def createfilexml(self): global Mpath,Magent homep=Mpath if not os.path.isdir(homep+"/xssalertdefault"): os.mkdir(homep+"/xssalertdefault") f1=open(homep+"/xssalertdefault/payload.xml","w") f2=open(homep+"/xssalertdefault/header.xml","w") f3=open(homep+"/xssalertdefault/url.xml","w") dom1=Document() x=dom1.createElement("xssalert") dom1.appendChild(x) i=0 while i < 2: xa=dom1.createElement("xssalertvector") x.appendChild(xa) vr=dom1.createElement("vector") xa.appendChild(vr) testvr=dom1.createCDATASection("??") vr.appendChild(testvr) i=i+1 f1.write(dom1.toprettyxml(" ")) dom2=Document() y=dom2.createElement("xssalert") dom2.appendChild(y) i=0 while i<2: xb=dom2.createElement("xssalertheader") y.appendChild(xb) hr=dom2.createElement("header") xb.appendChild(hr) testhr=dom2.createCDATASection("??") hr.appendChild(testhr) i=i+1 f2.write(dom2.toprettyxml(" ")) dom3=Document() z=dom3.createElement("xssalert") dom3.appendChild(z) i=0 while i<2: xc=dom3.createElement("xssalerturl") z.appendChild(xc) ur=dom3.createElement("url") xc.appendChild(ur) testhr=dom3.createCDATASection("??") ur.appendChild(testhr) i=i+1 f3.write(dom3.toprettyxml(" ")) f1.close() f2.close() f3.close() self.file_create_alert.setText("Default directory with XML files Created in '"+homep+"' \n Replace '??' with your text")
def saveAnnotations(self): "Currently supports only saving xml files" global points, path, lastSavedState, annotationChanged filename = os.path.splitext(str( self.ui.imageComboBox.currentText()))[0] filePath = os.path.join(str(path), str(filename) + ".xml") currentIndex = self.ui.imageComboBox.currentIndex() lastSavedState = self.undoStacks[currentIndex].index() annotationChanged[currentIndex] = False doc = Document() annotation = doc.createElement("annotation") doc.appendChild(annotation) objects = doc.createElement("objects") objects.setAttribute("type", "points") objects.setAttribute("count", "%.0f" % len(points[currentIndex])) annotation.appendChild(objects) text = "" for (x, y) in points[currentIndex]: text += "%.0f %.0f\n" % (x, y) if text == "": text = "\n" cDataSection = doc.createCDATASection(text) objects.appendChild(cDataSection) objects = doc.createElement("objects") objects.setAttribute("type", "rectangles") objects.setAttribute("count", "%.0f" % len(rectangles[currentIndex])) annotation.appendChild(objects) text = "" for (x, y, w, h) in rectangles[currentIndex]: text += "%.0f %.0f %.0f %.0f\n" % (x, y, w, h) if text == "": text = "\n" cDataSection = doc.createCDATASection(text) objects.appendChild(cDataSection) f = open(filePath, 'w') f.write(doc.toprettyxml(indent=" ", encoding="UTF-8")) f.close() self.ui.statusBar.showMessage("File saved to %s" % (filePath)) self.setWindowTitle("%s (%s) - pilab-annotator" % (self.ui.imageComboBox.currentText(), path))
def render(self, summary=True, messages=True, profile=False): xml_doc = Document() testsuite_el = xml_doc.createElement('testsuite') testsuite_el.setAttribute('errors', str(self.summary['message_count'])) testsuite_el.setAttribute('failures', '0') testsuite_el.setAttribute( 'name', 'prospector-%s' % '-'.join(self.summary['tools'])) testsuite_el.setAttribute('tests', str(self.summary['message_count'])) testsuite_el.setAttribute('time', str(self.summary['time_taken'])) xml_doc.appendChild(testsuite_el) prop_el = xml_doc.createElement('properties') testsuite_el.appendChild(prop_el) sysout_el = xml_doc.createElement('system-out') sysout_el.appendChild(xml_doc.createCDATASection('')) testsuite_el.appendChild(sysout_el) syserr_el = xml_doc.createElement('system-err') syserr_el.appendChild(xml_doc.createCDATASection('')) testsuite_el.appendChild(syserr_el) for message in sorted(self.messages): testcase_el = xml_doc.createElement('testcase') testcase_el.setAttribute( 'name', '%s-%s' % (message.location.path, message.location.line)) failure_el = xml_doc.createElement('error') failure_el.setAttribute('message', message.message.strip()) failure_el.setAttribute('type', '%s Error' % message.source) template = '%(path)s:%(line)s: [%(code)s(%(source)s), %(function)s] %(message)s' cdata = template % { 'path': message.location.path, 'line': message.location.line, 'source': message.source, 'code': message.code, 'function': message.location.function, 'message': message.message.strip() } failure_el.appendChild(xml_doc.createCDATASection(cdata)) testcase_el.appendChild(failure_el) testsuite_el.appendChild(testcase_el) return xml_doc.toprettyxml()
def write_xml(self, path): """ Generator returning JUnit-compatible XML output """ from xml.dom.minidom import Document logging.info("Writing JUnit XML output to '%s'" % path) out = Document() ts = out.createElement("testsuite") out.appendChild(ts) ts.setAttribute("tests", str(self.testsRun)) ts.setAttribute("errors", str(len(self.errors))) ts.setAttribute("failures", str(len(self.failures))) #ts.setAttribute("name") ts.setAttribute("time", str(self.stop_time - self.start_time)) ts.setAttribute("timestamp", self.timestamp) # Append test cases info for name, test, status, err in sorted(self.test_results, key=lambda x: x[0]): p = name.split(".") tc = out.createElement("testcase") ts.appendChild(tc) tc.setAttribute("classname", ".".join(p[:-1])) tc.setAttribute("name", p[-1]) tc.setAttribute("time", "%.6f" % self.test_timings[name]) if status in (self.R_ERROR, self.R_FAILURE): e = out.createElement("error" if self.R_ERROR else "failure") tc.appendChild(e) e.setAttribute("type", err[0].__name__) e.setAttribute("message", str(err[1])) ft = out.createCDATASection( "%s: %s" % (err[0].__name__, err[1]) + "\n" + format_frames(get_traceback_frames(err[2])) + "\n") e.appendChild(ft) # Applend system-out and system-err so = out.createElement("system-out") o = out.createCDATASection(self.stdout.get()) so.appendChild(o) ts.appendChild(so) se = out.createElement("system-err") o = out.createCDATASection(self.stderr.get()) se.appendChild(o) ts.appendChild(se) r = out.toprettyxml(indent=" " * 4) if path == "-": print r else: safe_rewrite(path, r)
def pts2xml(ptsFile, xmlFile=None): if xmlFile == None: xmlFile = ptsFile[:-4] + ".xml" try: f = open(ptsFile, 'r') fileContent = f.read().split() except IOError: print "File: %s not found.\n" % asfFile else: start = fileContent.index("{") + 1 end = fileContent.index("}") pts = [] while start < end: pts.append( (float(fileContent[start]), float(fileContent[start + 1]))) start += 2 f.close() doc = Document() annotation = doc.createElement("annotation") doc.appendChild(annotation) objects = doc.createElement("objects") objects.setAttribute("type", "points") objects.setAttribute("count", "%.0f" % len(pts)) annotation.appendChild(objects) text = "" for (x, y) in pts: text += "%.0f %.0f\n" % (x, y) cDataSection = doc.createCDATASection(text) objects.appendChild(cDataSection) objects = doc.createElement("objects") objects.setAttribute("type", "rectangles") objects.setAttribute("count", "int") annotation.appendChild(objects) cDataSection = doc.createCDATASection("\n") objects.appendChild(cDataSection) xml = open(xmlFile, 'w') xml.write(doc.toprettyxml(indent=" ", encoding="UTF-8")) xml.close()
def pts2xml(ptsFile, xmlFile=None): if xmlFile == None: xmlFile = ptsFile[:-4] + ".xml" try: f = open(ptsFile, 'r') fileContent = f.read().split() except IOError: print "File: %s not found.\n" % asfFile else: start = fileContent.index("{") + 1 end = fileContent.index("}") pts = [] while start < end: pts.append((float(fileContent[start]),float(fileContent[start+1]))) start += 2 f.close() doc = Document() annotation = doc.createElement("annotation") doc.appendChild(annotation) objects = doc.createElement("objects") objects.setAttribute("type", "points") objects.setAttribute("count", "%.0f" % len(pts)) annotation.appendChild(objects) text = "" for (x,y) in pts: text += "%.0f %.0f\n" % (x,y) cDataSection = doc.createCDATASection(text) objects.appendChild(cDataSection) objects = doc.createElement("objects") objects.setAttribute("type", "rectangles") objects.setAttribute("count", "int") annotation.appendChild(objects) cDataSection = doc.createCDATASection("\n") objects.appendChild(cDataSection) xml = open(xmlFile, 'w') xml.write(doc.toprettyxml(indent=" ", encoding="UTF-8")) xml.close()
def toWorkspaceXml(self, quantity=1, data=None): launchData = {} if self.data != None: for key in self.data: launchData[key] = self.data[key] if data != None: for key in data: launchData[key] = data[key] # why did I think this was a good idea? doc = Document() cluster = doc.createElementNS("http://www.globus.org/2008/06/workspace/metadata/logistics", "cluster") workspace = doc.createElement("workspace"); cluster.appendChild(workspace) name = doc.createElement("name") name.appendChild(doc.createTextNode(self.name)) workspace.appendChild(name) image = doc.createElement("image") image.appendChild(doc.createTextNode(self.ami)) workspace.appendChild(image) quantityNode = doc.createElement("quantity") quantityNode.appendChild(doc.createTextNode(str(quantity))) workspace.appendChild(quantityNode) nic = doc.createElement("nic") nic.setAttribute("wantlogin","true") nic.appendChild(doc.createTextNode("public")) workspace.appendChild(nic) ctx = doc.createElement("ctx") workspace.appendChild(ctx) provides = doc.createElement("provides") provides.appendChild(doc.createElement("identity")) ctx.appendChild(provides) role = doc.createElement("role") role.setAttribute("hostname","true") role.setAttribute("pubkey","true") role.appendChild(doc.createTextNode(self.name)) provides.appendChild(role) requires = doc.createElement("requires") requires.appendChild(doc.createElement("identity")) ctx.appendChild(requires) for key in launchData: dataNode = doc.createElement("data") dataNode.setAttribute("name", key) dataNode.appendChild(doc.createCDATASection(launchData[key])) requires.appendChild(dataNode) return cluster.toxml()
def saveAnnotations(self): "Currently supports only saving xml files" global points, path, lastSavedState, annotationChanged filename = os.path.splitext(str(self.ui.imageComboBox.currentText()))[0] filePath = os.path.join(str(path), str(filename) + ".xml") currentIndex = self.ui.imageComboBox.currentIndex() lastSavedState = self.undoStacks[currentIndex].index() annotationChanged[currentIndex] = False doc = Document() annotation = doc.createElement("annotation") doc.appendChild(annotation) objects = doc.createElement("objects") objects.setAttribute("type", "points") objects.setAttribute("count", "%.0f" % len(points[currentIndex])) annotation.appendChild(objects) text = "" for (x,y) in points[currentIndex]: text += "%.0f %.0f\n" % (x,y) if text == "": text = "\n" cDataSection = doc.createCDATASection(text) objects.appendChild(cDataSection) objects = doc.createElement("objects") objects.setAttribute("type", "rectangles") objects.setAttribute("count", "%.0f" % len(rectangles[currentIndex])) annotation.appendChild(objects) text = "" for (x,y,w,h) in rectangles[currentIndex]: text += "%.0f %.0f %.0f %.0f\n" % (x,y,w,h) if text == "": text = "\n" cDataSection = doc.createCDATASection(text) objects.appendChild(cDataSection) f = open(filePath, 'w') f.write(doc.toprettyxml(indent=" ", encoding="UTF-8")) f.close() self.ui.statusBar.showMessage("File saved to %s" % (filePath)) self.setWindowTitle("%s (%s) - pilab-annotator" % (self.ui.imageComboBox.currentText(), path))
def encrypt(self, x509_file_path): if self._signature is None or self._orderId is None or isinstance(self._invoice, Invoice) is not True: raise Exception( "One or more mandatory properties are invalid!: " + str(self._signature) + ":" + str(self._orderId), self.ERROR_PREPARE_MANDATORY_PROPERTIES_UNSET, ) xml_doc = Document() order = xml_doc.createElement("order") order.setAttribute("type", self._type) order.setAttribute("id", self._orderId) order.setAttribute("timestamp", f"{datetime.now():%Y%m%d%H%M%S}") signature = xml_doc.createElement("signature") signature_text = xml_doc.createTextNode(self._signature) signature.appendChild(signature_text) invoice = self._invoice.create_xml_element(xml_doc) order.appendChild(signature) order.appendChild(invoice) if self._objRequestParams is not None and len(self._objRequestParams) > 0: params = xml_doc.createElement("params") for p in self._objRequestParams: param = xml_doc.createElement("param") name = xml_doc.createElement("name") value = xml_doc.createElement("value") name_text = xml_doc.createTextNode(p.strip()) value_text = xml_doc.createCDATASection(self._objRequestParams.get(p)) name.appendChild(name_text) value.appendChild(value_text) param.appendChild(name) param.appendChild(value) params.appendChild(param) xml_doc.appendChild(params) if self._returnUrl is not None and len(self._returnUrl) > 0: url = xml_doc.createElement("url") return_url = xml_doc.createElement("return") return_url_text = xml_doc.createTextNode(self._returnUrl) return_url.appendChild(return_url_text) url.appendChild(return_url) if self._confirmUrl is not None and len(self._confirmUrl) > 0: confirm_url = xml_doc.createElement("confirm") confirm_url_text = xml_doc.createTextNode(self._confirmUrl) confirm_url.appendChild(confirm_url_text) url.appendChild(confirm_url) order.appendChild(url) xml_doc.appendChild(order) self._xmlDoc = xml_doc super()._encrypt(x509_file_path)
def render(self, summary=True, messages=True, profile=False): xml_doc = Document() testsuite_el = xml_doc.createElement("testsuite") testsuite_el.setAttribute("errors", str(self.summary["message_count"])) testsuite_el.setAttribute("failures", "0") testsuite_el.setAttribute("name", "prospector-%s" % "-".join(self.summary["tools"])) testsuite_el.setAttribute("tests", str(self.summary["message_count"])) testsuite_el.setAttribute("time", str(self.summary["time_taken"])) xml_doc.appendChild(testsuite_el) prop_el = xml_doc.createElement("properties") testsuite_el.appendChild(prop_el) sysout_el = xml_doc.createElement("system-out") sysout_el.appendChild(xml_doc.createCDATASection("")) testsuite_el.appendChild(sysout_el) syserr_el = xml_doc.createElement("system-err") syserr_el.appendChild(xml_doc.createCDATASection("")) testsuite_el.appendChild(syserr_el) for message in sorted(self.messages): testcase_el = xml_doc.createElement("testcase") testcase_el.setAttribute("name", "%s-%s" % (message.location.path, message.location.line)) failure_el = xml_doc.createElement("error") failure_el.setAttribute("message", message.message.strip()) failure_el.setAttribute("type", "%s Error" % message.source) template = "%(path)s:%(line)s: [%(code)s(%(source)s), %(function)s] %(message)s" cdata = template % { "path": message.location.path, "line": message.location.line, "source": message.source, "code": message.code, "function": message.location.function, "message": message.message.strip(), } failure_el.appendChild(xml_doc.createCDATASection(cdata)) testcase_el.appendChild(failure_el) testsuite_el.appendChild(testcase_el) return xml_doc.toprettyxml()
def render(self, summary=True, messages=True, profile=False): xml_doc = Document() testsuite_el = xml_doc.createElement('testsuite') testsuite_el.setAttribute('errors', str(self.summary['message_count'])) testsuite_el.setAttribute('failures', '0') testsuite_el.setAttribute('name', 'prospector-%s' % '-'.join(self.summary['tools'])) testsuite_el.setAttribute('tests', str(self.summary['message_count'])) testsuite_el.setAttribute('time', str(self.summary['time_taken'])) xml_doc.appendChild(testsuite_el) prop_el = xml_doc.createElement('properties') testsuite_el.appendChild(prop_el) sysout_el = xml_doc.createElement('system-out') sysout_el.appendChild(xml_doc.createCDATASection('')) testsuite_el.appendChild(sysout_el) syserr_el = xml_doc.createElement('system-err') syserr_el.appendChild(xml_doc.createCDATASection('')) testsuite_el.appendChild(syserr_el) for message in sorted(self.messages): testcase_el = xml_doc.createElement('testcase') testcase_el.setAttribute('name', '%s-%s' % (message.location.path, message.location.line)) failure_el = xml_doc.createElement('error') failure_el.setAttribute('message', message.message.strip()) failure_el.setAttribute('type', '%s Error' % message.source) template = '%(path)s:%(line)s: [%(code)s(%(source)s), %(function)s] %(message)s' cdata = template % { 'path': message.location.path, 'line': message.location.line, 'source': message.source, 'code': message.code, 'function': message.location.function, 'message': message.message.strip() } failure_el.appendChild(xml_doc.createCDATASection(cdata)) testcase_el.appendChild(failure_el) testsuite_el.appendChild(testcase_el) return xml_doc.toprettyxml()
def generate_cluster_document(image, name="domain_instance", quantity=1, nic="public", wantlogin="******", chef_json=None): doc = Document() root_el = doc.createElement("cluster") doc.appendChild(root_el) workspace_el = doc.createElement("workspace") root_el.appendChild(workspace_el) name_el = doc.createElement("name") workspace_el.appendChild(name_el) name_el_text = doc.createTextNode(name) name_el.appendChild(name_el_text) image_el = doc.createElement("image") workspace_el.appendChild(image_el) image_el_text = doc.createTextNode(image) image_el.appendChild(image_el_text) quantity_el = doc.createElement("quantity") workspace_el.appendChild(quantity_el) quantity_el_text = doc.createTextNode(str(quantity)) quantity_el.appendChild(quantity_el_text) nic_el = doc.createElement("nic") nic_el.setAttribute("wantlogin", wantlogin) workspace_el.appendChild(nic_el) nic_el_text = doc.createTextNode(nic) nic_el.appendChild(nic_el_text) ctx_el = doc.createElement("ctx") workspace_el.appendChild(ctx_el) provides_el = doc.createElement("provides") ctx_el.appendChild(provides_el) provides_identity_el = doc.createElement("identity") provides_el.appendChild(provides_identity_el) requires_el = doc.createElement("requires") ctx_el.appendChild(requires_el) requires_identity_el = doc.createElement("identity") requires_el.appendChild(requires_identity_el) if chef_json: chef_config_string = json.dumps(chef_json) data_el = doc.createElement("data") data_el.setAttribute("name", "dt-chef-solo") requires_el.appendChild(data_el) cdata = doc.createCDATASection(chef_config_string) data_el.appendChild(cdata) return doc.toxml()
def _add_field(doc: Document, parent: Element, name: str, text: str, cdata: bool = False): el = doc.createElement(name) if cdata: txt = doc.createCDATASection(text) else: txt = doc.createTextNode(text) el.appendChild(txt) parent.appendChild(el)
class GMap(object): """ Creates a KML file for Google Maps or Google Earth Usage: m = GMap() m.add_placemark(lon=39, lat=39, title="Sample Placemark", desc="A longer description for the placemark. It can include <b>HTML</b>") print m.renderKML() """ def __init__(self): self.doc = Document() self.kml = self.doc.createElement("kml") self.kml.setAttribute("http://www.opengis.net/kml/2.2") self.doc.appendChild(self.kml) def add_placemark(self, lon, lat, alt=2, title="Default", desc="", show=1): # create <Placemark> placemark = self.doc.createElement("Placemark") self.kml.appendChild(placemark) # create <name> name = self.doc.createElement("name") placemark.appendChild(name) name.appendChild( self.doc.createTextNode(title) ) # create <visibility> visibility = self.doc.createElement("visibility") placemark.appendChild(visibility) visibility.appendChild( self.doc.createTextNode("1") ) # create <description> description = self.doc.createElement("description") placemark.appendChild(description) description.appendChild( self.doc.createCDATASection(desc) ) # create <Point> point = self.doc.createElement("Point") placemark.appendChild(point) # create <coordinates> coordinates = self.doc.createElement("coordinates") point.appendChild(coordinates) coordinates.appendChild( self.doc.createTextNode( "%s,%s,%s" % ( lon , lat, alt))) def renderKML(self): return self.doc.toxml()
def construct_feed(reddit_items, feed_info): doc = Document() full_rss = doc.createElement('rss') full_rss.setAttribute('version', '2.0') channel = doc.createElement('channel') full_rss.appendChild(channel) title = doc.createElement('title') title.appendChild(doc.createTextNode(feed_info['title'])) channel.appendChild(title) link = doc.createElement('link') link.appendChild(doc.createTextNode(feed_info['link'])) channel.appendChild(link) description = doc.createElement('description') description.appendChild(doc.createTextNode(feed_info['description'])) channel.appendChild(description) for i in reddit_items: item = doc.createElement('item') title = doc.createElement('title') title.appendChild(doc.createTextNode(i['ref_title'])) link = doc.createElement('link') link.appendChild(doc.createTextNode(i['ref_link'])) guid = doc.createElement('guid') guid.appendChild(doc.createTextNode(i['link'])) description = doc.createElement('description') description.appendChild(doc.createCDATASection(i['content'])) item.appendChild(title) item.appendChild(link) item.appendChild(guid) item.appendChild(description) channel.appendChild(item) doc.appendChild(full_rss) return doc.toxml()
def addReponseHeader(content, requestMId, requestTime, actionType): doc = Document() rootNode = doc.createElement("response-message") doc.appendChild(rootNode) resMidNode = doc.createElement("responseMessageId") rootNode.appendChild(resMidNode) resMidValue = doc.createTextNode(str(uuid.uuid1())) resMidNode.appendChild(resMidValue) reqMidNode = doc.createElement("requestMessageId") rootNode.appendChild(reqMidNode) reqMidValue = doc.createTextNode(str(requestMId)) reqMidNode.appendChild(reqMidValue) resMtimeNode = doc.createElement("responseTime") rootNode.appendChild(resMtimeNode) ISOTIMEFORMAT = '%Y-%m-%d %X' resMtimeValue = doc.createTextNode( time.strftime(ISOTIMEFORMAT, time.localtime())) resMtimeNode.appendChild(resMtimeValue) reqMtimeNode = doc.createElement("requestTime") rootNode.appendChild(reqMtimeNode) reqMtimeValue = doc.createTextNode(str(requestTime)) reqMtimeNode.appendChild(reqMtimeValue) actionTypeNode = doc.createElement("actionType") rootNode.appendChild(actionTypeNode) actionTypeValue = doc.createTextNode(str(actionType)) actionTypeNode.appendChild(actionTypeValue) if content != '': contentNode = doc.createElement("content") rootNode.appendChild(contentNode) contentValue = doc.createCDATASection(content) contentNode.appendChild(contentValue) reqStatus = doc.createElement("status") rootNode.appendChild(reqStatus) reqStatusValue = doc.createTextNode("0") reqStatus.appendChild(reqStatusValue) reqStatusDescNode = doc.createElement("statusDescription") rootNode.appendChild(reqStatusDescNode) reqStatusDescValue = doc.createTextNode("ok") reqStatusDescNode.appendChild(reqStatusDescValue) return doc.toxml()
def po2xml(f, t): po = polib.pofile(f) # Create the <po> base element doc = Document() root = doc.createElement("po") doc.appendChild(root) ### header header = doc.createElement("header") text_node = doc.createCDATASection(po.header) header.appendChild(text_node) root.appendChild(header) ### metadata and entries entries = [po.metadata_as_entry()] entries += [e for e in po if not e.obsolete] for entry in entries: write_entry(entry, doc, root) for entry in po.obsolete_entries(): write_entry(entry, doc, root) file(t, 'wb').write(doc.toprettyxml(indent=" ", encoding='utf-8'))
