Пример #1
0
 def test_parser_without_api(self):
     testfile = open("unittests/scans/risk_recon/findings.json")
     parser = RiskReconParser()
     findings = parser.get_findings(testfile, Test())
     self.assertEqual(2, len(findings))
     with self.subTest(i=0):
         finding = findings[0]
         self.assertEqual(datetime.date(2017, 3, 17), finding.date.date())
         self.assertEqual("ff2bbdbfc2b6fddc061ed96b1fasfwefb", finding.unique_id_from_tool)
     with self.subTest(i=1):
         finding = findings[1]
         self.assertEqual(datetime.date(2017, 3, 17), finding.date.date())
         self.assertEqual("ff2bbdbfc2b6gsrgwergwe6b1fasfwefb", finding.unique_id_from_tool)
Пример #2
0
def import_parser_factory(file, test, active, verified, scan_type=None):
    if scan_type is None:
        scan_type = test.test_type.name
    if scan_type == "Burp Scan":
        parser = BurpXmlParser(file, test)
    elif scan_type == "Burp Enterprise Scan":
        parser = BurpEnterpriseHtmlParser(file, test)
    elif scan_type == "Nessus Scan":
        filename = file.name.lower()
        if filename.endswith("csv"):
            parser = NessusCSVParser(file, test)
        elif filename.endswith("xml") or filename.endswith("nessus"):
            parser = NessusXMLParser(file, test)
    elif scan_type == "Clair Scan":
        parser = ClairParser(file, test)
    elif scan_type == "Nmap Scan":
        parser = NmapXMLParser(file, test)
    elif scan_type == "Nikto Scan":
        parser = NiktoXMLParser(file, test)
    elif scan_type == "Nexpose Scan":
        parser = NexposeFullXmlParser(file, test)
    elif scan_type == "Veracode Scan":
        parser = VeracodeXMLParser(file, test)
    elif scan_type == "Checkmarx Scan":
        parser = CheckmarxXMLParser(file, test)
    elif scan_type == "Checkmarx Scan detailed":
        parser = CheckmarxXMLParser(file, test, 'detailed')
    elif scan_type == "Contrast Scan":
        parser = ContrastCSVParser(file, test)
    elif scan_type == "Crashtest Security JSON File":
        parser = CrashtestSecurityJsonParser(file, test)
    elif scan_type == "Crashtest Security XML File":
        parser = CrashtestSecurityXmlParser(file, test)
    elif scan_type == "Bandit Scan":
        parser = BanditParser(file, test)
    elif scan_type == "ESLint Scan":
        parser = ESLintParser(file, test)
    elif scan_type == "ZAP Scan":
        parser = ZapXmlParser(file, test)
    elif scan_type == "AppSpider Scan":
        parser = AppSpiderXMLParser(file, test)
    elif scan_type == "Arachni Scan":
        parser = ArachniJSONParser(file, test)
    elif scan_type == 'VCG Scan':
        parser = VCGParser(file, test)
    elif scan_type == 'Dependency Check Scan':
        parser = DependencyCheckParser(file, test)
    elif scan_type == 'Dependency Track Finding Packaging Format (FPF) Export':
        parser = DependencyTrackParser(file, test)
    elif scan_type == 'Retire.js Scan':
        parser = RetireJsParser(file, test)
    elif scan_type == 'Node Security Platform Scan':
        parser = NspParser(file, test)
    elif scan_type == 'NPM Audit Scan':
        parser = NpmAuditParser(file, test)
    elif scan_type == 'PHP Symfony Security Check':
        parser = PhpSymfonySecurityCheckParser(file, test)
    elif scan_type == 'Generic Findings Import':
        parser = GenericFindingUploadCsvParser(file, test, active, verified)
    elif scan_type == 'Qualys Scan':
        parser = QualysParser(file, test)
    elif scan_type == 'Qualys Infrastructure Scan (WebGUI XML)':
        parser = QualysInfraScanParser(file, test)
