class Npmauditparser(): def __init__(self): self.es = elastic() self.const = Constants() self.utils = Utils() self.config = Config() def node_output(self, repo: str): if os.path.exists('%s%s/node_results.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)): with open('%s%s/node_results.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file: res = json.loads(file.read()) if self.es.get('advisories'): for i in res['advisories']: try: issue = { 'repo': repo, 'scanner': 'npm-audit', 'bug_type': '', 'language': 'nodejs', 'class_name': '', 'method_name': '', 'line_no_start': '', 'line_no_end': '', 'file_name': '', 'vulnerable_code': '', 'severity': '', 'module_name': '', 'advisories_url': '', 'vulnerable_versions': '', 'patched_versions': '', 'dependency_url': '', 'CVE': '', 'description': '', 'source_url': '', 'title': '' } issue["module_name"] = res['advisories'][i][ 'module_name'] issue["title"] = res['advisories'][i]['title'] issue["severity"] = res['advisories'][i][ 'severity'] issue["advisories_url"] = res['advisories'][i][ 'url'] issue["vulnerable_versions"] = res['advisories'][ i]['vulnerable_versions'] issue["patched_versions"] = res['advisories'][i][ 'patched_versions'] if self.utils.check_issue_exits( repo, str(issue)) == False and str(issue) != "": self.utils.sent_result_to_db( repo, str(issue), 'node-js', 'npm-audit') self.es.push_data_to_elastic_search(issue) self.utils.sent_to_slack( repo, json.dumps(issue, indent=4)) except Exception as e: print(e) return
class Gosecparser(): def __init__(self): self.es = elastic() self.const = Constants() self.utils = Utils() self.config = Config() def golang_output(self, repo: str): if os.path.exists('%s%s/results.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)): with open('%s%s/results.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file: try: res = json.loads(file.read()) except ValueError as e: logging.debug( 'Error could not load the json file for the project: %s' % (repo)) for i in res['Issues']: issue = { 'repo': repo, 'scanner': 'gosec', 'bug_type': '', 'language': 'golang', 'class_name': '', 'method_name': '', 'line_no_start': '', 'line_no_end': '', 'file_name': '', 'vulnerable_code': '', 'severity': '', 'module_name': '', 'advisories_url': '', 'vulnerable_versions': '', 'patched_versions': '', 'dependency_url': '', 'CVE': '', 'description': '', 'source_url': '', 'title': '' } issue["issue"] = i['details'] issue["file_name"] = i['file'] issue["vulnerable_code"] = i['code'] issue["line_no"] = i['line'] if self.utils.check_issue_exits( repo, str(issue)) == False and str(issue) != "": self.utils.sent_result_to_db(repo, str(issue), 'golang', 'gosec') self.es.push_data_to_elastic_search(issue) self.utils.sent_to_slack(repo, json.dumps(issue, indent=4)) return
class Gitleaksparser(): def __init__(self): self.es = elastic() self.utils = Utils() self.config = Config() def gitleaks_output(self, repo: str): if os.path.exists('%s%s/gitleaks.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)): with open('%s%s/gitleaks.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file: res = json.loads(file.read()) for i in res['Issues']: issue = { 'repo': repo, 'scanner': 'gosec', 'bug_type': '', 'language': 'golang', 'class_name': '', 'method_name': '', 'line_no_start': '', 'line_no_end': '', 'file_name': '', 'vulnerable_code': '', 'severity': '', 'module_name': '', 'advisories_url': '', 'vulnerable_versions': '', 'patched_versions': '', 'dependency_url': '', 'CVE': '', 'description': '', 'source_url': '', 'title': '', 'commit': '', 'tags': '', 'author': '' } issue["line_no_start"] = i['line'] issue["commit"] = i['commit'] issue["file_name"] = i['file'] issue["tags"] = i['tags'] issue["author"] = i['author'] if self.utils.check_issue_exits( repo, str(issue)) == False and str(issue) != "": self.utils.sent_result_to_db(repo, str(issue), 'gitleaks', 'gitleaks') self.es.push_data_to_elastic_search(issue) self.utils.sent_to_slack(repo, json.dumps(issue, indent=4)) return
