data.text is None:
host = "NA"
else:
host = data.text
if data.tag == "path":
global path
if data.text is None:
path = "NA"
else:
path = data.text
if data.tag == "location":
global location
if data.text is None:
location = "NA"
else:
location = data.text
if data.tag == "severity":
global severity
if data.text is None:
severity = "NA"
else:
severity = data.text
if data.tag == "confidence":
global confidence
if data.text is None:
confidence = "NA"
else:
confidence = data.text
if data.tag == "requestresponse":
global requestresponse
if data.text is None:
requestresponse = "NA"
else:
requestresponse = data.text
for d in data:
req = d.tag
met = d.attrib
if req == "request":
global request_datas
reqst = d.text
request_datas = base64.b64decode(reqst) # reqst
if req == "response":
global response_datas
res_dat = d.text
response_datas = base64.b64decode(res_dat) # res_dat
for key, items in met.items():
global methods
if key == "method":
methods = items
if data.tag == "issueBackground":
global issue_description
if data.text is None:
issue_description = "NA"
else:
issue_description = data.text
if data.tag == "remediationBackground":
global issue_remediation
if data.text is None:
issue_remediation = "NA"
else:
issue_remediation = data.text
if data.tag == "references":
global issue_reference
if data.text is None:
issue_reference = "NA"
else:
issue_reference = data.text
if data.tag == "vulnerabilityClassifications":
global issue_vulnerability_classifications
if data.text is None:
issue_vulnerability_classifications = "NA"
else:
issue_vulnerability_classifications = data.text
global vul_col
if severity == 'High':
vul_col = "danger"
elif severity == 'Medium':
vul_col = "warning"
elif severity == 'Low':
vul_col = "info"
else:
vul_col = "info"
vuln_id = uuid.uuid4()
dup_data = name + path + severity
duplicate_hash = hashlib.sha256(dup_data.encode('utf-8')).hexdigest()
match_dup = burp_scan_result_db.objects.filter(
dup_hash=duplicate_hash).values('dup_hash').distinct()
lenth_match = len(match_dup)
if lenth_match == 1:
duplicate_vuln = 'Yes'
elif lenth_match == 0:
duplicate_vuln = 'No'
else:
duplicate_vuln = 'None'
false_p = burp_scan_result_db.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
global false_positive
if fp_lenth_match == 1:
false_positive = 'Yes'
elif lenth_match == 0:
false_positive = 'No'
else:
false_positive = 'No'
url = host + location
# all_issue_definitions = burp_issue_definitions.objects.filter(issue_type_id=types)
# for def_data in all_issue_definitions:
# issue_description = def_data.description
# issue_remediation = def_data.remediation
# issue_vulnerability_classifications = def_data.vulnerability_classifications
# issue_reference = def_data.reference
try:
data_dump = burp_scan_result_db(
scan_id=scan_id,
project_id=project_id,
vuln_id=vuln_id,
name=name,
path=path,
severity=severity,
severity_color=vul_col,
confidence=confidence,
false_positive=false_positive,
vuln_status='Open',
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
type_index=types,
serial_number=serialNumber,
origin=host,
request_response_url=url,
request_response_request_data=request_datas,
request_response_response_data=response_datas,
description=issue_description,
remediation=issue_remediation,
reference=issue_reference,
vulnerability_classifications=issue_vulnerability_classifications
)
data_dump.save()
except Exception as e:
print(e)
burp_all_vul = burp_scan_result_db.objects.filter(scan_id=scan_id).values('name', 'severity'
).distinct()
total_vul = len(burp_all_vul)
total_high = len(burp_all_vul.filter(severity="High"))
total_medium = len(burp_all_vul.filter(severity="Medium"))
total_low = len(burp_all_vul.filter(severity="Low"))
total_info = len(burp_all_vul.filter(severity="Information"))
total_duplicate = len(burp_all_vul.filter(vuln_duplicate='Yes'))
burp_scan_db.objects.filter(scan_id=scan_id).update(
url=host,
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
info_vul=total_info,
total_dup=total_duplicate
)
try:
email_notification.email_notify()
except Exception as e:
print(e)
HttpResponse(status=201)
def burp_scan_data(self, xml_data):
"""
The function parse the burp result as xml data
and stored into archery database.