    elif scan_type == 'Qualys Webapp Scan':
        parser = QualysWebAppParser(file, test)
    elif scan_type == "OpenVAS CSV":
        parser = OpenVASUploadCsvParser(file, test)
    elif scan_type == 'Snyk Scan':
        parser = SnykParser(file, test)
    elif scan_type == 'SKF Scan':
        parser = SKFCsvParser(file, test)
    elif scan_type == 'SSL Labs Scan':
        parser = SSLlabsParser(file, test)
    elif scan_type == 'Trufflehog Scan':
        parser = TruffleHogJSONParser(file, test)
    elif scan_type == 'Clair Klar Scan':
        parser = ClairKlarParser(file, test)
    elif scan_type == 'Gosec Scanner':
        parser = GosecScannerParser(file, test)
    elif scan_type == 'Trustwave Scan (CSV)':
        parser = TrustwaveUploadCsvParser(file, test)
    elif scan_type == 'Netsparker Scan':
        parser = NetsparkerParser(file, test)
    elif scan_type == 'PHP Security Audit v2':
        parser = PhpSecurityAuditV2(file, test)
    elif scan_type == 'Acunetix Scan':
        parser = AcunetixScannerParser(file, test)
    elif scan_type == 'Fortify Scan':
        parser = FortifyXMLParser(file, test)
    elif scan_type == 'SonarQube Scan':
        parser = SonarQubeHtmlParser(file, test)
    elif scan_type == 'SonarQube Scan detailed':
        parser = SonarQubeHtmlParser(file, test, 'detailed')
    elif scan_type == SCAN_SONARQUBE_API:
        parser = SonarQubeApiImporter(test)
    elif scan_type == 'MobSF Scan':
        parser = MobSFParser(file, test)
    elif scan_type == 'AWS Scout2 Scan':
        parser = AWSScout2Parser(file, test)
    elif scan_type == 'AWS Prowler Scan':
        parser = AWSProwlerParser(file, test)
    elif scan_type == 'Brakeman Scan':
        parser = BrakemanScanParser(file, test)
    elif scan_type == 'SpotBugs Scan':
        parser = SpotbugsXMLParser(file, test)
    elif scan_type == 'Safety Scan':
        parser = SafetyParser(file, test)
    elif scan_type == 'DawnScanner Scan':
        parser = DawnScannerParser(file, test)
    elif scan_type == 'Anchore Engine Scan':
        parser = AnchoreEngineScanParser(file, test)
    elif scan_type == 'Bundler-Audit Scan':
        parser = BundlerAuditParser(file, test)
    elif scan_type == 'Twistlock Image Scan':
        parser = TwistlockParser(file, test)
    elif scan_type == 'IBM AppScan DAST':
        parser = IbmAppScanDASTXMLParser(file, test)
    elif scan_type == 'Kiuwan Scan':
        parser = KiuwanCSVParser(file, test)
    elif scan_type == 'Blackduck Hub Scan':
        parser = BlackduckHubCSVParser(file, test)
    elif scan_type == 'Blackduck Component Risk':
        parser = BlackduckHubParser(file, test)
    elif scan_type == 'Sonatype Application Scan':
        parser = SonatypeJSONParser(file, test)
    elif scan_type == 'Openscap Vulnerability Scan':
        parser = OpenscapXMLParser(file, test)
    elif scan_type == 'Immuniweb Scan':
        parser = ImmuniwebXMLParser(file, test)
    elif scan_type == 'Wapiti Scan':
        parser = WapitiXMLParser(file, test)
    elif scan_type == 'Cobalt.io Scan':
        parser = CobaltCSVParser(file, test)
    elif scan_type == 'Mozilla Observatory Scan':
        parser = MozillaObservatoryJSONParser(file, test)
    elif scan_type == 'Whitesource Scan':
        parser = WhitesourceJSONParser(file, test)
    elif scan_type == 'Microfocus Webinspect Scan':
        parser = MicrofocusWebinspectXMLParser(file, test)
    elif scan_type == 'Wpscan':
        parser = WpscanJSONParser(file, test)
    elif scan_type == 'Sslscan':
        parser = SslscanXMLParser(file, test)
