def bandit_report_json(data, project_id, scan_id): """ :param data: :param project_id: :param scan_id: :return: """ global vul_col, issue_severity, test_name, filename, line_number, code, issue_confidence, line_range, test_id, issue_text, more_info, total_vul, total_high, total_medium, total_low for key, items in data.items(): if key == "results": for res in items: for key, value in res.items(): if key == "line_number": global line_number if value is None: line_number = "NA" else: line_number = value if key == "code": global code if value is None: code = "NA" else: code = value if key == "issue_confidence": global issue_confidence if value is None: issue_confidence = "NA" else: issue_confidence = value if key == "line_range": global line_range if value is None: line_range = "NA" else: line_range = value if key == "test_id": global test_id if value is None: test_id = "NA" else: test_id = value if key == "issue_severity": global issue_severity if value is None: issue_severity = "NA" else: issue_severity = value if key == "issue_text": global issue_text if value is None: issue_text = "NA" else: issue_text = value if key == "test_name": global test_name if value is None: test_name = "NA" else: test_name = value if key == "filename": global filename if value is None: filename = "NA" else: filename = value if key == "more_info": global more_info if value is None: more_info = "NA" else: more_info = value date_time = datetime.now() vul_id = uuid.uuid4() if issue_severity == "HIGH": vul_col = "danger" issue_severity = "High" elif issue_severity == "MEDIUM": vul_col = "warning" issue_severity = "Medium" elif issue_severity == "LOW": vul_col = "info" issue_severity = "Low" dup_data = test_name + filename + issue_severity duplicate_hash = hashlib.sha256( dup_data.encode("utf-8")).hexdigest() match_dup = (StaticScanResultsDb.objects.filter( dup_hash=duplicate_hash).values("dup_hash").distinct()) lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = "No" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" save_all = StaticScanResultsDb( scan_id=scan_id, date_time=date_time, project_id=project_id, vuln_id=vul_id, severity=issue_severity, title=test_name, fileName=filename, description=str(issue_text) + "\n\n" + str(code) + "\n\n" + str(line_range), references=more_info, severity_color=vul_col, false_positive=false_positive, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, scanner="Bandit", ) save_all.save() else: duplicate_vuln = "Yes" save_all = StaticScanResultsDb( scan_id=scan_id, date_time=date_time, project_id=project_id, vuln_id=vul_id, severity=issue_severity, title=test_name, fileName=filename, description=str(issue_text) + "\n\n" + str(code) + "\n\n" + str(line_range), references=more_info, severity_color=vul_col, false_positive="Duplicate", vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, scanner="Bandit", ) save_all.save() all_bandit_data = StaticScanResultsDb.objects.filter( scan_id=scan_id, false_positive="No") duplicate_count = StaticScanResultsDb.objects.filter( scan_id=scan_id, vuln_duplicate="Yes") total_vul = len(all_bandit_data) total_high = len(all_bandit_data.filter(severity="High")) total_medium = len(all_bandit_data.filter(severity="Medium")) total_low = len(all_bandit_data.filter(severity="Low")) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) StaticScansDb.objects.filter(scan_id=scan_id).update( total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, ) trend_update() subject = "Archery Tool Scan Status - Bandit Report Uploaded" message = ("Bandit Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % (scan_id, total_vul, total_high, total_medium, total_low)) email_sch_notify(subject=subject, message=message)
def xml_parser(self): """ :param root: :param project_id: :param scan_id: :return: """ date_time = datetime.now() global name, classname, risk, ShortMessage, LongMessage, sourcepath, vul_col, ShortDescription, Details, lenth_match, duplicate_hash, vul_id, total_vul, total_high, total_medium, total_low, details, message for bug in self.root: if bug.tag == "BugInstance": name = bug.attrib["type"] priority = bug.attrib["priority"] for BugInstance in bug: if BugInstance.tag == "ShortMessage": global ShortMessage ShortMessage = BugInstance.text if BugInstance.tag == "LongMessage": global LongMessage LongMessage = BugInstance.text if BugInstance.tag == "Class": global classname try: classname = BugInstance.attrib["classname"] except: classname = 'na' if BugInstance.tag == "SourceLine": global sourcepath, sourcefile try: sourcepath = BugInstance.attrib["sourcepath"] except: sourcepath = 'NA' try: sourcefile = BugInstance.attrib["sourcefile"] except: sourcefile = 'NA' for data in bug: for message_data in data: if message_data.tag == 'Message': message = message_data.text if priority == "1": risk = "High" vul_col = "danger" elif priority == "2": risk = "Medium" vul_col = "warning" elif priority == "3": risk = "Low" vul_col = "info" vul_id = uuid.uuid4() dup_data = str(ShortMessage) + str(message) + str( sourcepath) + str(risk) duplicate_hash = hashlib.sha256( dup_data.encode("utf-8")).hexdigest() match_dup = StaticScanResultsDb.objects.filter( dup_hash=duplicate_hash).values("dup_hash") lenth_match = len(match_dup) details = self.find_bug_pattern(name) if lenth_match == 0: duplicate_vuln = "No" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" save_all = StaticScanResultsDb( vuln_id=vul_id, date_time=date_time, scan_id=self.scan_id, project_id=self.project_id, title=str(ShortMessage), severity=risk, description="<b>Finding Path & Line:</b> %s" % str(message) + "<br><br>" "<b>Finding Classes:</b> %s" % str(classname) + "<br><br>" "<b>Finding Source Path</b>: %s" % str(sourcepath) + "<br><br>" + str(ShortMessage) + "<br><br>" + str(LongMessage) + "<br><br>" + str(details), # + "\n\n" # + str(classname), fileName=str(message), severity_color=vul_col, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive=false_positive, scanner="Findbugs", ) save_all.save() else: duplicate_vuln = "Yes" save_all = StaticScanResultsDb( vuln_id=vul_id, date_time=date_time, scan_id=self.scan_id, project_id=self.project_id, title=str(ShortMessage), severity=risk, description="<b>Finding