:param xml_data:
:return:
"""
global vuln_id, burp_status, vul_col
for issue in xml_data:
for data in issue.getchildren():
vuln_id = uuid.uuid4()
if data.tag == "serialNumber":
global serialNumber
if data.text is None:
serialNumber = "NA"
else:
serialNumber = data.text
if data.tag == "type":
global types
if data.text is None:
types = "NA"
else:
types = data.text
if data.tag == "name":
global name
if data.text is None:
name = "NA"
else:
name = data.text
if data.tag == "host":
global host
if data.text is None:
host = "NA"
else:
host = data.text
if data.tag == "path":
global path
if data.text is None:
path = "NA"
else:
path = data.text
if data.tag == "location":
global location
if data.text is None:
location = "NA"
else:
location = data.text
if data.tag == "severity":
global severity
if data.text is None:
severity = "NA"
else:
severity = data.text
if data.tag == "confidence":
global confidence
if data.text is None:
confidence = "NA"
else:
confidence = data.text
if data.tag == "issueBackground":
global issueBackground
if data.text is None:
issueBackground = "NA"
else:
issueBackground = data.text
if data.tag == "remediationBackground":
global remediationBackground
if data.text is None:
remediationBackground = "NA"
else:
remediationBackground = data.text
if data.tag == "references":
global references
if data.text is None:
references = "NA"
else:
references = data.text
if data.tag == "vulnerabilityClassifications":
global vulnerabilityClassifications
if data.text is None:
vulnerabilityClassifications = "NA"
else:
vulnerabilityClassifications = data.text
if data.tag == "issueDetail":
global issueDetail
if data.text is None:
issueDetail = "NA"
else:
issueDetail = data.text
if data.tag == "requestresponse":
global requestresponse
if data.text is None:
requestresponse = "NA"
else:
requestresponse = data.text
for d in data:
req = d.tag
met = d.attrib
if req == "request":
global dec_req
reqst = d.text
dec_req = base64.b64decode(reqst) # reqst
if req == "response":
global dec_res
res_dat = d.text
dec_res = base64.b64decode(res_dat) # res_dat
for key, items in met.iteritems():
global methods
if key == "method":
methods = items
global vul_col
if severity == 'High':
vul_col = "important"
elif severity == 'Medium':
vul_col = "warning"
elif severity == 'Low':
vul_col = "info"
else:
vul_col = "info"
try:
data_dump = burp_scan_result_db(
scan_id=self.scan_id,
types=types,
method=methods,
scan_request=dec_req,
scan_response=dec_res,
project_id=self.project_id,
vuln_id=vuln_id,
serialNumber=serialNumber,
name=name,
host=host,
path=path,
location=location,
severity=severity,
severity_color=vul_col,
confidence=confidence,
issueBackground=issueBackground,
remediationBackground=remediationBackground,
references=references,
vulnerabilityClassifications=vulnerabilityClassifications,
issueDetail=issueDetail,
requestresponse=requestresponse,
false_positive='No')
data_dump.save()
except Exception as e:
print e
burp_all_vul = burp_scan_result_db.objects.filter(scan_id=self.scan_id)
total_vul = len(burp_all_vul)
total_high = len(burp_all_vul.filter(severity="High"))
total_medium = len(burp_all_vul.filter(severity="Medium"))
total_low = len(burp_all_vul.filter(severity="Low"))
total_info = len(burp_all_vul.filter(severity="Information"))
burp_scan_db.objects.filter(scan_id=self.scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low)
try:
email_notification.email_notify()
except Exception as e:
print e
HttpResponse(status=201)
def burp_scan_data(root, project_id, scan_id):
date_time = datetime.now()
"""
The function parse the burp result as xml data
and stored into archery database.