    elif scan_type == 'JFrog Xray Scan':
        parser = XrayJSONParser(file, test)
    elif scan_type == 'Sslyze Scan':
        parser = SSLyzeXMLParser(file, test)
    elif scan_type == 'SSLyze 3 Scan (JSON)':
        parser = SSLyzeJSONParser(file, test)
    elif scan_type == 'Testssl Scan':
        parser = TestsslCSVParser(file, test)
    elif scan_type == 'Hadolint Dockerfile check':
        parser = HadolintParser(file, test)
    elif scan_type == 'Aqua Scan':
        parser = AquaJSONParser(file, test)
    elif scan_type == 'HackerOne Cases':
        parser = HackerOneJSONParser(file, test)
    elif scan_type == 'Xanitizer Scan':
        parser = XanitizerXMLParser(file, test)
    elif scan_type == 'Trivy Scan':
        parser = TrivyParser(file, test)
    elif scan_type == 'Outpost24 Scan':
        parser = Outpost24Parser(file, test)
    elif scan_type == 'DSOP Scan':
        parser = DsopParser(file, test)
    elif scan_type == 'Anchore Enterprise Policy Check':
        parser = AnchoreEnterprisePolicyCheckParser(file, test)
    elif scan_type == 'Gitleaks Scan':
        parser = GitleaksJSONParser(file, test)
    elif scan_type == 'Harbor Vulnerability Scan':
        parser = HarborVulnerabilityParser(file, test)
    elif scan_type == 'Github Vulnerability Scan':
        parser = GithubVulnerabilityParser(file, test)
    elif scan_type == 'Choctaw Hog Scan':
        parser = ChoctawhogParser(file, test)
    elif scan_type == 'GitLab SAST Report':
        parser = GitlabSastReportParser(file, test)
    elif scan_type == 'GitLab Dependency Scanning Report':
        parser = GitlabDepScanReportParser(file, test)
    elif scan_type == 'Yarn Audit Scan':
        parser = YarnAuditParser(file, test)
    elif scan_type == 'BugCrowd Scan':
        parser = BugCrowdCSVParser(file, test)
    elif scan_type == 'HuskyCI Report':
        parser = HuskyCIReportParser(file, test)
    elif scan_type == 'CCVS Report':
        parser = CCVSReportParser(file, test)
    elif scan_type == 'AWS Security Hub Scan':
        parser = AwsSecurityFindingFormatParser(file, test)
    elif scan_type == 'Semgrep JSON Report':
        parser = SemgrepJSONParser(file, test)
    elif scan_type == 'Risk Recon API Importer':
        parser = RiskReconParser(file, test)
    elif scan_type == 'DrHeader JSON Importer':
        parser = DrHeaderJSONParser(file, test)
    elif scan_type == 'Checkov Scan':
        parser = CheckovParser(file, test)
    elif scan_type == 'kube-bench Scan':
        parser = KubeBenchParser(file, test)
    elif scan_type == 'ORT evaluated model Importer':
        parser = OrtParser(file, test)
    elif scan_type == 'SARIF':
        parser = SarifParser(file, test)
    else:
        raise ValueError('Unknown Test Type')

    return parser
Пример #3
0
 def test_api_with_bad_url(self):
     testfile = open("dojo/unittests/scans/risk_recon/bad_url.json")
     with self.assertRaises(Exception):
         parser = RiskReconParser()
         findings = parser.get_findings(testfile, Test())
Пример #4
0
 def test_parser_without_api(self):
     testfile = open("dojo/unittests/scans/risk_recon/findings.json")
     parser = RiskReconParser()
     findings = parser.get_findings(testfile, Test())
     self.assertEqual(2, len(findings))
Пример #5
0
 def test_parser_with_no_file(self):
     parser = RiskReconParser(None, Test())
     self.assertEqual(0, len(parser.items))
Пример #6
0
 def test_api_with_bad_key(self):
     testfile = open("dojo/unittests/scans/risk_recon/bad_key.json")
     with self.assertRaises(Exception):
         parser = RiskReconParser(testfile, Test())