class Fsbparser(): def __init__(self): self.es = elastic() self.const = Constants() self.utils = Utils() self.config = Config() def gradle_output(self, repo: str): if os.path.exists('%s%s/build/reports/findbugs/main.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)): with open('%s%s/build/reports/findbugs/main.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file: res = json.loads(file.read()) if "BugInstance" in res['BugCollection']: for i in res['BugCollection']['BugInstance']: issue = { 'repo': repo, 'scanner': 'find-sec-bugs', 'bug_type': '', 'language': 'java', 'class_name': '', 'method_name': '', 'line_no_start': '', 'line_no_end': '', 'file_name': '', 'vulnerable_code': '', 'severity': '', 'module_name': '', 'advisories_url': '', 'vulnerable_versions': '', 'patched_versions': '', 'dependency_url': '', 'CVE': '', 'description': '', 'source_url': '', 'title': '' } try: if i['@category'] == "SECURITY": issue['bug_type'] = i['@type'] issue['class_name'] = i['Class']['@classname'] if "Method" in i: issue["method_name"] = i['Method']['@name'] if type(i['SourceLine']) == list: issue["line_no_start"] = i['SourceLine'][ 0]['@start'] issue["line_no_end"] = i['SourceLine'][0][ '@start'] if type(i['SourceLine']) == dict: issue["line_no_start"] = i['SourceLine'][ '@start'] issue["line_no_end"] = i['SourceLine'][ '@start'] if self.utils.check_issue_exits( repo, str(issue) ) == False and str(issue) != "": self.utils.sent_result_to_db( repo, str(issue), 'java', 'find-sec-bugs') self.es.push_data_to_elastic_search(issue) # self.utils.sent_to_slack(repo, json.dumps(issue, indent=4)) except Exception as e: print(e) if os.path.exists('%s%s/main.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)): with open('%s%s/main.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file: res = json.loads(file.read()) if "BugInstance" in res['BugCollection']: for i in res['BugCollection']['BugInstance']: issue = { 'repo': repo, 'scanner': 'find-sec-bugs', 'bug_type': '', 'language': 'java', 'class_name': '', 'method_name': '', 'line_no_start': '', 'line_no_end': '', 'file_name': '', 'vulnerable_code': '', 'severity': '', 'module_name': '', 'advisories_url': '', 'vulnerable_versions': '', 'patched_versions': '', 'dependency_url': '', 'CVE': '', 'description': '', 'source_url': '', 'title': '' } try: if i['@category'] == "SECURITY": issue['bug_type'] = i['@type'] issue['class_name'] = i['Class']['@classname'] if "Method" in i: issue["method_name"] = i['Method']['@name'] if type(i['SourceLine']) == list: issue["line_no_start"] = i['SourceLine'][ 0]['@start'] issue["line_no_end"] = i['SourceLine'][0][ '@start'] if type(i['SourceLine']) == dict: issue["line_no_start"] = i['SourceLine'][ '@start'] issue["line_no_end"] = i['SourceLine'][ '@start'] if self.utils.check_issue_exits( repo, str(issue) ) == False and str(issue) != "": self.utils.sent_result_to_db( repo, str(issue), 'java', 'find-sec-bugs') self.es.push_data_to_elastic_search(issue) # self.utils.sent_to_slack(repo, json.dumps(issue, indent=4)) except Exception as e: print(e) return def maven_output(self, repo: str): if os.path.exists('%s%s/target/spotbugsXml.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)): with open('%s%s/target/spotbugsXml.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file: res = json.loads(file.read()) if "BugInstance" in res['aBugCollection']: for i in res['BugCollection']['BugInstance']: issue = { 'repo': repo, 'scanner': 'find-sec-bugs', 'bug_type': '', 'language': 'java', 'class_name': '', 'method_name': '', 'line_no_start': '', 'line_no_end': '', 'file_name': '', 'vulnerable_code': '', 'severity': '', 'module_name': '', 'advisories_url': '', 'vulnerable_versions': '', 'patched_versions': '', 'dependency_url': '', 'CVE': '', 'description': '', 'source_url': '', 'title': '' } try: if type(i) is dict: if i['@category'] == "SECURITY": issue["issue"] = i['@type'] result["class_name"] = i['Class'][ '@classname'] issue["method_name"] = i['Method']['@name'] if type(i['SourceLine']) == list: issue["line_no_start"] = i[ 'SourceLine'][0]['@start'] issue["line_no_end"] + i['SourceLine'][ 0]['@start'] if type(i['SourceLine']) == dict: issue["line_no_end"] = i['SourceLine'][ '@start'] issue["line_no_end"] = i['SourceLine'][ '@start'] if self.utils.check_issue_exits( repo, str(issue) ) == False and str(issue) != "": self.utils.sent_result_to_db( repo, str(issue), 'java', 'find-sec-bugs') self.es.push_data_to_elastic_search( issue) self.utils.sent_to_slack( repo, json.dumps(issue, indent=4)) except Exception as e: print(e) if os.path.exists('%s%s/spotbugsXml.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)): with open('%s%s/spotbugsXml.