Path & Line:</b> %s" % str(message) + "<br><br>" "<b>Finding Classes:</b> %s" % str(classname) + "<br><br>" "<b>Finding Source Path</b>: %s" % str(sourcepath) + "<br><br>" + str(ShortMessage) + "<br><br>" + str(LongMessage) + "<br><br>" + str(details), # + "\n\n" # + str(classname), fileName=str(message), severity_color=vul_col, vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive="Duplicate", scanner="Findbugs", ) save_all.save() # if bug.tag == "BugPattern": # for BugPattern in bug: # name = bug.attrib["type"] # if BugPattern.tag == "ShortDescription": # ShortDescription = BugPattern.text # if BugPattern.tag == "Details": # global Details # Details = BugPattern.text # print(Details) # StaticScanResultsDb.objects.filter(vuln_id=vul_id, title=name).update( # description=str(Details) # + "\n\n" # + str(ShortMessage) # + "\n\n" # + str(LongMessage) # + "\n\n" # + str(classname), # ) all_findbugs_data = StaticScanResultsDb.objects.filter( scan_id=self.scan_id, false_positive="No") duplicate_count = StaticScanResultsDb.objects.filter( scan_id=self.scan_id, vuln_duplicate="Yes") total_vul = len(all_findbugs_data) total_high = len(all_findbugs_data.filter(severity="High")) total_medium = len(all_findbugs_data.filter(severity="Medium")) total_low = len(all_findbugs_data.filter(severity="Low")) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) StaticScansDb.objects.filter(scan_id=self.scan_id).update( total_vul=total_vul, date_time=date_time, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, scanner="Findbugs", ) trend_update() subject = "Archery Tool Scan Status - Findbugs Report Uploaded" message = ( "Findbugs Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % (self.scan_id, total_vul, total_high, total_medium, total_low)) email_sch_notify(subject=subject, message=message)
def npmaudit_report_json(data, project_id, scan_id): """ :param data: :param project_id: :param scan_id: :return: """ date_time = datetime.now() global vul_col for vuln in data["advisories"]: title = data["advisories"][vuln]["title"] found_by = data["advisories"][vuln]["found_by"] reported_by = data["advisories"][vuln]["reported_by"] module_name = data["advisories"][vuln]["module_name"] cves = data["advisories"][vuln]["cves"] vulnerable_versions = data["advisories"][vuln]["vulnerable_versions"] patched_versions = data["advisories"][vuln]["patched_versions"] overview = data["advisories"][vuln]["overview"] recommendation = data["advisories"][vuln]["recommendation"] references = data["advisories"][vuln]["references"] access = data["advisories"][vuln]["access"] severity = data["advisories"][vuln]["severity"] cwe = data["advisories"][vuln]["cwe"] metadata = data["advisories"][vuln]["metadata"] url = data["advisories"][vuln]["url"] findings = data["advisories"][vuln]["findings"] vuln_versions = {} for find in findings: vuln_versions[find["version"]] = [find["paths"]] if not title: title = "not found" if not found_by: found_by = "not found" if not reported_by: reported_by = "not found" if not module_name: module_name = "not found" if not cves: cves = "not found" if not vulnerable_versions: vulnerable_versions = "not found" if not patched_versions: patched_versions = "not found" if not recommendation: recommendation = "not found" if not overview: overview = "not found" if not references: references = "not found" if not access: access = "not found" if not severity: severity = "not found" if not cwe: cwe = "not found" if not url: url = "not found" if severity == "critical": severity = "High" vul_col = "danger" if severity == "high": severity = "High" vul_col = "danger" elif severity == "moderate": severity = "Medium" vul_col = "warning" elif severity == "low": severity = "Low" vul_col = "info" elif severity == "info": severity = "Low" vul_col = "info" vul_id = uuid.uuid4() dup_data = str(title) + str(severity) + str(module_name) duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest() match_dup = StaticScanResultsDb.objects.filter( dup_hash=duplicate_hash).values("dup_hash") lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = "No" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" save_all = StaticScanResultsDb( vuln_id=vul_id, date_time=date_time, scan_id=scan_id, project_id=project_id, severity_color=vul_col, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive=false_positive, title=title, description=str(overview) + "\n\n" + str(vuln_versions) + "\n\n" + str(reported_by) + "\n\n" + str(module_name) + "\n\n" + str(cves) + "\n\n" + str(vuln_versions) + "\n\n" + str(patched_versions), solution=recommendation, references=references, severity=severity, scanner="Npmaudit", ) save_all.save() else: duplicate_vuln = "Yes" save_all = StaticScanResultsDb( vuln_id=vul_id, date_time=date_time, scan_id=scan_id, project_id=project_id, severity_color=vul_col, vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive="Duplicate", title=title, description=str(overview) + "\n\n" + str(vuln_versions) + "\n\n" + str(reported_by) + "\n\n" + str(module_name) + "\n\n" + str(cves) + "\n\n" + str(vuln_versions) + "\n\n" + str(patched_versions), solution=recommendation, references=references, severity=severity, scanner="Npmaudit", ) save_all.save() all_findbugs_data = StaticScanResultsDb.objects.filter(scan_id=scan_id, false_positive="No") duplicate_count = StaticScanResultsDb.objects.filter(scan_id=scan_id, vuln_duplicate="Yes") total_vul = len(all_findbugs_data) total_high = len(all_findbugs_data.filter(severity="High")) total_medium = len(all_findbugs_data.filter(severity="Medium")) total_low = len(all_findbugs_data.filter(severity="Low")) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) StaticScansDb.objects.filter(scan_id=scan_id).update( total_vul=total_vul, date_time=date_time, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, scanner="Npmaudit", ) trend_update() subject = "Archery Tool Scan Status - Npmaudit Report Uploaded" message = ("Npmaudit Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % ("npm-audit", total_vul, total_high, total_medium, total_low)) email_sch_notify(subject=subject, message=message)