class OpenVASReportGenerator(ReportGenerator): """ This class generates a report with the method printToFile(fileName) which contains the information of all the vulnerabilities notified to this object through the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info). The format of the file is XML and it has the following structure: <report type="security"> <generatedBy id="WAVES 1.0.0"/> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityList> <vulnerability level="3"> <url>http://www.a.com</url> <parameters>id=23</parameters> <info>SQL Injection</info> </vulnerability> </vulnerabilityList> </vulnerabilityType> </vulnerabilityTypeList> </report> """ def __init__(self): self.__xmlDoc = Document() self.__infos = {} self.__flawTypes = {} self.__vulns = {} self.__anomalies = {} self.__vulnCount = 0 self.__anomCount = 0 def setReportInfo(self, target, scope=None, date_string="", version=""): self.__infos["target"] = target self.__infos["date"] = date_string self.__infos["version"] = version if scope: self.__infos["scope"] = scope # Vulnerabilities def addVulnerabilityType(self, name, description="", solution="", references={}): if name not in self.__flawTypes: self.__flawTypes[name] = { 'desc': description, 'sol': solution, 'ref': references } if name not in self.__vulns: self.__vulns[name] = [] def logVulnerability(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ vuln_dict = { "method": request.method, "hostname": request.hostname, "port": request.port, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "http_request": request.http_repr, "curl_command": request.curl_repr, } if category not in self.__vulns: self.__vulns[category] = [] self.__vulns[category].append(vuln_dict) self.__vulnCount += 1 # Anomalies def addAnomalyType(self, name, description="", solution="", references={}): if name not in self.__flawTypes: self.__flawTypes[name] = { 'desc': description, 'sol': solution, 'ref': references } if name not in self.__anomalies: self.__anomalies[name] = [] def logAnomaly(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ anom_dict = { "method": request.method, "hostname": request.hostname, "port": request.port, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "http_request": request.http_repr, "curl_command": request.curl_repr, } if category not in self.__anomalies: self.__anomalies[category] = [] self.__anomalies[category].append(anom_dict) self.__anomCount += 1 def generateReport(self, filename): """ Create a xml file with a report of the vulnerabilities which have been logged with the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info) """ uuid_report = str(uuid.uuid1()) report = self.__xmlDoc.createElement("report") report.setAttribute("extension", "xml") report.setAttribute("id", uuid_report) report.setAttribute("type", "scan") report.setAttribute("content_type", "text/html") report.setAttribute("format_id", "a994b278-1f62-11e1-96ac-406186ea4fc5") self.__xmlDoc.appendChild(report) # Add report infos report_infos = self.__xmlDoc.createElement("report") report_infos.setAttribute("id", uuid_report) scan_run_status = self.__xmlDoc.createElement("scan_run_status") scan_run_status.appendChild(self.__xmlDoc.createTextNode("Done")) report_infos.appendChild(scan_run_status) scan_start = self.__xmlDoc.createElement("scan_start") scan_start.appendChild( self.__xmlDoc.createTextNode(self.__infos["date"])) report_infos.appendChild(scan_start) results = self.__xmlDoc.createElement("results") results.setAttribute("start", "1") results.setAttribute("max", str(self.__vulnCount + self.__anomCount)) # Loop on each flaw classification for flawType in self.__flawTypes: classification = "" flaw_dict = {} if flawType in self.__vulns: classification = "vulnerability" flaw_dict = self.__vulns elif flawType in self.__anomalies: classification = "anomaly" flaw_dict = self.__anomalies for flaw in flaw_dict[flawType]: result = self.__xmlDoc.createElement("result") result.setAttribute("id", str(uuid.uuid4())) subnet = self.__xmlDoc.createElement("subnet") subnet.appendChild( self.__xmlDoc.createTextNode(flaw["hostname"])) result.appendChild(subnet) host = self.__xmlDoc.createElement("host") host.appendChild(self.__xmlDoc.createTextNode( flaw["hostname"])) result.appendChild(host) port = self.__xmlDoc.createElement("port") port.appendChild( self.__xmlDoc.createTextNode(str(flaw["port"]))) result.appendChild(port) nvt = self.__xmlDoc.createElement("nvt") nvt.setAttribute("oid", str(uuid.uuid4())) name = self.__xmlDoc.createElement("name") name.appendChild(self.__xmlDoc.createTextNode(flawType)) nvt.appendChild(name) family = self.__xmlDoc.createElement("family") family.appendChild( self.__xmlDoc.createTextNode(classification)) nvt.appendChild(family) cvss_base = self.__xmlDoc.createElement("cvss_base") cvss_base.appendChild(self.__xmlDoc.createTextNode("0.0")) nvt.appendChild(cvss_base) risk_factor = self.__xmlDoc.createElement("risk_factor") risk_factor.appendChild( self.__xmlDoc.createTextNode(str(flaw["level"]))) nvt.appendChild(risk_factor) cve = self.__xmlDoc.createElement("cve") cve.appendChild(self.__xmlDoc.createTextNode("")) nvt.appendChild(cve) bid = self.__xmlDoc.createElement("bid") bid.appendChild(self.__xmlDoc.createTextNode("")) nvt.appendChild(bid) tags = self.__xmlDoc.createElement("tags") tags.appendChild(self.__xmlDoc.createTextNode("")) nvt.appendChild(tags) certs = self.__xmlDoc.createElement("certs") certs.appendChild(self.__xmlDoc.createTextNode("")) nvt.appendChild(certs) xref = self.__xmlDoc.createElement("xref") xref.appendChild(self.__xmlDoc.createTextNode("NOXREF")) nvt.appendChild(xref) result.appendChild(nvt) threat = self.__xmlDoc.createElement("threat") threat.appendChild( self.__xmlDoc.createTextNode(str(flaw["level"]))) result.appendChild(threat) description = self.__xmlDoc.createElement("description") description.appendChild( self.__xmlDoc.createCDATASection(flaw["info"])) result.appendChild(description) original_threat = self.__xmlDoc.createElement( "original_threat") original_threat.appendChild( self.__xmlDoc.createTextNode(str(flaw["level"]))) result.appendChild(original_threat) results.appendChild(result) report_infos.appendChild(results) report.appendChild(report_infos) f = open(filename, "w") try: f.write(self.__xmlDoc.toprettyxml(indent=" ", encoding="UTF-8")) finally: f.close()
def saveImage(image, filename): """ Save the current image to a new file If the image was created using array data (not loaded from a file) one has to specify a filename Note that the Gifti spec suggests using the following suffixes to your filename when saving each specific type of data: - Generic GIFTI File .gii - Coordinates .coord.gii - Functional .func.gii - Labels .label.gii - RGB or RGBA .rgba.gii - Shape .shape.gii - Surface .surf.gii - Tensors .tensor.gii - Time Series .time.gii - Topology .topo.gii """ doc = Document() root_node = doc.createElement('GIFTI') root_node.setAttribute('Version', '1.03') root_node.setAttribute('NumberOfDataArrays', str(image.numDA)) #TODO Add metadata writing metadata_root = doc.createElement('MetaData') metadata = image.meta.get_data_as_dict() for key in metadata: MD_node = doc.createElement('MD') name_node = doc.createElement('Name') name_value = doc.createCDATASection(str(key)) name_node.appendChild(name_value) MD_node.appendChild(name_node) value_node = doc.createElement('Value') value_value = doc.createCDATASection(str(metadata[key])) value_node.appendChild(value_value) MD_node.appendChild(value_node) metadata_root.appendChild(MD_node) root_node.appendChild(metadata_root) #TODO Add label writing label_root = doc.createElement('LabelTable') #Append label data to this root_node.appendChild(label_root) for i in xrange(int(image.numDA)): # Intent code is stored in the DataArray struct darray = image.darrays[i] array_node = doc.createElement('DataArray') array_node.setAttribute('Intent', str(GiftiIntentCode.intents_inv[darray.intent])) array_node.setAttribute('DataType', str(GiftiDataType.datatypes_inv[darray.datatype])) array_node.setAttribute('ArrayIndexingOrder', "RowMajorOrder") array_node.setAttribute('Dimensionality', str(len(darray.dims))) for dim_idx, dimension in enumerate(darray.dims): dim_name = 'Dim' + str(dim_idx) array_node.setAttribute(dim_name, str(dimension)) array_node.setAttribute("Encoding", "ASCII") array_node.setAttribute('endian', 'LittleEndian') array_node.setAttribute('ExternalFileName', '') array_node.setAttribute('ExternalFileOffset', '') array_data_node = doc.createElement('Data') folder = os.path.split(filename)[0] store_list_data(darray.data, "tmp", folder) tmp_file = open(os.path.join(folder, "tmp"), "r") data_string = tmp_file.read() array_data = doc.createTextNode(data_string) tmp_file.close() os.remove(os.path.join(folder, "tmp")) print "Created node" array_data_node.appendChild(array_data) array_node.appendChild(array_data_node) root_node.appendChild(array_node) doc.appendChild(root_node) file_obj = open(filename, 'wb') doc.writexml(file_obj, addindent=" ", newl="\n") file_obj.close()
class XmlDataGenerator: def __init__(self, xmlTDT, nonXmlPrint=None, xmlStyleData=None): from xml.dom.minidom import Document self.xmlDoc = Document() self.xmlTDT = xmlTDT eleCount = 0 self.eleMap = {} for eleTDT in self.xmlTDT: self.eleMap[eleTDT['name']] = eleCount if eleTDT.__contains__('alias'): for eName in eleTDT['alias']: self.eleMap[eName] = eleCount eleTDT['ele'] = None if not eleTDT.__contains__('cls'): eleTDT['cls'] = eleTDT['findex'] + 1 if not eleTDT.__contains__('sname'): eleTDT['sname'] = eleTDT['name'] if not eleTDT.__contains__('must'): eleTDT['must'] = True eleCount += 1 for eleTDT in self.xmlTDT: eleTDT['clslist'] = [ index for index in range(0, eleCount) if self.xmlTDT[index]['cls'] > eleTDT['cls'] ] self.topEle = self.__createElement(self.xmlDoc, self.xmlTDT[0]) if xmlStyleData != None: self.xmlDoc.insertBefore( self.xmlDoc.createProcessingInstruction( "xml-stylesheet", xmlStyleData), self.topEle) def __getFele(self, eleIndex): feleIndex = self.xmlTDT[eleIndex]['findex'] feleTDT = self.xmlTDT[feleIndex] if feleIndex > 0: fele = feleTDT['ele'] if fele == None: ffele = self.__getFele(feleIndex) if feleTDT['must']: fele = self.__createElement(ffele, feleTDT) else: fele = ffele return fele else: return self.topEle def __createElement(self, fele, eleTDT, content=None, eleName=None, **eleAttrs): ele = self.xmlDoc.createElement( eleName if eleName != None else eleTDT['sname']) eleTDT['ele'] = ele fele.appendChild(ele) for eleAttr in eleAttrs.keys(): ele.setAttribute(eleAttr, eleAttrs[eleAttr]) if content != None: ele.appendChild(self.xmlDoc.createCDATASection(content)) for index in eleTDT['clslist']: self.xmlTDT[index]['ele'] = None return ele def addElement(self, eleName, content=None, **eleAttrs): eleIndex = self.eleMap[eleName] fele = self.__getFele(eleIndex) self.__createElement(fele, self.xmlTDT[eleIndex], content, eleName, **eleAttrs) def __str__(self, indent="\t", newl="\n", encoding=None): return self.xmlDoc.toprettyxml(indent, newl, encoding)
class TestXMLBuilder(object): """This class encapsulates most rules needed to create a XML tests report behind a simple interface. """ def __init__(self): """Creates a new instance. """ self._xml_doc = Document() self._current_context = None def current_context(self): """Returns the current context. """ return self._current_context def begin_context(self, tag, name): """Begins a new context in the XML tests report, which usually is defined by one on the tags 'testsuites', 'testsuite', or 'testcase'. """ context = TestXMLContext(self._xml_doc, self._current_context) context.begin(tag, name) self._current_context = context def context_tag(self): """Returns the tag represented by the current context. """ return self._current_context.element_tag() def _create_cdata_section(self, content): """Returns a new CDATA section containing the string defined in `content`. """ filtered_content = replace_nontext(content) return self._xml_doc.createCDATASection(filtered_content) def append_cdata_section(self, tag, content): """Appends a tag in the format <tag>CDATA</tag> into the tag represented by the current context. Returns the created tag. """ element = self._xml_doc.createElement(tag) pos = content.find(']]>') while pos >= 0: tmp = content[0:pos + 2] element.appendChild(self._create_cdata_section(tmp)) content = content[pos + 2:] pos = content.find(']]>') element.appendChild(self._create_cdata_section(content)) self._append_child(element) return element def append(self, tag, content, **kwargs): """Apends a tag in the format <tag attr='val' attr2='val2'>CDATA</tag> into the tag represented by the current context. Returns the created tag. """ element = self._xml_doc.createElement(tag) for key, value in kwargs.items(): filtered_value = replace_nontext(six.text_type(value)) element.setAttribute(key, filtered_value) if content: element.appendChild(self._create_cdata_section(content)) self._append_child(element) return element def _append_child(self, element): """Appends a tag object represented by `element` into the tag represented by the current context. """ if self._current_context: self._current_context.element.appendChild(element) else: self._xml_doc.appendChild(element) def increment_counter(self, counter_name): """Increments a counter in the current context and their parents. """ context = self._current_context while context: context.increment_counter(counter_name) context = context.parent def end_context(self): """Ends the current context and sets the current context as being the previous one (if it exists). Also, when a context ends, its tag is appended in the proper place inside the document. """ if not self._current_context: return False element = self._current_context.end() self._current_context = self._current_context.parent self._append_child(element) return True def finish(self): """Ends all open contexts and returns a pretty printed version of the generated XML document. """ while self.end_context(): pass return self._xml_doc.toprettyxml(indent='\t', encoding=UTF8)
row['post_subject'] = row['post_subject'].replace("&","&").replace(""",'"').replace("<","<").replace(">",">") # set attributes export_fields = ["post_username", "post_subject", "username", "post_id"] for attr in export_fields: postnode.setAttribute(attr, str(row[attr]).decode(IN_ENCODING)) tstruct = time.gmtime( row["post_time"]) postnode.setAttribute('post_time', time.strftime("%m/%d/%Y, %H:%M:%S CET", tstruct)) # add posting text posting_text = cleanTextFromControlChars(row['post_text'].decode(IN_ENCODING)) txt = dom.createElement('text') if row['enable_bbcode']: posting_text = transformPostingText(posting_text) txt.appendChild(dom.createCDATASection(posting_text)) postnode.appendChild(txt) # add tags for t in tags: tagnode = dom.createElement('tag') tagnode.setAttribute('name', t) postnode.appendChild(tagnode) # add posting to thread threadnode.appendChild(postnode) # add topic/thread to export dom.childNodes[0].appendChild(threadnode) postcursor.close ()
for car in entry: alist.append(car['brand']) #Make all the brands to a list print len(set(alist)) #Set() removes duplicates #Cumulative number of doors for all cars doors = 0 for car in entry: doors = doors + car['nb_doors'] print doors #Print car description of the 4th car of the list print entry[3]['name'] + " " + entry[3]['brand'] + " " + "(" + str(entry[3]['nb_doors']) + ")" #Create a DOM document with all cars and print it doc = Document() cars = doc.createElement('cars') doc.appendChild(cars) for element in entry: car = doc.createElement('car') car.setAttribute('nb_doors', str((element['nb_doors']))) cars.appendChild(car) name = doc.createElement('name') name_content = doc.createCDATASection(element['name']) name.appendChild(name_content) car.appendChild(name) brand = doc.createElement('brand') brand_content = doc.createTextNode(element['brand']) brand.appendChild(brand_content) car.appendChild(brand) print doc.toxml(encoding='utf-8')
class TestLinkXmlGen(): def __init__(self, setting, testcase, output_path, suite_name, merged): self.setting_config = setting self.testcase_config = testcase self.output_path = output_path self.suite_name = suite_name self.merged = merged self.doc = Document() self.get_setting_setup_teardown_comment() def get_setting_setup_teardown_comment(self): self.test_setup_comment = "" test_setup = self.setting_config.get("test_setup", [[""]])[0] for text in test_setup: if text.startswith("#"): self.test_setup_comment = text[1:].replace("\\n", "").replace("\n", "<br>") self.test_teardown_comment = "" test_teardown = self.setting_config.get("test_teardown", [[""]])[0] for text in test_teardown: if text.startswith("#"): self.test_teardown_comment = text[1:].replace("\\n", "").replace("\n", "<br>") def run(self): if self.merged: root_element = self.suite_root_gen() else: root_element = self.doc.createElement('testcases') #self.doc.appendChild(root_element) for case in self.testcase_config.keys(): if self.merged: root_element_tmp = root_element else: root_element_tmp = copy.deepcopy(root_element) case_element = self.testcase_element_gen(case, self.testcase_config.get(case)) root_element_tmp.appendChild(case_element) if not self.merged: self.save(root_element_tmp, case) if self.merged: self.save(root_element_tmp, self.suite_name) def suite_root_gen(self): test_suite = self.doc.createElement("testsuite") test_suite.setAttribute('name', self.suite_name) detail = self.doc.createElement("detail") detail_string = self.setting_config.get("documentation", [[""]])[0][0].replace("\\n", "").replace("\n", "<br>") if detail_string != "": detail_string = "<p>%s</p>" % detail_string detail_text = self.doc.createCDATASection(detail_string) detail.appendChild(detail_text) test_suite.appendChild(detail) return test_suite def testcase_element_gen(self, case_name, case_config): case_element = self.doc.createElement("testcase") case_element.setAttribute('name', case_name) summary = self.doc.createElement("summary") summary_string = case_config.get("documentation", [""])[0].replace("\\n", "").replace("\n", "<br>") if summary_string != "": summary_string = "<p>%s</p>" % summary_string summary_text = self.doc.createCDATASection(summary_string) summary.appendChild(summary_text) case_element.appendChild(summary) preconditions = self.doc.createElement("preconditions") case_setup = "" for item in case_config.get("setup", [""]): if item.startswith("#"): case_setup = "<p>%s</p>" % item[1:].replace("\\n", "").replace("\n", "<br>") if case_setup == "" and self.test_setup_comment != "": case_setup = "<p>%s</p>" % copy.deepcopy(self.test_setup_comment) preconditions_text = self.doc.createCDATASection(case_setup) preconditions.appendChild(preconditions_text) case_element.appendChild(preconditions) execution_type = self.doc.createElement("execution_type") execution_type_text = self.doc.createCDATASection("2") execution_type.appendChild(execution_type_text) case_element.appendChild(execution_type) importance = self.doc.createElement("importance") importance_text = self.doc.createCDATASection("2") importance.appendChild(importance_text) case_element.appendChild(importance) steps_element = self.doc.createElement("steps") step_list = case_config.get("step", []) case_teardown = "" for item in case_config.get("teardown", [""]): if item.startswith("#"): case_teardown = "teardown:<br>%s" % item[1:].replace("\\n", "").replace("\n", "<br>") step_list.append({"action":"%s" % case_teardown}) if case_teardown == "" and self.test_teardown_comment != "": case_teardown = "teardown:<br>%s" % copy.deepcopy(self.test_teardown_comment) step_list.append({"action":"%s" % case_teardown}) step_num = 0 for step in step_list: step_num += 1 step_element = self.doc.createElement("step") step_number = self.doc.createElement("step_number") step_number_text = self.doc.createCDATASection("%s" % step_num) step_number.appendChild(step_number_text) step_element.appendChild(step_number) actions = self.doc.createElement("actions") action_string = step.get("action", "") if action_string != "": action_string = "<p>%s</p>" % action_string.replace("\\n", "").replace("\n", "<br>") actions_text = self.doc.createCDATASection(action_string) actions.appendChild(actions_text) step_element.appendChild(actions) expectedresults = self.doc.createElement("expectedresults") expectedresult_string = step.get("expect", "") if expectedresult_string != "": expectedresult_string = "<p>%s</p>" % expectedresult_string.replace("\\n", "").replace("\n", "<br>") expectedresults_text = self.doc.createCDATASection(expectedresult_string) expectedresults.appendChild(expectedresults_text) step_element.appendChild(expectedresults) execution_type = self.doc.createElement("execution_type") execution_type_text = self.doc.createCDATASection("2") execution_type.appendChild(execution_type_text) step_element.appendChild(execution_type) steps_element.appendChild(step_element) case_element.appendChild(steps_element) return case_element def save(self, root_element, file_name): fp = open("%s/%s.xml" % (self.output_path, file_name), "w") doc = copy.deepcopy(self.doc) doc.appendChild(root_element) fp.write(doc.toprettyxml(indent = '')) fp.close
class VulneraNetXMLReportGenerator(ReportGenerator): """ This class generates a report with the method printToFile(fileName) which contains the information of all the vulnerabilities notified to this object through the method logVulnerability(category,level,url,parameter,info). The format of the file is XML and it has the following structure: <report type="security"> <generatedBy id="Wapiti 2.3.0"/> <bugTypeList> <bugType name="SQL Injection"> <bugList/> <report> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityList> <vulnerability level="3"> <url>http://www.a.com</url> <parameters>id=23</parameters> <info>SQL Injection</info> </vulnerability> </vulnerabilityList> </vulnerablityType> </vulnerabilityTypeList> </report> """ __xmlDoc = None __vulnerabilityTypeList = None __ts = None def __init__(self): self.__ts = datetime.datetime.now() self.__xmlDoc = Document() def setReportInfo(self, target, scope=None, date_string="", version=""): report = self.__xmlDoc.createElement("Report") report.setAttribute("generatedBy", version) report.setAttribute("generationDate", self.__ts.isoformat()) self.__vulnerabilityTypeList = self.__xmlDoc.createElement("VulnerabilityTypeList") report.appendChild(self.__vulnerabilityTypeList) self.__xmlDoc.appendChild(report) def __addToVulnerabilityTypeList(self, vulnerabilityType): self.__vulnerabilityTypeList.appendChild(vulnerabilityType) def addVulnerabilityType(self, name, description="", solution="", references={}): """ This method adds a vulnerability type, it can be invoked to include in the report the type. The types are not stored previously, they are added when the method logVulnerability(category,level,url,parameter,info) is invoked and if there is no vulnerabilty of a type, this type will not be presented in the report """ vulnerabilityType = self.__xmlDoc.createElement("VulnerabilityType") vulnerabilityType.appendChild(self.__xmlDoc.createElement("VulnerabilityList")) vulTitleNode = self.__xmlDoc.createElement("Title") vulTitleNode.appendChild(self.__xmlDoc.createTextNode(name)) vulnerabilityType.appendChild(vulTitleNode) self.__addToVulnerabilityTypeList(vulnerabilityType) if description != "": descriptionNode = self.__xmlDoc.createElement("Description") descriptionNode.appendChild(self.__xmlDoc.createCDATASection(description)) vulnerabilityType.appendChild(descriptionNode) if solution != "": solutionNode = self.__xmlDoc.createElement("Solution") solutionNode.appendChild(self.__xmlDoc.createCDATASection(solution)) vulnerabilityType.appendChild(solutionNode) if references != "": referencesNode = self.__xmlDoc.createElement("References") for ref in references: referenceNode = self.__xmlDoc.createElement("Reference") nameNode = self.__xmlDoc.createElement("name") urlNode = self.__xmlDoc.createElement("url") nameNode.appendChild(self.__xmlDoc.createTextNode(ref)) urlNode.appendChild(self.__xmlDoc.createTextNode(references[ref])) referenceNode.appendChild(nameNode) referenceNode.appendChild(urlNode) referencesNode.appendChild(referenceNode) vulnerabilityType.appendChild(referencesNode) return vulnerabilityType def __addToVulnerabilityList(self, category, vulnerability): vulnerabilityType = None for node in self.__vulnerabilityTypeList.childNodes: titleNode = node.getElementsByTagName("Title") if (titleNode.length >= 1 and titleNode[0].childNodes.length == 1 and titleNode[0].childNodes[0].wholeText == category): vulnerabilityType = node break if vulnerabilityType is None: vulnerabilityType = self.addVulnerabilityType(category) vulnerabilityType.childNodes[0].appendChild(vulnerability) def logVulnerability(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ peer = None ts = "" vulnerability = self.__xmlDoc.createElement("Vulnerability") stLevel = None if level == 1: stLevel = "Low" elif level == 2: stLevel = "Moderate" else: stLevel = "Important" levelNode = self.__xmlDoc.createElement("Severity") levelNode.appendChild(self.__xmlDoc.createTextNode(stLevel)) vulnerability.appendChild(levelNode) tsNode = self.__xmlDoc.createElement("DetectionDate") #tsNode.appendChild(self.__xmlDoc.createTextNode(ts.isoformat())) vulnerability.appendChild(tsNode) ## urlDetailNode = self.__xmlDoc.createElement("URLDetail") vulnerability.appendChild(urlDetailNode) urlNode = self.__xmlDoc.createElement("URL") urlNode.appendChild(self.__xmlDoc.createTextNode(request.url)) urlDetailNode.appendChild(urlNode) if peer is not None: peerNode = self.__xmlDoc.createElement("Peer") if isPeerAddrPort(peer): addrNode = self.__xmlDoc.createElement("Addr") addrNode.appendChild(self.__xmlDoc.createTextNode(peer[0])) peerNode.appendChild(addrNode) portNode = self.__xmlDoc.createElement("Port") portNode.appendChild(self.__xmlDoc.createTextNode(str(peer[1]))) peerNode.appendChild(portNode) else: addrNode = self.__xmlDoc.createElement("Addr") addrNode.appendChild(self.__xmlDoc.createTextNode(str(peer))) peerNode.appendChild(addrNode) urlDetailNode.appendChild(peerNode) parameterNode = self.__xmlDoc.createElement("Parameter") parameterNode.appendChild(self.__xmlDoc.createTextNode(parameter)) urlDetailNode.appendChild(parameterNode) ## infoNode = self.__xmlDoc.createElement("Info") info = info.replace("\n", "<br />") infoNode.appendChild(self.__xmlDoc.createTextNode(info)) urlDetailNode.appendChild(infoNode) self.__addToVulnerabilityList(category, vulnerability) def generateReport(self, fileName): """ Create a xml file with a report of the vulnerabilities which have been logged with the method logVulnerability(category,level,url,parameter,info) """ f = open(fileName, "w") try: f.write(self.__xmlDoc.toxml(encoding="UTF-8")) finally: f.close()