:param xml_data:
:return:
"""
global vuln_id, burp_status, vul_col, issue_description, issue_remediation, issue_reference, issue_vulnerability_classifications, vul_col, severity, name, path, host, location, confidence, types, serialNumber, request_datas, response_datas, url
for issue in root:
for data in issue:
vuln_id = uuid.uuid4()
if data.tag == "name":
global name
if data.text is None:
name = "NA"
else:
name = data.text
if data.tag == "host":
global host
if data.text is None:
host = "NA"
else:
host = data.text
if data.tag == "path":
global path
if data.text is None:
path = "NA"
else:
path = data.text
if data.tag == "location":
global location
if data.text is None:
location = "NA"
else:
location = data.text
if data.tag == "severity":
global severity
if data.text is None:
severity = "NA"
else:
severity = data.text
if data.tag == "requestresponse":
global requestresponse
if data.text is None:
requestresponse = "NA"
else:
requestresponse = data.text
for d in data:
req = d.tag
met = d.attrib
if req == "request":
global request_datas
reqst = d.text
request_datas = base64.b64decode(reqst) # reqst
if req == "response":
global response_datas
res_dat = d.text
response_datas = base64.b64decode(res_dat) # res_dat
for key, items in met.items():
global methods
if key == "method":
methods = items
if data.tag == "issueBackground":
global issue_description
if data.text is None:
issue_description = "NA"
else:
issue_description = data.text
if data.tag == "remediationBackground":
global issue_remediation
if data.text is None:
issue_remediation = "NA"
else:
issue_remediation = data.text
if data.tag == "references":
global issue_reference
if data.text is None:
issue_reference = "NA"
else:
issue_reference = data.text
if data.tag == "vulnerabilityClassifications":
global issue_vulnerability_classifications
if data.text is None:
issue_vulnerability_classifications = "NA"
else:
issue_vulnerability_classifications = data.text
details = (
str(issue_description)
+ str("\n")
+ str(request_datas)
+ str("\n\n")
+ str(response_datas)
+ str("\n\n")
+ str("\n\n")
+ str(issue_description)
+ str("\n\n")
+ str(issue_vulnerability_classifications)
)
if severity == "High":
vul_col = "danger"
elif severity == "Medium":
vul_col = "warning"
elif severity == "Low":
vul_col = "info"
else:
severity = "Low"
vul_col = "info"
vuln_id = uuid.uuid4()
dup_data = name + host + location + details + severity
duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest()
match_dup = (
WebScanResultsDb.objects.filter(dup_hash=duplicate_hash, scanner="Burp")
.values("dup_hash")
.distinct()
)
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = WebScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash, scanner="Burp"
)
fp_lenth_match = len(false_p)
global false_positive
if fp_lenth_match == 1:
false_positive = "Yes"
elif lenth_match == 0:
false_positive = "No"
else:
false_positive = "No"
url = host + location
try:
data_dump = WebScanResultsDb(
scan_id=scan_id,
vuln_id=vuln_id,
url=url,
title=name,
solution=issue_remediation,
description=details,
reference=issue_reference,
project_id=project_id,
severity_color=vul_col,
severity=severity,
date_time=date_time,
false_positive=false_positive,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
scanner="Burp",
)
data_dump.save()
except Exception as e:
print(e)
else:
duplicate_vuln = "Yes"
try:
data_dump = WebScanResultsDb(
scan_id=scan_id,
vuln_id=vuln_id,
url=url,
title=name,
solution=issue_remediation,
description=issue_description,
reference=issue_reference,
project_id=project_id,
severity_color=vul_col,
severity=severity,
date_time=date_time,
false_positive="Duplicate",
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
scanner="Burp",
)
data_dump.save()
except Exception as e:
print(e)
burp_all_vul = WebScanResultsDb.objects.filter(
scan_id=scan_id, scanner="Burp", false_positive="No"
)
duplicate_count = WebScanResultsDb.objects.filter(
scan_id=scan_id, scanner="Burp", vuln_duplicate="Yes"
)
total_vul = len(burp_all_vul)
total_high = len(burp_all_vul.filter(severity="High"))
total_medium = len(burp_all_vul.filter(severity="Medium"))
total_low = len(burp_all_vul.filter(severity="Low"))
total_info = len(burp_all_vul.filter(severity="Information"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
WebScansDb.objects.filter(scan_id=scan_id, scanner="Burp").update(
scan_url=host,
date_time=date_time,
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
info_vul=total_info,
total_dup=total_duplicate,
)
print(host)
trend_update()
subject = "Archery Tool Scan Status - Burp Report Uploaded"
message = (
"Burp Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s" % (host, total_vul, total_high, total_medium, total_low)
)
email_sch_notify(subject=subject, message=message)
try:
email_notification.email_notify()
except Exception as e:
print(e)
HttpResponse(status=201)
def burp_scan_data(self, scan_data):
"""
The function parse the burp result as xml data
and stored into archery database.
