def xml_parser(root, project_id, scan_id, username):
global url, \
Scheme, \
Host, \
Port, \
AttackMethod, \
VulnerableSession, \
TriggerSession, \
VulnerabilityID, \
Severity, \
Name, \
ReportSection, \
HighlightSelections, \
RawResponse, \
SectionText, \
vuln_id, severity_name, vul_col
for data in root:
for issues in data:
for issue in issues:
if issue.tag == 'URL':
url = issue.text
if issue.tag == 'Host':
Host = issue.text
if issue.tag == 'Port':
Port = issue.text
if issue.tag == 'AttackMethod':
AttackMethod = issue.text
if issue.tag == 'VulnerableSession':
VulnerableSession = issue.text
if issue.tag == 'TriggerSession':
TriggerSession = issue.text
if issue.tag == 'VulnerabilityID':
VulnerabilityID = issue.text
if issue.tag == 'Severity':
Severity = issue.text
if issue.tag == 'Name':
Name = issue.text
if issue.tag == 'ReportSection':
ReportSection = issue.text
if issue.tag == 'HighlightSelections':
HighlightSelections = issue.text
if issue.tag == 'RawResponse':
RawResponse = issue.text
for d_issue in issue:
if d_issue.tag == 'SectionText':
SectionText = issue.text
vuln_id = uuid.uuid4()
if Severity == "4":
Severity = 'Critical'
vul_col = "danger"
elif Severity == "3":
Severity = 'High'
vul_col = 'danger'
elif Severity == "2":
Severity = 'Medium'
vul_col = "warning"
elif Severity == '1':
Severity = 'Low'
vul_col = "info"
elif Severity == '0':
Severity = 'Information'
vul_col = "info"
dup_data = Name + url + Severity
duplicate_hash = hashlib.sha256(
dup_data.encode('utf-8')).hexdigest()
match_dup = webinspect_scan_result_db.objects.filter(
username=username,
dup_hash=duplicate_hash).values('dup_hash').distinct()
lenth_match = len(match_dup)
if lenth_match == 1:
duplicate_vuln = 'Yes'
elif lenth_match == 0:
duplicate_vuln = 'No'
else:
duplicate_vuln = 'None'
false_p = webinspect_scan_result_db.objects.filter(
username=username, false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
global false_positive
if fp_lenth_match == 1:
false_positive = 'Yes'
elif lenth_match == 0:
false_positive = 'No'
else:
false_positive = 'No'
if Name is None:
print(Name)
else:
dump_data = webinspect_scan_result_db(
scan_id=scan_id,
vuln_id=vuln_id,
vuln_url=url,
host=Host,
port=Port,
attackmethod=AttackMethod,
vulnerablesession=VulnerableSession,
triggerSession=TriggerSession,
vulnerabilityID=VulnerabilityID,
severity=Severity,
name=Name,
reportSection=ReportSection,
highlightSelections=HighlightSelections,
rawResponse=RawResponse,
SectionText=SectionText,
severity_name=severity_name,
vuln_color=vul_col,
false_positive=false_positive,
vuln_status='Open',
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln,
project_id=project_id,
username=username)
dump_data.save()
webinspect_all_vul = webinspect_scan_result_db.objects.filter(
username=username, scan_id=scan_id, false_positive='No')
total_critical = len(webinspect_all_vul.filter(severity='Critical'))
total_high = len(webinspect_all_vul.filter(severity="High"))
total_medium = len(webinspect_all_vul.filter(severity="Medium"))
total_low = len(webinspect_all_vul.filter(severity="Low"))
total_info = len(webinspect_all_vul.filter(severity="Information"))
total_duplicate = len(webinspect_all_vul.filter(severity='Yes'))
total_vul = total_critical + total_high + total_medium + total_low + total_info
webinspect_scan_db.objects.filter(username=username,
scan_id=scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
critical_vul=total_critical,
info_vul=total_info,
total_dup=total_duplicate)
subject = 'Archery Tool Scan Status - Webinspect Report Uploaded'
message = 'Webinspect Scanner has completed the scan ' \
' %s <br> Total: %s <br>High: %s <br>' \
'Medium: %s <br>Low %s' % (Host, total_vul, total_high, total_medium, total_low)
email_sch_notify(subject=subject, message=message)
def xml_parser(root,
project_id,
scan_id):
global url,\
Scheme,\
Host,\
Port,\
AttackMethod,\
VulnerableSession,\
TriggerSession,\
VulnerabilityID,\
Severity,\
Name,\
ReportSection,\
HighlightSelections,\
RawResponse,\
SectionText,\
vuln_id, severity_name, vul_col
for data in root:
for issues in data:
for issue in issues:
if issue.tag == 'URL':
url = issue.text
