def bandit_report_json(data, project_id, scan_id):
"""
:param data:
:param project_id:
:param scan_id:
:return:
"""
global vul_col, issue_severity, test_name, filename, line_number, code, issue_confidence, line_range, test_id, issue_text, more_info, total_vul, total_high, total_medium, total_low
for key, items in data.items():
if key == "results":
for res in items:
for key, value in res.items():
if key == "line_number":
global line_number
if value is None:
line_number = "NA"
else:
line_number = value
if key == "code":
global code
if value is None:
code = "NA"
else:
code = value
if key == "issue_confidence":
global issue_confidence
if value is None:
issue_confidence = "NA"
else:
issue_confidence = value
if key == "line_range":
global line_range
if value is None:
line_range = "NA"
else:
line_range = value
if key == "test_id":
global test_id
if value is None:
test_id = "NA"
else:
test_id = value
if key == "issue_severity":
global issue_severity
if value is None:
issue_severity = "NA"
else:
issue_severity = value
if key == "issue_text":
global issue_text
if value is None:
issue_text = "NA"
else:
issue_text = value
if key == "test_name":
global test_name
if value is None:
test_name = "NA"
else:
test_name = value
if key == "filename":
global filename
if value is None:
filename = "NA"
else:
filename = value
if key == "more_info":
global more_info
if value is None:
more_info = "NA"
else:
more_info = value
date_time = datetime.now()
vul_id = uuid.uuid4()
if issue_severity == "HIGH":
vul_col = "danger"
issue_severity = "High"
elif issue_severity == "MEDIUM":
vul_col = "warning"
issue_severity = "Medium"
elif issue_severity == "LOW":
vul_col = "info"
issue_severity = "Low"
dup_data = test_name + filename + issue_severity
duplicate_hash = hashlib.sha256(
dup_data.encode("utf-8")).hexdigest()
match_dup = (StaticScanResultsDb.objects.filter(
dup_hash=duplicate_hash).values("dup_hash").distinct())
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
save_all = StaticScanResultsDb(
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
vuln_id=vul_id,
severity=issue_severity,
title=test_name,
fileName=filename,
description=str(issue_text) + "\n\n" + str(code) +
"\n\n" + str(line_range),
references=more_info,
severity_color=vul_col,
false_positive=false_positive,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
scanner="Bandit",
)
save_all.save()
else:
duplicate_vuln = "Yes"
save_all = StaticScanResultsDb(
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
vuln_id=vul_id,
severity=issue_severity,
title=test_name,
fileName=filename,
description=str(issue_text) + "\n\n" + str(code) +
"\n\n" + str(line_range),
references=more_info,
severity_color=vul_col,
false_positive="Duplicate",
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
scanner="Bandit",
)
save_all.save()
all_bandit_data = StaticScanResultsDb.objects.filter(
scan_id=scan_id, false_positive="No")
duplicate_count = StaticScanResultsDb.objects.filter(
scan_id=scan_id, vuln_duplicate="Yes")
total_vul = len(all_bandit_data)
total_high = len(all_bandit_data.filter(severity="High"))
total_medium = len(all_bandit_data.filter(severity="Medium"))
total_low = len(all_bandit_data.filter(severity="Low"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
StaticScansDb.objects.filter(scan_id=scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
)
trend_update()
subject = "Archery Tool Scan Status - Bandit Report Uploaded"
message = ("Bandit Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s" %
(scan_id, total_vul, total_high, total_medium, total_low))
email_sch_notify(subject=subject, message=message)
def xml_parser(self):
"""
:param root:
:param project_id:
:param scan_id:
:return:
"""
date_time = datetime.now()
global name, classname, risk, ShortMessage, LongMessage, sourcepath, vul_col, ShortDescription, Details, lenth_match, duplicate_hash, vul_id, total_vul, total_high, total_medium, total_low, details, message
for bug in self.root:
if bug.tag == "BugInstance":
name = bug.attrib["type"]
priority = bug.attrib["priority"]
for BugInstance in bug:
if BugInstance.tag == "ShortMessage":
global ShortMessage
ShortMessage = BugInstance.text
if BugInstance.tag == "LongMessage":
global LongMessage
LongMessage = BugInstance.text
if BugInstance.tag == "Class":
global classname
try:
classname = BugInstance.attrib["classname"]
except:
classname = 'na'
if BugInstance.tag == "SourceLine":
global sourcepath, sourcefile
try:
sourcepath = BugInstance.attrib["sourcepath"]
except:
sourcepath = 'NA'
try:
sourcefile = BugInstance.attrib["sourcefile"]
except:
sourcefile = 'NA'
for data in bug:
for message_data in data:
if message_data.tag == 'Message':
message = message_data.text
if priority == "1":
risk = "High"
vul_col = "danger"
elif priority == "2":
risk = "Medium"
vul_col = "warning"
elif priority == "3":
risk = "Low"
vul_col = "info"
vul_id = uuid.uuid4()
dup_data = str(ShortMessage) + str(message) + str(
sourcepath) + str(risk)
duplicate_hash = hashlib.sha256(
dup_data.encode("utf-8")).hexdigest()
match_dup = StaticScanResultsDb.objects.filter(
dup_hash=duplicate_hash).values("dup_hash")
lenth_match = len(match_dup)
details = self.find_bug_pattern(name)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
date_time=date_time,
scan_id=self.scan_id,
project_id=self.project_id,
title=str(ShortMessage),
severity=risk,
description="<b>Finding Path & Line:</b> %s" %
str(message) + "<br><br>"
"<b>Finding Classes:</b> %s" % str(classname) +
"<br><br>"
"<b>Finding Source Path</b>: %s" % str(sourcepath) +
"<br><br>" + str(ShortMessage) + "<br><br>" +
str(LongMessage) + "<br><br>" + str(details),
# + "\n\n"
# + str(classname),
fileName=str(message),
severity_color=vul_col,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive=false_positive,
scanner="Findbugs",
)
save_all.save()
else:
duplicate_vuln = "Yes"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
date_time=date_time,
scan_id=self.scan_id,
project_id=self.project_id,
title=str(ShortMessage),
severity=risk,
description="<b>Finding Path & Line:</b> %s" %
str(message) + "<br><br>"
"<b>Finding Classes:</b> %s" % str(classname) +
"<br><br>"
"<b>Finding Source Path</b>: %s" % str(sourcepath) +
"<br><br>" + str(ShortMessage) + "<br><br>" +
str(LongMessage) + "<br><br>" + str(details),
# + "\n\n"
# + str(classname),
fileName=str(message),
severity_color=vul_col,
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive="Duplicate",
scanner="Findbugs",
)