def retirejs_report_json(data, project_id, scan_id): """ :param data: :param project_id: :param scan_id: :return: """ date_time = datetime.now() global component, files, severity for f in data: files = f["file"] for components in data: component = components["results"][0]["component"] for versions in data: global version version = versions["results"][0]["version"] for vuln in data: global identifires identifires = vuln["results"][0]["vulnerabilities"][0][ "identifiers"] for key, value in identifires.items(): if key == "CVE": for cve_v in value: global cve cve = cve_v if key == "issue": global issue issue = value if key == "bug": global bug bug = value if key == "summary": global summary summary = value for infos in data: global info info = infos["results"][0]["vulnerabilities"][0]["info"] for severities in data: global severity severity = severities["results"][0]["vulnerabilities"][0][ "severity"] date_time = datetime.now() vul_id = uuid.uuid4() global vul_col if severity == "HIGH": vul_col = "danger" elif severity == "MEDIUM": vul_col = "warning" elif severity == "LOW": vul_col = "info" dup_data = files + component + severity duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest() match_dup = (StaticScanResultsDb.objects.filter( dup_hash=duplicate_hash).values("dup_hash").distinct()) lenth_match = len(match_dup) if lenth_match == 1: duplicate_vuln = "Yes" elif lenth_match == 0: duplicate_vuln = "No" else: duplicate_vuln = "None" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" save_all = StaticScanResultsDb( scan_id=scan_id, date_time=date_time, scan_date=date_time, project_id=project_id, vuln_id=vul_id, fileName=files, # component=component, # CVE=cve, title=issue, # bug=bug, description=summary, # info=info, severity=severity, # false_positive=false_positive, vuln_status="Open", # dup_hash=duplicate_hash, # vuln_duplicate=duplicate_vuln, # version=version, scanner="Retirejs", ) save_all.save() trend_update()
def twistlock_report_json(data, project_id, scan_id): """ :param data: :param project_id: :param scan_id: :return: """ """ { "results": [ { "id": "sha256:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "distro": "Debian GNU/Linux 9 (stretch)", "compliances": [ { "title": "Sensitive information provided in environment variables", "severity": "high", "cause": "The environment variables DD_CELERY_BROKER_PASSWORD,DD_DATABASE_PASSWORD,DD_SECRET_KEY contain sensitive data" } ], "complianceDistribution": { "critical": 0, "high": 1, "medium": 0, "low": 0, "total": 1 }, "vulnerabilities": [ { "id": "CVE-2013-7459", "cvss": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "description": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.", "severity": "critical", "packageName": "pycrypto", "packageVersion": "2.6.1", "link": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7459", "riskFactors": { "Attack complexity: low": {}, "Attack vector: network": {}, "Critical severity": {}, "Remote execution": {} } } ], "vulnerabilityDistribution": { "critical": 1, "high": 0, "medium": 0, "low": 0, "total": 1 } } ] } """ global false_positive date_time = datetime.now() vul_col = "" # Parser for above json data vuln = data["results"][0]["vulnerabilities"] for vuln_data in vuln: try: name = vuln_data["id"] except Exception as e: name = "Not Found" try: cvss = vuln_data["cvss"] except Exception as e: cvss = "Not Found" try: vector = vuln_data["vector"] except Exception as e: vector = "Not Found" try: description = vuln_data["description"] except Exception as e: description = "Not Found" try: severity = vuln_data["severity"] if severity == "critical": severity = "High" except Exception as e: severity = "Not Found" try: packageName = vuln_data["packageName"] except Exception as e: packageName = "Not Found" try: packageVersion = vuln_data["packageVersion"] except Exception as e: packageVersion = "Not Found" try: link = vuln_data["link"] except Exception as e: link = "Not Found" if severity == "Critical": severity = "High" vul_col = "danger" if severity == "High": vul_col = "danger" elif severity == "Medium": vul_col = "warning" elif severity == "Low": vul_col = "info" elif severity == "Unknown": severity = "Low" vul_col = "info" elif severity == "Everything else": severity = "Low" vul_col = "info" vul_id = uuid.uuid4() dup_data = str(name) + str(severity) + str(packageName) duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest() match_dup = StaticScanResultsDb.objects.filter( dup_hash=duplicate_hash).values("dup_hash") lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = "No" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, severity_color=vul_col, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive=false_positive, title=name, description=str(description) + "\n\n" + str(cvss) + "\n\n" + str(packageVersion), severity=severity, fileName=packageName, references=link, scanner="Twistlock", ) save_all.save() else: duplicate_vuln = "Yes" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, severity_color=vul_col, vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive="Duplicate", title=name, description=str(description) + "\n\n" + str(cvss) + "\n\n" + str(packageVersion), severity=severity, fileName=packageName, references=link, scanner="Twistlock", ) save_all.save() all_findbugs_data = StaticScanResultsDb.objects.filter(scan_id=scan_id, false_positive="No", vuln_duplicate="No") duplicate_count = StaticScanResultsDb.objects.filter(scan_id=scan_id, vuln_duplicate="Yes") total_vul = len(all_findbugs_data) total_high = len(all_findbugs_data.filter(severity="High")) total_medium = len(all_findbugs_data.filter(severity="Medium")) total_low = len(all_findbugs_data.filter(severity="Low")) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) StaticScansDb.objects.filter(scan_id=scan_id).update( date_time=date_time, total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, scanner="Twistlock", ) trend_update() subject = "Archery Tool Scan Status - twistlock Report Uploaded" message = ("twistlock Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % (Target, total_vul, total_high, total_medium, total_low)) email_sch_notify(subject=subject, message=message)
