def get_findings(self, filename, test): cxscan = ElementTree.parse(filename) root = cxscan.getroot() dupes = dict() language_list = dict() for query in root.findall('Query'): name, cwe, categories, queryId = self.getQueryElements(query) language = '' findingdetail = '' group = '' find_date = parser.parse(root.get("ScanStart")) if query.get('Language') is not None: language = query.get('Language') if query.get('group') is not None: group = query.get('group').replace('_', ' ') for result in query.findall('Result'): if categories is not None: findingdetail = "{}**Category:** {}\n".format( findingdetail, categories) if language is not None: findingdetail = "{}**Language:** {}\n".format( findingdetail, language) if language not in language_list: language_list[language] = 1 else: language_list[language] = language_list[language] + 1 if group is not None: findingdetail = "{}**Group:** {}\n".format( findingdetail, group) if result.get('Status') is not None: findingdetail = "{}**Status:** {}\n".format( findingdetail, result.get('Status')) deeplink = "[{}]({})".format(result.get('DeepLink'), result.get('DeepLink')) findingdetail = "{}**Finding Link:** {}\n".format( findingdetail, deeplink) if self.mode == 'detailed': self._process_result_detailed(test, dupes, findingdetail, query, result, find_date) else: self._process_result_file_name_aggregated( test, dupes, findingdetail, query, result, find_date) findingdetail = '' for lang in language_list: add_language(test.engagement.product, lang, files=language_list[lang]) return list(dupes.values())
def get_findings(self, filename, test): cxscan = ElementTree.parse(filename) self.test = test root = cxscan.getroot() # Dictonary to hold the aggregated findings with: # - key: the concatenated aggregate keys # - value: the finding dupes = dict() for query in root.findall('Query'): name, cwe, categories = self.getQueryElements(query) language = '' findingdetail = '' group = '' find_date = parser.parse(root.get("ScanStart")) if query.get('Language') is not None: language = query.get('Language') if query.get('group') is not None: group = query.get('group').replace('_', ' ') for result in query.findall('Result'): if categories is not None: findingdetail = "{}**Category:** {}\n".format( findingdetail, categories) if language is not None: findingdetail = "{}**Language:** {}\n".format( findingdetail, language) if language not in self.language_list: self.language_list.append(language) if group is not None: findingdetail = "{}**Group:** {}\n".format( findingdetail, group) if result.get('Status') is not None: findingdetail = "{}**Status:** {}\n".format( findingdetail, result.get('Status')) deeplink = "[{}]({})".format(result.get('DeepLink'), result.get('DeepLink')) findingdetail = "{}**Finding Link:** {}\n\n".format( findingdetail, deeplink) if self.mode == 'detailed': self.process_result_detailed(dupes, findingdetail, query, result, find_date) else: self.process_result_file_name_aggregated( dupes, findingdetail, query, result, find_date) findingdetail = '' for lang in self.language_list: add_language(test.engagement.product, lang) return list(dupes.values())
def __init__(self, filename, test): cxscan = ElementTree.parse(filename) root = cxscan.getroot() dupes = dict() for query in root.findall('Query'): categories = '' language = '' mitigation = 'N/A' impact = 'N/A' references = '' findingdetail = '' title = '' group = '' status = '' self.result_dupes = dict() find_date = parser.parse(root.get("ScanStart")) name = query.get('name') cwe = query.get('cweId') if query.get('categories') is not None: categories = query.get('categories') if query.get('Language') is not None: language = query.get('Language') if query.get('group') is not None: group = query.get('group').replace('_', ' ') for result in query.findall('Result'): if categories is not None: findingdetail = "{}**Category:** {}\n".format(findingdetail, categories) if language is not None: findingdetail = "{}**Language:** {}\n".format(findingdetail, language) if language not in self.language_list: self.language_list.append(language) if group is not None: findingdetail = "{}**Group:** {}\n".format(findingdetail, group) if result.get('Status') is not None: findingdetail = "{}**Status:** {}\n".format(findingdetail, result.get('Status')) deeplink = "[{}]({})".format(result.get('DeepLink'), result.get('DeepLink')) findingdetail = "{}**Finding Link:** {}\n\n".format(findingdetail, deeplink) dupe_key = "{}{}{}{}".format(categories, cwe, name, result.get('FileName')) if dupe_key in dupes: find = dupes[dupe_key] title, description, pathnode = self.get_finding_detail(query, result) "{}\n{}".format(find.description, description) dupes[dupe_key] = find else: dupes[dupe_key] = True sev = result.get('Severity') result.get('FileName') title, description, pathnode = self.get_finding_detail(query, result) find = Finding(title=title, cwe=int(cwe), test=test, active=False, verified=False, description=findingdetail + description, severity=sev, numerical_severity=Finding.get_numerical_severity(sev), mitigation=mitigation, impact=impact, references=references, file_path=pathnode.find('FileName').text, line=pathnode.find('Line').text, url='N/A', date=find_date, static_finding=True) dupes[dupe_key] = find findingdetail = '' for lang in self.language_list: add_language(test.engagement.product, lang) self.items = dupes.values()