save_all.save()
# if bug.tag == "BugPattern":
# for BugPattern in bug:
# name = bug.attrib["type"]
# if BugPattern.tag == "ShortDescription":
# ShortDescription = BugPattern.text
# if BugPattern.tag == "Details":
# global Details
# Details = BugPattern.text
# print(Details)
# StaticScanResultsDb.objects.filter(vuln_id=vul_id, title=name).update(
# description=str(Details)
# + "\n\n"
# + str(ShortMessage)
# + "\n\n"
# + str(LongMessage)
# + "\n\n"
# + str(classname),
# )
all_findbugs_data = StaticScanResultsDb.objects.filter(
scan_id=self.scan_id, false_positive="No")
duplicate_count = StaticScanResultsDb.objects.filter(
scan_id=self.scan_id, vuln_duplicate="Yes")
total_vul = len(all_findbugs_data)
total_high = len(all_findbugs_data.filter(severity="High"))
total_medium = len(all_findbugs_data.filter(severity="Medium"))
total_low = len(all_findbugs_data.filter(severity="Low"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
StaticScansDb.objects.filter(scan_id=self.scan_id).update(
total_vul=total_vul,
date_time=date_time,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
scanner="Findbugs",
)
trend_update()
subject = "Archery Tool Scan Status - Findbugs Report Uploaded"
message = (
"Findbugs Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s" %
(self.scan_id, total_vul, total_high, total_medium, total_low))
email_sch_notify(subject=subject, message=message)
def npmaudit_report_json(data, project_id, scan_id):
"""
:param data:
:param project_id:
:param scan_id:
:return:
"""
date_time = datetime.now()
global vul_col
for vuln in data["advisories"]:
title = data["advisories"][vuln]["title"]
found_by = data["advisories"][vuln]["found_by"]
reported_by = data["advisories"][vuln]["reported_by"]
module_name = data["advisories"][vuln]["module_name"]
cves = data["advisories"][vuln]["cves"]
vulnerable_versions = data["advisories"][vuln]["vulnerable_versions"]
patched_versions = data["advisories"][vuln]["patched_versions"]
overview = data["advisories"][vuln]["overview"]
recommendation = data["advisories"][vuln]["recommendation"]
references = data["advisories"][vuln]["references"]
access = data["advisories"][vuln]["access"]
severity = data["advisories"][vuln]["severity"]
cwe = data["advisories"][vuln]["cwe"]
metadata = data["advisories"][vuln]["metadata"]
url = data["advisories"][vuln]["url"]
findings = data["advisories"][vuln]["findings"]
vuln_versions = {}
for find in findings:
vuln_versions[find["version"]] = [find["paths"]]
if not title:
title = "not found"
if not found_by:
found_by = "not found"
if not reported_by:
reported_by = "not found"
if not module_name:
module_name = "not found"
if not cves:
cves = "not found"
if not vulnerable_versions:
vulnerable_versions = "not found"
if not patched_versions:
patched_versions = "not found"
if not recommendation:
recommendation = "not found"
if not overview:
overview = "not found"
if not references:
references = "not found"
if not access:
access = "not found"
if not severity:
severity = "not found"
if not cwe:
cwe = "not found"
if not url:
url = "not found"
if severity == "critical":
severity = "High"
vul_col = "danger"
if severity == "high":
severity = "High"
vul_col = "danger"
elif severity == "moderate":
severity = "Medium"
vul_col = "warning"
elif severity == "low":
severity = "Low"
vul_col = "info"
elif severity == "info":
severity = "Low"
vul_col = "info"
vul_id = uuid.uuid4()
dup_data = str(title) + str(severity) + str(module_name)
duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest()
match_dup = StaticScanResultsDb.objects.filter(
dup_hash=duplicate_hash).values("dup_hash")
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
date_time=date_time,
scan_id=scan_id,
project_id=project_id,
severity_color=vul_col,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive=false_positive,
title=title,
description=str(overview) + "\n\n" + str(vuln_versions) +
"\n\n" + str(reported_by) + "\n\n" + str(module_name) +
"\n\n" + str(cves) + "\n\n" + str(vuln_versions) + "\n\n" +
str(patched_versions),
solution=recommendation,
references=references,
severity=severity,
scanner="Npmaudit",
)
save_all.save()
else:
duplicate_vuln = "Yes"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
date_time=date_time,
scan_id=scan_id,
project_id=project_id,
severity_color=vul_col,
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive="Duplicate",
title=title,
description=str(overview) + "\n\n" + str(vuln_versions) +
"\n\n" + str(reported_by) + "\n\n" + str(module_name) +
"\n\n" + str(cves) + "\n\n" + str(vuln_versions) + "\n\n" +
str(patched_versions),
solution=recommendation,
references=references,
severity=severity,
scanner="Npmaudit",
)
save_all.save()
all_findbugs_data = StaticScanResultsDb.objects.filter(scan_id=scan_id,
false_positive="No")
duplicate_count = StaticScanResultsDb.objects.filter(scan_id=scan_id,
vuln_duplicate="Yes")
total_vul = len(all_findbugs_data)
total_high = len(all_findbugs_data.filter(severity="High"))
total_medium = len(all_findbugs_data.filter(severity="Medium"))
total_low = len(all_findbugs_data.filter(severity="Low"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
StaticScansDb.objects.filter(scan_id=scan_id).update(
total_vul=total_vul,
date_time=date_time,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
scanner="Npmaudit",
)
trend_update()
subject = "Archery Tool Scan Status - Npmaudit Report Uploaded"
message = ("Npmaudit Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s" %
("npm-audit", total_vul, total_high, total_medium, total_low))
email_sch_notify(subject=subject, message=message)
def retirejs_report_json(data, project_id, scan_id):
"""
:param data:
:param project_id:
:param scan_id:
:return:
"""
date_time = datetime.now()
global component, files, severity
for f in data:
files = f["file"]
for components in data:
component = components["results"][0]["component"]
for versions in data:
global version
version = versions["results"][0]["version"]
for vuln in data:
global identifires
identifires = vuln["results"][0]["vulnerabilities"][0][
"identifiers"]
for key, value in identifires.items():
if key == "CVE":
for cve_v in value:
global cve
cve = cve_v
if key == "issue":
global issue
issue = value
if key == "bug":
global bug
bug = value
if key == "summary":
global summary
summary = value
for infos in data:
global info
info = infos["results"][0]["vulnerabilities"][0]["info"]
for severities in data:
global severity
severity = severities["results"][0]["vulnerabilities"][0][
