def xml_parser(root, project_id, scan_id): global name, description, remedy_guidance, remedy_code, severity, check, digest, references,\ vector, remarks, page, signature,\ proof, trusted, platform_type, platform_name, url, action,\ body, vuln_id, vul_col, ref_key, ref_values, vector_input_key, vector_input_values, vector_source_key, vector_source_values, page_body_data, request_url, request_method, request_raw, response_ip, response_raw_headers for issue in root: for data in issue.getchildren(): if data.tag == "issue": for vuln in data: vuln_id = uuid.uuid4() if vuln.tag == "name": if vuln.text is None: name = "NA" else: name = vuln.text if vuln.tag == "description": if vuln.text is None: description = "NA" else: description = vuln.text if vuln.tag == "remedy_guidance": if vuln.text is None: remedy_guidance = "NA" else: remedy_guidance = vuln.text if vuln.tag == "severity": if vuln.text is None: severity = "NA" else: severity = vuln.text if vuln.tag == "references": for ref_vuln in vuln: dat = ref_vuln.attrib for key, values in dat.iteritems(): if key is None: ref_key = "NA" else: ref_key = key if values is None: ref_values = "NA" else: ref_values = values if vuln.tag == "vector": for vec_vuln in vuln: if vec_vuln.tag == 'inputs': for vec_input in vec_vuln: dat = vec_input.attrib for key, values in dat.iteritems(): if key is None: vector_input_key = "NA" else: vector_input_key = key if values is None: vector_input_values = "NA" else: vector_input_values = values if vec_vuln.tag == 'source': for vec_source in vec_vuln: source_dat = vec_source.attrib for key, values in source_dat.iteritems(): if key is None: vector_source_key = "NA" else: vector_source_key = key if values in None: vector_source_values = "NA" else: vector_source_values = values if vuln.tag == "page": for page_body in vuln: if page_body.tag == "body": page_body_dat = page_body.text if page_body_dat is None: page_body_data = "NA" else: page_body_data = page_body_dat for req in vuln: if req.tag == 'request': for req_dat in req: if req_dat.tag == 'url': req_url = req_dat.text if req_url is None: request_url = "NA" else: request_url = req_url if req_dat.tag == 'method': req_method = req_dat.text if req_method is None: request_method = "NA" else: request_method = req_method if req_dat.tag == 'raw': if req_dat.text is None: request_raw = "NA" else: request_raw = req_dat.text if req.tag == 'response': for res_dat in req: if res_dat.tag == 'ip_address': res_ip = res_dat.text if res_ip is None: response_ip = "NA" else: response_ip = res_dat.text if res_dat.tag == 'raw_headers': res_raw_headers = res_dat.text if res_raw_headers is None: response_raw_headers = "NA" else: response_raw_headers = res_dat.text if vuln.tag == "proof": proof = vuln.text if vuln.text is None: proof = "NA" else: proof = vuln.text if severity == "high": vul_col = "important" elif severity == 'medium': vul_col = "warning" elif severity == 'low': vul_col = "info" elif severity == 'informational': vul_col = "info" for extra_data in vuln: for extra_vuln in extra_data.getchildren(): if extra_vuln.tag == "url": if extra_vuln.text is None: url = "NA" else: url = extra_vuln.text if extra_vuln.tag == "action": if extra_vuln.text is None: action = "NA" else: action = extra_vuln.text if extra_vuln.tag == "body": if extra_vuln.text is None: body = "NA" else: body = extra_vuln.text dump_data = arachni_scan_result_db(vuln_id=vuln_id, scan_id=scan_id, vuln_color=vul_col, project_id=project_id, name=name, description=description, remedy_guidance=remedy_guidance, severity=severity, proof=proof, url=url, action=action, body=body, ref_key=ref_key, ref_value=ref_values, vector_input_values=vector_input_values, vector_source_key=vector_source_key, vector_source_values=vector_source_values, page_body_data=page_body_data, request_url=request_url, request_method=request_method, request_raw=request_raw, response_ip=response_ip, response_raw_headers=response_raw_headers, vector_input_key=vector_input_key, false_positive='No') dump_data.save() arachni_all_vul = arachni_scan_result_db.objects.filter(scan_id=scan_id).values('name', 'severity', 'vuln_color').distinct() total_vul = len(arachni_all_vul) total_high = len(arachni_all_vul.filter(severity="high")) total_medium = len(arachni_all_vul.filter(severity="medium")) total_low = len(arachni_all_vul.filter(severity="low")) arachni_scan_db.objects.filter(scan_id=scan_id).update(total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low)
def xml_parser(root, project_id, scan_id): global name, description, remedy_guidance, remedy_code, severity, check, digest, references, \ vector, remarks, page, signature, \ proof, trusted, platform_type, platform_name, url, action, \ body, vuln_id, vul_col, ref_key, ref_values, vector_input_key, vector_input_values, vector_source_key, vector_source_values, page_body_data, request_url, request_method, request_raw, response_ip, response_raw_headers for issue in root: for data in issue.getchildren(): if data.tag == "issue": for vuln in data: vuln_id = uuid.uuid4() if vuln.tag == "name": if vuln.text is None: name = "NA" else: name = vuln.text if vuln.tag == "description": if vuln.text is None: description = "NA" else: description = vuln.text if vuln.tag == "remedy_guidance": if vuln.text is None: remedy_guidance = "NA" else: remedy_guidance = vuln.text if vuln.tag == "severity": if vuln.text is None: severity = "NA" else: severity = vuln.text if vuln.tag == "references": for ref_vuln in vuln: dat = ref_vuln.attrib for key, values in dat.items(): if key is None: ref_key = "NA" else: ref_key = key