if issue.tag == 'Host':
Host = issue.text
if issue.tag == 'Port':
Port = issue.text
if issue.tag == 'AttackMethod':
AttackMethod = issue.text
if issue.tag == 'VulnerableSession':
VulnerableSession = issue.text
if issue.tag == 'TriggerSession':
TriggerSession = issue.text
if issue.tag == 'VulnerabilityID':
VulnerabilityID = issue.text
if issue.tag == 'Severity':
Severity = issue.text
if issue.tag == 'Name':
Name = issue.text
if issue.tag == 'ReportSection':
ReportSection = issue.text
if issue.tag == 'HighlightSelections':
HighlightSelections = issue.text
if issue.tag == 'RawResponse':
RawResponse = issue.text
for d_issue in issue:
if d_issue.tag == 'SectionText':
SectionText = issue.text
vuln_id = uuid.uuid4()
if Severity == "4":
severity_name = 'Critical'
vul_col = "important"
elif Severity == "3":
severity_name = 'High'
vul_col = 'important'
elif Severity == "2":
severity_name = 'Medium'
vul_col = "important"
elif Severity == '1':
severity_name = 'Low'
vul_col = "warning"
elif Severity == '0':
severity_name = 'Information'
vul_col = "info"
dump_data = webinspect_scan_result_db(scan_id=scan_id,
vuln_id=vuln_id,
vuln_url=url,
host=Host,
port=Port,
attackmethod=AttackMethod,
vulnerablesession=VulnerableSession,
triggerSession=TriggerSession,
vulnerabilityID=VulnerabilityID,
severity=Severity,
name=Name,
reportSection=ReportSection,
highlightSelections=HighlightSelections,
rawResponse=RawResponse,
SectionText=SectionText,
severity_name=severity_name,
vuln_color=vul_col,
false_positive='No',
)
dump_data.save()
webinspect_all_vul = webinspect_scan_result_db.objects.filter(scan_id=scan_id)
total_vul = len(webinspect_all_vul)
total_critical = len(webinspect_all_vul.filter(severity_name='Critical'))
total_high = len(webinspect_all_vul.filter(severity_name="High"))
total_medium = len(webinspect_all_vul.filter(severity_name="Medium"))
total_low = len(webinspect_all_vul.filter(severity_name="Low"))
total_info = len(webinspect_all_vul.filter(severity_name="Information"))
webinspect_scan_db.objects.filter(scan_id=scan_id).update(total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
critical_vul=total_critical,
info_vul=total_info
)
def xml_parser(root, project_id, scan_id):
global url,\
Scheme,\
Host,\
Port,\
AttackMethod,\
VulnerableSession,\
TriggerSession,\
VulnerabilityID,\
Severity,\
Name,\
ReportSection,\
HighlightSelections,\
RawResponse,\
SectionText,\
vuln_id, severity_name, vul_col
for data in root:
for issues in data:
for issue in issues:
if issue.tag == 'URL':
url = issue.text
if issue.tag == 'Host':
Host = issue.text
if issue.tag == 'Port':
Port = issue.text
if issue.tag == 'AttackMethod':
AttackMethod = issue.text
if issue.tag == 'VulnerableSession':
VulnerableSession = issue.text
if issue.tag == 'TriggerSession':
TriggerSession = issue.text
if issue.tag == 'VulnerabilityID':
VulnerabilityID = issue.text
if issue.tag == 'Severity':
Severity = issue.text
if issue.tag == 'Name':
Name = issue.text
if issue.tag == 'ReportSection':
ReportSection = issue.text
if issue.tag == 'HighlightSelections':
HighlightSelections = issue.text
if issue.tag == 'RawResponse':
RawResponse = issue.text
for d_issue in issue:
if d_issue.tag == 'SectionText':
SectionText = issue.text
vuln_id = uuid.uuid4()
if Severity == "4":
severity_name = 'Critical'
vul_col = "important"
elif Severity == "3":
severity_name = 'High'
vul_col = 'important'
elif Severity == "2":
severity_name = 'Medium'
vul_col = "important"
elif Severity == '1':
severity_name = 'Low'
vul_col = "warning"
elif Severity == '0':
severity_name = 'Information'
vul_col = "info"
dump_data = webinspect_scan_result_db(
scan_id=scan_id,
vuln_id=vuln_id,
vuln_url=url,
host=Host,
port=Port,
attackmethod=AttackMethod,
vulnerablesession=VulnerableSession,
triggerSession=TriggerSession,
vulnerabilityID=VulnerabilityID,
severity=Severity,
name=Name,
reportSection=ReportSection,
highlightSelections=HighlightSelections,
rawResponse=RawResponse,
SectionText=SectionText,
severity_name=severity_name,
vuln_color=vul_col,
false_positive='No',
vuln_status='Open')
dump_data.save()
webinspect_all_vul = webinspect_scan_result_db.objects.filter(