"severity"]
date_time = datetime.now()
vul_id = uuid.uuid4()
global vul_col
if severity == "HIGH":
vul_col = "danger"
elif severity == "MEDIUM":
vul_col = "warning"
elif severity == "LOW":
vul_col = "info"
dup_data = files + component + severity
duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest()
match_dup = (StaticScanResultsDb.objects.filter(
dup_hash=duplicate_hash).values("dup_hash").distinct())
lenth_match = len(match_dup)
if lenth_match == 1:
duplicate_vuln = "Yes"
elif lenth_match == 0:
duplicate_vuln = "No"
else:
duplicate_vuln = "None"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
save_all = StaticScanResultsDb(
scan_id=scan_id,
date_time=date_time,
scan_date=date_time,
project_id=project_id,
vuln_id=vul_id,
fileName=files,
# component=component,
# CVE=cve,
title=issue,
# bug=bug,
description=summary,
# info=info,
severity=severity,
# false_positive=false_positive,
vuln_status="Open",
# dup_hash=duplicate_hash,
# vuln_duplicate=duplicate_vuln,
# version=version,
scanner="Retirejs",
)
save_all.save()
trend_update()
def twistlock_report_json(data, project_id, scan_id):
"""
:param data:
:param project_id:
:param scan_id:
:return:
"""
"""
{
"results": [
{
"id": "sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"distro": "Debian GNU/Linux 9 (stretch)",
"compliances": [
{
"title": "Sensitive information provided in environment variables",
"severity": "high",
"cause": "The environment variables DD_CELERY_BROKER_PASSWORD,DD_DATABASE_PASSWORD,DD_SECRET_KEY contain sensitive data"
}
],
"complianceDistribution": {
"critical": 0,
"high": 1,
"medium": 0,
"low": 0,
"total": 1
},
"vulnerabilities": [
{
"id": "CVE-2013-7459",
"cvss": 9.8,
"vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"description": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.",
"severity": "critical",
"packageName": "pycrypto",
"packageVersion": "2.6.1",
"link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7459",
"riskFactors": {
"Attack complexity: low": {},
"Attack vector: network": {},
"Critical severity": {},
"Remote execution": {}
}
}
],
"vulnerabilityDistribution": {
"critical": 1,
"high": 0,
"medium": 0,
"low": 0,
"total": 1
}
}
]
}
"""
global false_positive
date_time = datetime.now()
vul_col = ""
# Parser for above json data
vuln = data["results"][0]["vulnerabilities"]
for vuln_data in vuln:
try:
name = vuln_data["id"]
except Exception as e:
name = "Not Found"
try:
cvss = vuln_data["cvss"]
except Exception as e:
cvss = "Not Found"
try:
vector = vuln_data["vector"]
except Exception as e:
vector = "Not Found"
try:
description = vuln_data["description"]
except Exception as e:
description = "Not Found"
try:
severity = vuln_data["severity"]
if severity == "critical":
severity = "High"
except Exception as e:
severity = "Not Found"
try:
packageName = vuln_data["packageName"]
except Exception as e:
packageName = "Not Found"
try:
packageVersion = vuln_data["packageVersion"]
except Exception as e:
packageVersion = "Not Found"
try:
link = vuln_data["link"]
except Exception as e:
link = "Not Found"
if severity == "Critical":
severity = "High"
vul_col = "danger"
if severity == "High":
vul_col = "danger"
elif severity == "Medium":
vul_col = "warning"
elif severity == "Low":
vul_col = "info"
elif severity == "Unknown":
severity = "Low"
vul_col = "info"
elif severity == "Everything else":
severity = "Low"
vul_col = "info"
vul_id = uuid.uuid4()
dup_data = str(name) + str(severity) + str(packageName)
duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest()
match_dup = StaticScanResultsDb.objects.filter(
dup_hash=duplicate_hash).values("dup_hash")
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
severity_color=vul_col,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive=false_positive,
title=name,
description=str(description) + "\n\n" + str(cvss) + "\n\n" +
str(packageVersion),
severity=severity,
fileName=packageName,
references=link,
scanner="Twistlock",
)
save_all.save()
else:
duplicate_vuln = "Yes"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
severity_color=vul_col,
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive="Duplicate",
title=name,
description=str(description) + "\n\n" + str(cvss) + "\n\n" +
str(packageVersion),
severity=severity,
fileName=packageName,
references=link,
scanner="Twistlock",
)
save_all.save()
all_findbugs_data = StaticScanResultsDb.objects.filter(scan_id=scan_id,
false_positive="No",
vuln_duplicate="No")
duplicate_count = StaticScanResultsDb.objects.filter(scan_id=scan_id,
vuln_duplicate="Yes")
total_vul = len(all_findbugs_data)
total_high = len(all_findbugs_data.filter(severity="High"))
total_medium = len(all_findbugs_data.filter(severity="Medium"))
total_low = len(all_findbugs_data.filter(severity="Low"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
StaticScansDb.objects.filter(scan_id=scan_id).update(
date_time=date_time,
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
scanner="Twistlock",
)
trend_update()
subject = "Archery Tool Scan Status - twistlock Report Uploaded"
message = ("twistlock Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s" %
(Target, total_vul, total_high, total_medium, total_low))
email_sch_notify(subject=subject, message=message)
def whitesource_report_json(data, project_id, scan_id):
"""
:param data:
:param project_id:
:param scan_id:
:return:
"""
date_time = datetime.now()
global vul_col, project
vuln = data["vulnerabilities"]
for issues in vuln:
name = issues["name"]
severity = issues["severity"]
score = issues["score"]
cvss3_severity = issues["cvss3_severity"]
cvss3_score = issues["cvss3_score"]
publishDate = issues["publishDate"]
lastUpdatedDate = issues["lastUpdatedDate"]
scoreMetadataVector = issues["scoreMetadataVector"]
url = issues["url"]
description = issues["description"]
project = issues["project"]
product = issues["product"]
cvss3Attributes = issues["cvss3Attributes"]
library = issues["library"]
topFix = issues["topFix"]
# allFixes = issues['allFixes']
filename = issues["library"]["filename"]
sha1 = issues["library"]["sha1"]
version = issues["library"]["version"]
groupId = issues["library"]["groupId"]
if severity == "high":
severity = "High"
vul_col = "danger"
elif severity == "medium":
severity = "Medium"
vul_col = "warning"
elif severity == "low":
severity = "Low"
vul_col = "info"
vul_id = uuid.uuid4()
dup_data = str(name) + str(severity) + str(project)
duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest()