def rect2xml(rectFile, xmlFile=None): if xmlFile == None: xmlFile = rectFile[:-5] + ".xml" rects = [] pts = [] try: f = open(rectFile, 'r') fileContent = f.readlines() except IOError: print "File: %s not found.\n" % rectFile else: rects = [] for line in fileContent: if line != "": x,y,w,h = line.split() rects.append((float(x),float(y),float(w),float(h))) f.close() try: xmldoc = minidom.parse(xmlFile) objects = xmldoc.getElementsByTagName("objects") except IOError: pass else: pts = [] for object in objects: lines = object.childNodes[1].data.splitlines() if object.attributes["type"].value == "points": for line in lines: x,y = line.split(' ') pts.append((float(x),float(y))) del xmldoc os.remove(xmlFile) doc = Document() annotation = doc.createElement("annotation") doc.appendChild(annotation) objects = doc.createElement("objects") objects.setAttribute("type", "points") objects.setAttribute("count", "%.0f" % len(pts)) annotation.appendChild(objects) text = "" for (x,y) in pts: text += "%.0f %.0f\n" % (x,y) if text == "": text = "\n" cDataSection = doc.createCDATASection(text) objects.appendChild(cDataSection) objects = doc.createElement("objects") objects.setAttribute("type", "rectangles") objects.setAttribute("count", "%.0f" % len(rects)) annotation.appendChild(objects) text = "" for (x,y,w,h) in rects: text += "%.0f %.0f %.0f %.0f\n" % (x,y,w,h) if text == "": text = "\n" cDataSection = doc.createCDATASection(text) objects.appendChild(cDataSection) xml = open(xmlFile, 'w') xml.write(doc.toprettyxml(indent=" ", encoding="UTF-8")) xml.close()
fd_contents = json.loads(fd_contents) fd_contents = byteify(fd_contents) cars = [] doc = Document() cars_parent = doc.createElement('cars') doc.appendChild(cars_parent) for i in fd_contents: c = Car(i) cars.append(c) car_node = c.to_xml_node(doc) year = doc.createElement('year') year_content = doc.createTextNode('2015') year.appendChild(year_content) car_node.appendChild(year) car_node.setAttribute('weight', "1000") new_brand = doc.createElement('brand') brand_content = doc.createCDATASection(u"\u00a9" + str(c.get_brand())) new_brand.appendChild(brand_content) old_brand = car_node.getElementsByTagName('brand') car_node.replaceChild(new_brand, old_brand[0]) cars_parent.appendChild(car_node) print doc.toxml(encoding='utf-8')
def create_xml(spam_by_country, xml_file): """Create the ammap xml file with the spam_by_country data.""" with open(xml_file, 'w') as ammap: doc = Document() os.environ['TZ'] = 'Europe/Madrid' fecha = time.strftime('%H:%M %d %B %Y') mapp = doc.createElement("map") mapp.setAttribute("map_file", "maps/world.swf") mapp.setAttribute("url", "#movie1") mapp.setAttribute("zoom", "100%") mapp.setAttribute("zoom_x", "0%") mapp.setAttribute("zoom_y", "0%") doc.appendChild(mapp) areas = doc.createElement("areas") mapp.appendChild(areas) for spammer in sorted(spam_by_country): area = doc.createElement("area") area.setAttribute("title", spammer) area.setAttribute("mc_name", spam_by_country[spammer][1]) area.setAttribute("value", str(spam_by_country[spammer][0])) areas.appendChild(area) movies = doc.createElement("movies") mapp.appendChild(movies) movie = doc.createElement("movie") movie.setAttribute("file", "da.swf") movie.setAttribute("x", "5") movie.setAttribute("y", "364") movie.setAttribute("width", "150") movie.setAttribute("height", "32") movies.appendChild(movie) labels = doc.createElement("labels") mapp.appendChild(labels) label = doc.createElement("label") label.setAttribute("x", "0") label.setAttribute("y", "14") label.setAttribute("text_size", "18") label.setAttribute("width", "100%") label.setAttribute("align", "center") label.setAttribute("color", "#005000") text = doc.createElement("text") cdata = doc.createCDATASection("<b>Ataques de spam por pais</b>") text.appendChild(cdata) label.appendChild(text) labels.appendChild(label) label = doc.createElement("label") label.setAttribute("x", "0") label.setAttribute("y", "388") label.setAttribute("text_size", "8") label.setAttribute("width", "100%") label.setAttribute("align", "right") text = doc.createElement("text") cdata = doc.createCDATASection("Actualizado a {0}".format(fecha)) text.appendChild(cdata) label.appendChild(text) labels.appendChild(label) ammap.write(doc.toprettyxml(indent=" ", encoding="UTF-8"))
def writeInfoToXml(input_fn, output_fn, suite_name, only_import_case=False): doc = Document() # add suite information to xml if not only_import_case: root = doc.createElement('testsuite') root.setAttribute('name', suite_name) doc.appendChild(root) details = doc.createElement('details') details_text = doc.createCDATASection('test') details.appendChild(details_text) root.appendChild(details) else: testcases = doc.createElement('testcases') doc.appendChild(testcases) # add test cases information to xml with open(input_fn) as rfile: reader = csv.reader(rfile) for line in reader: (c_category, c_component, c_func, c_child_func, case_name, preconditions, importance, man_steps, exp_result, esti_time) = \ (line[0], line[1], line[2], line[3], line[4], line[5], line[6], line[7], line[8], line[9]) testcase = doc.createElement('testcase') unicode_str = unicode(case_name.decode('gbk').encode('utf-8')) testcase.setAttribute('name', unicode_str) # summary summary = doc.createElement('summary') # background operation's case has no summary unicode_str = '' summary_text = doc.createCDATASection(unicode_str) summary.appendChild(summary_text) testcase.appendChild(summary) # preconditions precond = doc.createElement('preconditions') unicode_str = format_preconditions( unicode(preconditions.decode('gbk').encode('utf-8'))) precond_text = doc.createCDATASection(unicode_str) precond.appendChild(precond_text) testcase.appendChild(precond) # execution_type etype = doc.createElement('execution_type') # 1 是手动, 2 是自动 etype_text = doc.createCDATASection(str(1)) etype.appendChild(etype_text) testcase.appendChild(etype) # importance case_importance = doc.createElement('importance') case_importance_text = doc.createCDATASection(str(importance)) case_importance.appendChild(case_importance_text) testcase.appendChild(case_importance) # estimated time case_estim = doc.createElement('estimated_exec_duration') case_estim_value = doc.createTextNode(str(line[9])) case_estim.appendChild(case_estim_value) testcase.appendChild(case_estim) # steps # steps = doc.createElement('steps') # testcase.appendChild(steps) # step steps = format_test_steps(doc, man_steps, str(1), exp_result) testcase.appendChild(steps) #custom_fields cfields = doc.createElement('custom_fields') # custom_field name dict = { u'测试分类': c_category, u'功能组件': c_component, u'功能细分': c_func, u'子功能': c_child_func } for (k, v) in dict.iteritems(): cfield = doc.createElement('custom_field') c_name = doc.createElement('name') c_name_text = doc.createCDATASection(k) c_name.appendChild(c_name_text) cfield.appendChild(c_name) # custom_field value c_value = doc.createElement('value') unicode_str = unicode(v.decode('gbk').encode('utf-8')) c_value_text = doc.createCDATASection(unicode_str) c_value.appendChild(c_value_text) cfield.appendChild(c_value) cfields.appendChild(cfield) testcase.appendChild(cfields) if not only_import_case: root.appendChild(testcase) else: testcases.appendChild(testcase) with open(output_fn, 'w+') as wfile: wfile.write(doc.toprettyxml(indent='\t', encoding='utf-8'))
def createXML(metaDict): doc = Document() XMLNS_NS = u'stgermainmeta.xsd' XSI_NS = u'stgermainmeta.xsd' eMeta = doc.createElement(u'meta') eMeta.setAttribute(u'xmlns', 'urn:stgermainmeta-schema') eMeta.setAttributeNS(XMLNS_NS, u'xmlns:dc', u'http://purl.org/dc/elements/1.1/') eMeta.setAttributeNS(XMLNS_NS, u'xmlns:xsi', u'http://www.w3.org/2001/XMLSchema-instance') eMeta.setAttributeNS(XMLNS_NS, u'xmlns:xsd', u'http://www.w3.org/2001/XMLSchema') eMeta.setAttributeNS( XSI_NS, u'xsi:schemaLocation', u'http://purl.org/dc/elements/1.1/ dc.xsd http://www.w3.org/2001/XMLSchema XMLSchema.xsd urn:stgermainmeta-schema stgermainmeta.xsd' ) doc.appendChild(eMeta) eInfo = doc.createElement(u'info') eTitle = doc.createElement(u'dc:title') eCreator = doc.createElement(u'dc:creator') ePublisher = doc.createElement(u'dc:publisher') eRights = doc.createElement(u'dc:rights') eSource = doc.createElement(u'dc:source') eSubject = doc.createElement(u'dc:subject') eDescription = doc.createElement(u'dc:description') eInfo.appendChild(eTitle) eInfo.appendChild(eCreator) eInfo.appendChild(ePublisher) eInfo.appendChild(eRights) eInfo.appendChild(eSource) eInfo.appendChild(eSubject) eInfo.appendChild(eDescription) eMeta.appendChild(eInfo) eCode = doc.createElement(u'code') eExAnn = doc.createElement(u'xsd:annotation') eExDoc = doc.createElement(u'xsd:documentation') eExApp = doc.createElement(u'xsd:appinfo') eInherits = doc.createElement(u'inherits') eCode.appendChild(eExAnn) eExAnn.appendChild(eExDoc) eExAnn.appendChild(eExApp) eCode.appendChild(eInherits) eMeta.appendChild(eCode) eImplements = doc.createElement(u'implements') eReference = doc.createElement(u'reference') eEquation = doc.createElement(u'equation') eImplements.appendChild(eReference) eImplements.appendChild(eEquation) eMeta.appendChild(eImplements) eParameters = doc.createElement(u'parameters') eMeta.appendChild(eParameters) eAssociations = doc.createElement(u'associations') eMeta.appendChild(eAssociations) # Content... # Info (all required i.e. let is except if dictionary entry not there) ... eTitleTxt = doc.createTextNode(metaDict["info"]["title"]) eTitle.appendChild(eTitleTxt) eCreatorTxt = doc.createTextNode(metaDict["info"]["creator"]) eCreator.appendChild(eCreatorTxt) ePublisherTxt = doc.createTextNode(metaDict["info"]["publisher"]) ePublisher.appendChild(ePublisherTxt) eRightsTxt = doc.createTextNode(metaDict["info"]["rights"]) eRights.appendChild(eRightsTxt) eSourceTxt = doc.createTextNode(metaDict["info"]["source"]) eSource.appendChild(eSourceTxt) eSubjectTxt = doc.createTextNode(metaDict["info"]["subject"]) eSubject.appendChild(eSubjectTxt) eDescriptionTxt = doc.createCDATASection(metaDict["info"]["description"]) eDescription.appendChild(eDescriptionTxt) # Code (Not all required i.e. catch except if dictionary entry not there) ... try: eExDocTxt = doc.createCDATASection( metaDict["code"]["example-documentation"]) eExDoc.appendChild(eExDocTxt) except KeyError: pass try: eExAppTxt = doc.createCDATASection(metaDict["code"]["example-code"]) eExApp.appendChild(eExAppTxt) except KeyError: pass try: eInheritsTxt = doc.createTextNode(metaDict["code"]["inherits"]) eInherits.appendChild(eInheritsTxt) except KeyError: pass # Implements (Not all required i.e. catch except if dictionary entry not there) ... try: eReferenceTxt = doc.createTextNode(metaDict["implements"]["reference"]) eReference.appendChild(eReferenceTxt) except KeyError: pass try: eEquationTxt = doc.createCDATASection( metaDict["implements"]["equation"]) eEquation.appendChild(eEquationTxt) except KeyError: pass # Parameters (as this is an XML XSD type, the rules on requirment are determined by it) ... for param in metaDict["parameters"]: eParam = doc.createElement(u'xsd:element') eParam.setAttribute(u'name', param["name"]) eParam.setAttribute(u'type', param["type"]) try: eParam.setAttribute(u'default', param["default"]) except KeyError: pass try: eParamAnn = doc.createElement(u'xsd:annotation') eParamDoc = doc.createElement(u'xsd:documentation') eParamDocTxt = doc.createCDATASection(param["documentation"]) eParamDoc.appendChild(eParamDocTxt) eParamAnn.appendChild(eParamDoc) eParam.appendChild(eParamAnn) except KeyError: pass eParameters.appendChild(eParam) # Associations (as this is an XML XSD type, the rules on requirment are determined by it)... for assoc in metaDict["associations"]: eAssoc = doc.createElement(u'xsd:element') eAssoc.setAttribute(u'name', assoc["name"]) eAssoc.setAttribute(u'type', assoc["type"]) try: eAssoc.setAttribute(u'nillable', assoc["nillable"]) except KeyError: pass try: eAssocAnn = doc.createElement(u'xsd:annotation') eAssocDoc = doc.createElement(u'xsd:documentation') eAssocDocTxt = doc.createCDATASection(assoc["documentation"]) eAssocDoc.appendChild(eAssocDocTxt) eAssocAnn.appendChild(eAssocDoc) eAssoc.appendChild(eAssocAnn) except KeyError: pass eAssociations.appendChild(eAssoc) return doc
class XMLReportGenerator(ReportGenerator): """ This class generates a report with the method printToFile(fileName) which contains the information of all the vulnerabilities notified to this object through the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info). The format of the file is XML and it has the following structure: <report type="security"> <generatedBy id="WSP 1.0"/> <bugTypeList> <bugType name="SQL Injection"> <bugList/> <report> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityList> <vulnerability level="3"> <url>http://www.a.com</url> <parameters>id=23</parameters> <info>SQL Injection</info> </vulnerability> </vulnerabilityList> </vulnerablityType> </vulnerabilityTypeList> </report> """ __xmlDoc = None __vulnerabilityTypeList = None def __init__(self): self.__xmlDoc = Document() report = self.__addReport() generated = self.__xmlDoc.createElement("generatedBy") generated.setAttribute("id", WSP_VERSION); report.appendChild(generated) self.__vulnerabilityTypeList = self.__xmlDoc.createElement("bugTypeList") report.appendChild(self.__vulnerabilityTypeList) def __addReport(self): report = self.__xmlDoc.createElement("report") report.setAttribute("type", "security") self.__xmlDoc.appendChild(report) return report def __addToVulnerabilityTypeList(self, vulnerabilityType): self.__vulnerabilityTypeList.appendChild(vulnerabilityType) def addVulnerabilityType(self, name, description="", solution="", references={}): """ This method adds a vulnerability type, it can be invoked to include in the report the type. The types are not stored previously, they are added when the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info) is invoked and if there is no vulnerabilty of a type, this type will not be presented in the report """ vulnerabilityType = self.__xmlDoc.createElement("bugType") vulnerabilityType.setAttribute("name", name) vulnerabilityType.appendChild(self.__xmlDoc.createElement("bugList")) self.__addToVulnerabilityTypeList(vulnerabilityType) if description != "": descriptionNode = self.__xmlDoc.createElement("description") descriptionNode.appendChild(self.__xmlDoc.createCDATASection(description)) vulnerabilityType.appendChild(descriptionNode) if solution != "": solutionNode = self.__xmlDoc.createElement("solution") solutionNode.appendChild(self.__xmlDoc.createCDATASection(solution)) vulnerabilityType.appendChild(solutionNode) if references != "": referencesNode = self.__xmlDoc.createElement("references") for ref in references: referenceNode = self.__xmlDoc.createElement("reference") titleNode = self.__xmlDoc.createElement("title") urlNode = self.__xmlDoc.createElement("url") titleNode.appendChild(self.__xmlDoc.createTextNode(ref)) urlNode.appendChild(self.__xmlDoc.createTextNode(references[ref])) referenceNode.appendChild(titleNode) referenceNode.appendChild(urlNode) referencesNode.appendChild(referenceNode) vulnerabilityType.appendChild(referencesNode) return vulnerabilityType def __addToVulnerabilityList(self, vulnerabilityTypeName, vulnerability): vulnerabilityType = None for node in self.__vulnerabilityTypeList.childNodes: if node.nodeType == node.ELEMENT_NODE and node.getAttribute("name") == vulnerabilityTypeName: vulnerabilityType = node break if vulnerabilityType == None: vulnerabilityType = self.addVulnerabilityType(vulnerabilityTypeName) vulnerabilityType.childNodes[0].appendChild(vulnerability) def logVulnerability(self, vulnerabilityTypeName, level, url, parameter, info): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ vulnerability = self.__xmlDoc.createElement("bug") vulnerability.setAttribute("level", level) urlNode = self.__xmlDoc.createElement("url") urlNode.appendChild(self.__xmlDoc.createTextNode(url)) vulnerability.appendChild(urlNode) parameterNode = self.__xmlDoc.createElement("parameter") parameterNode.appendChild(self.__xmlDoc.createTextNode(parameter)) vulnerability.appendChild(parameterNode) infoNode = self.__xmlDoc.createElement("info") info = info.replace("\n", "<br />") infoNode.appendChild(self.__xmlDoc.createTextNode(info)) vulnerability.appendChild(infoNode) self.__addToVulnerabilityList(vulnerabilityTypeName, vulnerability) def generateReport(self, fileName): """ Create a xml file with a report of the vulnerabilities which have been logged with the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info) """ f = open(fileName, "w") try: f.write(self.__xmlDoc.toprettyxml(indent=" ", encoding="UTF-8")) finally: f.close()
class XMLProcessor(object): def __init__(self): object.__init__(self) self.doc = "" self.base = "" self.fileHandle = "" # NAME : createDocument # PARAMS : None # RETURN : Nothing # DESC : creates a minidom Document # object and saves it into class # variable def createDocument(self): # Create the minidom document self.doc = Document() # EOF: createDocument # NAME : createBaseElement # PARAMS : str, list # RETURN : Nothing # DESC : creates the base element to # set the base for the XML document # being created def createBaseElement(self, name=None, ns=None): # Create the base element self.base = self.doc.createElement(name) if ns: for n in ns: self.base.setAttribute(n[0], n[1]) else: self.base.setAttribute("xmlns", "http://www.neurofuzz.com") self.base.setAttribute( "xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance") self.base.setAttribute("xsi:schemaLocation", "http://www.neurofuzz.com vectors.xsd") self.doc.appendChild(self.base) # EOF: createBaseElement # NAME : populateChildElements # PARAMS : Str, Array, Str, Bool # RETURN : None # DESC : creates child elements in the XML object # or file def populateChildElement(self, name=None, value=None, attributes=None, child=None): elem = self.doc.createElement(name) if type(attributes) == list: for n in attributes: elem.setAttribute(n[0], n[1]) else: for key in attributes.keys(): elem.setAttribute(key, attributes[key]) if child: self.doc.childNodes[0].childNodes[0].appendChild(elem) else: self.doc.childNodes[0].appendChild(elem) if value: vv = self.doc.createTextNode(str(value)) elem.appendChild(vv) # EOF: populateChildElement # NAME : populateChildElements # PARAMS : Str, Array, Str, Bool # RETURN : None # DESC : creates child elements in the XML object # or file def populateChildElements(self, name=None, arr=None, type=None, attackcategory=None, file=False): if typechecker.is_str(arr): elem = self.doc.createElement(name) if type: elem.setAttribute("type", type) if attackcategory: elem.setAttribute("attackcategory", attackcategory) self.doc.childNodes[0].appendChild(elem) vv = self.doc.createTextNode(arr) elem.appendChild(vv) elif typechecker.is_iter(arr): cdata = re.compile(r"CDATA", re.IGNORECASE) invalidxml = re.compile(r"]]>") # iterate over array for v in arr: for kv in v[0].iteritems(): #set the attack category data from the array attackcategory = v[1].strip() # Give the element some data # if value == C then check to see if we need # to pump the data thru a CDATA section if kv[1] == 'C': targetKey = kv[0].strip() # lets substitute the chars: ]]> because we use them # in our attack vectors but they cause massive problems # with XML since they are the closing CDATA tags targetKey = invalidxml.sub('0x5d0x5d0x3e', targetKey) # startswith certain chars that we want to push thru CDATA sections # as well as straight text nodes if targetKey.startswith('<') \ or targetKey.startswith('>') \ or targetKey.startswith('\\') \ or targetKey.startswith('<?xml') \ and cdata.search(targetKey) is None: elem = self.doc.createElement(name) if type: elem.setAttribute("type", type) if attackcategory: elem.setAttribute("attackcategory", attackcategory) self.doc.childNodes[0].appendChild(elem) vv = self.doc.createCDATASection(targetKey) elem.appendChild(vv) elif targetKey.startswith('<![') and cdata.search( targetKey): tok = unicode(targetKey) newtok = "" for char in tok: if char == "[" or char == "]" or char == "<" or char == ">": newtok = newtok + "&#" + str( ord(char)) + ";" else: newtok = newtok + char elem = self.doc.createElement(name) if type: elem.setAttribute("type", type) if attackcategory: elem.setAttribute("attackcategory", attackcategory) self.doc.childNodes[0].appendChild(elem) vv = self.doc.createTextNode(newtok) elem.appendChild(vv) # otherwise process only as straight text nodes else: elem = self.doc.createElement(name) if type: elem.setAttribute("type", type) if attackcategory: elem.setAttribute("attackcategory", attackcategory) self.doc.childNodes[0].appendChild(elem) vv = self.doc.createTextNode(targetKey) elem.appendChild(vv) # value is something other than 'C' so no CDATA section concerns else: elem = self.doc.createElement(name) if type: elem.setAttribute("type", type) if attackcategory: elem.setAttribute("attackcategory", attackcategory) self.doc.childNodes[0].appendChild(elem) vv = self.doc.createTextNode(targetKey) elem.appendChild(vv) if file: # write the file with the new XML data self.writeXMLToFile(doc=self.doc) # EOF: populateChildElements # NAME : setFileHandle # PARAMS : Str, Str # RETURN : None # DESC : sets data to establish the path # to the file that will eventually # hold the XML def setFileHandle(self, path, file): self.fileHandle = path + "/" + file # EOF: setFileHandle # NAME : getFileHandle # PARAMS : None # RETURN : Str # DESC : returns the exact path # to the file that holds the XML def getFileHandle(self): return self.fileHandle # EOF: getFileHandle # NAME : writeXMLToFile # PARAMS : XML Doc # RETURN : Nothing # DESC : writes XML data to a file def writeXMLToFile(self, doc=None): # write the xml out to file try: FILE = open(self.fileHandle, "w") if doc is not None: FILE.write(doc.toxml()) else: FILE.write(self.doc.toxml()) FILE.close() except IOError, detail: genUtils.handleFileMsg(self.fileHandle, msg=detail) return None
