示例#1
0
        def write_vuln_to_kb(vulnty, url, funcs):
            vulndata = php_sca.KB_DATA[vulnty]
            for f in funcs:
                vuln_sev = vulndata['severity']
                desc = name = vulndata['name']

                v = Vuln(name, desc, vuln_sev, 1, 'PHP Static Code Analyzer')
                v.set_uri(url)
                v.set_var(f.vulnsources[0])

                args = list(vulndata['kb_key']) + [v]

                # TODO: Extract the method from the PHP code
                #     $_GET == GET
                #     $_POST == POST
                #     $_REQUEST == GET
                v.set_method('GET')

                # TODO: Extract all the other variables that are
                # present in the PHP file using the SCA
                v.set_dc(DataContainer())

                #
                # TODO: This needs to be checked! OS Commanding specific
                #       attributes.
                v['os'] = 'unix'
                v['separator'] = ''

                kb.kb.append(*args)
示例#2
0
        def write_vuln_to_kb(vulnty, url, funcs):
            vulndata = php_sca.KB_DATA[vulnty]
            for f in funcs:
                vuln_sev = vulndata['severity']
                desc = name = vulndata['name']
                
                v = Vuln(name, desc, vuln_sev, 1, 'PHP Static Code Analyzer')
                v.set_uri(url)
                v.set_var(f.vulnsources[0])

                args = list(vulndata['kb_key']) + [v]

                # TODO: Extract the method from the PHP code
                #     $_GET == GET
                #     $_POST == POST
                #     $_REQUEST == GET
                v.set_method('GET')

                # TODO: Extract all the other variables that are
                # present in the PHP file using the SCA
                v.set_dc(DataContainer())

                #
                # TODO: This needs to be checked! OS Commanding specific
                #       attributes.
                v['os'] = 'unix'
                v['separator'] = ''

                kb.kb.append(*args)
示例#3
0
    def _from_csv_get_vulns(self):
        file_vulns = []

        vuln_reader = csv.reader(open(self.OUTPUT_FILE, 'rb'), delimiter=',',
                                 quotechar='|', quoting=csv.QUOTE_MINIMAL)

        for name, method, uri, var, dc, _id, desc in vuln_reader:
            v = Vuln(name, desc, 'High', json.loads(_id), 'TestCase')
            v.set_method(method)
            v.set_uri(URL(uri))
            v.set_var(var)
            v.set_dc(dc)

            file_vulns.append(v)

        return file_vulns
示例#4
0
    def _from_csv_get_vulns(self):
        file_vulns = []

        vuln_reader = csv.reader(open(self.OUTPUT_FILE, 'rb'),
                                 delimiter=',',
                                 quotechar='|',
                                 quoting=csv.QUOTE_MINIMAL)

        for name, method, uri, var, dc, _id, desc in vuln_reader:
            v = Vuln(name, desc, 'High', json.loads(_id), 'TestCase')
            v.set_method(method)
            v.set_uri(URL(uri))
            v.set_var(var)
            v.set_dc(dc)

            file_vulns.append(v)

        return file_vulns