match_dup = StaticScanResultsDb.objects.filter(dup_hash=duplicate_hash).values(
"dup_hash"
)
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash
)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
severity_color=vul_col,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive=false_positive,
title=name,
severity=severity,
references=url,
description=str(description)
+ "\n\n"
+ str(score)
+ "\n\n"
+ str(library)
+ "\n\n"
+ str(topFix)
+ "\n\n",
fileName=filename,
scanner="Whitesource",
)
save_all.save()
else:
duplicate_vuln = "Yes"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
severity_color=vul_col,
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive="Duplicate",
title=name,
severity=severity,
references=url,
description=str(description)
+ "\n\n"
+ str(score)
+ "\n\n"
+ str(library)
+ "\n\n"
+ str(topFix)
+ "\n\n",
fileName=filename,
scanner="Whitesource",
)
save_all.save()
all_findbugs_data = StaticScanResultsDb.objects.filter(
scan_id=scan_id, false_positive="No"
)
duplicate_count = StaticScanResultsDb.objects.filter(
scan_id=scan_id, vuln_duplicate="Yes"
)
total_vul = len(all_findbugs_data)
total_high = len(all_findbugs_data.filter(severity="High"))
total_medium = len(all_findbugs_data.filter(severity="Medium"))
total_low = len(all_findbugs_data.filter(severity="Low"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
StaticScansDb.objects.filter(scan_id=scan_id).update(
project_name=project,
date_time=date_time,
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
scanner="Whitesource",
)
trend_update()
subject = "Archery Tool Scan Status - whitesource Report Uploaded"
message = (
"whitesource Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s"
% ("whitesource", total_vul, total_high, total_medium, total_low)
)
email_sch_notify(subject=subject, message=message)
def gitlabsast_report_json(data, project_id, scan_id):
"""
:param data:
:param project_id:
:param scan_id:
:return:
"""
date_time = datetime.now()
vul_col = ""
vuln = data["vulnerabilities"]
for vuln_data in vuln:
try:
name = vuln_data["message"]
except Exception as e:
name = "Not Found"
try:
description = vuln_data["description"]
except Exception as e:
description = "Not Found"
try:
cve = vuln_data["cve"]
except Exception as e:
cve = "Not Found"
try:
scanner = vuln_data["scanner"]
except Exception as e:
scanner = "Not Found"
try:
location = vuln_data["location"]
except Exception as e:
location = "Not Found"
try:
identifiers = vuln_data["identifiers"]
except Exception as e:
identifiers = "Not Found"
try:
severity = vuln_data["severity"]
except Exception as e:
severity = "Not Found"
try:
file = vuln_data["location"]["file"]
except Exception as e:
file = "Not Found"
if severity == "Critical":
severity = "High"
vul_col = "danger"
if severity == "High":
vul_col = "danger"
elif severity == "Medium":
vul_col = "warning"
elif severity == "Low":
vul_col = "info"
elif severity == "Unknown":
severity = "Low"
vul_col = "info"
elif severity == "Everything else":
severity = "Low"
vul_col = "info"
vul_id = uuid.uuid4()
dup_data = str(name) + str(severity) + str(file)
duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest()
match_dup = StaticScanResultsDb.objects.filter(dup_hash=duplicate_hash).values(
"dup_hash"
)
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash
)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
title=name,
description=str(description) + "\n\n" + str(scanner),
filePath=location,
fileName=file,
severity=severity,
severity_color=vul_col,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive=false_positive,
scanner="Gitlabsast",
)
save_all.save()
else:
duplicate_vuln = "Yes"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
title=name,
description=description,
filePath=location,
fileName=file,
severity=severity,
severity_color=vul_col,
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive="Duplicate",
scanner="Gitlabsast",
)
save_all.save()
all_findbugs_data = StaticScanResultsDb.objects.filter(
scan_id=scan_id, false_positive="No", vuln_duplicate="No"
)
duplicate_count = StaticScanResultsDb.objects.filter(
scan_id=scan_id, vuln_duplicate="Yes"
)
total_vul = len(all_findbugs_data)
total_high = len(all_findbugs_data.filter(severity="High"))
total_medium = len(all_findbugs_data.filter(severity="Medium"))
total_low = len(all_findbugs_data.filter(severity="Low"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
StaticScansDb.objects.filter(scan_id=scan_id).update(
date_time=date_time,
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
scanner="Gitlabsast",
)
trend_update()
subject = "Archery Tool Scan Status - GitLab SAST Report Uploaded"
message = (
"GitLab SAST Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s"
% (Target, total_vul, total_high, total_medium, total_low)
)
email_sch_notify(subject=subject, message=message)
def checkmarx_report_xml(data, project_id, scan_id):
"""
:param data:
:param project_id:
:param scan_id:
:return:
"""
date_time = datetime.now()
global vul_col, project, result, result_data, file_name, inst, code_data
project = data.attrib["ProjectName"]
scan_details = data.attrib
for dat in data:
query = dat.attrib
name = dat.attrib["name"]
severity = dat.attrib["Severity"]
code_data = []
result_data_all = []
for dd in dat:
result_data = dd.attrib
file_name = dd.attrib["FileName"]
result_data_all.append(dd.attrib)
for d in dd.findall(".//Code"):
result = d.text
instance = {}
instance[file_name] = d.text
code_data.append(instance)
if severity == "High":
vul_col = "danger"
elif severity == "Medium":
vul_col = "warning"
elif severity == "Low":
vul_col = "info"
else:
severity = "Low"
vul_col = "info"
vul_id = uuid.uuid4()
dup_data = str(name) + str(severity) + str(file_name)
duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest()
match_dup = StaticScanResultsDb.objects.filter(
dup_hash=duplicate_hash).values("dup_hash")
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
severity_color=vul_col,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive=false_positive,
title=name,
severity=severity,
description=str(scan_details),
fileName=file_name,
scanner="Checkmarx",
)
save_all.save()
else:
duplicate_vuln = "Yes"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
severity_color=vul_col,
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive="Duplicate",
title=name,
severity=severity,
description=str(scan_details),
fileName=file_name,
scanner="Checkmarx",
)
save_all.save()
all_findbugs_data = StaticScanResultsDb.objects.filter(scan_id=scan_id,