class XMLReportGen(ReportGen): def __init__(self): self.__infos = {} self.__xmlDoc = Document() self.__flawTypes = {} self.__vuls = {} self.__anomalies = {} def setReportInfo(self, target, scope=None, date_string="", version=""): self.__infos["target"] = target self.__infos["date"] = date_string self.__infos["version"] = version if scope: self.__infos["scope"] = scope #Vuls def addVulsType(self, name, description="", solution="", references={}): if name not in self.__flawTypes: self.__flawTypes[name] = {'desc': description, 'sol': solution, 'ref': references} if name not in self.__vuls: self.__vuls[name] = [] def logVuls(self, category=None, level=0, request=None, parameter="", info=""): vuls_dict = {"method": request.method, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "http_request": request.http_repr, "curl_command": request.curl_repr, } if category not in self.__vuls: self.__vuls[category] = [] self.__vuls[category].append(vuls_dict) def addNomallyType(self, name, description="", solution="", references={}): if name not in self.__flawTypes: self.__flawTypes[name] = {'desc': description, 'sol': solution, 'ref': references} if name not in self.__nomally: self.__nomally[name] = [] def logNomally(self, category=None, level=0, request=None, parameter="", info=""): nom_dict = {"method": request.method, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "http_request": request.http_repr, "curl_command": request.curl_repr, } if category not in self.__nomally: self.__nomally[category] = [] self.__nomally[category].append(nom_dict) def genReport(self, filename): report = self.__xmlDoc.createElement("report") report.setAttribute("type", "security") self.__xmlDoc.appendChild(report) report_infos = self.__xmlDoc.createElement("report_infos") genName = self.__xmlDoc.createElement("info") genName.setAttribute("name", "genName") genName.appendChild(self.__xmlDoc.createTextNode("wolves")) report_infos.appendChild(genName) genVersion = self.__xmlDoc.createElement("info") genVersion.setAttribute("name", "genVersion") genVersion.appendChild(self.__xmlDoc.createTextNode(self.__infos["version"])) report_infos.appendChild(genVersion) scope = self.__xmlDoc.createElement("info") scope.setAttribute("name", "scope") scope.appendChild(self.__xmlDoc.createTextNode(self.__infos["scope"])) report_infos.appendChild(scope) dateOfScan = self.__xmlDoc.createElement("info") dateOfScan.setAttribute("name", "dateOfScan") dateOfScan.appendChild(self.__xmlDoc.createTextNode(self.__infos["date"])) report_infos.appendChild(dateOfScan) report.appendChild(report_infos) vuls = self.__xmlDoc.createElement("vuls") nomally = self.__xmlDoc.createElement("nomally") for flawType in self.__flawTypes: container = None classification = "" flaw_dict = {} if flawType in self.__vuls: container = vuls classification = "vuls" flaw_dict = self.__vuls elif flawType in self.__nomally: container = nomally classification = "nomally" flaw_dict = self.__nomally flawTypeNode = self.__xmlDoc.createElement(classification) flawTypeNode.setAttribute("name", flawType) flawTypeDesc = self.__xmlDoc.createElement("description") flawTypeDesc.appendChild(self.__xmlDoc.createCDATASection(self.__flawTypes[flawType]['desc'])) flawTypeDesc.appendChild(flawTypeDesc) flawTypeSolution = self.__xmlDoc.createElement("solution") flawTypeSolution.appendChild(self.__xmlDoc.createCDATASection(self.__flawTypes[flawType]['sol'])) flawTypeNode.appendChild(flawTypeSolution) flawTypeReferences = self.__xmlDoc.createElement("references") for ref in self.__flawTypes[flawType]['ref']: referenceNode = self.__xmlDoc.createElement("reference") titleNode = self.__xmlDoc.createElement("title") urlNode = self.__xmlDoc.createElement("url") titleNode.appendChild(self.__xmlDoc.createTextNode(ref)) urlNode.appendChild(self.__xmlDoc.createTextNode(url)) referenceNode.appendChild(titleNode) referenceNode.appendChild(urlNode) flawTypeReferences.appendChild(referenceNode) flawTypeNode.appendChild(flawTypeReferences) entriesNode = self.__xmlDoc.createElement("entry") for flaw in flaw_dict[flawType]: entryNode = self.__xmlDoc.createElement("entry") methodNode = self.__xmlDoc.createElement("method") methodNode.appendChild(self.__xmlDoc.createTextNode(flaw["method"])) entryNode.appendChild(methodNode) pathNode = self.__xmlDoc.createElement("path") pathNode.appendChild(self.__xmlDoc.createTextNode(str(flaw["level"]))) entryNode.appendChild(pathNode) levelNode = self.__xmlDoc.createElement("path") levelNode.appendChild(self.__xmlDoc.createTextNode(str(flaw["level"]))) entryNode.appendChild(levelNode) parameterNode = self.__xmlDoc.createElement("parameter") parameterNode.appendChild(self.__xmlDoc.createTextNode(flaw["parameter"])) entryNode.appendChild(parameterNode) infoNode = self.__xmlDoc.createElement("info") infoNode.appendChild(self.__xmlDoc.createCDATASection(flaw["info"])) entryNode.appendChild(infoNode) httpRequestNode = self.__xmlDoc.createElement("http_request") httpRequestNode.appendChild(self.__xmlDoc.createCDATASection(flaw["http_request"])) entryNode.appendChild(httpRequestNode) curlCommandNode = self.__xmlDoc.createElement("curl_command") curlCommandNode.appendChild(self.__xmlDoc.createCDATASection(flaw["curl_command"])) entryNode.appendChild(curlCommandNode) entriesNode.appendChild(entryNode) flawTypeNode.appendChild(entriesNode) container.appendChild(flawTypeNode) report.appendChild(vuls) report.appendChild(nomally) f = open(filename, "w") try: f.write(self.__xmlDoc.toprettyxml(indent=" ", encoding="UTF-8")) finally: f.close()
"""Creates a list of Car classes""" for car in data: car = Car(car) cars.append(car) for car in cars: """Converts car to xml node""" c_xml = car.to_xml_node(doc) """Add year element to the car""" year = doc.createElement("year") year_content = doc.createTextNode("2015") year.appendChild(year_content) c_xml.appendChild(year) """Sets the weight attribute of the car""" c_xml.setAttribute("weight", "1000") """Converts the brand element to a CDATA section with the © symbol added""" brand = c_xml.getElementsByTagName("brand")[0] new_brand = "©" + brand.childNodes[0].nodeValue brand_content = doc.createCDATASection(new_brand) brand.removeChild(brand.childNodes[0]) brand.appendChild(brand_content) """Adds the car node to the XML doc""" xml_cars.appendChild(c_xml) """Prints the XML doc""" print doc.toxml(encoding="utf-8")
def asf2xml(asfFile, xmlFile=None): if xmlFile == None: xmlFile = asfFile[:-4] + ".xml" try: f = open(asfFile, 'r') fileContent = f.readlines() except IOError: print "File: %s not found.\n" % asfFile else: i = 0 while i < len(fileContent): if fileContent[i].startswith("#") or fileContent[i] == '\n': fileContent.pop(i) else: i += 1 count = int(fileContent.pop(0)) imageStr = fileContent.pop(-1).rstrip() try: if os.name == "nt": (sx,sy) = Image.open(asfFile[:asfFile.rfind('\\')+1] + imageStr).size elif os.name == "posix": (sx,sy) = Image.open(asfFile[:asfFile.rfind('/')+1] + imageStr).size except IOError: print "Corresponding image file of the given asf file not found.\n" else: index = 0 pts = [] while index < count: line = fileContent[index].split() pts.append((float(line[2])*sx,float(line[3])*sy)) index += 1 f.close() doc = Document() annotation = doc.createElement("annotation") doc.appendChild(annotation) objects = doc.createElement("objects") objects.setAttribute("type", "points") objects.setAttribute("count", "%.0f" % len(pts)) annotation.appendChild(objects) text = "" for (x,y) in pts: text += "%.0f %.0f\n" % (x,y) cDataSection = doc.createCDATASection(text) objects.appendChild(cDataSection) objects = doc.createElement("objects") objects.setAttribute("type", "rectangles") objects.setAttribute("count", "int") annotation.appendChild(objects) cDataSection = doc.createCDATASection("\n") objects.appendChild(cDataSection) xml = open(xmlFile, 'w') xml.write(doc.toprettyxml(indent=" ", encoding="UTF-8")) xml.close()
class VulneraNetXMLReportGenerator(ReportGenerator): """ This class generates a report with the method printToFile(fileName) which contains the information of all the vulnerabilities notified to this object through the method logVulnerability(category,level,url,parameter,info). The format of the file is XML and it has the following structure: <report type="security"> <generatedBy id="Wapiti 2.3.0"/> <bugTypeList> <bugType name="SQL Injection"> <bugList/> <report> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityList> <vulnerability level="3"> <url>http://www.a.com</url> <parameters>id=23</parameters> <info>SQL Injection</info> </vulnerability> </vulnerabilityList> </vulnerablityType> </vulnerabilityTypeList> </report> """ __xmlDoc = None __vulnerabilityTypeList = None __ts = None def __init__(self): self.__ts = datetime.datetime.now() self.__xmlDoc = Document() def setReportInfo(self, target, scope=None, date_string="", version=""): report = self.__xmlDoc.createElement("Report") report.setAttribute("generatedBy", version) report.setAttribute("generationDate", self.__ts.isoformat()) self.__vulnerabilityTypeList = self.__xmlDoc.createElement( "VulnerabilityTypeList") report.appendChild(self.__vulnerabilityTypeList) self.__xmlDoc.appendChild(report) def __addToVulnerabilityTypeList(self, vulnerabilityType): self.__vulnerabilityTypeList.appendChild(vulnerabilityType) def addVulnerabilityType(self, name, description="", solution="", references={}): """ This method adds a vulnerability type, it can be invoked to include in the report the type. The types are not stored previously, they are added when the method logVulnerability(category,level,url,parameter,info) is invoked and if there is no vulnerabilty of a type, this type will not be presented in the report """ vulnerabilityType = self.__xmlDoc.createElement("VulnerabilityType") vulnerabilityType.appendChild( self.__xmlDoc.createElement("VulnerabilityList")) vulTitleNode = self.__xmlDoc.createElement("Title") vulTitleNode.appendChild(self.__xmlDoc.createTextNode(name)) vulnerabilityType.appendChild(vulTitleNode) self.__addToVulnerabilityTypeList(vulnerabilityType) if description != "": descriptionNode = self.__xmlDoc.createElement("Description") descriptionNode.appendChild( self.__xmlDoc.createCDATASection(description)) vulnerabilityType.appendChild(descriptionNode) if solution != "": solutionNode = self.__xmlDoc.createElement("Solution") solutionNode.appendChild( self.__xmlDoc.createCDATASection(solution)) vulnerabilityType.appendChild(solutionNode) if references != "": referencesNode = self.__xmlDoc.createElement("References") for ref in references: referenceNode = self.__xmlDoc.createElement("Reference") nameNode = self.__xmlDoc.createElement("name") urlNode = self.__xmlDoc.createElement("url") nameNode.appendChild(self.__xmlDoc.createTextNode(ref)) urlNode.appendChild( self.__xmlDoc.createTextNode(references[ref])) referenceNode.appendChild(nameNode) referenceNode.appendChild(urlNode) referencesNode.appendChild(referenceNode) vulnerabilityType.appendChild(referencesNode) return vulnerabilityType def __addToVulnerabilityList(self, category, vulnerability): vulnerabilityType = None for node in self.__vulnerabilityTypeList.childNodes: titleNode = node.getElementsByTagName("Title") if (titleNode.length >= 1 and titleNode[0].childNodes.length == 1 and titleNode[0].childNodes[0].wholeText == category): vulnerabilityType = node break if vulnerabilityType is None: vulnerabilityType = self.addVulnerabilityType(category) vulnerabilityType.childNodes[0].appendChild(vulnerability) def logVulnerability(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ peer = None ts = "" vulnerability = self.__xmlDoc.createElement("Vulnerability") stLevel = None if level == 1: stLevel = "Low" elif level == 2: stLevel = "Moderate" else: stLevel = "Important" levelNode = self.__xmlDoc.createElement("Severity") levelNode.appendChild(self.__xmlDoc.createTextNode(stLevel)) vulnerability.appendChild(levelNode) tsNode = self.__xmlDoc.createElement("DetectionDate") #tsNode.appendChild(self.__xmlDoc.createTextNode(ts.isoformat())) vulnerability.appendChild(tsNode) ## urlDetailNode = self.__xmlDoc.createElement("URLDetail") vulnerability.appendChild(urlDetailNode) urlNode = self.__xmlDoc.createElement("URL") urlNode.appendChild(self.__xmlDoc.createTextNode(request.url)) urlDetailNode.appendChild(urlNode) if peer is not None: peerNode = self.__xmlDoc.createElement("Peer") if isPeerAddrPort(peer): addrNode = self.__xmlDoc.createElement("Addr") addrNode.appendChild(self.__xmlDoc.createTextNode(peer[0])) peerNode.appendChild(addrNode) portNode = self.__xmlDoc.createElement("Port") portNode.appendChild(self.__xmlDoc.createTextNode(str( peer[1]))) peerNode.appendChild(portNode) else: addrNode = self.__xmlDoc.createElement("Addr") addrNode.appendChild(self.__xmlDoc.createTextNode(str(peer))) peerNode.appendChild(addrNode) urlDetailNode.appendChild(peerNode) parameterNode = self.__xmlDoc.createElement("Parameter") parameterNode.appendChild(self.__xmlDoc.createTextNode(parameter)) urlDetailNode.appendChild(parameterNode) ## infoNode = self.__xmlDoc.createElement("Info") info = info.replace("\n", "<br />") infoNode.appendChild(self.__xmlDoc.createTextNode(info)) urlDetailNode.appendChild(infoNode) self.__addToVulnerabilityList(category, vulnerability) def generateReport(self, fileName): """ Create a xml file with a report of the vulnerabilities which have been logged with the method logVulnerability(category,level,url,parameter,info) """ f = open(fileName, "w") try: f.write(self.__xmlDoc.toxml(encoding="UTF-8")) finally: f.close()
class xml_ganttproject_2(StdOutputParams, ExecutorTopicContinuum, CreateMakeDependencies): def __init__(self, oconfig): '''Create a graph output object.''' tracer.debug("Called.") StdOutputParams.__init__(self, oconfig) CreateMakeDependencies.__init__(self) self.__fd = None self.effort_factor = self._config.get_value_default('effort_factor', 1) self.req_ids = {} self.next_id = 1 self.__xml_doc = None self.__xml_obj_stack = [] self.__markup = Markup("txt") def get_req_id(self, name): '''Get an id: if the req is not there a new id will be generated.''' if name in self.req_ids: return self.req_ids[name] self.req_ids[name] = self.next_id self.next_id += 1 return self.req_ids[name] def topic_continuum_pre(self, _topics_continuum): '''Do the preprocessing: create the empty document.''' # Create the minidom document self.__xml_doc = Document() xml_project = self.__xml_doc.createElement("project") self.__xml_doc.appendChild(xml_project) # This is needed: if not given, on the left side there is # nothing displayed. xml_taskdisplaycolumns = \ self.__xml_doc.createElement("taskdisplaycolumns") xml_project.appendChild(xml_taskdisplaycolumns) for display_col in [["tpd3", 125], ["tpd4", 25], ["tpd5", 25]]: xml_tpd = self.__xml_doc.createElement("displaycolumn") xml_tpd.setAttribute("property-id", display_col[0]) xml_tpd.setAttribute("width", str(display_col[1])) xml_taskdisplaycolumns.appendChild(xml_tpd) self.__xml_obj_stack.append(xml_project) def topic_continuum_sort(self, vcs_commit_ids, topic_sets): '''Because gantt2 can only one topic continuum, the latest (newest) is used.''' return [topic_sets[vcs_commit_ids[-1].get_commit()]] def topic_continuum_post(self, _topics_continuum): '''Do the postprocessing: create the file.''' # Close the (hopefully) last open assert len(self.__xml_obj_stack) == 1 self.__xml_doc.appendChild(self.__xml_obj_stack[0]) # Write it out. with io.open(self._output_filename, "w", encoding="utf-8") as self.__fd: self.__fd.write(self.__xml_doc.toprettyxml()) def topic_pre(self, topic): '''This is called in the Topic pre-phase.''' xml_task = self.__xml_doc.createElement("task") xml_task.setAttribute("name", topic.name) xml_task.setAttribute("id", str(self.get_req_id( "TOPIC-" + topic.name))) self.__xml_obj_stack.append(xml_task) tracer.debug("Finished; xml document stack length [%s]" % len(self.__xml_obj_stack)) def topic_post(self, _topic): '''This is called in the Topic post-phase.''' # Add the xml_task to the current document xml_task = self.__xml_obj_stack.pop() self.__xml_obj_stack[-1].appendChild(xml_task) tracer.debug("Finished; xml document stack length [%s]" % len(self.__xml_obj_stack)) def requirement_set_sort(self, list_to_sort): '''Sort by id.''' return sorted(list_to_sort, key=lambda r: r.get_id()) def requirement(self, req): '''Output the given requirement.''' # There is the need for a unique numeric id xml_task = self.__xml_doc.createElement("task") xml_task.setAttribute("name", req.get_id()) xml_task.setAttribute("id", str(self.get_req_id(req.get_id()))) if req.is_val_av_and_not_null("Effort estimation"): # The Effort Estimation is only rounded: ganntproject can # only handle integers as duration xml_task.setAttribute( "duration", str(int(req.get_value("Effort estimation") * self.effort_factor + 1))) # The Status (a la complete) must be given in percent. # Currently rmtoo supports only two states: not done (~0) or # finished (~100) if req.is_val_av_and_not_null("Status"): complete_val = "0" if isinstance(req.get_status(), RequirementStatusFinished): complete_val = "100" elif isinstance(req.get_status(), RequirementStatusAssigned): complete_val = "50" xml_task.setAttribute("complete", complete_val) # Notes # Add the description and if available also the rationale and # note. notes = "== Description ==\n" notes += self.__markup.replace( req.get_value("Description").get_content()) if req.is_val_av_and_not_null("Rationale"): notes += "\n\n== Rationale ==\n" notes += self.__markup.replace( req.get_value("Rationale").get_content()) if req.is_val_av_and_not_null("Note"): notes += "\n\n== Note ==\n" notes += self.__markup.replace( req.get_value("Note").get_content()) xml_note = self.__xml_doc.createElement("notes") xml_text = self.__xml_doc.createCDATASection(notes) xml_note.appendChild(xml_text) xml_task.appendChild(xml_note) # Dependencies for node in req.incoming: xml_depend = self.__xml_doc.createElement("depend") xml_depend.setAttribute("id", str(self.get_req_id(node.get_id()))) # There are some default attrs xml_depend.setAttribute("type", "2") xml_depend.setAttribute("difference", "0") xml_depend.setAttribute("hardness", "Strong") xml_task.appendChild(xml_depend) self.__xml_obj_stack[-1].appendChild(xml_task) def cmad_topic_continuum_pre(self, _): '''Write out the one and only dependency to all the requirements.''' tracer.debug("Called.") CreateMakeDependencies.write_reqs_dep(self._cmad_file, self._output_filename)
class Tool(): def __init__(self, ap_parser, **kwargs): self.ap_parser = ap_parser self.name = parser.prog self.id = parser.prog self.version = kwargs.get('version', None) or str( parser.version) or '0.1' self.description = kwargs.get( 'version', None) or parser.description or 'Insert Short Description' self.blacklisted_parameters = ['--version', '--verbose', '--help'] def parse(self): self.doc = Document() self.tool = self.create_tool() self.create_description() self.create_requirements() self.create_stdio() self.doc.appendChild(self.tool) self.create_command() self.create_inputs() self.create_outputs() self.create_help() self.create_reference() def convert_to_galaxy(self): self.doc.writexml(sys.stdout, indent=" ", addindent=" ", newl='\n', encoding="UTF-8") def create_tool(self): tool = self.doc.createElement("tool") tool.setAttribute("id", self.name) tool.setAttribute("version", self.version) tool.setAttribute("name", self.name) return tool def create_description(self): description_node = self.doc.createElement("description") description = self.doc.createTextNode(self.description) description_node.appendChild(description) self.tool.appendChild(description_node) def get_param_name(self, param): long_param = self.get_longest_param_name(param) return long_param.replace('-', '_').strip('_') def get_longest_param_name(self, param): if len(param.option_strings) == 1: return param.option_strings[0] else: if len(param.option_strings[0]) > len(param.option_strings[1]): return param.option_strings[0] else: return param.option_strings[1] def get_param_type(self, param): if type(param) in [ argparse._StoreTrueAction, argparse._StoreFalseAction ]: return 'boolean' elif type(param) == argparse._StoreAction: if param.choices is not None: return 'select' if param.type == int: return 'integer' elif param.type == float: return 'float' return 'text' def is_blacklisted(self, param): for name in param.option_strings: if name in self.blacklisted_parameters: return True return False def create_command(self): final_command = self.name + '\n' for param in self.extract_parameters(): command = '' param_name = self.get_param_name(param) param_type = self.get_param_type(param) if self.is_blacklisted(param): continue if param_type == 'boolean': command += '$%s\n' % (param_name) else: if param_type == 'text': command += "\n#if str($%(param_name)s).strip() != '':\n " % { "param_name": param_name } command = "%s '${%s}'\n" % (self.get_longest_param_name(param), param_name) if param_type == 'text': command += "#end if\n" final_command += command command_node = self.doc.createElement("command") command_text_node = self.doc.createCDATASection(final_command.strip()) command_node.appendChild(command_text_node) self.tool.appendChild(command_node) def create_inputs(self): inputs_node = self.doc.createElement("inputs") collect_inputs = list() for param in self.extract_parameters(): if self.is_blacklisted(param): continue inputs_node.appendChild(self.create_param_node(param)) self.tool.appendChild(inputs_node) def extract_parameters(self): """ ToDo: Add some parameter filtering here and react on nested parameters """ parameters = [] for parameter in self.ap_parser._actions: yield parameter def create_param_node(self, param): param_name = self.get_param_name(param) param_type = self.get_param_type(param) param_node = self.doc.createElement("param") param_node.setAttribute("name", param_name) label = "" if param.help is not None: label = param.help else: label = "%s parameter" % self.get_longest_param_name(param) param_node.setAttribute("label", label) param_node.setAttribute("help", "(%s)" % self.get_longest_param_name(param)) if param_type is None: raise "Unrecognized parameter type '%(type)' for parameter '%(name)'" % { "type": param_type, "name": param_name } param_node.setAttribute("type", param_type) if param.required: param_node.setAttribute("optional", str(not param.required)) # check for parameters with restricted values (which will correspond to a "select" in galaxy) if param_type == 'select': for choice in param.choices: option_node = self.doc.createElement("option") option_node.setAttribute("value", str(choice)) option_label = self.doc.createTextNode(str(choice)) option_node.appendChild(option_label) param_node.appendChild(option_node) return param_node if param_type == "text": # add size attribute... this is the length of a textbox field in Galaxy (it could also be 15x2, for instance) param_node.setAttribute("size", "20") if param_type == 'boolean': if type(param) == argparse._StoreTrueAction: param_node.setAttribute( "truevalue", "%s" % self.get_longest_param_name(param)) param_node.setAttribute("falsevalue", '') elif type(param) == argparse._StoreFalseAction: param_node.setAttribute( "falsevalue", "%s" % self.get_longest_param_name(param)) param_node.setAttribute("truevalue", '') param_node.setAttribute("checked", str(param.default)) # check for default value if param.default is not None: if param_type != "boolean": param_node.setAttribute("value", str(param.default)) else: param_node.setAttribute("value", '') return param_node def create_outputs(self): """ How to guess the output parameters, usualy they are not of type FILE whitelist? """ outputs_node = self.doc.createElement("outputs") outputs_node.appendChild(self.create_data_node()) self.tool.appendChild(outputs_node) def create_data_node(self): data_node = self.doc.createElement("data") data_node.setAttribute("name", 'outfile') data_node.setAttribute("format", 'data') data_node.setAttribute("label", '${tool.name} on ${on_string}') data_node.appendChild(self.create_filter_node()) data_node.appendChild(self.create_change_format_node()) return data_node def create_filter_node(self, data_format='EXAMPL'): """ <filter>'bam' in outputs</filter> """ filter_node = self.doc.createElement("filter") option_label = self.doc.createTextNode("'%s' in param_out_type" % (data_format)) filter_node.appendChild(option_label) return filter_node def create_change_format_node(self, data_formats=['foo', 'bar'], input_ref='infile'): """ <change_format> <when input="secondary_structure" value="true" format="text"/> </change_format> """ change_format_node = self.doc.createElement("change_format") for data_format in data_formats: when_node = self.doc.createElement("when") when_node.setAttribute('input', input_ref) when_node.setAttribute('value', data_format) when_node.setAttribute('format', data_format) change_format_node.appendChild(when_node) return change_format_node def create_requirements(self): """ <requirements> <requirement type="binary">@EXECUTABLE@</requirement> <requirement type="package" version="1.1.1">TODO</requirement> </requirements> """ requirements_node = self.doc.createElement("requirements") requirement_node = self.doc.createElement("requirement") requirement_node.setAttribute("type", "binary") requirement_text_node = self.doc.createTextNode('@EXECUTABLE@') requirement_node.appendChild(requirement_text_node) requirements_node.appendChild(requirement_node) requirement_node = self.doc.createElement("requirement") requirement_node.setAttribute("type", "package") requirement_node.setAttribute("version", "1.1.1") requirement_text_node = self.doc.createTextNode('TODO') requirement_node.appendChild(requirement_text_node) requirements_node.appendChild(requirement_node) self.tool.appendChild(requirements_node) def create_reference(self): """ <citations> <citation type="doi">10.1371/journal.pcbi.1003153</citation> </citations> """ citations_node = self.doc.createElement("citations") citation_node = self.doc.createElement("citation") citation_node.setAttribute("type", "doi") citation_text_node = self.doc.createTextNode( '10.1371/journal.pcbi.1003153') citation_node.appendChild(citation_text_node) citations_node.appendChild(citation_node) self.tool.appendChild(citations_node) def create_stdio(self): """ <!