def generateReport_1():
"""
Create a first report like:
* Developer report:
# using XSLT...
<site>
<file name="index.php">
<vulnerability line="9">xss</vulnerability>
<vulnerability line="25">sql</vulnerability>
</file>
...
</site>
* Security report:
<site>
<vulnerability name="xss">
<file name="index.php" line="9" />
...
</vulnerabilty>
<vulnerability name="sql">
<file name="index.php" line="25" />
</vulnerabilty>
</site>
"""
plop = open('results/crystal_SecurityReport_Grabber.xml', 'w')
plop.write("<crystal>\n")
plop.write("<site>\n")
plop.write(
"<!-- The line numbers are from the files in the 'analyzed' directory -->\n"
)
for file in crystalDatabase:
plop.write("\t<file name='%s'>\n" % file)
for vuln in crystalDatabase[file]:
for line in crystalDatabase[file][vuln]:
# lineNumber = realLineNumberReverse(file,crystalDatabase[file][vuln][line])
localVuln = vuln
if localVuln in vulnToDescritiveNames:
localVuln = vulnToDescritiveNames[localVuln]
plop.write(
"\t\t<vulnerability name='%s' line='%s' >%s</vulnerability>\n"
% (localVuln, line,
htmlencode(crystalDatabase[file][vuln][line])))
plop.write("\t</file>\n")
plop.write("</site>\n")
plop.write("</crystal>\n")
plop.close()
js_handler = JavaScriptConfHandler()
# Tell the parser to use our handler
parser.setContentHandler(js_handler)
try:
parser.parse("javascript.conf.xml")
except KeyError, e:
print e
sys.exit(1)
# only a white box testing...
generateListOfFiles(localDB,urlGlobal)
# create the report
plop = open('results/javascript_Grabber.xml','w')
plop.write("<javascript>\n")
plop.write("<site>\n")
for file in jsDatabase:
plop.write("\t<file name='%s'>\n" % file)
for line in jsDatabase[file]:
if len(jsDatabase[file][line]) > 1:
plop.write("\t\t<line number='%s'>\n" % line)
for error in jsDatabase[file][line]:
plop.write("\t\t\t<error>%s</error>\n" % htmlencode(error))
plop.write("\t\t</line>\n")
else:
plop.write("\t\t<line number='%s'>%s</line>\n" % (line, htmlencode(jsDatabase[file][line][0])))
plop.write("\t</file>\n")
plop.write("</site>\n")
plop.write("</javascript>\n")
plop.close()
parser = make_parser()
js_handler = JavaScriptConfHandler()
# Tell the parser to use our handler
parser.setContentHandler(js_handler)
try:
parser.parse("javascript.conf.xml")
except KeyError, e:
print e
sys.exit(1)
# only a white box testing...
generateListOfFiles(localDB, urlGlobal)
# create the report
plop = open("results/javascript_Grabber.xml", "w")
plop.write("<javascript>\n")
plop.write("<site>\n")
for file in jsDatabase:
plop.write("\t<file name='%s'>\n" % file)
for line in jsDatabase[file]:
if len(jsDatabase[file][line]) > 1:
plop.write("\t\t<line number='%s'>\n" % line)
for error in jsDatabase[file][line]:
plop.write("\t\t\t<error>%s</error>\n" % htmlencode(error))
plop.write("\t\t</line>\n")
else:
plop.write("\t\t<line number='%s'>%s</line>\n" % (line, htmlencode(jsDatabase[file][line][0])))
plop.write("\t</file>\n")
plop.write("</site>\n")
plop.write("</javascript>\n")
plop.close()
def generateReport_1():
"""
Create a first report like:
* Developer report:
# using XSLT...
<site>
<file name="index.php">
<vulnerability line="9">xss</vulnerability>
<vulnerability line="25">sql</vulnerability>
</file>
...
</site>
* Security report:
<site>
<vulnerability name="xss">
<file name="index.php" line="9" />
...
</vulnerabilty>
<vulnerability name="sql">
<file name="index.php" line="25" />
</vulnerabilty>
</site>
"""
plop = open('results/crystal_SecurityReport_Grabber.xml','w')
plop.write("<crystal>\n")
plop.write("<site>\n")
plop.write("<!-- The line numbers are from the files in the 'analyzed' directory -->\n")
for file in crystalDatabase:
plop.write("\t<file name='%s'>\n" % file)
for vuln in crystalDatabase[file]:
for line in crystalDatabase[file][vuln]:
# lineNumber = realLineNumberReverse(file,crystalDatabase[file][vuln][line])
localVuln = vuln
if localVuln in vulnToDescritiveNames:
localVuln = vulnToDescritiveNames[localVuln]
plop.write("\t\t<vulnerability name='%s' line='%s' >%s</vulnerability>\n" % (localVuln, line, htmlencode(crystalDatabase[file][vuln][line])))
plop.write("\t</file>\n")
plop.write("</site>\n")
plop.write("</crystal>\n")
plop.close()