def whitesource_report_json(data, project_id, scan_id): """ :param data: :param project_id: :param scan_id: :return: """ date_time = datetime.now() global vul_col, project vuln = data["vulnerabilities"] for issues in vuln: name = issues["name"] severity = issues["severity"] score = issues["score"] cvss3_severity = issues["cvss3_severity"] cvss3_score = issues["cvss3_score"] publishDate = issues["publishDate"] lastUpdatedDate = issues["lastUpdatedDate"] scoreMetadataVector = issues["scoreMetadataVector"] url = issues["url"] description = issues["description"] project = issues["project"] product = issues["product"] cvss3Attributes = issues["cvss3Attributes"] library = issues["library"] topFix = issues["topFix"] # allFixes = issues['allFixes'] filename = issues["library"]["filename"] sha1 = issues["library"]["sha1"] version = issues["library"]["version"] groupId = issues["library"]["groupId"] if severity == "high": severity = "High" vul_col = "danger" elif severity == "medium": severity = "Medium" vul_col = "warning" elif severity == "low": severity = "Low" vul_col = "info" vul_id = uuid.uuid4() dup_data = str(name) + str(severity) + str(project) duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest() match_dup = StaticScanResultsDb.objects.filter(dup_hash=duplicate_hash).values( "dup_hash" ) lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = "No" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash ) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, severity_color=vul_col, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive=false_positive, title=name, severity=severity, references=url, description=str(description) + "\n\n" + str(score) + "\n\n" + str(library) + "\n\n" + str(topFix) + "\n\n", fileName=filename, scanner="Whitesource", ) save_all.save() else: duplicate_vuln = "Yes" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, severity_color=vul_col, vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive="Duplicate", title=name, severity=severity, references=url, description=str(description) + "\n\n" + str(score) + "\n\n" + str(library) + "\n\n" + str(topFix) + "\n\n", fileName=filename, scanner="Whitesource", ) save_all.save() all_findbugs_data = StaticScanResultsDb.objects.filter( scan_id=scan_id, false_positive="No" ) duplicate_count = StaticScanResultsDb.objects.filter( scan_id=scan_id, vuln_duplicate="Yes" ) total_vul = len(all_findbugs_data) total_high = len(all_findbugs_data.filter(severity="High")) total_medium = len(all_findbugs_data.filter(severity="Medium")) total_low = len(all_findbugs_data.filter(severity="Low")) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) StaticScansDb.objects.filter(scan_id=scan_id).update( project_name=project, date_time=date_time, total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, scanner="Whitesource", ) trend_update() subject = "Archery Tool Scan Status - whitesource Report Uploaded" message = ( "whitesource Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % ("whitesource", total_vul, total_high, total_medium, total_low) ) email_sch_notify(subject=subject, message=message)
def gitlabsast_report_json(data, project_id, scan_id): """ :param data: :param project_id: :param scan_id: :return: """ date_time = datetime.now() vul_col = "" vuln = data["vulnerabilities"] for vuln_data in vuln: try: name = vuln_data["message"] except Exception as e: name = "Not Found" try: description = vuln_data["description"] except Exception as e: description = "Not Found" try: cve = vuln_data["cve"] except Exception as e: cve = "Not Found" try: scanner = vuln_data["scanner"] except Exception as e: scanner = "Not Found" try: location = vuln_data["location"] except Exception as e: location = "Not Found" try: identifiers = vuln_data["identifiers"] except Exception as e: identifiers = "Not Found" try: severity = vuln_data["severity"] except Exception as e: severity = "Not Found" try: file = vuln_data["location"]["file"] except Exception as e: file = "Not Found" if severity == "Critical": severity = "High" vul_col = "danger" if severity == "High": vul_col = "danger" elif severity == "Medium": vul_col = "warning" elif severity == "Low": vul_col = "info" elif severity == "Unknown": severity = "Low" vul_col = "info" elif severity == "Everything else": severity = "Low" vul_col = "info" vul_id = uuid.uuid4() dup_data = str(name) + str(severity) + str(file) duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest() match_dup = StaticScanResultsDb.objects.filter(dup_hash=duplicate_hash).values( "dup_hash" ) lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = "No" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash ) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, title=name, description=str(description) + "\n\n" + str(scanner), filePath=location, fileName=file, severity=severity, severity_color=vul_col, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive=false_positive, scanner="Gitlabsast", ) save_all.save() else: duplicate_vuln = "Yes" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, title=name, description=description, filePath=location, fileName=file, severity=severity, severity_color=vul_col, vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive="Duplicate", scanner="Gitlabsast", ) save_all.save() all_findbugs_data = StaticScanResultsDb.objects.filter( scan_id=scan_id, false_positive="No", vuln_duplicate="No" ) duplicate_count = StaticScanResultsDb.objects.filter( scan_id=scan_id, vuln_duplicate="Yes" ) total_vul = len(all_findbugs_data) total_high = len(all_findbugs_data.filter(severity="High")) total_medium = len(all_findbugs_data.filter(severity="Medium")) total_low = len(all_findbugs_data.filter(severity="Low")) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) StaticScansDb.objects.filter(scan_id=scan_id).update( date_time=date_time, total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, scanner="Gitlabsast", ) trend_update() subject = "Archery Tool Scan Status - GitLab SAST Report Uploaded" message = ( "GitLab SAST Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % (Target, total_vul, total_high, total_medium, total_low) ) email_sch_notify(subject=subject, message=message)