-- Anything other than zero is an error --> <exit_code range="1:" /> <exit_code range=":-1" /> <!-- In case the return code has not been set propery check stderr too --> <regex match="Error:" /> <regex match="Exception:" /> """ stdio_node = self.doc.createElement("stdio") exit_code_node = self.doc.createElement("exit_code") exit_code_node.setAttribute("range", "1:") stdio_node.appendChild(exit_code_node) exit_code_node = self.doc.createElement("exit_code") exit_code_node.setAttribute("range", ":-1") stdio_node.appendChild(exit_code_node) exit_code_node = self.doc.createElement("regex") exit_code_node.setAttribute("match", "Error:") stdio_node.appendChild(exit_code_node) exit_code_node = self.doc.createElement("regex") exit_code_node.setAttribute("match", "Exception:") stdio_node.appendChild(exit_code_node) self.tool.appendChild(stdio_node) def create_help(self): """ **What it does** + some help from the argparse definitions """ help_text = '**What it does**\n\n' help_text += self.ap_parser.description or ' Insert Short Description' help_text += '\n' help_text += self.ap_parser.epilog or 'Isert long description with website link' help_text += '\n' help_text += self.ap_parser.format_help() or 'insert help instructions' help_text += '\n' help_text += self.ap_parser.format_usage() help_text += '\n' help_node = self.doc.createElement("help") help_text_node = self.doc.createCDATASection(help_text) help_node.appendChild(help_text_node) self.tool.appendChild(help_node)
def generateXmlReport(self): """ Generates the XML reports to a given TestInfo object. """ try: doc = Document() testsuites= doc.createElement('testsuites') doc.appendChild(testsuites) parentElment = testsuites xml_content = None for cs in self.case_suite_list: if not cs.has_run: break testsuite = doc.createElement('testsuite') testsuites.appendChild(testsuite) testsuite.setAttribute('name',cs.path) testsuite.setAttribute('tests','1') testsuite.setAttribute('failures','0') xml_properties = doc.createElement('properties') testsuite.appendChild(xml_properties) property = doc.createElement('property') xml_properties.appendChild(property) systemout=doc.createElement('system-out') cdata = doc.createCDATASection("") systemout.appendChild(cdata) testsuite.appendChild(systemout) systemerr= doc.createElement('system-err') cdata=doc.createCDATASection("") systemerr.appendChild(cdata) testsuite.appendChild(systemerr) """ Appends a testcase section to the XML document. """ testCaseDurs = 0.0 failures = 0 for c in cs.case_list: if not c.has_run: break testcase = doc.createElement('testcase') testcase.setAttribute('classname','STF') testcase.setAttribute('name',c.id) testcase.setAttribute('time',six.text_type(c.elapsed_time)) failure = c.exitcode if failure == 1: error= doc.createElement('error') testcase.appendChild(error) error.setAttribute('type','error') error.setAttribute('message',c.fatal_error) cdata = doc.createCDATASection(str(c.__dict__)) error.appendChild(cdata) failures = failures + 1 testsuite.appendChild(testcase) testsuite.setAttribute('errors', six.text_type(failures)) testsuite.setAttribute('time', cs.elapsed_time) xml_content = doc.toprettyxml(indent='\t',encoding='UTF8') if xml_content is None: return if not os.path.exists('./testcase_reports'): os.mkdir('./testcase_reports') date = datetime.datetime.now().strftime("%Y%m%d-"+ time.tzname[1] + "-%H%M%S.%f") filename = os.path.join('./testcase_reports','TEST-STF-%s.xml' % date) with open(filename, 'wb') as report_file: report_file.write(xml_content) finally: pass
doc=Document() wordbook=doc.createElement('wordbook') match=re.compile(u'(\d+)\.(.*?)([\u4e00-\u9fa5].*)') with open('d:\\a.txt','r') as myfile: content=myfile.readlines() for line in content: # print line item=doc.createElement('item') word=doc.createElement('word') trans=doc.createElement('trans') phonetic=doc.createElement('phonetic') tags=doc.createElement('tags') progress=doc.createElement('progress') matches=match.findall(line.decode()) word.appendChild(doc.createCDATASection(matches[0][1])) trans.appendChild(doc.createCDATASection(matches[0][2])) progress.appendChild(doc.createTextNode('0')) phonetic.appendChild(doc.createTextNode('')) tags.appendChild(doc.createTextNode('')) item.appendChild(word) item.appendChild(trans) item.appendChild(phonetic) item.appendChild(tags) item.appendChild(progress) wordbook.appendChild(item) doc.appendChild(wordbook) objxml=open('d:\\word.xml','w') objxml.write(doc.toprettyxml(indent=" ")) objxml.close()
def createXML(metaDict): doc = Document() XMLNS_NS = u"stgermainmeta.xsd" XSI_NS = u"stgermainmeta.xsd" eMeta = doc.createElement(u"meta") eMeta.setAttribute(u"xmlns", "urn:stgermainmeta-schema") eMeta.setAttributeNS(XMLNS_NS, u"xmlns:dc", u"http://purl.org/dc/elements/1.1/") eMeta.setAttributeNS(XMLNS_NS, u"xmlns:xsi", u"http://www.w3.org/2001/XMLSchema-instance") eMeta.setAttributeNS(XMLNS_NS, u"xmlns:xsd", u"http://www.w3.org/2001/XMLSchema") eMeta.setAttributeNS( XSI_NS, u"xsi:schemaLocation", u"http://purl.org/dc/elements/1.1/ dc.xsd http://www.w3.org/2001/XMLSchema XMLSchema.xsd urn:stgermainmeta-schema stgermainmeta.xsd", ) doc.appendChild(eMeta) eInfo = doc.createElement(u"info") eTitle = doc.createElement(u"dc:title") eCreator = doc.createElement(u"dc:creator") ePublisher = doc.createElement(u"dc:publisher") eRights = doc.createElement(u"dc:rights") eSource = doc.createElement(u"dc:source") eSubject = doc.createElement(u"dc:subject") eDescription = doc.createElement(u"dc:description") eInfo.appendChild(eTitle) eInfo.appendChild(eCreator) eInfo.appendChild(ePublisher) eInfo.appendChild(eRights) eInfo.appendChild(eSource) eInfo.appendChild(eSubject) eInfo.appendChild(eDescription) eMeta.appendChild(eInfo) eCode = doc.createElement(u"code") eExAnn = doc.createElement(u"xsd:annotation") eExDoc = doc.createElement(u"xsd:documentation") eExApp = doc.createElement(u"xsd:appinfo") eInherits = doc.createElement(u"inherits") eCode.appendChild(eExAnn) eExAnn.appendChild(eExDoc) eExAnn.appendChild(eExApp) eCode.appendChild(eInherits) eMeta.appendChild(eCode) eImplements = doc.createElement(u"implements") eReference = doc.createElement(u"reference") eEquation = doc.createElement(u"equation") eImplements.appendChild(eReference) eImplements.appendChild(eEquation) eMeta.appendChild(eImplements) eParameters = doc.createElement(u"parameters") eMeta.appendChild(eParameters) eAssociations = doc.createElement(u"associations") eMeta.appendChild(eAssociations) # Content... # Info (all required i.e. let is except if dictionary entry not there) ... eTitleTxt = doc.createTextNode(metaDict["info"]["title"]) eTitle.appendChild(eTitleTxt) eCreatorTxt = doc.createTextNode(metaDict["info"]["creator"]) eCreator.appendChild(eCreatorTxt) ePublisherTxt = doc.createTextNode(metaDict["info"]["publisher"]) ePublisher.appendChild(ePublisherTxt) eRightsTxt = doc.createTextNode(metaDict["info"]["rights"]) eRights.appendChild(eRightsTxt) eSourceTxt = doc.createTextNode(metaDict["info"]["source"]) eSource.appendChild(eSourceTxt) eSubjectTxt = doc.createTextNode(metaDict["info"]["subject"]) eSubject.appendChild(eSubjectTxt) eDescriptionTxt = doc.createCDATASection(metaDict["info"]["description"]) eDescription.appendChild(eDescriptionTxt) # Code (Not all required i.e. catch except if dictionary entry not there) ... try: eExDocTxt = doc.createCDATASection(metaDict["code"]["example-documentation"]) eExDoc.appendChild(eExDocTxt) except KeyError: pass try: eExAppTxt = doc.createCDATASection(metaDict["code"]["example-code"]) eExApp.appendChild(eExAppTxt) except KeyError: pass try: eInheritsTxt = doc.createTextNode(metaDict["code"]["inherits"]) eInherits.appendChild(eInheritsTxt) except KeyError: pass # Implements (Not all required i.e. catch except if dictionary entry not there) ... try: eReferenceTxt = doc.createTextNode(metaDict["implements"]["reference"]) eReference.appendChild(eReferenceTxt) except KeyError: pass try: eEquationTxt = doc.createCDATASection(metaDict["implements"]["equation"]) eEquation.appendChild(eEquationTxt) except KeyError: pass # Parameters (as this is an XML XSD type, the rules on requirment are determined by it) ... for param in metaDict["parameters"]: eParam = doc.createElement(u"xsd:element") eParam.setAttribute(u"name", param["name"]) eParam.setAttribute(u"type", param["type"]) try: eParam.setAttribute(u"default", param["default"]) except KeyError: pass try: eParamAnn = doc.createElement(u"xsd:annotation") eParamDoc = doc.createElement(u"xsd:documentation") eParamDocTxt = doc.createCDATASection(param["documentation"]) eParamDoc.appendChild(eParamDocTxt) eParamAnn.appendChild(eParamDoc) eParam.appendChild(eParamAnn) except KeyError: pass eParameters.appendChild(eParam) # Associations (as this is an XML XSD type, the rules on requirment are determined by it)... for assoc in metaDict["associations"]: eAssoc = doc.createElement(u"xsd:element") eAssoc.setAttribute(u"name", assoc["name"]) eAssoc.setAttribute(u"type", assoc["type"]) try: eAssoc.setAttribute(u"nillable", assoc["nillable"]) except KeyError: pass try: eAssocAnn = doc.createElement(u"xsd:annotation") eAssocDoc = doc.createElement(u"xsd:documentation") eAssocDocTxt = doc.createCDATASection(assoc["documentation"]) eAssocDoc.appendChild(eAssocDocTxt) eAssocAnn.appendChild(eAssocDoc) eAssoc.appendChild(eAssocAnn) except KeyError: pass eAssociations.appendChild(eAssoc) return doc
from xml.dom.minidom import Document from car import Car from json import loads """Setting the dom obj""" doc = Document() x_cars = doc.createElement('cars') doc.appendChild(x_cars) """Opening the json file""" with open('./7-main.json') as f: data = loads(f.read()) """Iterating through each obj and adding them to the dom""" for car in data: item = Car(car) c_xml = item.to_xml_node(doc) year = doc.createElement('year') year_value = doc.createTextNode('2015') year.appendChild(year_value) c_xml.appendChild(year) c_xml.setAttribute('weight', str(1000)) brand = doc.createElement('brand') brand_value = doc.createCDATASection(u"\u00a9" + item.get_brand()) brand.appendChild(brand_value) c_xml.replaceChild(brand, c_xml.getElementsByTagName('brand')[0]) x_cars.appendChild(c_xml) """Printing the dom to xml""" print doc.toxml(encoding='utf-8')
class VulsXMLReportGen(ReportGen): def __init__(self): self.__ts = datetime.datetime.now() self.__xmlDoc = Document() self.__vulsTypeList = None def setReportInfo(self, target, scope=None, date_string="", version=""): report = self.__xmlDoc.createElement("Report") report.setAttribute("generatedBy", version) report.setAttribute("generationDate", self.__ts.isoformat()) self.__vulsTypeList = self.__xmlDoc.createElement( "VulnerabilityTypeList") report.appendChild(self.__vulsTypeList) self.__xmlDoc.appendChild(report) def __addToVulsTypeList(self, vulsType): self.__vulsTypeList.appendChild(vulsType) def addVulsType(self, name, description="", solution="", references={}): vulsType = self.__xmlDoc.createElement("VulsType") vulsType.appendChild(self.__xmlDoc.createElement("VulsList")) vulsTitleNode = self.__xmlDoc.createElement("Title") vulsTitleNode.appendChild(self.__xmlDoc.createTextNode(name)) vulsType.appendChild(vulsTitleNode) self.__addToVulsTypeList(vulsType) if description != "": descriptionNode = self.__xmlDoc.createElement("Description") descriptionNode.appendChild( self.__xmlDoc.createCDATASection(description)) vulsType.appendChild(descriptionNode) if solution != "": solutionNode = self.__xmlDoc.createElement("Solution") solutionNode.appendChild( self.__xmlDoc.createCDATASection(solution)) vulsType.appendChild(solutionNode) if references != "": referencesNode = self.__xmlDoc.createElement("References") for ref in references: referenceNode = self.__xmlDoc.createElement("Reference") nameNode = self.__xmlDoc.createElement("name") urlNode = self.__xmlDoc.createElement("url") nameNode.appendChild(self._xmlDoc.createTextNode(ref)) urlNode.appendChild( self.__xmlDoc.createTextNode(references[ref])) referenceNode.appendChild(nameNode) referenceNode.appendChild(urlNode) referencesNode.appendChild(referenceNode) referencesNode.appendChild(referencesNode) vulsType.appendChild(referenceNode) return vulsType def __addToVulsList(self, category, vuls): vulsType = None for node in self.__vulsTypeList.childNodes: titleNode = node.getElementsByTagName("Title") if (titleNode.length >= 1 and titleNode[0].childNodes.length == 1 and titleNode[0].childNodes[0].wholeText == category): vulsType = None break if vulsType is None: vulsType = self.addVulsType(category) vulsType.childNodes[0].appendChild(vuls) def logVuls(self, category=None, level=0, reuqest=None, parameter="", info=""): peer = None vuls = self.__xmlDoc.createElement("Vuls") if level == 1: stLevel = "Low" elif level == 2: stLevel = "Moder" else: stLevel = "Important" levelNode = self.__xmlDoc.createElement("Severity") levelNode.appendChild(self.__xmlDoc.createTextNode(stLevel)) vuls.appendChild(levelNode) tsNode = self.__xmlDoc.createElement("DetectionDate") vuls.appendChild(tsNode) urlDetailNode = self.__xmlDoc.createElement("URLDetail") vuls.appendChild(urlDetailNode) urlNode = self.__xmlDoc.createElement("URL") urlNode.appendChild(self.__xmlDoc.createTextNode(request.url)) urlDetailNode.appendChild(urlNode) if peer is not None: peerNode = self.__xmlDoc.createElement("Addr") if isPeerAddrPort(peer): addrNode = self.__xmlDoc.createElement("Addr") addrNode.appendChild(self.__xmlDoc.createTextNode(peer[0])) peerNode.appendChild(addrNode) portNode = self.__xmlDoc.createElement("Addr") portNode.appendChild(self.__xmlDoc.createTextNode(str( peer[1]))) peerNode.appendChild(portNode) else: addrNode = self.__xmlDoc.createElement("Addr") addrNode.appendChild(self.__xmlDoc.createTextNode(str(peer))) peerNode.appendChild(addrNode) urlDetailNode.appendChild(peerNode) parameterNode = self.__xmlDoc.createElement("Parameter") parameterNode.appendChild(self.__xmlDoc.createTextNode(parameter)) urlDetailNode.appendChild(parameterNode) infoNode = self.__xmlDoc.createElement("Info") info = info.replace("\n", "<br />") infoNode.appendChild(self.__xmlDoc.createTextNode(info)) urlDetailNode.appendChild(infoNode) self.__addToVulsList(category, vuls) def genReport(self, filename): f = open(filename, "w") try: f.write(self.__xmlDoc.toxml(encoding="UTF-8")) finally: f.close()
class XMLReportGenerator(ReportGenerator): """ This class generates a report with the method printToFile(fileName) which contains the information of all the vulnerabilities notified to this object through the method add_vulnerability(vulnerabilityTypeName,level,url,parameter,info). The format of the file is XML and it has the following structure: <report type="security"> <generatedBy id="Wapiti 3.0.4"/> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityList> <vulnerability level="3"> <url>http://www.a.com</url> <parameters>id=23</parameters> <info>SQL Injection</info> </vulnerability> </vulnerabilityList> </vulnerabilityType> </vulnerabilityTypeList> </report> """ def __init__(self): super().__init__() self._xml_doc = Document() self._flaw_types = {} self._vulns = {} self._anomalies = {} self._additionals = {} # Vulnerabilities def add_vulnerability_type(self, name, description="", solution="", references=None): if name not in self._flaw_types: self._flaw_types[name] = { "desc": description, "sol": solution, "ref": references } if name not in self._vulns: self._vulns[name] = [] def add_vulnerability(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ vuln_dict = { "method": request.method, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "http_request": request.http_repr(left_margin=""), "curl_command": request.curl_repr, } if category not in self._vulns: self._vulns[category] = [] self._vulns[category].append(vuln_dict) # Anomalies def add_anomaly_type(self, name, description="", solution="", references=None): if name not in self._flaw_types: self._flaw_types[name] = { "desc": description, "sol": solution, "ref": references } if name not in self._anomalies: self._anomalies[name] = [] def add_anomaly(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ anom_dict = { "method": request.method, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "http_request": request.http_repr(left_margin=""), "curl_command": request.curl_repr, } if category not in self._anomalies: self._anomalies[category] = [] self._anomalies[category].append(anom_dict) # Additionals def add_additional_type(self, name, description="", solution="", references=None): """ This method adds an addtional type, it can be invoked to include in the report the type. """ if name not in self._flaw_types: self._flaw_types[name] = { "desc": description, "sol": solution, "ref": references } if name not in self._additionals: self._additionals[name] = [] def add_additional(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the addtional to be printed later. The method printToFile(fileName) can be used to save in a file the addtionals notified through the current method. """ addition_dict = { "method": request.method, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "http_request": request.http_repr(left_margin=""), "curl_command": request.curl_repr, } if category not in self._additionals: self._additionals[category] = [] self._additionals[category].append(addition_dict) def generate_report(self, output_path): """ Create a xml file with a report of the vulnerabilities which have been logged with the method add_vulnerability(vulnerabilityTypeName,level,url,parameter,info) """ report = self._xml_doc.createElement("report") report.setAttribute("type", "security") self._xml_doc.appendChild(report) # Add report infos report_infos = self._xml_doc.createElement("report_infos") generator_name = self._xml_doc.createElement("info") generator_name.setAttribute("name", "generatorName") generator_name.appendChild(self._xml_doc.createTextNode("wapiti")) report_infos.appendChild(generator_name) generator_version = self._xml_doc.createElement("info") generator_version.setAttribute("name", "generatorVersion") generator_version.appendChild(self._xml_doc.createTextNode(self._infos["version"])) report_infos.appendChild(generator_version) scope = self._xml_doc.createElement("info") scope.setAttribute("name", "scope") scope.appendChild(self._xml_doc.createTextNode(self._infos["scope"])) report_infos.appendChild(scope) date_of_scan = self._xml_doc.createElement("info") date_of_scan.setAttribute("name", "dateOfScan") date_of_scan.appendChild(self._xml_doc.createTextNode(self._infos["date"])) report_infos.appendChild(date_of_scan) target = self._xml_doc.createElement("info") target.setAttribute("name", "target") target.appendChild(self._xml_doc.createTextNode(self._infos["target"])) report_infos.appendChild(target) report.appendChild(report_infos) vulnerabilities = self._xml_doc.createElement("vulnerabilities") anomalies = self._xml_doc.createElement("anomalies") additionals = self._xml_doc.createElement("additionals") # Loop on each flaw classification for flaw_type in self._flaw_types: container = None classification = "" flaw_dict = {} if flaw_type in self._vulns: container = vulnerabilities classification = "vulnerability" flaw_dict = self._vulns elif flaw_type in self._anomalies: container = anomalies classification = "anomaly" flaw_dict = self._anomalies elif flaw_type in self._additionals: container = additionals classification = "additional" flaw_dict = self._additionals # Child nodes with a description of the flaw type flaw_type_node = self._xml_doc.createElement(classification) flaw_type_node.setAttribute("name", flaw_type) flaw_type_desc = self._xml_doc.createElement("description") flaw_type_desc.appendChild(self._xml_doc.createCDATASection(self._flaw_types[flaw_type]["desc"])) flaw_type_node.appendChild(flaw_type_desc) flaw_type_solution = self._xml_doc.createElement("solution") flaw_type_solution.appendChild(self._xml_doc.createCDATASection(self._flaw_types[flaw_type]["sol"])) flaw_type_node.appendChild(flaw_type_solution) flaw_type_references = self._xml_doc.createElement("references") for ref in self._flaw_types[flaw_type]["ref"]: reference_node = self._xml_doc.createElement("reference") title_node = self._xml_doc.createElement("title") url_node = self._xml_doc.createElement("url") title_node.appendChild(self._xml_doc.createTextNode(ref)) url = self._flaw_types[flaw_type]["ref"][ref] url_node.appendChild(self._xml_doc.createTextNode(url)) reference_node.appendChild(title_node) reference_node.appendChild(url_node) flaw_type_references.appendChild(reference_node) flaw_type_node.appendChild(flaw_type_references) # And child nodes with each flaw of the current type entries_node = self._xml_doc.createElement("entries") for flaw in flaw_dict[flaw_type]: entry_node = self._xml_doc.createElement("entry") method_node = self._xml_doc.createElement("method") method_node.appendChild(self._xml_doc.createTextNode(flaw["method"])) entry_node.appendChild(method_node) path_node = self._xml_doc.createElement("path") path_node.appendChild(self._xml_doc.createTextNode(flaw["path"])) entry_node.appendChild(path_node) level_node = self._xml_doc.createElement("level") level_node.appendChild(self._xml_doc.createTextNode(str(flaw["level"]))) entry_node.appendChild(level_node) parameter_node = self._xml_doc.createElement("parameter") parameter_node.appendChild(self._xml_doc.createTextNode(flaw["parameter"])) entry_node.appendChild(parameter_node) info_node = self._xml_doc.createElement("info") info_node.appendChild(self._xml_doc.createTextNode(flaw["info"])) entry_node.appendChild(info_node) http_request_node = self._xml_doc.createElement("http_request") http_request_node.appendChild(self._xml_doc.createCDATASection(flaw["http_request"])) entry_node.appendChild(http_request_node) curl_command_node = self._xml_doc.createElement("curl_command") curl_command_node.appendChild(self._xml_doc.createCDATASection(flaw["curl_command"])) entry_node.appendChild(curl_command_node) entries_node.appendChild(entry_node) flaw_type_node.appendChild(entries_node) container.appendChild(flaw_type_node) report.appendChild(vulnerabilities) report.appendChild(anomalies) report.appendChild(additionals) with open(output_path, "w", errors="ignore") as xml_report_file: self._xml_doc.writexml(xml_report_file, addindent=" ", newl="\n")