:param xml_data:
:return:
"""
severity = ""
type_index = ""
name = ""
path = ""
issue_description = ""
request_datas = ""
response_datas = ""
issue_vulnerability_classifications = ""
url = ""
issue_remediation = ""
issue_reference = ""
for data in scan_data:
for key, value in data["issue"].items():
if key == "name":
name = value
if key == "origin":
origin = value
if key == "confidence":
confidence = value
if key == "evidence":
evidence = value
if evidence is None:
print("Evidence not found")
else:
try:
for e in evidence:
for key, value in e.items():
if key == "request_response":
url = value["url"]
was_redirect_followed = value[
"was_redirect_followed"]
for request_data in value["request"]:
request_type = request_data["type"]
request_datas = base64.b64decode(
(request_data["data"]))
for request_data in value["response"]:
response_type = request_data[
"type"]
response_datas = base64.b64decode(
request_data["data"])
except Exception as e:
print(e)
if key == "caption":
caption = value
if key == "type_index":
type_index = value
if key == "internal_data":
internal_data = value
if key == "serial_number":
serial_number = value
if key == "path":
path = value
if key == "severity":
severity = value
all_issue_definitions = burp_issue_definitions.objects.filter(
issue_type_id=type_index)
for def_data in all_issue_definitions:
issue_description = def_data.description
issue_remediation = def_data.remediation
issue_vulnerability_classifications = (
def_data.vulnerability_classifications)
issue_reference = def_data.reference
vul_col = ""
if severity == "high":
severity = "High"
vul_col = "danger"
elif severity == "medium":
severity = "Medium"
vul_col = "warning"
elif severity == "low":
severity = "Low"
vul_col = "info"
elif severity == "info":
severity = "Info"
vul_col = "info"
else:
vul_col = "info"
vuln_id = uuid.uuid4()
dup_data = name + path + severity
duplicate_hash = hashlib.sha256(
dup_data.encode("utf-8")).hexdigest()
match_dup = (WebScanResultsDb.objects.filter(
dup_hash=duplicate_hash).values("dup_hash").distinct())
lenth_match = len(match_dup)
if lenth_match == 1:
duplicate_vuln = "Yes"
elif lenth_match == 0:
duplicate_vuln = "No"
else:
duplicate_vuln = "None"
false_p = WebScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
details = (str(issue_description) + str("\n") +
str(request_datas) + str("\n\n") + str(response_datas) +
str("\n\n") + str(issue_vulnerability_classifications))
global false_positive
if fp_lenth_match == 1:
false_positive = "Yes"
elif lenth_match == 0:
false_positive = "No"
else:
false_positive = "No"
date_time = datetime.now()
try:
data_dump = WebScanResultsDb(
scan_id=self.scan_id,
vuln_id=vuln_id,
url=url,
title=name,
solution=issue_remediation,
description=details,
reference=issue_reference,
project_id=self.project_id,
severity_color=vul_col,
severity=severity,
date_time=date_time,
false_positive=false_positive,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
scanner="Burp",
)
data_dump.save()
except Exception as e:
print(e)
burp_all_vul = (WebScanResultsDb.objects.filter(
scan_id=self.scan_id).values("title", "severity").distinct())
total_vul = len(burp_all_vul)
total_high = len(burp_all_vul.filter(severity="High"))
total_medium = len(burp_all_vul.filter(severity="Medium"))
total_low = len(burp_all_vul.filter(severity="Low"))
total_info = len(burp_all_vul.filter(severity="Info"))
total_duplicate = len(burp_all_vul.filter(vuln_duplicate="Yes"))
WebScansDb.objects.filter(scan_id=self.scan_id, scanner="Burp").update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
info_vul=total_info,
total_dup=total_duplicate,
)
try:
email_notification.email_notify()
except Exception as e:
print(e)
HttpResponse(status=201)
def burp_scan_data(self, xml_data):
"""
The function parse the burp result as xml data
and stored into archery database.