false_positive="No")
duplicate_count = StaticScanResultsDb.objects.filter(scan_id=scan_id,
vuln_duplicate="Yes")
total_high = len(all_findbugs_data.filter(severity="High"))
total_medium = len(all_findbugs_data.filter(severity="Medium"))
total_low = len(all_findbugs_data.filter(severity="Low"))
total_vul = len(all_findbugs_data)
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
StaticScansDb.objects.filter(scan_id=scan_id).update(
project_name=project,
date_time=date_time,
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
scanner="Checkmarx",
)
trend_update()
subject = "Archery Tool Scan Status - checkmarx Report Uploaded"
message = ("checkmarx Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s" %
("checkmarx", total_vul, total_high, total_medium, total_low))
email_sch_notify(subject=subject, message=message)
def nodejsscan_report_json(data, project_id, scan_id):
"""
:param data:
:param project_id:
:param scan_id:
:return:
"""
date_time = datetime.now()
global vul_col, severity
for vuln in data["sec_issues"]:
for vuln_dat in data["sec_issues"][vuln]:
with open(
"scanners/scanner_parser/staticscanner_parser/nodejsscan_vuln.json"
) as f:
vuln_name = json.load(f)
for v in vuln_name["vuln"]:
if v["name"] == vuln_dat["title"]:
severity = v["severity"]
title = vuln_dat["title"]
filename = vuln_dat["filename"]
path = vuln_dat["path"]
sha2 = vuln_dat["sha2"]
tag = vuln_dat["tag"]
description = vuln_dat["description"]
line = vuln_dat["line"]
lines = vuln_dat["lines"]
if severity == "High":
vul_col = "danger"
elif severity == "Medium":
vul_col = "warning"
elif severity == "Low":
vul_col = "info"
vul_id = uuid.uuid4()
dup_data = str(title) + str(severity) + str(filename) + str(line)
duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest()
match_dup = StaticScanResultsDb.objects.filter(
dup_hash=duplicate_hash
).values("dup_hash")
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash
)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
severity_color=vul_col,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive=false_positive,
title=title,
fileName=filename,
severity=severity,
filePath=path,
description=str(description)
+ "\n\n"
+ str(line)
+ "\n\n"
+ str(lines),
scanner="Nodejsscan",
)
save_all.save()
else:
duplicate_vuln = "Yes"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
severity_color=vul_col,
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive="Duplicate",
title=title,
fileName=filename,
severity=severity,
filePath=path,
description=str(description)
+ "\n\n"
+ str(line)
+ "\n\n"
+ str(lines),
scanner="Nodejsscan",
)
save_all.save()
all_findbugs_data = StaticScanResultsDb.objects.filter(
scan_id=scan_id, false_positive="No"
)
duplicate_count = StaticScanResultsDb.objects.filter(
scan_id=scan_id, vuln_duplicate="Yes"
)
total_vul = len(all_findbugs_data)
total_high = len(all_findbugs_data.filter(severity="High"))
total_medium = len(all_findbugs_data.filter(severity="Medium"))
total_low = len(all_findbugs_data.filter(severity="Low"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
StaticScansDb.objects.filter(scan_id=scan_id).update(
total_vul=total_vul,
date_time=date_time,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
scanner="Nodejsscan",
)
trend_update()
subject = "Archery Tool Scan Status - Nodejsscan Report Uploaded"
message = (
"Nodejsscan Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s"
% ("Nodejsscan", total_vul, total_high, total_medium, total_low)
)
email_sch_notify(subject=subject, message=message)
def tfsec_report_json(data, project_id, scan_id):
"""
:param data:
:param project_id:
:param scan_id:
:return:
"""
date_time = datetime.now()
global vul_col
for vuln in data["results"]:
rule_id = vuln["rule_id"]
link = vuln["link"]
filename = vuln["location"]["filename"]
start_line = vuln["location"]["start_line"]
end_line = vuln["location"]["end_line"]
description = vuln["description"]
severity = vuln["severity"]
if severity == "ERROR":
severity = "High"
vul_col = "danger"
elif severity == "WARNING":
severity = "Medium"
vul_col = "warning"
elif severity == "INFO":
severity = "Info"
vul_col = "info"
vul_id = uuid.uuid4()
dup_data = str(rule_id) + str(severity) + str(filename)
duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest()
match_dup = StaticScanResultsDb.objects.filter(dup_hash=duplicate_hash).values(
"dup_hash"
)
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash
)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
severity_color=vul_col,
title=rule_id,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive=false_positive,
fileName=filename,
severity=severity,
description=str(description)
+ "\n\n"
+ str(rule_id)
+ "\n\n"
+ str(start_line)
+ "\n\n"
+ str(end_line),
references=link,
scanner="Tfsec",
)
save_all.save()
else:
duplicate_vuln = "Yes"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
title=rule_id,
severity_color=vul_col,
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive="Duplicate",
fileName=filename,
severity=severity,
description=str(description)
+ "\n\n"
+ str(rule_id)
+ "\n\n"
+ str(start_line)
+ "\n\n"
+ str(end_line),
references=link,
scanner="Tfsec",
)
save_all.save()
all_findbugs_data = StaticScanResultsDb.objects.filter(
scan_id=scan_id, false_positive="No"
)
duplicate_count = StaticScanResultsDb.objects.filter(
scan_id=scan_id, vuln_duplicate="Yes"
)
total_vul = len(all_findbugs_data)
total_high = len(all_findbugs_data.filter(severity="High"))
total_medium = len(all_findbugs_data.filter(severity="Medium"))
total_low = len(all_findbugs_data.filter(severity="Low"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
StaticScansDb.objects.filter(scan_id=scan_id).update(
total_vul=total_vul,
date_time=date_time,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
scanner="Tfsec",
)
trend_update()
subject = "Archery Tool Scan Status - tfsec Report Uploaded"
message = (
"tfsec Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s"
% ("tfsec", total_vul, total_high, total_medium, total_low)
)
email_sch_notify(subject=subject, message=message)
def trivy_report_json(data, project_id, scan_id):
"""
:param data:
:param project_id:
:param scan_id:
:return:
"""
global total_vul, total_high, total_medium, total_low
date_time = datetime.now()
vul_col = ""
for vuln_data in data:
vuln = vuln_data["Vulnerabilities"]
for issue in vuln:
try:
VulnerabilityID = issue["VulnerabilityID"]
except Exception as e:
VulnerabilityID = "Not Found"