class xml_ganttproject_2(StdOutputParams, ExecutorTopicContinuum, CreateMakeDependencies): def __init__(self, oconfig): '''Create a graph output object.''' tracer.debug("Called.") StdOutputParams.__init__(self, oconfig) CreateMakeDependencies.__init__(self) self.__fd = None self.effort_factor = self._config.get_value_default('effort_factor', 1) self.req_ids = {} self.next_id = 1 self.__xml_doc = None self.__xml_obj_stack = [] def get_req_id(self, name): '''Get an id: if the req is not there a new id will be generated.''' if name in self.req_ids: return self.req_ids[name] self.req_ids[name] = self.next_id self.next_id += 1 return self.req_ids[name] def topic_continuum_pre(self, _topics_continuum): '''Do the preprocessing: create the empty document.''' # Create the minidom document self.__xml_doc = Document() xml_project = self.__xml_doc.createElement("project") self.__xml_doc.appendChild(xml_project) # This is needed: if not given, on the left side there is # nothing displayed. xml_taskdisplaycolumns = \ self.__xml_doc.createElement("taskdisplaycolumns") xml_project.appendChild(xml_taskdisplaycolumns) for display_col in [["tpd3", 125], ["tpd4", 25], ["tpd5", 25]]: xml_tpd = self.__xml_doc.createElement("displaycolumn") xml_tpd.setAttribute("property-id", display_col[0]) xml_tpd.setAttribute("width", str(display_col[1])) xml_taskdisplaycolumns.appendChild(xml_tpd) self.__xml_obj_stack.append(xml_project) def topic_continuum_sort(self, vcs_commit_ids, topic_sets): '''Because gantt2 can only one topic continuum, the latest (newest) is used.''' return [topic_sets[vcs_commit_ids[-1].get_commit()]] def topic_continuum_post(self, _topics_continuum): '''Do the postprocessing: create the file.''' # Close the (hopefully) last open assert len(self.__xml_obj_stack) == 1 self.__xml_doc.appendChild(self.__xml_obj_stack[0]) # Write it out. self.__fd = file(self._output_filename, "w") self.__fd.write(self.__xml_doc.toprettyxml()) self.__fd.close() def topic_pre(self, topic): '''This is called in the Topic pre-phase.''' xml_task = self.__xml_doc.createElement("task") xml_task.setAttribute("name", topic.get_name()) xml_task.setAttribute( "id", str(self.get_req_id("TOPIC-" + topic.get_name()))) self.__xml_obj_stack.append(xml_task) tracer.debug("Finished; xml document stack length [%s]" % len(self.__xml_obj_stack)) def topic_post(self, _topic): '''This is called in the Topic post-phase.''' # Add the xml_task to the current document xml_task = self.__xml_obj_stack.pop() self.__xml_obj_stack[-1].appendChild(xml_task) tracer.debug("Finished; xml document stack length [%s]" % len(self.__xml_obj_stack)) def requirement_set_sort(self, list_to_sort): '''Sort by id.''' return sorted(list_to_sort, key=lambda r: r.get_name()) def requirement(self, req): '''Output the given requirement.''' # There is the need for a unique numeric id xml_task = self.__xml_doc.createElement("task") xml_task.setAttribute("name", req.get_name()) xml_task.setAttribute("id", str(self.get_req_id(req.get_name()))) if req.get_requirement().is_val_av_and_not_null("Effort estimation"): # The Effort Estimation is only rounded: ganntproject can # only handle integers as duration xml_task.setAttribute( "duration", str( int(req.get_requirement().get_value("Effort estimation") * self.effort_factor + 1))) # The Status (a la complete) must be given in percent. # Currently rmtoo supports only two states: not done (~0) or # finished (~100) if req.get_requirement().is_val_av_and_not_null("Status"): complete_val = "0" if isinstance(req.get_requirement().get_status(), RequirementStatusFinished): complete_val = "100" elif isinstance(req.get_requirement().get_status(), RequirementStatusAssigned): complete_val = "50" xml_task.setAttribute("complete", complete_val) # Notes # Add the description and if available also the rationale and # note. notes = "== Description ==\n" notes += LaTeXMarkup.replace_txt( req.get_requirement().get_value("Description").get_content()) if req.get_requirement().is_val_av_and_not_null("Rationale"): notes += "\n\n== Rationale ==\n" notes += LaTeXMarkup.replace_txt( req.get_requirement().get_value("Rationale").get_content()) if req.get_requirement().is_val_av_and_not_null("Note"): notes += "\n\n== Note ==\n" notes += LaTeXMarkup.replace_txt( req.get_requirement().get_value("Note").get_content()) xml_note = self.__xml_doc.createElement("notes") xml_text = self.__xml_doc.createCDATASection(notes) xml_note.appendChild(xml_text) xml_task.appendChild(xml_note) # Dependencies for node in req.get_iter_outgoing(): xml_depend = self.__xml_doc.createElement("depend") xml_depend.setAttribute("id", str(self.get_req_id(node.get_name()))) # There are some default attrs xml_depend.setAttribute("type", "2") xml_depend.setAttribute("difference", "0") xml_depend.setAttribute("hardness", "Strong") xml_task.appendChild(xml_depend) self.__xml_obj_stack[-1].appendChild(xml_task) def cmad_topic_continuum_pre(self, _): '''Write out the one and only dependency to all the requirements.''' tracer.debug("Called.") CreateMakeDependencies.write_reqs_dep(self._cmad_file, self._output_filename)
class XMLReportGenerator(ReportGenerator): """ This class generates a report with the method printToFile(fileName) which contains the information of all the vulnerabilities notified to this object through the method add_vulnerability(vulnerabilityTypeName,level,url,parameter,info). The format of the file is XML and it has the following structure: <report type="security"> <generatedBy id="Wapiti X.X.X"/> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityList> <vulnerability level="3"> <url>http://www.a.com</url> <parameters>id=23</parameters> <info>SQL Injection</info> </vulnerability> </vulnerabilityList> </vulnerabilityType> </vulnerabilityTypeList> </report> """ def __init__(self): super().__init__() self._xml_doc = Document() self._flaw_types = {} self._vulns = {} self._anomalies = {} self._additionals = {} # Vulnerabilities def add_vulnerability_type(self, name, description="", solution="", references=None, wstg=None): if name not in self._flaw_types: self._flaw_types[name] = { "desc": description, "sol": solution, "ref": references, "wstg": wstg } if name not in self._vulns: self._vulns[name] = [] def add_vulnerability(self, module: str, category=None, level=0, request=None, parameter="", info="", wstg=None): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ vuln_dict = { "method": request.method, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "referer": request.referer, "module": module, "http_request": request.http_repr(left_margin=""), "curl_command": request.curl_repr, "wstg": wstg } if category not in self._vulns: self._vulns[category] = [] self._vulns[category].append(vuln_dict) # Anomalies def add_anomaly_type(self, name, description="", solution="", references=None, wstg=None): if name not in self._flaw_types: self._flaw_types[name] = { "desc": description, "sol": solution, "ref": references, "wstg": wstg } if name not in self._anomalies: self._anomalies[name] = [] def add_anomaly(self, module: str, category=None, level=0, request=None, parameter="", info="", wstg=None): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ anom_dict = { "method": request.method, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "referer": request.referer, "module": module, "http_request": request.http_repr(left_margin=""), "curl_command": request.curl_repr, "wstg": wstg } if category not in self._anomalies: self._anomalies[category] = [] self._anomalies[category].append(anom_dict) # Additionals def add_additional_type(self, name, description="", solution="", references=None, wstg=None): """ This method adds an addtional type, it can be invoked to include in the report the type. """ if name not in self._flaw_types: self._flaw_types[name] = { "desc": description, "sol": solution, "ref": references, "wstg": wstg } if name not in self._additionals: self._additionals[name] = [] def add_additional(self, module: str, category=None, level=0, request=None, parameter="", info="", wstg=None): """ Store the information about the addtional to be printed later. The method printToFile(fileName) can be used to save in a file the addtionals notified through the current method. """ addition_dict = { "method": request.method, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "referer": request.referer, "module": module, "http_request": request.http_repr(left_margin=""), "curl_command": request.curl_repr, "wstg": wstg } if category not in self._additionals: self._additionals[category] = [] self._additionals[category].append(addition_dict) def generate_report(self, output_path): """ Create a xml file with a report of the vulnerabilities which have been logged with the method add_vulnerability(vulnerabilityTypeName,level,url,parameter,info) """ report = self._xml_doc.createElement("report") report.setAttribute("type", "security") self._xml_doc.appendChild(report) # Add report infos report_infos = self._create_info_section() report.appendChild(report_infos) vulnerabilities = self._xml_doc.createElement("vulnerabilities") anomalies = self._xml_doc.createElement("anomalies") additionals = self._xml_doc.createElement("additionals") # Loop on each flaw classification for flaw_type_name, flaw_type in self._flaw_types.items(): container = None classification = "" flaw_dict = {} if flaw_type_name in self._vulns: container = vulnerabilities classification = "vulnerability" flaw_dict = self._vulns elif flaw_type_name in self._anomalies: container = anomalies classification = "anomaly" flaw_dict = self._anomalies elif flaw_type_name in self._additionals: container = additionals classification = "additional" flaw_dict = self._additionals # Child nodes with a description of the flaw type flaw_type_node = self._xml_doc.createElement(classification) flaw_type_node.setAttribute("name", flaw_type_name) flaw_type_desc = self._xml_doc.createElement("description") flaw_type_desc.appendChild( self._xml_doc.createCDATASection(flaw_type["desc"])) flaw_type_node.appendChild(flaw_type_desc) flaw_type_solution = self._xml_doc.createElement("solution") flaw_type_solution.appendChild( self._xml_doc.createCDATASection(flaw_type["sol"])) flaw_type_node.appendChild(flaw_type_solution) flaw_type_references = self._xml_doc.createElement("references") for ref in flaw_type["ref"]: reference_node = self._xml_doc.createElement("reference") title_node = self._xml_doc.createElement("title") url_node = self._xml_doc.createElement("url") title_node.appendChild(self._xml_doc.createTextNode(ref)) url = flaw_type["ref"][ref] url_node.appendChild(self._xml_doc.createTextNode(url)) wstg_node = self._xml_doc.createElement("wstg") for wstg_code in flaw_type["wstg"] or []: wstg_code_node = self._xml_doc.createElement("code") wstg_code_node.appendChild( self._xml_doc.createTextNode(wstg_code)) wstg_node.appendChild(wstg_code_node) reference_node.appendChild(title_node) reference_node.appendChild(url_node) reference_node.appendChild(wstg_node) flaw_type_references.appendChild(reference_node) flaw_type_node.appendChild(flaw_type_references) # And child nodes with each flaw of the current type entries_node = self._xml_doc.createElement("entries") for flaw in flaw_dict[flaw_type_name]: entry_node = self._xml_doc.createElement("entry") method_node = self._xml_doc.createElement("method") method_node.appendChild( self._xml_doc.createTextNode(flaw["method"])) entry_node.appendChild(method_node) path_node = self._xml_doc.createElement("path") path_node.appendChild( self._xml_doc.createTextNode(flaw["path"])) entry_node.appendChild(path_node) level_node = self._xml_doc.createElement("level") level_node.appendChild( self._xml_doc.createTextNode(str(flaw["level"]))) entry_node.appendChild(level_node) parameter_node = self._xml_doc.createElement("parameter") parameter_node.appendChild( self._xml_doc.createTextNode(flaw["parameter"])) entry_node.appendChild(parameter_node) info_node = self._xml_doc.createElement("info") info_node.appendChild( self._xml_doc.createTextNode(flaw["info"])) entry_node.appendChild(info_node) referer_node = self._xml_doc.createElement("referer") referer_node.appendChild( self._xml_doc.createTextNode(flaw["referer"])) entry_node.appendChild(referer_node) module_node = self._xml_doc.createElement("module") module_node.appendChild( self._xml_doc.createTextNode(flaw["module"])) entry_node.appendChild(module_node) http_request_node = self._xml_doc.createElement("http_request") http_request_node.appendChild( self._xml_doc.createCDATASection(flaw["http_request"])) entry_node.appendChild(http_request_node) curl_command_node = self._xml_doc.createElement("curl_command") curl_command_node.appendChild( self._xml_doc.createCDATASection(flaw["curl_command"])) entry_node.appendChild(curl_command_node) wstg_node = self._xml_doc.createElement("wstg") for wstg_code in flaw["wstg"] or []: wstg_code_node = self._xml_doc.createElement("code") wstg_code_node.appendChild( self._xml_doc.createTextNode(wstg_code)) wstg_node.appendChild(wstg_code_node) entry_node.appendChild(wstg_node) entries_node.appendChild(entry_node) flaw_type_node.appendChild(entries_node) container.appendChild(flaw_type_node) report.appendChild(vulnerabilities) report.appendChild(anomalies) report.appendChild(additionals) with open(output_path, "w", errors="ignore", encoding='utf-8') as xml_report_file: self._xml_doc.writexml(xml_report_file, addindent=" ", newl="\n") def _create_info_section(self) -> Element: """ Write the authentication section explaining what method, fields, url were used and also if it has been successful """ report_infos = self._xml_doc.createElement("report_infos") generator_name = self._xml_doc.createElement("info") generator_name.setAttribute("name", "generatorName") generator_name.appendChild(self._xml_doc.createTextNode("wapiti")) report_infos.appendChild(generator_name) generator_version = self._xml_doc.createElement("info") generator_version.setAttribute("name", "generatorVersion") generator_version.appendChild( self._xml_doc.createTextNode(self._infos["version"])) report_infos.appendChild(generator_version) scope = self._xml_doc.createElement("info") scope.setAttribute("name", "scope") scope.appendChild(self._xml_doc.createTextNode(self._infos["scope"])) report_infos.appendChild(scope) date_of_scan = self._xml_doc.createElement("info") date_of_scan.setAttribute("name", "dateOfScan") date_of_scan.appendChild( self._xml_doc.createTextNode(self._infos["date"])) report_infos.appendChild(date_of_scan) target = self._xml_doc.createElement("info") target.setAttribute("name", "target") target.appendChild(self._xml_doc.createTextNode(self._infos["target"])) report_infos.appendChild(target) target = self._xml_doc.createElement("info") target.setAttribute("name", "crawledPages") target.appendChild( self._xml_doc.createTextNode(str(self._infos["crawled_pages"]))) report_infos.appendChild(target) auth_node = self._xml_doc.createElement("info") auth_node.setAttribute("name", "auth") if self._infos.get("auth") is not None: auth_dict = self._infos["auth"] is_logged_in = "true" if auth_dict["logged_in"] is True else "false" auth_method_node = self._xml_doc.createElement("method") auth_method_node.appendChild( self._xml_doc.createTextNode(auth_dict["method"])) auth_node.appendChild(auth_method_node) auth_url_node = self._xml_doc.createElement("url") auth_url_node.appendChild( self._xml_doc.createTextNode(auth_dict["url"])) auth_node.appendChild(auth_url_node) auth_logged_in_node = self._xml_doc.createElement("logged_in") auth_logged_in_node.appendChild( self._xml_doc.createTextNode(is_logged_in)) auth_node.appendChild(auth_logged_in_node) form_node = self._xml_doc.createElement("form") if auth_dict.get("form") is not None and len( auth_dict["form"]) > 0: auth_form_dict = auth_dict["form"] form_login_field_node = self._xml_doc.createElement( "login_field") form_login_field_node.appendChild( self._xml_doc.createTextNode( auth_form_dict["login_field"])) form_node.appendChild(form_login_field_node) form_password_field_node = self._xml_doc.createElement( "password_field") form_password_field_node.appendChild( self._xml_doc.createTextNode( auth_form_dict["password_field"])) form_node.appendChild(form_password_field_node) auth_node.appendChild(form_node) else: form_node.setAttributeNS( "http://www.w3.org/2001/XMLSchema-instance", "xsi:nil", "true") else: auth_node.setAttributeNS( "http://www.w3.org/2001/XMLSchema-instance", "xsi:nil", "true") report_infos.appendChild(auth_node) return report_infos
class XMLReportGenerator(ReportGenerator): """ This class generates a report with the method printToFile(fileName) which contains the information of all the vulnerabilities notified to this object through the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info). The format of the file is XML and it has the following structure: <report type="security"> <generatedBy id="WAVES 2.3.0"/> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityList> <vulnerability level="3"> <url>http://www.a.com</url> <parameters>id=23</parameters> <info>SQL Injection</info> </vulnerability> </vulnerabilityList> </vulnerabilityType> </vulnerabilityTypeList> </report> """ def __init__(self): self.__infos = {} self.__xmlDoc = Document() self.__flawTypes = {} self.__vulns = {} self.__anomalies = {} def setReportInfo(self, target, scope=None, date_string="", version=""): self.__infos["target"] = target self.__infos["date"] = date_string self.__infos["version"] = version if scope: self.__infos["scope"] = scope # Vulnerabilities def addVulnerabilityType(self, name, description="", solution="", references={}): if name not in self.__flawTypes: self.__flawTypes[name] = { 'desc': description, 'sol': solution, 'ref': references } if name not in self.__vulns: self.__vulns[name] = [] def logVulnerability(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ vuln_dict = { "method": request.method, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "http_request": request.http_repr, "curl_command": request.curl_repr, } if category not in self.__vulns: self.__vulns[category] = [] self.__vulns[category].append(vuln_dict) # Anomalies def addAnomalyType(self, name, description="", solution="", references={}): if name not in self.__flawTypes: self.__flawTypes[name] = { 'desc': description, 'sol': solution, 'ref': references } if name not in self.__anomalies: self.__anomalies[name] = [] def logAnomaly(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ anom_dict = { "method": request.method, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "http_request": request.http_repr, "curl_command": request.curl_repr, } if category not in self.__anomalies: self.__anomalies[category] = [] self.__anomalies[category].append(anom_dict) def generateReport(self, filename): """ Create a xml file with a report of the vulnerabilities which have been logged with the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info) """ report = self.__xmlDoc.createElement("report") report.setAttribute("type", "security") self.__xmlDoc.appendChild(report) # Add report infos report_infos = self.__xmlDoc.createElement("report_infos") generatorName = self.__xmlDoc.createElement("info") generatorName.setAttribute("name", "generatorName") generatorName.appendChild(self.__xmlDoc.createTextNode("wapiti")) report_infos.appendChild(generatorName) generatorVersion = self.__xmlDoc.createElement("info") generatorVersion.setAttribute("name", "generatorVersion") generatorVersion.appendChild( self.__xmlDoc.createTextNode(self.__infos["version"])) report_infos.appendChild(generatorVersion) scope = self.__xmlDoc.createElement("info") scope.setAttribute("name", "scope") scope.appendChild(self.__xmlDoc.createTextNode(self.__infos["scope"])) report_infos.appendChild(scope) dateOfScan = self.__xmlDoc.createElement("info") dateOfScan.setAttribute("name", "dateOfScan") dateOfScan.appendChild( self.__xmlDoc.createTextNode(self.__infos["date"])) report_infos.appendChild(dateOfScan) report.appendChild(report_infos) vulnerabilities = self.__xmlDoc.createElement("vulnerabilities") anomalies = self.__xmlDoc.createElement("anomalies") # Loop on each flaw classification for flawType in self.__flawTypes: container = None classification = "" flaw_dict = {} if flawType in self.__vulns: container = vulnerabilities classification = "vulnerability" flaw_dict = self.__vulns elif flawType in self.__anomalies: container = anomalies classification = "anomaly" flaw_dict = self.__anomalies # Child nodes with a description of the flaw type flawTypeNode = self.__xmlDoc.createElement(classification) flawTypeNode.setAttribute("name", flawType) flawTypeDesc = self.__xmlDoc.createElement("description") flawTypeDesc.appendChild( self.__xmlDoc.createCDATASection( self.__flawTypes[flawType]['desc'])) flawTypeNode.appendChild(flawTypeDesc) flawTypeSolution = self.__xmlDoc.createElement("solution") flawTypeSolution.appendChild( self.__xmlDoc.createCDATASection( self.__flawTypes[flawType]['sol'])) flawTypeNode.appendChild(flawTypeSolution) flawTypeReferences = self.__xmlDoc.createElement("references") for ref in self.__flawTypes[flawType]['ref']: referenceNode = self.__xmlDoc.createElement("reference") titleNode = self.__xmlDoc.createElement("title") urlNode = self.__xmlDoc.createElement("url") titleNode.appendChild(self.__xmlDoc.createTextNode(ref)) url = self.__flawTypes[flawType]['ref'][ref] urlNode.appendChild(self.__xmlDoc.createTextNode(url)) referenceNode.appendChild(titleNode) referenceNode.appendChild(urlNode) flawTypeReferences.appendChild(referenceNode) flawTypeNode.appendChild(flawTypeReferences) # And child nodes with each flaw of the current type entriesNode = self.__xmlDoc.createElement("entries") for flaw in flaw_dict[flawType]: entryNode = self.__xmlDoc.createElement("entry") methodNode = self.__xmlDoc.createElement("method") methodNode.appendChild( self.__xmlDoc.createTextNode(flaw["method"])) entryNode.appendChild(methodNode) pathNode = self.__xmlDoc.createElement("path") pathNode.appendChild(self.__xmlDoc.createTextNode( flaw["path"])) entryNode.appendChild(pathNode) levelNode = self.__xmlDoc.createElement("level") levelNode.appendChild( self.__xmlDoc.createTextNode(str(flaw["level"]))) entryNode.appendChild(levelNode) parameterNode = self.__xmlDoc.createElement("parameter") parameterNode.appendChild( self.__xmlDoc.createTextNode(flaw["parameter"])) entryNode.appendChild(parameterNode) infoNode = self.__xmlDoc.createElement("info") infoNode.appendChild(self.__xmlDoc.createTextNode( flaw["info"])) entryNode.appendChild(infoNode) httpRequestNode = self.__xmlDoc.createElement("http_request") httpRequestNode.appendChild( self.__xmlDoc.createCDATASection(flaw["http_request"])) entryNode.appendChild(httpRequestNode) curlCommandNode = self.__xmlDoc.createElement("curl_command") curlCommandNode.appendChild( self.__xmlDoc.createCDATASection(flaw["curl_command"])) entryNode.appendChild(curlCommandNode) entriesNode.appendChild(entryNode) flawTypeNode.appendChild(entriesNode) container.appendChild(flawTypeNode) report.appendChild(vulnerabilities) report.appendChild(anomalies) f = open(filename, "w") try: f.write(self.__xmlDoc.toprettyxml(indent=" ", encoding="UTF-8")) finally: f.close()