def checkmarx_report_xml(data, project_id, scan_id): """ :param data: :param project_id: :param scan_id: :return: """ date_time = datetime.now() global vul_col, project, result, result_data, file_name, inst, code_data project = data.attrib["ProjectName"] scan_details = data.attrib for dat in data: query = dat.attrib name = dat.attrib["name"] severity = dat.attrib["Severity"] code_data = [] result_data_all = [] for dd in dat: result_data = dd.attrib file_name = dd.attrib["FileName"] result_data_all.append(dd.attrib) for d in dd.findall(".//Code"): result = d.text instance = {} instance[file_name] = d.text code_data.append(instance) if severity == "High": vul_col = "danger" elif severity == "Medium": vul_col = "warning" elif severity == "Low": vul_col = "info" else: severity = "Low" vul_col = "info" vul_id = uuid.uuid4() dup_data = str(name) + str(severity) + str(file_name) duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest() match_dup = StaticScanResultsDb.objects.filter( dup_hash=duplicate_hash).values("dup_hash") lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = "No" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, severity_color=vul_col, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive=false_positive, title=name, severity=severity, description=str(scan_details), fileName=file_name, scanner="Checkmarx", ) save_all.save() else: duplicate_vuln = "Yes" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, severity_color=vul_col, vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive="Duplicate", title=name, severity=severity, description=str(scan_details), fileName=file_name, scanner="Checkmarx", ) save_all.save() all_findbugs_data = StaticScanResultsDb.objects.filter(scan_id=scan_id, false_positive="No") duplicate_count = StaticScanResultsDb.objects.filter(scan_id=scan_id, vuln_duplicate="Yes") total_high = len(all_findbugs_data.filter(severity="High")) total_medium = len(all_findbugs_data.filter(severity="Medium")) total_low = len(all_findbugs_data.filter(severity="Low")) total_vul = len(all_findbugs_data) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) StaticScansDb.objects.filter(scan_id=scan_id).update( project_name=project, date_time=date_time, total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, scanner="Checkmarx", ) trend_update() subject = "Archery Tool Scan Status - checkmarx Report Uploaded" message = ("checkmarx Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % ("checkmarx", total_vul, total_high, total_medium, total_low)) email_sch_notify(subject=subject, message=message)
def nodejsscan_report_json(data, project_id, scan_id): """ :param data: :param project_id: :param scan_id: :return: """ date_time = datetime.now() global vul_col, severity for vuln in data["sec_issues"]: for vuln_dat in data["sec_issues"][vuln]: with open( "scanners/scanner_parser/staticscanner_parser/nodejsscan_vuln.json" ) as f: vuln_name = json.load(f) for v in vuln_name["vuln"]: if v["name"] == vuln_dat["title"]: severity = v["severity"] title = vuln_dat["title"] filename = vuln_dat["filename"] path = vuln_dat["path"] sha2 = vuln_dat["sha2"] tag = vuln_dat["tag"] description = vuln_dat["description"] line = vuln_dat["line"] lines = vuln_dat["lines"] if severity == "High": vul_col = "danger" elif severity == "Medium": vul_col = "warning" elif severity == "Low": vul_col = "info" vul_id = uuid.uuid4() dup_data = str(title) + str(severity) + str(filename) + str(line) duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest() match_dup = StaticScanResultsDb.objects.filter( dup_hash=duplicate_hash ).values("dup_hash") lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = "No" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash ) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, severity_color=vul_col, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive=false_positive, title=title, fileName=filename, severity=severity, filePath=path, description=str(description) + "\n\n" + str(line) + "\n\n" + str(lines), scanner="Nodejsscan", ) save_all.save() else: duplicate_vuln = "Yes" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, severity_color=vul_col, vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive="Duplicate", title=title, fileName=filename, severity=severity, filePath=path, description=str(description) + "\n\n" + str(line) + "\n\n" + str(lines), scanner="Nodejsscan", ) save_all.save() all_findbugs_data = StaticScanResultsDb.objects.filter( scan_id=scan_id, false_positive="No" ) duplicate_count = StaticScanResultsDb.objects.filter( scan_id=scan_id, vuln_duplicate="Yes" ) total_vul = len(all_findbugs_data) total_high = len(all_findbugs_data.filter(severity="High")) total_medium = len(all_findbugs_data.filter(severity="Medium")) total_low = len(all_findbugs_data.filter(severity="Low")) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) StaticScansDb.objects.filter(scan_id=scan_id).update( total_vul=total_vul, date_time=date_time, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, scanner="Nodejsscan", ) trend_update() subject = "Archery Tool Scan Status - Nodejsscan Report Uploaded" message = ( "Nodejsscan Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % ("Nodejsscan", total_vul, total_high, total_medium, total_low) ) email_sch_notify(subject=subject, message=message)
def tfsec_report_json(data, project_id, scan_id): """ :param data: :param project_id: :param scan_id: :return: """ date_time = datetime.now() global vul_col for vuln in data["results"]: rule_id = vuln["rule_id"] link = vuln["link"] filename = vuln["location"]["filename"] start_line = vuln["location"]["start_line"] end_line = vuln["location"]["end_line"] description = vuln["description"] severity = vuln["severity"] if severity == "ERROR": severity = "High" vul_col = "danger" elif severity == "WARNING": severity = "Medium" vul_col = "warning" elif severity == "INFO": severity = "Info" vul_col = "info" vul_id = uuid.uuid4() dup_data = str(rule_id) + str(severity) + str(filename) duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest() match_dup = StaticScanResultsDb.objects.filter(dup_hash=duplicate_hash).values( "dup_hash" ) lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = "No" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash ) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, severity_color=vul_col, title=rule_id, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive=false_positive, fileName=filename, severity=severity, description=str(description) + "\n\n" + str(rule_id) + "\n\n" + str(start_line) + "\n\n" + str(end_line), references=link, scanner="Tfsec", ) save_all.save() else: duplicate_vuln = "Yes" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, title=rule_id, severity_color=vul_col, vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive="Duplicate", fileName=filename, severity=severity, description=str(description) + "\n\n" + str(rule_id) + "\n\n" + str(start_line) + "\n\n" + str(end_line), references=link, scanner="Tfsec", ) save_all.save() all_findbugs_data = StaticScanResultsDb.objects.filter( scan_id=scan_id, false_positive="No" ) duplicate_count = StaticScanResultsDb.objects.filter( scan_id=scan_id, vuln_duplicate="Yes" ) total_vul = len(all_findbugs_data) total_high = len(all_findbugs_data.filter(severity="High")) total_medium = len(all_findbugs_data.filter(severity="Medium")) total_low = len(all_findbugs_data.filter(severity="Low")) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) StaticScansDb.objects.filter(scan_id=scan_id).update( total_vul=total_vul, date_time=date_time, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, scanner="Tfsec", ) trend_update() subject = "Archery Tool Scan Status - tfsec Report Uploaded" message = ( "tfsec Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % ("tfsec", total_vul, total_high, total_medium, total_low) ) email_sch_notify(subject=subject, message=message)
def trivy_report_json(data, project_id, scan_id): """ :param data: :param project_id: :param scan_id: :return: """ global total_vul, total_high, total_medium, total_low date_time = datetime.now() vul_col = "" for vuln_data in data: vuln = vuln_data["Vulnerabilities"] for issue in vuln: try: VulnerabilityID = issue["VulnerabilityID"] except Exception as e: VulnerabilityID = "Not Found" print(e) try: PkgName = issue["PkgName"] except Exception as e: PkgName = "Not Found" print(e) try: InstalledVersion = issue["InstalledVersion"] except Exception as e: InstalledVersion = "Not Found" print(e) try: FixedVersion = issue["FixedVersion"] except Exception as e: FixedVersion = "Not Found" print(e) try: Title = issue["Title"] except Exception as e: Title = "Not Found" print(e) try: Description = issue["Description"] except Exception as e: Description = "Not Found" print(e) try: Severity = issue["Severity"] except Exception as e: Severity = "Not Found" print(e) try: References = issue["References"] except Exception as e: References = "Not Found" print(e) if Severity == "CRITICAL": Severity = "High" vul_col = "danger" if Severity == "HIGH": Severity = "High" vul_col = "danger" if Severity == "MEDIUM": Severity = "Medium" vul_col = "warning" if Severity == "LOW": Severity = "Low" vul_col = "info" if Severity == "UNKNOWN": Severity = "Low" vul_col = "info" vul_id = uuid.uuid4() dup_data = str(VulnerabilityID) + str(Severity) + str(PkgName) duplicate_hash = hashlib.sha256( dup_data.encode("utf-8")).hexdigest() match_dup = StaticScanResultsDb.objects.filter( dup_hash=duplicate_hash).values("dup_hash") lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = "No" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, fileName=PkgName, title=VulnerabilityID, description=str(Description) + str(Title) + "\n\n" + str(VulnerabilityID) + "\n\n" + str(PkgName) + "\n\n" + str(InstalledVersion) + "\n\n" + str(FixedVersion), severity=Severity, references=References, severity_color=vul_col, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive=false_positive, scanner="Trivy", ) save_all.save() else: duplicate_vuln = "Yes" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, fileName=PkgName, title=VulnerabilityID, description=str(Description) + str(Title) + "\n\n" + str(VulnerabilityID) + "\n\n" + str(PkgName) + "\n\n" + str(InstalledVersion) + "\n\n" + str(FixedVersion), severity=Severity, references=References, severity_color=vul_col, vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive="Duplicate", scanner="Trivy", ) save_all.save() all_findbugs_data = StaticScanResultsDb.objects.filter( scan_id=scan_id, false_positive="No") duplicate_count = StaticScanResultsDb.objects.filter( scan_id=scan_id, vuln_duplicate="Yes") total_vul = len(all_findbugs_data) total_high = len(all_findbugs_data.filter(severity="High")) total_medium = len(all_findbugs_data.filter(severity="Medium")) total_low = len(all_findbugs_data.filter(severity="Low")) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) StaticScansDb.objects.filter(scan_id=scan_id).update( total_vul=total_vul, date_time=date_time, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, scanner="Trivy", ) trend_update() subject = "Archery Tool Scan Status - Trivy Report Uploaded" message = ("Trivy Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % (Target, total_vul, total_high, total_medium, total_low)) email_sch_notify(subject=subject, message=message)
def semgrep_report_json(data, project_id, scan_id): """ :param data: :param project_id: :param scan_id: :return: """ date_time = datetime.now() vul_col = "" vuln = data["results"] for vuln_data in vuln: try: check_id = vuln_data["check_id"] except Exception as e: check_id = "Not Found" try: path = vuln_data["path"] except Exception as e: path = "Not Found" try: start = vuln_data["start"] except Exception as e: start = "Not Found" try: end = vuln_data["end"] except Exception as e: end = "Not Found" try: message = vuln_data["extra"]["message"] except Exception as e: message = "Not Found" try: metavars = vuln_data["extra"]["metavars"] except Exception as e: metavars = "Not Found" try: metadata = vuln_data["extra"]["metadata"] except Exception as e: metadata = "Not Found" try: severity = vuln_data["extra"]["severity"] except Exception as e: severity = "Not Found" try: lines = vuln_data["extra"]["lines"] except Exception as e: lines = "Not Found" if severity == "ERROR": severity = "High" vul_col = "danger" elif severity == "WARNING": severity = "Medium" vul_col = "warning" elif severity == "INFORMATION": severity = "Low" vul_col = "info" vul_id = uuid.uuid4() dup_data = str(check_id) + str(severity) + str(path) duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest() match_dup = StaticScanResultsDb.objects.filter( dup_hash=duplicate_hash).values("dup_hash") lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = "No" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, title=check_id, severity_color=vul_col, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive=false_positive, fileName=path, severity=severity, description=str(message) + "\n\n" + str(check_id) + "\n\n" + str(end) + "\n\n" + str(metavars) + "\n\n" + str(metadata) + "\n\n" + str(lines), scanner="Sempgrep", ) save_all.save() else: duplicate_vuln = "Yes" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, title=check_id, severity_color=vul_col, vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive="Duplicate", fileName=path, severity=severity, description=str(message) + "\n\n" + str(check_id) + "\n\n" + str(end) + "\n\n" + str(metavars) + "\n\n" + str(metadata) + "\n\n" + str(lines), scanner="Semgrep", ) save_all.save() all_findbugs_data = StaticScanResultsDb.objects.filter(scan_id=scan_id, false_positive="No") duplicate_count = StaticScanResultsDb.objects.filter(scan_id=scan_id, vuln_duplicate="Yes") total_vul = len(all_findbugs_data) total_high = len(all_findbugs_data.filter(severity="High")) total_medium = len(all_findbugs_data.filter(severity="Medium")) total_low = len(all_findbugs_data.filter(severity="Low")) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) StaticScansDb.objects.filter(scan_id=scan_id).update( total_vul=total_vul, date_time=date_time, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, scanner="Semgrep", ) trend_update() subject = "Archery Tool Scan Status - semgrep Report Uploaded" message = ("semgrep Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % ("semgrep", total_vul, total_high, total_medium, total_low)) email_sch_notify(subject=subject, message=message)
def xml_parser(data, project_id, scan_id): """ :param data: :param project_id: :param scan_id: :return: """ global total_vul, total_high, total_medium, total_low date_time = datetime.now() fileName = "Na" filePath = "Na" evidenceCollected = "Na" name = "Na" severity = "Na" cwe = "Na" description = "Na" references = "Na" vulnerableSoftware = "Na" vul_col = "Na" pt = data.xpath("namespace-uri(.)") # root = data.getroot() inst = [] for scan in data: for dependencies in scan: for dependency in dependencies: if dependency.tag == "{%s}fileName" % pt: fileName = dependency.text if dependency.tag == "{%s}filePath" % pt: filePath = dependency.text if dependency.tag == "{%s}evidenceCollected" % pt: evidenceCollected = dependency.text for vuln in dependency: if vuln.tag == "{%s}vulnerability" % pt: if (pt == "https://jeremylong.github.io/DependencyCheck/dependency-check.2.0.xsd" ): for vulner in vuln: if vulner.tag == "{%s}name" % pt: name = vulner.text if vulner.tag == "{%s}description" % pt: description = vulner.text if vulner.tag == "{%s}references" % pt: references = vulner.text if vulner.tag == "{%s}vulnerableSoftware" % pt: vulnerableSoftware = vulner.text for vuln_dat in vulner: if vuln_dat.tag == "{%s}cwe" % pt: cwe = vuln_dat.text if vuln_dat.tag == "{%s}severity" % pt: severity_dat = vuln_dat.text if severity_dat == "HIGH": severity = "High" elif severity_dat == "MEDIUM": severity = "Medium" elif severity_dat == "LOW": severity = "Low" elif (pt == "https://jeremylong.github.io/DependencyCheck/dependency-check.2.2.xsd" ): for dc22 in vuln: if dc22.tag == "{%s}name" % pt: name = dc22.text if dc22.tag == "{%s}description" % pt: description = dc22.text if dc22.tag == "{%s}vulnerableSoftware" % pt: vulnerableSoftware = dc22.text for vuln_dat in dc22: for d in vuln_dat: if d.tag == "{%s}url" % pt: references = d.text if vuln_dat.tag == "{%s}cwe" % pt: cwe = vuln_dat.text if vuln_dat.tag == "{%s}severity" % pt: severity_dat = vuln_dat.text if severity_dat == "HIGH": severity = "High" elif severity_dat == "MEDIUM": severity = "Medium" elif severity_dat == "LOW": severity = "Low" elif (pt == "https://jeremylong.github.io/DependencyCheck/dependency-check.2.3.xsd" ): for dc22 in vuln: if dc22.tag == "{%s}name" % pt: name = dc22.text if dc22.tag == "{%s}description" % pt: description = dc22.text if dc22.tag == "{%s}vulnerableSoftware" % pt: vulnerableSoftware = dc22.text for vuln_dat in dc22: for d in vuln_dat: if d.tag == "{%s}url" % pt: references = d.text if vuln_dat.tag == "{%s}cwe" % pt: cwe = vuln_dat.text if vuln_dat.tag == "{%s}severity" % pt: severity_dat = vuln_dat.text if severity_dat == "HIGH": severity = "High" elif severity_dat == "MEDIUM": severity = "Medium" elif severity_dat == "LOW": severity = "Low" elif (pt == "https://jeremylong.github.io/DependencyCheck/dependency-check.2.4.xsd" ): for dc22 in vuln: if dc22.tag == "{%s}name" % pt: name = dc22.text if dc22.tag == "{%s}description" % pt: description = dc22.text if dc22.tag == "{%s}vulnerableSoftware" % pt: vulnerableSoftware = dc22.text for vuln_dat in dc22: for d in vuln_dat: if d.tag == "{%s}url" % pt: references = d.text if vuln_dat.tag == "{%s}cwe" % pt: cwe = vuln_dat.text if vuln_dat.tag == "{%s}severity" % pt: severity_dat = vuln_dat.text if severity_dat == "HIGH": severity = "High" elif severity_dat == "MEDIUM": severity = "Medium" elif severity_dat == "LOW": severity = "Low" elif (pt == "https://jeremylong.github.io/DependencyCheck/dependency-check.2.5.xsd" ): for dc22 in vuln: if dc22.tag == "{%s}name" % pt: name = dc22.text if dc22.tag == "{%s}description" % pt: description = dc22.text if dc22.tag == "{%s}vulnerableSoftware" % pt: vulnerableSoftware = dc22.text for vuln_dat in dc22: for d in vuln_dat: if d.tag == "{%s}url" % pt: references = d.text if vuln_dat.tag == "{%s}cwe" % pt: cwe = vuln_dat.text if vuln_dat.tag == "{%s}severity" % pt: severity_dat = vuln_dat.text if severity_dat == "HIGH": severity = "High" elif severity_dat == "MEDIUM": severity = "Medium" elif severity_dat == "LOW": severity = "Low" else: for vulner in vuln: if vulner.tag == "{%s}name" % pt: name = vulner.text if vulner.tag == "{%s}severity" % pt: severity = vulner.text if vulner.tag == "{%s}cwe" % pt: cwe = vulner.text if vulner.tag == "{%s}description" % pt: description = vulner.text if vulner.tag == "{%s}references" % pt: references = vulner.text if vulner.tag == "{%s}vulnerableSoftware" % pt: vulnerableSoftware = vulner.text date_time = datetime.now() vul_id = uuid.uuid4() if severity == "High": vul_col = "danger" elif severity == "Medium": vul_col = "warning" elif severity == "Low": vul_col = "info" dup_data = name + fileName + severity duplicate_hash = hashlib.sha256( dup_data.encode("utf-8")).hexdigest() match_dup = StaticScanResultsDb.objects.filter( dup_hash=duplicate_hash).values("dup_hash") lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = "No" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" if cwe == "Na": cwe = name save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, fileName=fileName, filePath=filePath, title=name, severity=severity, description=str(description) + "\n\n" + str(evidenceCollected) + "\n\n" + str(vulnerableSoftware), references=references, severity_color=vul_col, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive=false_positive, scanner="Dependencycheck", ) save_all.save() else: duplicate_vuln = "Yes" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, fileName=fileName, filePath=filePath, title=name, severity=severity, description=str(description) + "\n\n" + str(evidenceCollected) + "\n\n" + str(vulnerableSoftware), references=references, severity_color=vul_col, vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive="Duplicate", scanner="Dependencycheck", ) save_all.save() all_dependency_data = StaticScanResultsDb.objects.filter( scan_id=scan_id, false_positive="No") duplicate_count = StaticScanResultsDb.objects.filter( scan_id=scan_id, vuln_duplicate="Yes") total_vul = len(all_dependency_data) total_high = len(all_dependency_data.filter(severity="High")) total_medium = len(all_dependency_data.filter(severity="Medium")) total_low = len(all_dependency_data.filter(severity="Low")) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) StaticScansDb.objects.filter(scan_id=scan_id).update( date_time=date_time, total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, scanner="Dependencycheck", ) trend_update() subject = "Archery Tool Scan Status - DependencyCheck Report Uploaded" message = ("DependencyCheck Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % (name, total_vul, total_high, total_medium, total_low)) email_sch_notify(subject=subject, message=message) return HttpResponse(status=201)
def brakeman_report_json(data, project_id, scan_id): """ :param data: :param project_id: :param scan_id: :return: :username: """ global false_positive date_time = datetime.now() vul_col = "" # Parser for above json data # print(data['warnings']) vuln = data["warnings"] for vuln_data in vuln: try: name = vuln_data["warning_type"] except Exception as e: name = "Not Found" try: warning_code = vuln_data["warning_code"] except Exception as e: warning_code = "Not Found" try: fingerprint = vuln_data["fingerprint"] except Exception as e: fingerprint = "Not Found" try: description = vuln_data["message"] except Exception as e: description = "Not Found" try: check_name = vuln_data["check_name"] except Exception as e: check_name = "Not Found" try: severity = vuln_data["confidence"] if severity == "Weak": severity = "Low" except Exception as e: severity = "Not Found" try: file = vuln_data["file"] except Exception as e: file = "Not Found" try: line = vuln_data["line"] except Exception as e: line = "Not Found" try: link = vuln_data["link"] except Exception as e: link = "Not Found" try: code = vuln_data["code"] except Exception as e: code = "Not Found" try: render_path = vuln_data["render_path"] except Exception as e: render_path = "Not Found" if severity == "Critical": severity = "High" vul_col = "danger" if severity == "High": vul_col = "danger" elif severity == "Medium": vul_col = "warning" elif severity == "Low": vul_col = "info" elif severity == "Unknown": severity = "Low" vul_col = "info" elif severity == "Everything else": severity = "Low" vul_col = "info" vul_id = uuid.uuid4() dup_data = str(name) + str(severity) + str(file) duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest() match_dup = StaticScanResultsDb.objects.filter( dup_hash=duplicate_hash).values("dup_hash") lenth_match = len(match_dup) if lenth_match == 0: duplicate_vuln = "No" false_p = StaticScanResultsDb.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) if fp_lenth_match == 1: false_positive = "Yes" else: false_positive = "No" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, severity_color=vul_col, vuln_status="Open", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive=false_positive, title=name, description=str(description) + "\n\n" + str(code) + "\n\n" + str(render_path), severity=severity, fileName=file, references=link, scanner="Brakeman", ) save_all.save() else: duplicate_vuln = "Yes" save_all = StaticScanResultsDb( vuln_id=vul_id, scan_id=scan_id, date_time=date_time, project_id=project_id, severity_color=vul_col, vuln_status="Duplicate", dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln, false_positive="Duplicate", title=name, description=str(description) + "\n\n" + str(code) + "\n\n" + str(render_path), severity=severity, fileName=file, references=link, scanner="Brakeman", ) save_all.save() all_findbugs_data = StaticScanResultsDb.objects.filter(scan_id=scan_id, false_positive="No", vuln_duplicate="No") duplicate_count = StaticScanResultsDb.objects.filter(scan_id=scan_id, vuln_duplicate="Yes") total_vul = len(all_findbugs_data) total_high = len(all_findbugs_data.filter(severity="High")) total_medium = len(all_findbugs_data.filter(severity="Medium")) total_low = len(all_findbugs_data.filter(severity="Low")) total_duplicate = len(duplicate_count.filter(vuln_duplicate="Yes")) StaticScansDb.objects.filter(scan_id=scan_id).update( date_time=date_time, total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, scanner="Brakeman", ) trend_update() subject = "Archery Tool Scan Status - brakeman Report Uploaded" message = ("brakeman Scanner has completed the scan " " %s <br> Total: %s <br>High: %s <br>" "Medium: %s <br>Low %s" % (Target, total_vul, total_high, total_medium, total_low)) email_sch_notify(subject=subject, message=message)