print(e)
try:
PkgName = issue["PkgName"]
except Exception as e:
PkgName = "Not Found"
print(e)
try:
InstalledVersion = issue["InstalledVersion"]
except Exception as e:
InstalledVersion = "Not Found"
print(e)
try:
FixedVersion = issue["FixedVersion"]
except Exception as e:
FixedVersion = "Not Found"
print(e)
try:
Title = issue["Title"]
except Exception as e:
Title = "Not Found"
print(e)
try:
Description = issue["Description"]
except Exception as e:
Description = "Not Found"
print(e)
try:
Severity = issue["Severity"]
except Exception as e:
Severity = "Not Found"
print(e)
try:
References = issue["References"]
except Exception as e:
References = "Not Found"
print(e)
if Severity == "CRITICAL":
Severity = "High"
vul_col = "danger"
if Severity == "HIGH":
Severity = "High"
vul_col = "danger"
if Severity == "MEDIUM":
Severity = "Medium"
vul_col = "warning"
if Severity == "LOW":
Severity = "Low"
vul_col = "info"
if Severity == "UNKNOWN":
Severity = "Low"
vul_col = "info"
vul_id = uuid.uuid4()
dup_data = str(VulnerabilityID) + str(Severity) + str(PkgName)
duplicate_hash = hashlib.sha256(
dup_data.encode("utf-8")).hexdigest()
match_dup = StaticScanResultsDb.objects.filter(
dup_hash=duplicate_hash).values("dup_hash")
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
fileName=PkgName,
title=VulnerabilityID,
description=str(Description) + str(Title) + "\n\n" +
str(VulnerabilityID) + "\n\n" + str(PkgName) + "\n\n" +
str(InstalledVersion) + "\n\n" + str(FixedVersion),
severity=Severity,
references=References,
severity_color=vul_col,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive=false_positive,
scanner="Trivy",
)
save_all.save()
else:
duplicate_vuln = "Yes"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
fileName=PkgName,
title=VulnerabilityID,
description=str(Description) + str(Title) + "\n\n" +
str(VulnerabilityID) + "\n\n" + str(PkgName) + "\n\n" +
str(InstalledVersion) + "\n\n" + str(FixedVersion),
severity=Severity,
references=References,
severity_color=vul_col,
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive="Duplicate",
scanner="Trivy",
)
save_all.save()
all_findbugs_data = StaticScanResultsDb.objects.filter(
scan_id=scan_id, false_positive="No")
duplicate_count = StaticScanResultsDb.objects.filter(
scan_id=scan_id, vuln_duplicate="Yes")
total_vul = len(all_findbugs_data)
total_high = len(all_findbugs_data.filter(severity="High"))
total_medium = len(all_findbugs_data.filter(severity="Medium"))
total_low = len(all_findbugs_data.filter(severity="Low"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
StaticScansDb.objects.filter(scan_id=scan_id).update(
total_vul=total_vul,
date_time=date_time,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
scanner="Trivy",
)
trend_update()
subject = "Archery Tool Scan Status - Trivy Report Uploaded"
message = ("Trivy Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s" %
(Target, total_vul, total_high, total_medium, total_low))
email_sch_notify(subject=subject, message=message)
def semgrep_report_json(data, project_id, scan_id):
"""
:param data:
:param project_id:
:param scan_id:
:return:
"""
date_time = datetime.now()
vul_col = ""
vuln = data["results"]
for vuln_data in vuln:
try:
check_id = vuln_data["check_id"]
except Exception as e:
check_id = "Not Found"
try:
path = vuln_data["path"]
except Exception as e:
path = "Not Found"
try:
start = vuln_data["start"]
except Exception as e:
start = "Not Found"
try:
end = vuln_data["end"]
except Exception as e:
end = "Not Found"
try:
message = vuln_data["extra"]["message"]
except Exception as e:
message = "Not Found"
try:
metavars = vuln_data["extra"]["metavars"]
except Exception as e:
metavars = "Not Found"
try:
metadata = vuln_data["extra"]["metadata"]
except Exception as e:
metadata = "Not Found"
try:
severity = vuln_data["extra"]["severity"]
except Exception as e:
severity = "Not Found"
try:
lines = vuln_data["extra"]["lines"]
except Exception as e:
lines = "Not Found"
if severity == "ERROR":
severity = "High"
vul_col = "danger"
elif severity == "WARNING":
severity = "Medium"
vul_col = "warning"
elif severity == "INFORMATION":
severity = "Low"
vul_col = "info"
vul_id = uuid.uuid4()
dup_data = str(check_id) + str(severity) + str(path)
duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest()
match_dup = StaticScanResultsDb.objects.filter(
dup_hash=duplicate_hash).values("dup_hash")
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
title=check_id,
severity_color=vul_col,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive=false_positive,
fileName=path,
severity=severity,
description=str(message) + "\n\n" + str(check_id) + "\n\n" +
str(end) + "\n\n" + str(metavars) + "\n\n" + str(metadata) +
"\n\n" + str(lines),
scanner="Sempgrep",
)
save_all.save()
else:
duplicate_vuln = "Yes"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
title=check_id,
severity_color=vul_col,
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive="Duplicate",
fileName=path,
severity=severity,
description=str(message) + "\n\n" + str(check_id) + "\n\n" +
str(end) + "\n\n" + str(metavars) + "\n\n" + str(metadata) +
"\n\n" + str(lines),
scanner="Semgrep",
)
save_all.save()
all_findbugs_data = StaticScanResultsDb.objects.filter(scan_id=scan_id,
false_positive="No")
duplicate_count = StaticScanResultsDb.objects.filter(scan_id=scan_id,
vuln_duplicate="Yes")
total_vul = len(all_findbugs_data)
total_high = len(all_findbugs_data.filter(severity="High"))
total_medium = len(all_findbugs_data.filter(severity="Medium"))
total_low = len(all_findbugs_data.filter(severity="Low"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
StaticScansDb.objects.filter(scan_id=scan_id).update(
total_vul=total_vul,
date_time=date_time,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
scanner="Semgrep",
)
trend_update()
subject = "Archery Tool Scan Status - semgrep Report Uploaded"
message = ("semgrep Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s" %
("semgrep", total_vul, total_high, total_medium, total_low))
email_sch_notify(subject=subject, message=message)
def xml_parser(data, project_id, scan_id):
"""
:param data:
:param project_id:
:param scan_id:
:return:
"""
global total_vul, total_high, total_medium, total_low
date_time = datetime.now()
fileName = "Na"
filePath = "Na"
evidenceCollected = "Na"
name = "Na"
severity = "Na"
cwe = "Na"
description = "Na"
references = "Na"
vulnerableSoftware = "Na"
vul_col = "Na"
pt = data.xpath("namespace-uri(.)")