class XMLContextBuilder(object): """This class encapsulates most rules needed to create a XML test report behind a simple interface. """ def __init__(self): """Creates a new instance. """ self._xml_doc = Document() self._current_context = None def current_context(self): """Returns the current context. """ return self._current_context def begin_context(self, tag, name): """Begins a new context in the XML test report, which usually is defined by one on the tags 'testsuites', 'testsuite', or 'testcase'. """ context = TestXMLContext(self._xml_doc, self._current_context) context.begin(tag, name) self._current_context = context def context_tag(self): """Returns the tag represented by the current context. """ return self._current_context.element_tag() def _create_cdata_section(self, content): """Returns a new CDATA section containing the string defined in `content`. """ filtered_content = replace_nontext(content) return self._xml_doc.createCDATASection(filtered_content) def append_cdata_section(self, tag, content): """Appends a tag in the format <tag>CDATA</tag> into the tag represented by the current context. Returns the created tag. """ element = self._xml_doc.createElement(tag) pos = content.find(']]>') while pos >= 0: tmp=content[0:pos+2] element.appendChild(self._create_cdata_section(tmp)) content=content[pos+2:] pos = content.find(']]>') element.appendChild(self._create_cdata_section(content)) self._append_child(element) return element def append(self, tag, content, **kwargs): """Apends a tag in the format <tag attr='val' attr2='val2'>CDATA</tag> into the tag represented by the current context. Returns the created tag. """ element = self._xml_doc.createElement(tag) for key, value in kwargs.items(): filtered_value = replace_nontext(six.text_type(value)) element.setAttribute(key, filtered_value) if content: element.appendChild(self._create_cdata_section(content)) self._append_child(element) return element def _append_child(self, element): """Appends a tag object represented by `element` into the tag represented by the current context. """ if self._current_context: self._current_context.element.appendChild(element) else: self._xml_doc.appendChild(element) def increment_counter(self, counter_name): """Increments a counter in the current context and their parents. """ context = self._current_context while context: context.increment_counter(counter_name) context = context.parent def end_context(self): """Ends the current context and sets the current context as being the previous one (if it exists). Also, when a context ends, its tag is appended in the proper place inside the document. """ if not self._current_context: return False element = self._current_context.end() self._current_context = self._current_context.parent self._append_child(element) return True def finish(self): """Ends all open contexts and returns a pretty printed version of the generated XML document. """ while self.end_context(): pass return self._xml_doc.toprettyxml(indent='\t', encoding=UTF8)
class XMLProcessor(object): def __init__(self): object.__init__(self) self.doc = "" self.base = "" self.fileHandle = "" # NAME : createDocument # PARAMS : None # RETURN : Nothing # DESC : creates a minidom Document # object and saves it into class # variable def createDocument(self): # Create the minidom document self.doc = Document() # EOF: createDocument # NAME : createBaseElement # PARAMS : str, list # RETURN : Nothing # DESC : creates the base element to # set the base for the XML document # being created def createBaseElement(self, name=None, ns=None): # Create the base element self.base = self.doc.createElement(name) if ns: for n in ns: self.base.setAttribute(n[0], n[1]) else: self.base.setAttribute("xmlns", "http://www.neurofuzz.com") self.base.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance") self.base.setAttribute("xsi:schemaLocation", "http://www.neurofuzz.com vectors.xsd") self.doc.appendChild(self.base) # EOF: createBaseElement # NAME : populateChildElements # PARAMS : Str, Array, Str, Bool # RETURN : None # DESC : creates child elements in the XML object # or file def populateChildElement(self, name=None, value=None, attributes=None, child=None): elem = self.doc.createElement(name) if type(attributes) == list: for n in attributes: elem.setAttribute(n[0], n[1]) else: for key in attributes.keys(): elem.setAttribute(key, attributes[key]) if child: self.doc.childNodes[0].childNodes[0].appendChild(elem) else: self.doc.childNodes[0].appendChild(elem) if value: vv = self.doc.createTextNode(str(value)) elem.appendChild(vv) # EOF: populateChildElement # NAME : populateChildElements # PARAMS : Str, Array, Str, Bool # RETURN : None # DESC : creates child elements in the XML object # or file def populateChildElements(self, name=None, arr=None, type=None, attackcategory=None, file=False): if typechecker.is_str(arr): elem = self.doc.createElement(name) if type: elem.setAttribute("type", type) if attackcategory: elem.setAttribute("attackcategory", attackcategory) self.doc.childNodes[0].appendChild(elem) vv = self.doc.createTextNode(arr) elem.appendChild(vv) elif typechecker.is_iter(arr): cdata = re.compile(r"CDATA", re.IGNORECASE) invalidxml = re.compile(r"]]>") # iterate over array for v in arr: for kv in v[0].iteritems(): #set the attack category data from the array attackcategory = v[1].strip() # Give the element some data # if value == C then check to see if we need # to pump the data thru a CDATA section if kv[1] == 'C': targetKey = kv[0].strip() # lets substitute the chars: ]]> because we use them # in our attack vectors but they cause massive problems # with XML since they are the closing CDATA tags targetKey = invalidxml.sub('0x5d0x5d0x3e', targetKey) # startswith certain chars that we want to push thru CDATA sections # as well as straight text nodes if targetKey.startswith('<') \ or targetKey.startswith('>') \ or targetKey.startswith('\\') \ or targetKey.startswith('<?xml') \ and cdata.search(targetKey) is None: elem = self.doc.createElement(name) if type: elem.setAttribute("type", type) if attackcategory: elem.setAttribute("attackcategory", attackcategory) self.doc.childNodes[0].appendChild(elem) vv = self.doc.createCDATASection(targetKey) elem.appendChild(vv) elif targetKey.startswith('<![') and cdata.search(targetKey): tok = unicode(targetKey) newtok = "" for char in tok: if char == "[" or char == "]" or char == "<" or char == ">": newtok = newtok + "&#" + str(ord(char)) + ";" else: newtok = newtok + char elem = self.doc.createElement(name) if type: elem.setAttribute("type", type) if attackcategory: elem.setAttribute("attackcategory", attackcategory) self.doc.childNodes[0].appendChild(elem) vv = self.doc.createTextNode(newtok) elem.appendChild(vv) # otherwise process only as straight text nodes else: elem = self.doc.createElement(name) if type: elem.setAttribute("type", type) if attackcategory: elem.setAttribute("attackcategory", attackcategory) self.doc.childNodes[0].appendChild(elem) vv = self.doc.createTextNode(targetKey) elem.appendChild(vv) # value is something other than 'C' so no CDATA section concerns else: elem = self.doc.createElement(name) if type: elem.setAttribute("type", type) if attackcategory: elem.setAttribute("attackcategory", attackcategory) self.doc.childNodes[0].appendChild(elem) vv = self.doc.createTextNode(targetKey) elem.appendChild(vv) if file: # write the file with the new XML data self.writeXMLToFile(doc=self.doc) # EOF: populateChildElements # NAME : setFileHandle # PARAMS : Str, Str # RETURN : None # DESC : sets data to establish the path # to the file that will eventually # hold the XML def setFileHandle(self, path, file): self.fileHandle = path + "/" + file # EOF: setFileHandle # NAME : getFileHandle # PARAMS : None # RETURN : Str # DESC : returns the exact path # to the file that holds the XML def getFileHandle(self): return self.fileHandle # EOF: getFileHandle # NAME : writeXMLToFile # PARAMS : XML Doc # RETURN : Nothing # DESC : writes XML data to a file def writeXMLToFile(self, doc=None): # write the xml out to file try: FILE = open(self.fileHandle,"w") if doc is not None: FILE.write(doc.toxml()) else: FILE.write(self.doc.toxml()) FILE.close() except IOError, detail: genUtils.handleFileMsg(self.fileHandle, msg=detail) return None
class OpenVASReportGenerator(ReportGenerator): """ This class generates a report with the method printToFile(fileName) which contains the information of all the vulnerabilities notified to this object through the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info). The format of the file is XML and it has the following structure: <report type="security"> <generatedBy id="Wapiti 2.3.0"/> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityList> <vulnerability level="3"> <url>http://www.a.com</url> <parameters>id=23</parameters> <info>SQL Injection</info> </vulnerability> </vulnerabilityList> </vulnerablityType> </vulnerabilityTypeList> </report> """ __xmlDoc = None __infos = {} __flawTypes = {} __vulns = {} __anomalies = {} __infos = {} __vulnCount = 0 __anomCount = 0 def __init__(self): self.__xmlDoc = Document() def setReportInfo(self, target, scope=None, date_string="", version=""): self.__infos["target"] = target self.__infos["date"] = date_string self.__infos["version"] = version if scope: self.__infos["scope"] = scope # Vulnerabilities def addVulnerabilityType(self, name, description="", solution="", references={}): if name not in self.__flawTypes: self.__flawTypes[name] = {"desc": description, "sol": solution, "ref": references} if name not in self.__vulns: self.__vulns[name] = [] def logVulnerability(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ vuln_dict = { "method": request.method, "hostname": request.hostname, "port": request.port, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "http_request": request.http_repr, "curl_command": request.curl_repr, } if category not in self.__vulns: self.__vulns[category] = [] self.__vulns[category].append(vuln_dict) self.__vulnCount += 1 # Anomalies def addAnomalyType(self, name, description="", solution="", references={}): if name not in self.__flawTypes: self.__flawTypes[name] = {"desc": description, "sol": solution, "ref": references} if name not in self.__anomalies: self.__anomalies[name] = [] def logAnomaly(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ anom_dict = { "method": request.method, "hostname": request.hostname, "port": request.port, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "http_request": request.http_repr, "curl_command": request.curl_repr, } if category not in self.__anomalies: self.__anomalies[category] = [] self.__anomalies[category].append(anom_dict) self.__anomCount += 1 def generateReport(self, fileName): """ Create a xml file with a report of the vulnerabilities which have been logged with the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info) """ uuid_report = str(uuid.uuid1()) report = self.__xmlDoc.createElement("report") report.setAttribute("extension", "xml") report.setAttribute("id", uuid_report) report.setAttribute("type", "scan") report.setAttribute("content_type", "text/html") report.setAttribute("format_id", "a994b278-1f62-11e1-96ac-406186ea4fc5") self.__xmlDoc.appendChild(report) # Add report infos report_infos = self.__xmlDoc.createElement("report") report_infos.setAttribute("id", uuid_report) scan_run_status = self.__xmlDoc.createElement("scan_run_status") scan_run_status.appendChild(self.__xmlDoc.createTextNode("Done")) report_infos.appendChild(scan_run_status) scan_start = self.__xmlDoc.createElement("scan_start") scan_start.appendChild(self.__xmlDoc.createTextNode(self.__infos["date"])) report_infos.appendChild(scan_start) results = self.__xmlDoc.createElement("results") results.setAttribute("start", "1") results.setAttribute("max", str(self.__vulnCount + self.__anomCount)) # Loop on each flaw classification for flawType in self.__flawTypes: classification = "" flaw_dict = {} if flawType in self.__vulns: classification = "vulnerability" flaw_dict = self.__vulns elif flawType in self.__anomalies: classification = "anomaly" flaw_dict = self.__anomalies for flaw in flaw_dict[flawType]: result = self.__xmlDoc.createElement("result") result.setAttribute("id", str(uuid.uuid4())) subnet = self.__xmlDoc.createElement("subnet") subnet.appendChild(self.__xmlDoc.createTextNode(flaw["hostname"])) result.appendChild(subnet) host = self.__xmlDoc.createElement("host") host.appendChild(self.__xmlDoc.createTextNode(flaw["hostname"])) result.appendChild(host) port = self.__xmlDoc.createElement("port") port.appendChild(self.__xmlDoc.createTextNode(str(flaw["port"]))) result.appendChild(port) nvt = self.__xmlDoc.createElement("nvt") nvt.setAttribute("oid", str(uuid.uuid4())) name = self.__xmlDoc.createElement("name") name.appendChild(self.__xmlDoc.createTextNode(flawType)) nvt.appendChild(name) family = self.__xmlDoc.createElement("family") family.appendChild(self.__xmlDoc.createTextNode(classification)) nvt.appendChild(family) cvss_base = self.__xmlDoc.createElement("cvss_base") cvss_base.appendChild(self.__xmlDoc.createTextNode("0.0")) nvt.appendChild(cvss_base) risk_factor = self.__xmlDoc.createElement("risk_factor") risk_factor.appendChild(self.__xmlDoc.createTextNode(str(flaw["level"]))) nvt.appendChild(risk_factor) cve = self.__xmlDoc.createElement("cve") cve.appendChild(self.__xmlDoc.createTextNode("")) nvt.appendChild(cve) bid = self.__xmlDoc.createElement("bid") bid.appendChild(self.__xmlDoc.createTextNode("")) nvt.appendChild(bid) tags = self.__xmlDoc.createElement("tags") tags.appendChild(self.__xmlDoc.createTextNode("")) nvt.appendChild(tags) certs = self.__xmlDoc.createElement("certs") certs.appendChild(self.__xmlDoc.createTextNode("")) nvt.appendChild(certs) xref = self.__xmlDoc.createElement("xref") xref.appendChild(self.__xmlDoc.createTextNode("NOXREF")) nvt.appendChild(xref) result.appendChild(nvt) threat = self.__xmlDoc.createElement("threat") threat.appendChild(self.__xmlDoc.createTextNode(str(flaw["level"]))) result.appendChild(threat) description = self.__xmlDoc.createElement("description") description.appendChild(self.__xmlDoc.createCDATASection(flaw["info"])) result.appendChild(description) original_threat = self.__xmlDoc.createElement("original_threat") original_threat.appendChild(self.__xmlDoc.createTextNode(str(flaw["level"]))) result.appendChild(original_threat) results.appendChild(result) report_infos.appendChild(results) report.appendChild(report_infos) f = open(fileName, "w") try: f.write(self.__xmlDoc.toprettyxml(indent=" ", encoding="UTF-8")) finally: f.close()
class XMLReportGenerator(ReportGenerator): """ This class generates a report with the method printToFile(fileName) which contains the information of all the vulnerabilities notified to this object through the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info). The format of the file is XML and it has the following structure: <report type="security"> <generatedBy id="Wapiti 2.3.0"/> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityList> <vulnerability level="3"> <url>http://www.a.com</url> <parameters>id=23</parameters> <info>SQL Injection</info> </vulnerability> </vulnerabilityList> </vulnerabilityType> </vulnerabilityTypeList> </report> """ def __init__(self): self.__infos = {} self.__xmlDoc = Document() self.__flawTypes = {} self.__vulns = {} self.__anomalies = {} def setReportInfo(self, target, scope=None, date_string="", version=""): self.__infos["target"] = target self.__infos["date"] = date_string self.__infos["version"] = version if scope: self.__infos["scope"] = scope # Vulnerabilities def addVulnerabilityType(self, name, description="", solution="", references={}): if name not in self.__flawTypes: self.__flawTypes[name] = {'desc': description, 'sol': solution, 'ref': references} if name not in self.__vulns: self.__vulns[name] = [] def logVulnerability(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ vuln_dict = {"method": request.method, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "http_request": request.http_repr, "curl_command": request.curl_repr, } if category not in self.__vulns: self.__vulns[category] = [] self.__vulns[category].append(vuln_dict) # Anomalies def addAnomalyType(self, name, description="", solution="", references={}): if name not in self.__flawTypes: self.__flawTypes[name] = {'desc': description, 'sol': solution, 'ref': references} if name not in self.__anomalies: self.__anomalies[name] = [] def logAnomaly(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ anom_dict = {"method": request.method, "path": request.file_path, "info": info, "level": level, "parameter": parameter, "http_request": request.http_repr, "curl_command": request.curl_repr, } if category not in self.__anomalies: self.__anomalies[category] = [] self.__anomalies[category].append(anom_dict) def generateReport(self, filename): """ Create a xml file with a report of the vulnerabilities which have been logged with the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info) """ report = self.__xmlDoc.createElement("report") report.setAttribute("type", "security") self.__xmlDoc.appendChild(report) # Add report infos report_infos = self.__xmlDoc.createElement("report_infos") generatorName = self.__xmlDoc.createElement("info") generatorName.setAttribute("name", "generatorName") generatorName.appendChild(self.__xmlDoc.createTextNode("wapiti")) report_infos.appendChild(generatorName) generatorVersion = self.__xmlDoc.createElement("info") generatorVersion.setAttribute("name", "generatorVersion") generatorVersion.appendChild(self.__xmlDoc.createTextNode(self.__infos["version"])) report_infos.appendChild(generatorVersion) scope = self.__xmlDoc.createElement("info") scope.setAttribute("name", "scope") scope.appendChild(self.__xmlDoc.createTextNode(self.__infos["scope"])) report_infos.appendChild(scope) dateOfScan = self.__xmlDoc.createElement("info") dateOfScan.setAttribute("name", "dateOfScan") dateOfScan.appendChild(self.__xmlDoc.createTextNode(self.__infos["date"])) report_infos.appendChild(dateOfScan) report.appendChild(report_infos) vulnerabilities = self.__xmlDoc.createElement("vulnerabilities") anomalies = self.__xmlDoc.createElement("anomalies") # Loop on each flaw classification for flawType in self.__flawTypes: container = None classification = "" flaw_dict = {} if flawType in self.__vulns: container = vulnerabilities classification = "vulnerability" flaw_dict = self.__vulns elif flawType in self.__anomalies: container = anomalies classification = "anomaly" flaw_dict = self.__anomalies # Child nodes with a description of the flaw type flawTypeNode = self.__xmlDoc.createElement(classification) flawTypeNode.setAttribute("name", flawType) flawTypeDesc = self.__xmlDoc.createElement("description") flawTypeDesc.appendChild(self.__xmlDoc.createCDATASection(self.__flawTypes[flawType]['desc'])) flawTypeNode.appendChild(flawTypeDesc) flawTypeSolution = self.__xmlDoc.createElement("solution") flawTypeSolution.appendChild(self.__xmlDoc.createCDATASection(self.__flawTypes[flawType]['sol'])) flawTypeNode.appendChild(flawTypeSolution) flawTypeReferences = self.__xmlDoc.createElement("references") for ref in self.__flawTypes[flawType]['ref']: referenceNode = self.__xmlDoc.createElement("reference") titleNode = self.__xmlDoc.createElement("title") urlNode = self.__xmlDoc.createElement("url") titleNode.appendChild(self.__xmlDoc.createTextNode(ref)) url = self.__flawTypes[flawType]['ref'][ref] urlNode.appendChild(self.__xmlDoc.createTextNode(url)) referenceNode.appendChild(titleNode) referenceNode.appendChild(urlNode) flawTypeReferences.appendChild(referenceNode) flawTypeNode.appendChild(flawTypeReferences) # And child nodes with each flaw of the current type entriesNode = self.__xmlDoc.createElement("entries") for flaw in flaw_dict[flawType]: entryNode = self.__xmlDoc.createElement("entry") methodNode = self.__xmlDoc.createElement("method") methodNode.appendChild(self.__xmlDoc.createTextNode(flaw["method"])) entryNode.appendChild(methodNode) pathNode = self.__xmlDoc.createElement("path") pathNode.appendChild(self.__xmlDoc.createTextNode(flaw["path"])) entryNode.appendChild(pathNode) levelNode = self.__xmlDoc.createElement("level") levelNode.appendChild(self.__xmlDoc.createTextNode(str(flaw["level"]))) entryNode.appendChild(levelNode) parameterNode = self.__xmlDoc.createElement("parameter") parameterNode.appendChild(self.__xmlDoc.createTextNode(flaw["parameter"])) entryNode.appendChild(parameterNode) infoNode = self.__xmlDoc.createElement("info") infoNode.appendChild(self.__xmlDoc.createTextNode(flaw["info"])) entryNode.appendChild(infoNode) httpRequestNode = self.__xmlDoc.createElement("http_request") httpRequestNode.appendChild(self.__xmlDoc.createCDATASection(flaw["http_request"])) entryNode.appendChild(httpRequestNode) curlCommandNode = self.__xmlDoc.createElement("curl_command") curlCommandNode.appendChild(self.__xmlDoc.createCDATASection(flaw["curl_command"])) entryNode.appendChild(curlCommandNode) entriesNode.appendChild(entryNode) flawTypeNode.appendChild(entriesNode) container.appendChild(flawTypeNode) report.appendChild(vulnerabilities) report.appendChild(anomalies) f = open(filename, "w") try: f.write(self.__xmlDoc.toprettyxml(indent=" ", encoding="UTF-8")) finally: f.close()