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file: res = json.loads(file.read()) if "BugInstance" in res['aBugCollection']: for i in res['BugCollection']['BugInstance']: issue = { 'repo': repo, 'scanner': 'find-sec-bugs', 'bug_type': '', 'language': 'java', 'class_name': '', 'method_name': '', 'line_no_start': '', 'line_no_end': '', 'file_name': '', 'vulnerable_code': '', 'severity': '', 'module_name': '', 'advisories_url': '', 'vulnerable_versions': '', 'patched_versions': '', 'dependency_url': '', 'CVE': '', 'description': '', 'source_url': '', 'title': '' } try: if type(i) is dict: if i['@category'] == "SECURITY": issue["issue"] = i['@type'] result["class_name"] = i['Class'][ '@classname'] issue["method_name"] = i['Method']['@name'] if type(i['SourceLine']) == list: issue["line_no_start"] = i[ 'SourceLine'][0]['@start'] issue["line_no_end"] + i['SourceLine'][ 0]['@start'] if type(i['SourceLine']) == dict: issue["line_no_end"] = i['SourceLine'][ '@start'] issue["line_no_end"] = i['SourceLine'][ '@start'] if self.utils.check_issue_exits( repo, str(issue) ) == False and str(issue) != "": self.utils.sent_result_to_db( repo, str(issue), 'java', 'find-sec-bugs') self.es.push_data_to_elastic_search( issue) self.utils.sent_to_slack( repo, json.dumps(issue, indent=4)) except Exception as e: print(e) return
class Dependencycheckparser(): def __init__(self): self.es = elastic() self.const = Constants() self.utils = Utils() self.config = Config() def dependency_check_results_gradle(self, repo:str): if os.path.exists('%s%s/build/reports/dependency-check-report.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)): with open('%s%s/build/reports/dependency-check-report.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file: res = json.loads(file.read()) for i in res['dependencies']: issue = {'repo':repo, 'scanner': 'dependency-check', 'bug_type':'','language': 'java', 'class_name':'', 'method_name':'', 'line_no_start':'', 'line_no_end':'','file_name': '', 'vulnerable_code':'', 'severity':'', 'module_name':'', 'advisories_url':'', 'vulnerable_versions':'', 'patched_versions':'', 'dependency_url':'', 'CVE':'', 'description':'', 'source_url':'', 'title':''} if i.get('vulnerabilities'): for j in i['vulnerabilities']: if j['severity'] == "HIGH" or j['severity'] == "CRITICAL": issue["dependency_url"] = i['packages'][0]['url'] issue["CVE"] = j['name'] issue["description"] = j['description'] issue["source_url"] = j['references'][0]['url'] if self.utils.check_issue_exits(repo, str(issue)) == False and str(issue) != "": self.utils.sent_result_to_db(repo, str(issue), 'java', 'dependency-check') self.es.push_data_to_elastic_search(issue) self.utils.sent_to_slack(repo, json.dumps(issue, indent=4)) return def dependency_check_results_maven(self, repo:str): result = "" if os.path.exists('%s%s/target/dependency-check-report.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)): with open('%s%s/target/dependency-check-report.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file: res = json.loads(file.read()) for i in res['dependencies']: issue = {'repo':repo, 'scanner': 'dependency-check', 'bug_type':'','language': 'java', 'class_name':'', 'method_name':'', 'line_no_start':'', 'line_no_end':'','file_name': '', 'vulnerable_code':'', 'severity':'', 'module_name':'', 'advisories_url':'', 'vulnerable_versions':'', 'patched_versions':'', 'dependency_url':'', 'CVE':'', 'description':'', 'source_url':'', 'title':''} if i.get('vulnerabilities'): for j in i['vulnerabilities']: if j['severity'] == "HIGH" or j['severity'] == "CRITICAL": issue["dependency_url"] = i['packages'][0]['url'] issue["CVE"] = j['name'] issue["description"] = j['description'] issue["source_url"] = j['references'][0]['url'] if self.utils.check_issue_exits(repo, str(issue)) == False and str(issue) != "": self.utils.sent_result_to_db(repo, str(issue), 'java', 'dependency-check') self.es.push_data_to_elastic_search(issue) self.utils.sent_to_slack(repo, json.dumps(issue, indent=4)) return def node_results(self, repo:str): result = "" if os.path.exists('%s%s/target/dependency-check-report.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)): with open('%s%s/target/dependency-check-report.json' % (self.config.PATRONUS_DOWNLOAD_LOCATION, repo)) as file: res = json.loads(file.read()) for i in res['dependencies']: issue = {'repo':repo, 'scanner': 'dependency-check', 'bug_type':'','language': 'node-js', 'class_name':'', 'method_name':'', 'line_no_start':'', 'line_no_end':'','file_name': '', 'vulnerable_code':'', 'severity':'', 'module_name':'', 'advisories_url':'', 'vulnerable_versions':'', 'patched_versions':'', 'dependency_url':'', 'CVE':'', 'description':'', 'source_url':'', 'title':''} if i.get('vulnerabilities'): for j in i['vulnerabilities']: if j['severity'] == "HIGH" or j['severity'] == "CRITICAL": issue["dependency_url"] = i['packages'][0]['url'] issue["CVE"] = j['name'] issue["description"] = j['description'] issue["source_url"] = j['references'][0]['url'] if self.utils.check_issue_exits(repo, str(issue)) == False and str(issue) != "": self.utils.sent_result_to_db(repo, str(issue), 'java', 'dependency-check') self.es.push_data_to_elastic_search(issue) self.utils.sent_to_slack(repo, json.dumps(issue, indent=4)) return