# root = data.getroot()
inst = []
for scan in data:
for dependencies in scan:
for dependency in dependencies:
if dependency.tag == "{%s}fileName" % pt:
fileName = dependency.text
if dependency.tag == "{%s}filePath" % pt:
filePath = dependency.text
if dependency.tag == "{%s}evidenceCollected" % pt:
evidenceCollected = dependency.text
for vuln in dependency:
if vuln.tag == "{%s}vulnerability" % pt:
if (pt ==
"https://jeremylong.github.io/DependencyCheck/dependency-check.2.0.xsd"
):
for vulner in vuln:
if vulner.tag == "{%s}name" % pt:
name = vulner.text
if vulner.tag == "{%s}description" % pt:
description = vulner.text
if vulner.tag == "{%s}references" % pt:
references = vulner.text
if vulner.tag == "{%s}vulnerableSoftware" % pt:
vulnerableSoftware = vulner.text
for vuln_dat in vulner:
if vuln_dat.tag == "{%s}cwe" % pt:
cwe = vuln_dat.text
if vuln_dat.tag == "{%s}severity" % pt:
severity_dat = vuln_dat.text
if severity_dat == "HIGH":
severity = "High"
elif severity_dat == "MEDIUM":
severity = "Medium"
elif severity_dat == "LOW":
severity = "Low"
elif (pt ==
"https://jeremylong.github.io/DependencyCheck/dependency-check.2.2.xsd"
):
for dc22 in vuln:
if dc22.tag == "{%s}name" % pt:
name = dc22.text
if dc22.tag == "{%s}description" % pt:
description = dc22.text
if dc22.tag == "{%s}vulnerableSoftware" % pt:
vulnerableSoftware = dc22.text
for vuln_dat in dc22:
for d in vuln_dat:
if d.tag == "{%s}url" % pt:
references = d.text
if vuln_dat.tag == "{%s}cwe" % pt:
cwe = vuln_dat.text
if vuln_dat.tag == "{%s}severity" % pt:
severity_dat = vuln_dat.text
if severity_dat == "HIGH":
severity = "High"
elif severity_dat == "MEDIUM":
severity = "Medium"
elif severity_dat == "LOW":
severity = "Low"
elif (pt ==
"https://jeremylong.github.io/DependencyCheck/dependency-check.2.3.xsd"
):
for dc22 in vuln:
if dc22.tag == "{%s}name" % pt:
name = dc22.text
if dc22.tag == "{%s}description" % pt:
description = dc22.text
if dc22.tag == "{%s}vulnerableSoftware" % pt:
vulnerableSoftware = dc22.text
for vuln_dat in dc22:
for d in vuln_dat:
if d.tag == "{%s}url" % pt:
references = d.text
if vuln_dat.tag == "{%s}cwe" % pt:
cwe = vuln_dat.text
if vuln_dat.tag == "{%s}severity" % pt:
severity_dat = vuln_dat.text
if severity_dat == "HIGH":
severity = "High"
elif severity_dat == "MEDIUM":
severity = "Medium"
elif severity_dat == "LOW":
severity = "Low"
elif (pt ==
"https://jeremylong.github.io/DependencyCheck/dependency-check.2.4.xsd"
):
for dc22 in vuln:
if dc22.tag == "{%s}name" % pt:
name = dc22.text
if dc22.tag == "{%s}description" % pt:
description = dc22.text
if dc22.tag == "{%s}vulnerableSoftware" % pt:
vulnerableSoftware = dc22.text
for vuln_dat in dc22:
for d in vuln_dat:
if d.tag == "{%s}url" % pt:
references = d.text
if vuln_dat.tag == "{%s}cwe" % pt:
cwe = vuln_dat.text
if vuln_dat.tag == "{%s}severity" % pt:
severity_dat = vuln_dat.text
if severity_dat == "HIGH":
severity = "High"
elif severity_dat == "MEDIUM":
severity = "Medium"
elif severity_dat == "LOW":
severity = "Low"
elif (pt ==
"https://jeremylong.github.io/DependencyCheck/dependency-check.2.5.xsd"
):
for dc22 in vuln:
if dc22.tag == "{%s}name" % pt:
name = dc22.text
if dc22.tag == "{%s}description" % pt:
description = dc22.text
if dc22.tag == "{%s}vulnerableSoftware" % pt:
vulnerableSoftware = dc22.text
for vuln_dat in dc22:
for d in vuln_dat:
if d.tag == "{%s}url" % pt:
references = d.text
if vuln_dat.tag == "{%s}cwe" % pt:
cwe = vuln_dat.text
if vuln_dat.tag == "{%s}severity" % pt:
severity_dat = vuln_dat.text
if severity_dat == "HIGH":
severity = "High"
elif severity_dat == "MEDIUM":
severity = "Medium"
elif severity_dat == "LOW":
severity = "Low"
else:
for vulner in vuln:
if vulner.tag == "{%s}name" % pt:
name = vulner.text
if vulner.tag == "{%s}severity" % pt:
severity = vulner.text
if vulner.tag == "{%s}cwe" % pt:
cwe = vulner.text
if vulner.tag == "{%s}description" % pt:
description = vulner.text
if vulner.tag == "{%s}references" % pt:
references = vulner.text
if vulner.tag == "{%s}vulnerableSoftware" % pt:
vulnerableSoftware = vulner.text
date_time = datetime.now()
vul_id = uuid.uuid4()
if severity == "High":
vul_col = "danger"
elif severity == "Medium":
vul_col = "warning"
elif severity == "Low":
vul_col = "info"
dup_data = name + fileName + severity
duplicate_hash = hashlib.sha256(
dup_data.encode("utf-8")).hexdigest()
match_dup = StaticScanResultsDb.objects.filter(
dup_hash=duplicate_hash).values("dup_hash")
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
if cwe == "Na":
cwe = name
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
fileName=fileName,
filePath=filePath,
title=name,
severity=severity,
description=str(description) + "\n\n" +
str(evidenceCollected) + "\n\n" +
str(vulnerableSoftware),
references=references,
severity_color=vul_col,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive=false_positive,
scanner="Dependencycheck",
)
save_all.save()
else:
duplicate_vuln = "Yes"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
fileName=fileName,
filePath=filePath,