class XMLReportGenerator(ReportGenerator): """ This class generates a report with the method printToFile(fileName) which contains the information of all the vulnerabilities notified to this object through the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info). The format of the file is XML and it has the following structure: <report type="security"> <generatedBy id="Wapiti SVN"/> <bugTypeList> <bugType name="SQL Injection"> <bugList/> <report> <vulnerabilityTypeList> <vulnerabilityType name="SQL Injection"> <vulnerabilityList> <vulnerability level="3"> <url>http://www.a.com</url> <parameters>id=23</parameters> <info>SQL Injection</info> </vulnerability> </vulnerabilityList> </vulnerablityType> </vulnerabilityTypeList> </report> """ __xmlDoc = None __vulnerabilityTypeList = None def __init__(self): self.__xmlDoc = Document() report = self.__addReport() generated = self.__xmlDoc.createElement("generatedBy") generated.setAttribute("id", WAPITI_VERSION) report.appendChild(generated) self.__vulnerabilityTypeList = self.__xmlDoc.createElement("bugTypeList") report.appendChild(self.__vulnerabilityTypeList) def __addReport(self): report = self.__xmlDoc.createElement("report") report.setAttribute("type", "security") self.__xmlDoc.appendChild(report) return report def __addToVulnerabilityTypeList(self, vulnerabilityType): self.__vulnerabilityTypeList.appendChild(vulnerabilityType) def addVulnerabilityType(self, name, description="", solution="", references={}): """ This method adds a vulnerability type, it can be invoked to include in the report the type. The types are not stored previously, they are added when the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info) is invoked and if there is no vulnerabilty of a type, this type will not be presented in the report """ vulnerabilityType = self.__xmlDoc.createElement("bugType") vulnerabilityType.setAttribute("name", name) vulnerabilityType.appendChild(self.__xmlDoc.createElement("bugList")) self.__addToVulnerabilityTypeList(vulnerabilityType) if description != "": descriptionNode = self.__xmlDoc.createElement("description") descriptionNode.appendChild(self.__xmlDoc.createCDATASection(description)) vulnerabilityType.appendChild(descriptionNode) if solution != "": solutionNode = self.__xmlDoc.createElement("solution") solutionNode.appendChild(self.__xmlDoc.createCDATASection(solution)) vulnerabilityType.appendChild(solutionNode) if references != "": referencesNode = self.__xmlDoc.createElement("references") for ref in references: referenceNode = self.__xmlDoc.createElement("reference") titleNode = self.__xmlDoc.createElement("title") urlNode = self.__xmlDoc.createElement("url") titleNode.appendChild(self.__xmlDoc.createTextNode(ref)) urlNode.appendChild(self.__xmlDoc.createTextNode(references[ref])) referenceNode.appendChild(titleNode) referenceNode.appendChild(urlNode) referencesNode.appendChild(referenceNode) vulnerabilityType.appendChild(referencesNode) return vulnerabilityType def __addToVulnerabilityList(self, vulnerabilityTypeName, vulnerability): vulnerabilityType = None for node in self.__vulnerabilityTypeList.childNodes: if node.nodeType == node.ELEMENT_NODE and node.getAttribute("name") == vulnerabilityTypeName: vulnerabilityType = node break if vulnerabilityType is None: vulnerabilityType = self.addVulnerabilityType(vulnerabilityTypeName) vulnerabilityType.childNodes[0].appendChild(vulnerability) def logVulnerability(self, category=None, level=0, request=None, parameter="", info=""): """ Store the information about the vulnerability to be printed later. The method printToFile(fileName) can be used to save in a file the vulnerabilities notified through the current method. """ url = request.url # if resp == None: # peer = None # ts = datetime.datetime.now() # elif issubclass(resp.__class__, requests.exceptions.Timeout): # peer = None # ts = datetime.datetime.now() # elif issubclass(resp.__class__, net.HTTP.HTTPResponse): # peer = resp.peer # ts = resp.timestamp # else: # raise TypeError(resp) vulnerability = self.__xmlDoc.createElement("bug") vulnerability.setAttribute("level", level) # tsNode = self.__xmlDoc.createElement("timestamp") # tsNode.appendChild(self.__xmlDoc.createTextNode(ts.isoformat())) # vulnerability.appendChild(tsNode) urlNode = self.__xmlDoc.createElement("url") urlNode.appendChild(self.__xmlDoc.createTextNode(url.encode("UTF-8"))) vulnerability.appendChild(urlNode) # if peer!=None: # peerNode = self.__xmlDoc.createElement("peer") # if isPeerAddrPort(peer): # addrNode = self.__xmlDoc.createElement("addr") # addrNode.appendChild( self.__xmlDoc.createTextNode(peer[0]) ) # peerNode.appendChild(addrNode) # # portNode = self.__xmlDoc.createElement("port") # portNode.appendChild( self.__xmlDoc.createTextNode(str(peer[1])) ) # peerNode.appendChild(portNode) # else: # addrNode = self.__xmlDoc.createElement("addr") # addrNode.appendChild( self.__xmlDoc.createTextNode(str(peer)) ) # peerNode.appendChild(addrNode) # vulnerability.appendChild(peerNode) parameterNode = self.__xmlDoc.createElement("parameter") parameterNode.appendChild(self.__xmlDoc.createTextNode(parameter)) vulnerability.appendChild(parameterNode) infoNode = self.__xmlDoc.createElement("info") info = info.replace("\n", "<br />") infoNode.appendChild(self.__xmlDoc.createTextNode(info)) vulnerability.appendChild(infoNode) self.__addToVulnerabilityList(category, vulnerability) def generateReport(self, fileName): """ Create a xml file with a report of the vulnerabilities which have been logged with the method logVulnerability(vulnerabilityTypeName,level,url,parameter,info) """ f = open(fileName, "w") try: f.write(self.__xmlDoc.toprettyxml(indent=" ", encoding="UTF-8")) finally: f.close()
def runxssdetect(self): bitlyflag=0 tinyurlflag=0 error=0 p=Xssalert() payloads=[] if self.timeoutvalueflag: p.set_timeout(self.timeoutvalue) if self.cookieflag: p.set_cookie(self.cookie) if self.refererflag: p.set_referer(self.referer) if self.extrahttpheaderflag: p.set_header(self.extrahttpheader) p.set_agent(str(self.agent)) p.close() api="" if self.urlshotapiflag==1: if self.urlshortapi=="Bit.ly": api=bitly.Api(login='******',apikey='R_391167cfede7dea1eaef94ff49c98a86') bitlyflag=1 elif self.urlshortapi=="TinyUrl": tinyurlflag=1 hash_found=[] hash_notfound=[] openbrowser=[] fquerystring=self.querystring fpoststring=self.poststring global hashstring fhash=hashstring absp= os.path.abspath(__file__) dirp= os.path.dirname(absp) if self.payloadflag: if self.payload[0]: try: fzpath=dirp+"/fuzzvector/dcpvector.xml" v1=minidom.parse(fzpath) allurl= v1.getElementsByTagName("vector") dc=[] for i in allurl: dc.append(i.firstChild.wholeText.encode('ascii','ignore').strip()) payloads=payloads+dc except: error=1 QtGui.QMessageBox.warning(self,"Error:",str("Unexpected error in dcp fuzz vector")) if self.payload[1]: try: fzpath=dirp+"/fuzzvector/basicvector.xml" v1=minidom.parse(fzpath) allurl= v1.getElementsByTagName("vector") dc=[] for i in allurl: dc.append(i.firstChild.data.encode('ascii','ignore')) payloads=payloads+dc except: error=1 QtGui.QMessageBox.warning(self,"Error:",str("Unexpected error in basic fuzz vector")) if self.payload[2]: try: fzpath=dirp+"/fuzzvector/eventvector.xml" v1=minidom.parse(fzpath) allurl= v1.getElementsByTagName("vector") dc=[] for i in allurl: dc.append(i.firstChild.data.encode('ascii','ignore')) payloads=payloads+dc except: error=1 QtGui.QMessageBox.warning(self,"Error:",str("Unexpected error in event fuzz vector")) if self.payload[3]: try: fzpath=dirp+"/fuzzvector/embeddedeventvector.xml" v1=minidom.parse(fzpath) allurl= v1.getElementsByTagName("vector") dc=[] for i in allurl: dc.append(i.firstChild.data.encode('ascii','ignore')) payloads=payloads+dc except: error=1 QtGui.QMessageBox.warning(self,"Error:",str("Unexpected error in Embeddedevent fuzz vector")) if self.payload[4]: try: fzpath=dirp+"/fuzzvector/charencodevector.xml" v1=minidom.parse(fzpath) allurl= v1.getElementsByTagName("vector") dc=[] for i in allurl: dc.append(i.firstChild.data.encode('ascii','ignore')) payloads=payloads+dc except: error=1 QtGui.QMessageBox.warning(self,"Error:",str("Unexpected error in Character encode fuzz vector")) if self.payload[5]: try: fzpath=dirp+"/fuzzvector/embeddedcharencodevector.xml" v1=minidom.parse(fzpath) allurl= v1.getElementsByTagName("vector") dc=[] for i in allurl: dc.append(i.firstChild.data.encode('ascii','ignore')) payloads=payloads+dc except: error=1 QtGui.QMessageBox.warning(self,"Error:",str("Unexpected error in Embedded Character encode fuzz vector")) if self.payload[6]: try: fzpath=dirp+"/fuzzvector/regularHTMLvector.xml" v1=minidom.parse(fzpath) allurl= v1.getElementsByTagName("vector") dc=[] for i in allurl: dc.append(i.firstChild.data.encode('ascii','ignore')) payloads=payloads+dc except: error=1 QtGui.QMessageBox.warning(self,"Error:",str("Unexpected error in RegularHTML fuzz vector")) if self.payload[7]: try: fzpath=dirp+"/fuzzvector/urlobfussionvector.xml" v1=minidom.parse(fzpath) allurl= v1.getElementsByTagName("vector") dc=[] for i in allurl: dc.append(i.firstChild.data.encode('ascii','ignore')) payloads=payloads+dc except: error=1 QtGui.QMessageBox.warning(self,"Error:",str("Unexpected error in URLobfussion fuzz vector")) else: payloads=[DEFAULT_XSS] if self.extrapayloadflag: payloads=payloads+self.extrapayload total_vectors=len(payloads) progress_param2_pre=0 try: progress_param2_pre=100/total_vectors except: error=1 QtGui.QMessageBox.warning(self,"Error:",str("Unexpected error")) dif=0 if progress_param2_pre < 1: dif=1-progress_param2_pre progress_param2_pre+=dif self.start_button.setEnabled(False) self.BrowserButton.setEnabled(False) initimeS=time.gmtime().tm_sec initimeM=time.gmtime().tm_min initimeT=(initimeM*60)+initimeS self.outputxss.setRowCount(total_vectors*1) i=0 if not error : for payload in payloads: mod_payload=payload.strip().replace('XSS',fhash) c=Xssalert() dest_url="" if self.getflag: final_payload=fquerystring.strip()+mod_payload dest_url=self.urls.strip()+"/"+final_payload c.get(dest_url) elif self.postflag: final_payload=fpoststring.strip()+mod_payload dest_url=final_payload dest_url = dest_url.strip() c.post(self.urls,dest_url) else: final_payload=mod_payload dest_url=self.urls.strip()+"/"+final_payload c.get(dest_url) if c.info()['http-code']=="200": if bitlyflag==1: shorturl=api.shorten(dest_url) surl=QtGui.QTableWidgetItem(shorturl) shttp=QtGui.QTableWidgetItem(c.info()['http-code']) self.outputxss.setItem(i,0,surl) self.outputxss.setItem(i,1,shttp) hash_found.append((shorturl,c.info()['http-code'],self.urls)) openbrowser.append((shorturl)) elif tinyurlflag==1: shorturl=tinyurl.create_one(dest_url) surl=QtGui.QTableWidgetItem(shorturl) shttp=QtGui.QTableWidgetItem(c.info()['http-code']) self.outputxss.setItem(i,0,surl) self.outputxss.setItem(i,1,shttp) hash_found.append((shorturl,c.info()['http-code'],self.urls)) openbrowser.append((shorturl)) else: surl=QtGui.QTableWidgetItem(dest_url.strip()) shttp=QtGui.QTableWidgetItem(c.info()['http-code']) self.outputxss.setItem(i,0,surl) self.outputxss.setItem(i,1,shttp) hash_found.append((dest_url,c.info()['http-code'],self.urls)) openbrowser.append((dest_url)) if self.verboseflag: self.outputxss.setColumnCount(7) stime=QtGui.QTableWidgetItem(c.info()['total-time']) sheader_size=QtGui.QTableWidgetItem(c.info()['header-size']) sreq_size=QtGui.QTableWidgetItem(c.info()['request-size']) scontent_type=QtGui.QTableWidgetItem(c.info()['content-type']) shtime=QtGui.QTableWidgetItem("Total-time") shheader=QtGui.QTableWidgetItem("Header-size") shreq_size=QtGui.QTableWidgetItem("Request-size") shcontent_type=QtGui.QTableWidgetItem("Content-type") self.outputxss.setHorizontalHeaderItem(3,shtime) self.outputxss.setHorizontalHeaderItem(4,shheader) self.outputxss.setHorizontalHeaderItem(5,shreq_size) self.outputxss.setHorizontalHeaderItem(6,shcontent_type) self.outputxss.setItem(i,3,stime) self.outputxss.setItem(i,4,sheader_size) self.outputxss.setItem(i,5,sreq_size) self.outputxss.setItem(i,6,scontent_type) sresult=QtGui.QTableWidgetItem("Successful") self.outputxss.setItem(i,2,sresult) else: if bitlyflag==1: shorturl=api.shorten(dest_url) surl=QtGui.QTableWidgetItem(shorturl) shttp=QtGui.QTableWidgetItem(c.info()['http-code']) self.outputxss.setItem(i,0,surl) self.outputxss.setItem(i,1,shttp) hash_notfound.append((shorturl,c.info()['http-code'],self.urls)) elif tinyurlflag==1: shorturl=tinyurl.create_one(dest_url) surl=QtGui.QTableWidgetItem(shorturl) shttp=QtGui.QTableWidgetItem(c.info()['http-code']) self.outputxss.setItem(i,0,surl) self.outputxss.setItem(i,1,shttp) hash_notfound.append((shorturl,c.info()['http-code'],self.urls)) else: surl=QtGui.QTableWidgetItem(dest_url.strip()) shttp=QtGui.QTableWidgetItem(c.info()['http-code']) self.outputxss.setItem(i,0,surl) self.outputxss.setItem(i,1,shttp) hash_notfound.append((dest_url,c.info()['http-code'],self.urls)) if self.verboseflag: self.outputxss.setColumnCount(7) stime=QtGui.QTableWidgetItem(c.info()['total-time']) sheader_size=QtGui.QTableWidgetItem(c.info()['header-size']) sreq_size=QtGui.QTableWidgetItem(c.info()['request-size']) scontent_type=QtGui.QTableWidgetItem(c.info()['content-type']) shtime=QtGui.QTableWidgetItem("Total-time") shheader=QtGui.QTableWidgetItem("Header-size") shreq_size=QtGui.QTableWidgetItem("Request-size") shcontent_type=QtGui.QTableWidgetItem("Content-type") self.outputxss.setHorizontalHeaderItem(3,shtime) self.outputxss.setHorizontalHeaderItem(4,shheader) self.outputxss.setHorizontalHeaderItem(5,shreq_size) self.outputxss.setHorizontalHeaderItem(6,shcontent_type) self.outputxss.setItem(i,3,stime) self.outputxss.setItem(i,4,sheader_size) self.outputxss.setItem(i,5,sreq_size) self.outputxss.setItem(i,6,scontent_type) sresult=QtGui.QTableWidgetItem("Not injected") self.outputxss.setItem(i,2,sresult) self.outputxss.resizeColumnsToContents() i=i+1 c.close() val=self.resultprogressbar.value()+progress_param2_pre self.resultprogressbar.setValue(val) ftimeS=time.gmtime().tm_sec ftimeM=time.gmtime().tm_min ftimeT=(ftimeM*60)+ftimeS if self.fullreportflag: f1=open(self.dpath+"/fullreport.txt","w") f1.write("XSS Alert\n") f1.write("\n@author "+self.author_name) f1.write("\n@email "+self.author_email) f1.write("\n@datetime "+str(datetime.datetime.now())+"\n") for i in hash_found: f1.write("\n\n@url "+i[2]) f1.write("\n@attack_url "+i[0]) f1.write("\n@http-code "+i[1]) for i in hash_notfound: f1.write("\n\n@url "+i[2]) f1.write("\n@attack_url "+i[0]) f1.write("\n@http-code "+i[1]) f1.close() if self.xmlfileflag: dom=Document() x=dom.createElement("xssalert") dom.appendChild(x) fout=open(self.dpath+"/"+self.xmlfilename,"w") if len(hash_found)>0: for line in hash_found: xa=dom.createElement("xssalertresult") x.appendChild(xa) ul=dom.createElement("targeturl") xa.appendChild(ul) ultest=dom.createTextNode(line[2]) ul.appendChild(ultest) aul=dom.createElement("attackurl") xa.appendChild(aul) aultext=dom.createCDATASection(line[0]) aul.appendChild(aultext) brw=dom.createElement("http-code") xa.appendChild(brw) brwtext=dom.createTextNode(line[1]) brw.appendChild(brwtext) fout.write(dom.toprettyxml(indent=" ")) fout.close() else: xa=dom.createElement("xssalertresult") x.appendChild(xa) aul=dom.createElement("notfound") xa.appendChild(aul) aultext=dom.createTextNode("Not found any attack vector") aul.appendChild(aultext) fout.write(dom.toprettyxml(indent=" ")) fout.close() i=0 self.outputsuccessfull_vectors.setRowCount(len(hash_found)) if (len(hash_found)>0): for line in hash_found: surl=QtGui.QTableWidgetItem(line[0]) self.outputsuccessfull_vectors.setItem(i,0,surl) i=i+1 self.resultprogressbar.setValue(100) global finalUrl finalUrl=openbrowser self.total_vectors.setText(""+str(len(hash_found)+len(hash_notfound))) self.successfull_vectors.setText(""+str(len(hash_found))) self.failed_vectors.setText(""+str(len(hash_notfound))) self.total_time.setText(""+str(ftimeT-initimeT)+" S") if len(hash_found)>0: self.BrowserButton.setEnabled(True)
# print root.tag # print root.attrib # # for child in root: # print child.tag, child.attrib, child.text # print list(child) # # print(list(root)) # url = "http://zd.andoner.cn/parking/th/pay/" # headers = {'Content-Type': 'application/xml'} # set what your server accepts # res = requests.post(url, data=template, headers=headers) """create simple xml data""" doc = Document() root = doc.createElement('xml') item = doc.createElement("hello") data = doc.createCDATASection("world") item.appendChild(data) root.appendChild(item) item = doc.createElement("hey") data = doc.createTextNode("world") item.appendChild(data) root.appendChild(item) root.appendChild(item) print(root.toxml()) # <xml><hello><![CDATA[world]]></hello><hey>world</hey></xml>
class Feed(object): def __init__(self): super().__init__() self._document = Document() def _create_text_element(self, type_, text='', attribute=None): """Create a text element and return it.""" element = self._document.createElement(type_) element.appendChild(self._document.createTextNode(text)) if attribute: for _attribute in attribute: element.setAttribute(_attribute['key'], _attribute['vaule']) return element def _create_cdata_element(self, type_, text='', attribute=None): """Create a CDATA element and return it.""" element = self._document.createElement(type_) element.appendChild(self._document.createCDATASection(text)) if attribute: for _attribute in attribute: element.setAttribute(_attribute['key'], _attribute['vaule']) return element def _create_item(self, title, link, guid, pubDate, description='', creator='', categories='', content=''): self._item = self._document.createElement('item') self._item.appendChild( self._create_text_element(type_='title', text=title)) self._item.appendChild( self._create_text_element(type_='link', text=link)) self._item.appendChild( self._create_cdata_element(type_='description', text=description)) self._item.appendChild( self._create_text_element(type_='creator', text=creator)) self._item.appendChild( self._create_text_element(type_='categories', text=categories)) self._item.appendChild( self._create_text_element(type_='guid', text=link, attribute=[{ 'key': 'isPermaLink', 'vaule': 'false' }])) self._item.appendChild( self._create_text_element(type_='pubDate', text=pubDate)) self._item.appendChild( self._create_cdata_element(type_='content:encoded', text=content)) return self._item def _create_channel(self, title, link='', description='', webMaster='', language='zh-CN', lastBuildDate='', items=[]): self._channel = self._document.createElement('channel') self._channel.appendChild( self._create_text_element(type_='title', text=title)) self._channel.appendChild( self._create_text_element(type_='link', text=link)) self._channel.appendChild( self._create_text_element(type_='description', text=description)) self._channel.appendChild( self._create_text_element(type_='webMaster', text=webMaster)) self._channel.appendChild( self._create_text_element(type_='language', text="zh-CN")) self._channel.appendChild( self._create_text_element(type_='lastBuildDate', text=lastBuildDate)) for item in items: self._channel.appendChild(item) return self._channel
class CustomXMLBuilder(object): """ This class builds the XML used to describe songs. """ log.info('CustomXMLBuilder Loaded') def __init__(self): """ Set up the custom builder. """ # Create the minidom document self.custom_xml = Document() self.new_document() self.add_lyrics_to_song() def new_document(self): """ Create a new custom XML document. """ # Create the <song> base element self.song = self.custom_xml.createElement('song') self.custom_xml.appendChild(self.song) self.song.setAttribute('version', '1.0') def add_lyrics_to_song(self): """ Set up and add a ``<lyrics>`` tag which contains the lyrics of the custom item. """ # Create the main <lyrics> element self.lyrics = self.custom_xml.createElement('lyrics') self.lyrics.setAttribute('language', 'en') self.song.appendChild(self.lyrics) def add_verse_to_lyrics(self, verse_type, number, content): """ Add a verse to the ``<lyrics>`` tag. :param verse_type: A string denoting the type of verse. Possible values are "Chorus", "Verse", "Bridge", and "Custom". :param number: An integer denoting the number of the item, for example: verse 1. :param content: The actual text of the verse to be stored. """ verse = self.custom_xml.createElement('verse') verse.setAttribute('type', verse_type) verse.setAttribute('label', number) self.lyrics.appendChild(verse) # add data as a CDATA section to protect the XML from special chars cds = self.custom_xml.createCDATASection(content) verse.appendChild(cds) def _dump_xml(self): """ Debugging aid to dump XML so that we can see what we have. """ return self.custom_xml.toprettyxml(indent=' ') def extract_xml(self): """ Extract our newly created XML custom. """ return self.custom_xml.toxml('utf-8')
class CustomXMLBuilder(object): """ This class builds the XML used to describe songs. """ log.info(u'CustomXMLBuilder Loaded') def __init__(self): """ Set up the custom builder. """ # Create the minidom document self.custom_xml = Document() self.new_document() self.add_lyrics_to_song() def new_document(self): """ Create a new custom XML document. """ # Create the <song> base element self.song = self.custom_xml.createElement(u'song') self.custom_xml.appendChild(self.song) self.song.setAttribute(u'version', u'1.0') def add_lyrics_to_song(self): """ Set up and add a ``<lyrics>`` tag which contains the lyrics of the custom item. """ # Create the main <lyrics> element self.lyrics = self.custom_xml.createElement(u'lyrics') self.lyrics.setAttribute(u'language', u'en') self.song.appendChild(self.lyrics) def add_verse_to_lyrics(self, verse_type, number, content): """ Add a verse to the ``<lyrics>`` tag. ``verse_type`` A string denoting the type of verse. Possible values are "Chorus", "Verse", "Bridge", and "Custom". ``number`` An integer denoting the number of the item, for example: verse 1. ``content`` The actual text of the verse to be stored. """ verse = self.custom_xml.createElement(u'verse') verse.setAttribute(u'type', verse_type) verse.setAttribute(u'label', number) self.lyrics.appendChild(verse) # add data as a CDATA section to protect the XML from special chars cds = self.custom_xml.createCDATASection(content) verse.appendChild(cds) def _dump_xml(self): """ Debugging aid to dump XML so that we can see what we have. """ return self.custom_xml.toprettyxml(indent=u' ') def extract_xml(self): """ Extract our newly created XML custom. """ return self.custom_xml.toxml(u'utf-8')
def cross_validation_xml(corpus, classifier, real_class, iterations, \ quotient, result_file, name = "Validation"): """ @param iterations: int. Number of iterations @param quotient: float. Size of the training partition relative to the whole corpus size. @param name: (optional) string. Basename of the log files. """ print str(quotient * 100) + '% of the corpus used for training.' # abre o arquivo de resultado de classificacao used = open ("Log/"+name+".xml" , "wt") dom = Document() teste = dom.createElement('Teste') dom.appendChild(teste) start = clock() F1 = 0 Recall = 0 Precision = 0 maxF1 = 0 maxRec = 0 maxPre = 0 _file = open ("Log/"+result_file, "wt") _file.write("Treino ;Iteracao ;Precision ;Recall ;F1;\n") for i in range(iterations): print "\n\nIteration " + str(i+1) _file.write(str(quotient * 100)+"%;"+ str(i)+";") (train, tes) = corpus.partition(quotient) # print train, test classifier.train(train, real_class) (result, ids) = classifier.classify(tes) classifier.clear() measures = Measures(tes, real_class, result) # Calcula as variaveis pre = measures.recall()*100 if(pre > maxPre): maxPre = pre rec = measures.precision()*100 if(rec > maxRec): maxRex = rec f1 = measures.f_1()*100 if(f1 > maxF1): maxF1 = f1 # Escreve na tela os resultados print 'recall: '+str(pre)+'%' _file.write(str(pre)+";") print 'precision: '+str(rec)+'%' _file.write(str(rec)+";") print 'f1: '+str(f1)+'%' _file.write(str(f1)+";\n") F1 += f1 # obtem os dados do corpus que sera usado no teste test = tes.get_documents() nomes = tes.get_classes() # numero = ts.getnum() # gerando o xml de saida y = w= z= 0 iteracao = dom.createElement('Iteracao') teste.appendChild(iteracao) iteracao.setAttribute("num",str(i)) iteracao.setAttribute("precision",str(pre)) iteracao.setAttribute("recall",str(rec)) iteracao.setAttribute("f1",str(f1)) while y < len(test): nomes2 = nomes["list"][y].split("\\") tipoCritica = dom.createElement(nomes2[len(nomes2)-2]) iteracao.appendChild(tipoCritica) while z < len(test[y]): critica = dom.createElement('Critica') tipoCritica.appendChild(critica) # critica.setAttribute("id",str(numero[y][z])) critica.setAttribute("result",repr(result[z+w])) bag = dom.createElement('BagOfWords') critica.appendChild(bag) words = "" for numword in test[y][z]: words = words +tes.lex_word(numword).encode("UTF-8")+" " cddata = dom.createCDATASection(words) bag.appendChild(cddata) z += 1 w=z z=0 y += 1 end = clock() time = str((end-start)/iterations) resultado = dom.createElement('Resultado') teste.appendChild(resultado) resultado.setAttribute("maxprecision",str(maxPre)) resultado.setAttribute("maxrecall",str(maxRec)) resultado.setAttribute("maxf1",str(maxF1)) resultado.setAttribute("tempo",str(time)) dom.writexml(used,""," ",'\n',"utf-8") print "\n-----------------------\nAverage time used for each task: "+time+" seconds" print "Average f1 = "+str(F1/iterations)+"%" print "tempo total = "+str(end-start) used.close() _file.close()