:param xml_data:
:return:
"""
global vuln_id, burp_status, vul_col
for issue in xml_data:
for data in issue.getchildren():
vuln_id = uuid.uuid4()
if data.tag == "serialNumber":
global serialNumber
if data.text is None:
serialNumber = "NA"
else:
serialNumber = data.text
if data.tag == "type":
global types
if data.text is None:
types = "NA"
else:
types = data.text
if data.tag == "name":
global name
if data.text is None:
name = "NA"
else:
name = data.text
if data.tag == "host":
global host
if data.text is None:
host = "NA"
else:
host = data.text
if data.tag == "path":
global path
if data.text is None:
path = "NA"
else:
path = data.text
if data.tag == "location":
global location
if data.text is None:
location = "NA"
else:
location = data.text
if data.tag == "severity":
global severity
if data.text is None:
severity = "NA"
else:
severity = data.text
if data.tag == "confidence":
global confidence
if data.text is None:
confidence = "NA"
else:
confidence = data.text
if data.tag == "issueBackground":
global issueBackground
if data.text is None:
issueBackground = "NA"
else:
issueBackground = data.text
if data.tag == "remediationBackground":
global remediationBackground
if data.text is None:
remediationBackground = "NA"
else:
remediationBackground = data.text
if data.tag == "references":
global references
if data.text is None:
references = "NA"
else:
references = data.text
if data.tag == "vulnerabilityClassifications":
global vulnerabilityClassifications
if data.text is None:
vulnerabilityClassifications = "NA"
else:
vulnerabilityClassifications = data.text
if data.tag == "issueDetail":
global issueDetail
if data.text is None:
issueDetail = "NA"
else:
issueDetail = data.text
if data.tag == "requestresponse":
global requestresponse
if data.text is None:
requestresponse = "NA"
else:
requestresponse = data.text
for d in data:
req = d.tag
met = d.attrib
if req == "request":
global dec_req
reqst = d.text
dec_req = base64.b64decode(reqst) # reqst
if req == "response":
global dec_res
res_dat = d.text
dec_res = base64.b64decode(res_dat) # res_dat
for key, items in met.iteritems():
global methods
if key == "method":
methods = items
global vul_col
if severity == 'High':
vul_col = "important"
elif severity == 'Medium':
vul_col = "warning"
elif severity == 'Low':
vul_col = "info"
else:
vul_col = "info"
try:
data_dump = burp_scan_result_db(
scan_id=self.scan_id,
types=types, method=methods,
scan_request=dec_req,
scan_response=dec_res,
project_id=self.project_id,
vuln_id=vuln_id,
serialNumber=serialNumber,
name=name,
host=host,
path=path,
location=location,
severity=severity,
severity_color=vul_col,
confidence=confidence,
issueBackground=issueBackground,
remediationBackground=remediationBackground,
references=references,
vulnerabilityClassifications=vulnerabilityClassifications,
issueDetail=issueDetail,
requestresponse=requestresponse,
false_positive='No')
data_dump.save()
except Exception as e:
print e
burp_all_vul = burp_scan_result_db.objects.filter(scan_id=self.scan_id)
total_vul = len(burp_all_vul)
total_high = len(burp_all_vul.filter(severity="High"))
total_medium = len(burp_all_vul.filter(severity="Medium"))
total_low = len(burp_all_vul.filter(severity="Low"))
total_info = len(burp_all_vul.filter(severity="Information"))
burp_scan_db.objects.filter(scan_id=self.scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low)
try:
email_notification.email_notify()
except Exception as e:
print e
HttpResponse(status=201)