title=name,
severity=severity,
description=str(description) + "\n\n" +
str(evidenceCollected) + "\n\n" +
str(vulnerableSoftware),
references=references,
severity_color=vul_col,
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive="Duplicate",
scanner="Dependencycheck",
)
save_all.save()
all_dependency_data = StaticScanResultsDb.objects.filter(
scan_id=scan_id, false_positive="No")
duplicate_count = StaticScanResultsDb.objects.filter(
scan_id=scan_id, vuln_duplicate="Yes")
total_vul = len(all_dependency_data)
total_high = len(all_dependency_data.filter(severity="High"))
total_medium = len(all_dependency_data.filter(severity="Medium"))
total_low = len(all_dependency_data.filter(severity="Low"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
StaticScansDb.objects.filter(scan_id=scan_id).update(
date_time=date_time,
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
scanner="Dependencycheck",
)
trend_update()
subject = "Archery Tool Scan Status - DependencyCheck Report Uploaded"
message = ("DependencyCheck Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s" %
(name, total_vul, total_high, total_medium, total_low))
email_sch_notify(subject=subject, message=message)
return HttpResponse(status=201)
def brakeman_report_json(data, project_id, scan_id):
"""
:param data:
:param project_id:
:param scan_id:
:return:
:username:
"""
global false_positive
date_time = datetime.now()
vul_col = ""
# Parser for above json data
# print(data['warnings'])
vuln = data["warnings"]
for vuln_data in vuln:
try:
name = vuln_data["warning_type"]
except Exception as e:
name = "Not Found"
try:
warning_code = vuln_data["warning_code"]
except Exception as e:
warning_code = "Not Found"
try:
fingerprint = vuln_data["fingerprint"]
except Exception as e:
fingerprint = "Not Found"
try:
description = vuln_data["message"]
except Exception as e:
description = "Not Found"
try:
check_name = vuln_data["check_name"]
except Exception as e:
check_name = "Not Found"
try:
severity = vuln_data["confidence"]
if severity == "Weak":
severity = "Low"
except Exception as e:
severity = "Not Found"
try:
file = vuln_data["file"]
except Exception as e:
file = "Not Found"
try:
line = vuln_data["line"]
except Exception as e:
line = "Not Found"
try:
link = vuln_data["link"]
except Exception as e:
link = "Not Found"
try:
code = vuln_data["code"]
except Exception as e:
code = "Not Found"
try:
render_path = vuln_data["render_path"]
except Exception as e:
render_path = "Not Found"
if severity == "Critical":
severity = "High"
vul_col = "danger"
if severity == "High":
vul_col = "danger"
elif severity == "Medium":
vul_col = "warning"
elif severity == "Low":
vul_col = "info"
elif severity == "Unknown":
severity = "Low"
vul_col = "info"
elif severity == "Everything else":
severity = "Low"
vul_col = "info"
vul_id = uuid.uuid4()
dup_data = str(name) + str(severity) + str(file)
duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest()
match_dup = StaticScanResultsDb.objects.filter(
dup_hash=duplicate_hash).values("dup_hash")
lenth_match = len(match_dup)
if lenth_match == 0:
duplicate_vuln = "No"
false_p = StaticScanResultsDb.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
if fp_lenth_match == 1:
false_positive = "Yes"
else:
false_positive = "No"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
severity_color=vul_col,
vuln_status="Open",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive=false_positive,
title=name,
description=str(description) + "\n\n" + str(code) + "\n\n" +
str(render_path),
severity=severity,
fileName=file,
references=link,
scanner="Brakeman",
)
save_all.save()
else:
duplicate_vuln = "Yes"
save_all = StaticScanResultsDb(
vuln_id=vul_id,
scan_id=scan_id,
date_time=date_time,
project_id=project_id,
severity_color=vul_col,
vuln_status="Duplicate",
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
false_positive="Duplicate",
title=name,
description=str(description) + "\n\n" + str(code) + "\n\n" +
str(render_path),
severity=severity,
fileName=file,
references=link,
scanner="Brakeman",
)
save_all.save()
all_findbugs_data = StaticScanResultsDb.objects.filter(scan_id=scan_id,
false_positive="No",
vuln_duplicate="No")
duplicate_count = StaticScanResultsDb.objects.filter(scan_id=scan_id,
vuln_duplicate="Yes")
total_vul = len(all_findbugs_data)
total_high = len(all_findbugs_data.filter(severity="High"))
total_medium = len(all_findbugs_data.filter(severity="Medium"))
total_low = len(all_findbugs_data.filter(severity="Low"))
total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes"))
StaticScansDb.objects.filter(scan_id=scan_id).update(
date_time=date_time,
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
total_dup=total_duplicate,
scanner="Brakeman",
)
trend_update()
subject = "Archery Tool Scan Status - brakeman Report Uploaded"
message = ("brakeman Scanner has completed the scan "
" %s <br> Total: %s <br>High: %s <br>"
"Medium: %s <br>Low %s" %
(Target, total_vul, total_high, total_medium, total_low))
email_sch_notify(subject=subject, message=message)