scan_id=scan_id)
total_vul = len(webinspect_all_vul)
total_critical = len(
webinspect_all_vul.filter(severity_name='Critical'))
total_high = len(webinspect_all_vul.filter(severity_name="High"))
total_medium = len(webinspect_all_vul.filter(severity_name="Medium"))
total_low = len(webinspect_all_vul.filter(severity_name="Low"))
total_info = len(
webinspect_all_vul.filter(severity_name="Information"))
webinspect_scan_db.objects.filter(scan_id=scan_id).update(
total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
critical_vul=total_critical,
info_vul=total_info)
def xml_parser(root,
project_id,
scan_id):
global url,\
Scheme,\
Host,\
Port,\
AttackMethod,\
VulnerableSession,\
TriggerSession,\
VulnerabilityID,\
Severity,\
Name,\
ReportSection,\
HighlightSelections,\
RawResponse,\
SectionText,\
vuln_id, severity_name, vul_col
for data in root:
for issues in data:
for issue in issues:
if issue.tag == 'URL':
url = issue.text
if issue.tag == 'Host':
Host = issue.text
if issue.tag == 'Port':
Port = issue.text
if issue.tag == 'AttackMethod':
AttackMethod = issue.text
if issue.tag == 'VulnerableSession':
VulnerableSession = issue.text
if issue.tag == 'TriggerSession':
TriggerSession = issue.text
if issue.tag == 'VulnerabilityID':
VulnerabilityID = issue.text
if issue.tag == 'Severity':
Severity = issue.text
if issue.tag == 'Name':
Name = issue.text
if issue.tag == 'ReportSection':
ReportSection = issue.text
if issue.tag == 'HighlightSelections':
HighlightSelections = issue.text
if issue.tag == 'RawResponse':
RawResponse = issue.text
for d_issue in issue:
if d_issue.tag == 'SectionText':
SectionText = issue.text
vuln_id = uuid.uuid4()
if Severity == "4":
severity_name = 'Critical'
vul_col = "important"
elif Severity == "3":
severity_name = 'High'
vul_col = 'important'
elif Severity == "2":
severity_name = 'Medium'
vul_col = "important"
elif Severity == '1':
severity_name = 'Low'
vul_col = "warning"
elif Severity == '0':
severity_name = 'Information'
vul_col = "info"
dup_data = Name + url + severity_name
duplicate_hash = hashlib.sha1(dup_data).hexdigest()
match_dup = webinspect_scan_result_db.objects.filter(
dup_hash=duplicate_hash).values('dup_hash').distinct()
lenth_match = len(match_dup)
if lenth_match == 1:
duplicate_vuln = 'Yes'
elif lenth_match == 0:
duplicate_vuln = 'No'
else:
duplicate_vuln = 'None'
false_p = webinspect_scan_result_db.objects.filter(
false_positive_hash=duplicate_hash)
fp_lenth_match = len(false_p)
global false_positive
if fp_lenth_match == 1:
false_positive = 'Yes'
elif lenth_match == 0:
false_positive = 'No'
else:
false_positive = 'No'
dump_data = webinspect_scan_result_db(scan_id=scan_id,
vuln_id=vuln_id,
vuln_url=url,
host=Host,
port=Port,
attackmethod=AttackMethod,
vulnerablesession=VulnerableSession,
triggerSession=TriggerSession,
vulnerabilityID=VulnerabilityID,
severity=Severity,
name=Name,
reportSection=ReportSection,
highlightSelections=HighlightSelections,
rawResponse=RawResponse,
SectionText=SectionText,
severity_name=severity_name,
vuln_color=vul_col,
false_positive=false_positive,
vuln_status='Open',
dup_hash=duplicate_hash,
vuln_duplicate=duplicate_vuln
)
dump_data.save()
webinspect_all_vul = webinspect_scan_result_db.objects.filter(scan_id=scan_id)
total_vul = len(webinspect_all_vul)
total_critical = len(webinspect_all_vul.filter(severity_name='Critical'))
total_high = len(webinspect_all_vul.filter(severity_name="High"))
total_medium = len(webinspect_all_vul.filter(severity_name="Medium"))
total_low = len(webinspect_all_vul.filter(severity_name="Low"))
total_info = len(webinspect_all_vul.filter(severity_name="Information"))
total_duplicate = len(webinspect_all_vul.filter(vuln_duplicate='Yes'))
webinspect_scan_db.objects.filter(scan_id=scan_id).update(total_vul=total_vul,
high_vul=total_high,
medium_vul=total_medium,
low_vul=total_low,
critical_vul=total_critical,
info_vul=total_info,
total_dup=total_duplicate
)
if total_vul == total_duplicate:
webinspect_scan_db.objects.filter(scan_id=scan_id).update(total_vul='0',
high_vul='0',
medium_vul='0',
low_vul='0',
critical_vul='0',
info_vul='0',
total_dup=total_duplicate
)