if values is None: ref_values = "NA" else: ref_values = values if vuln.tag == "vector": for vec_vuln in vuln: if vec_vuln.tag == 'inputs': for vec_input in vec_vuln: dat = vec_input.attrib for key, values in dat.items(): if key is None: vector_input_key = "NA" else: vector_input_key = key if values is None: vector_input_values = "NA" else: vector_input_values = values if vec_vuln.tag == 'source': for vec_source in vec_vuln: source_dat = vec_source.attrib for key, values in source_dat.items(): if key is None: vector_source_key = "NA" else: vector_source_key = key if values in None: vector_source_values = "NA" else: vector_source_values = values if vuln.tag == "page": for page_body in vuln: if page_body.tag == "body": page_body_dat = page_body.text if page_body_dat is None: page_body_data = "NA" else: page_body_data = page_body_dat for req in vuln: if req.tag == 'request': for req_dat in req: if req_dat.tag == 'url': req_url = req_dat.text if req_url is None: request_url = "NA" else: request_url = req_url if req_dat.tag == 'method': req_method = req_dat.text if req_method is None: request_method = "NA" else: request_method = req_method if req_dat.tag == 'raw': if req_dat.text is None: request_raw = "NA" else: request_raw = req_dat.text if req.tag == 'response': for res_dat in req: if res_dat.tag == 'ip_address': res_ip = res_dat.text if res_ip is None: response_ip = "NA" else: response_ip = res_dat.text if res_dat.tag == 'raw_headers': res_raw_headers = res_dat.text if res_raw_headers is None: response_raw_headers = "NA" else: response_raw_headers = res_dat.text if vuln.tag == "proof": proof = vuln.text if vuln.text is None: proof = "NA" else: proof = vuln.text if severity == "high": vul_col = "danger" severity = "High" elif severity == 'medium': vul_col = "warning" severity = "Medium" elif severity == 'low': severity = "Low" vul_col = "info" elif severity == 'informational': severity = "Informational" vul_col = "info" for extra_data in vuln: for extra_vuln in extra_data.getchildren(): if extra_vuln.tag == "url": if extra_vuln.text is None: url = "NA" else: url = extra_vuln.text if extra_vuln.tag == "action": if extra_vuln.text is None: action = "NA" else: action = extra_vuln.text if extra_vuln.tag == "body": if extra_vuln.text is None: body = "NA" else: body = extra_vuln.text dup_data = name + url + severity duplicate_hash = hashlib.sha256( dup_data.encode('utf-8')).hexdigest() match_dup = arachni_scan_result_db.objects.filter( dup_hash=duplicate_hash).values('dup_hash').distinct() lenth_match = len(match_dup) if lenth_match == 1: duplicate_vuln = 'Yes' elif lenth_match == 0: duplicate_vuln = 'No' else: duplicate_vuln = 'None' false_p = arachni_scan_result_db.objects.filter( false_positive_hash=duplicate_hash) fp_lenth_match = len(false_p) global false_positive if fp_lenth_match == 1: false_positive = 'Yes' elif fp_lenth_match == 0: false_positive = 'No' else: false_positive = "No" dump_data = arachni_scan_result_db( vuln_id=vuln_id, scan_id=scan_id, vuln_color=vul_col, project_id=project_id, name=name, description=description, remedy_guidance=remedy_guidance, severity=severity, proof=proof, url=url, action=action, body=body, ref_key=ref_key, ref_value=ref_values, vector_input_values=vector_input_values, vector_source_key=vector_source_key, vector_source_values=vector_source_values, page_body_data=page_body_data, request_url=request_url, request_method=request_method, request_raw=request_raw, response_ip=response_ip, response_raw_headers=response_raw_headers, vector_input_key=vector_input_key, false_positive=false_positive, vuln_status='Open', dup_hash=duplicate_hash, vuln_duplicate=duplicate_vuln) dump_data.save() arachni_all_vul = arachni_scan_result_db.objects.filter( scan_id=scan_id, false_positive='No') total_high = len(arachni_all_vul.filter(severity="High")) total_medium = len(arachni_all_vul.filter(severity="Medium")) total_low = len(arachni_all_vul.filter(severity="Low")) total_info = len(arachni_all_vul.filter(severity="Informational")) total_duplicate = len(arachni_all_vul.filter(vuln_duplicate='Yes')) total_vul = total_high + total_medium + total_low + total_info arachni_scan_db.objects.filter(scan_id=scan_id).update( url=url, total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, info_vul=total_info, total_dup=total_duplicate, ) if total_vul == total_duplicate: arachni_scan_db.objects.filter(scan_id=scan_id).update( url=url, total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low, total_dup=total_duplicate, )
def xml_parser(root, project_id, scan_id): global name, description, remedy_guidance, remedy_code, severity, check, digest, references,\ vector, remarks, page, signature,\ proof, trusted, platform_type, platform_name, url, action,\ body, vuln_id, vul_col, ref_key, ref_values, vector_input_key, vector_input_values, vector_source_key, vector_source_values, page_body_data, request_url, request_method, request_raw, response_ip, response_raw_headers for issue in root: # host = arachni.attrib # for key, items in host.iteritems(): # if key == "host": # url = items for data in issue.getchildren(): if data.tag == "issue": for vuln in data: vuln_id = uuid.uuid4() if vuln.tag == "name": if vuln.text is None: name = "NA" else: name = vuln.text if vuln.tag == "description": if vuln.text is None: description = "NA" else: description = vuln.text if vuln.tag == "remedy_guidance": if vuln.text is None: remedy_guidance = "NA" else: remedy_guidance = vuln.text if vuln.tag == "severity": if vuln.text is None: severity = "NA" else: severity = vuln.text if vuln.tag == "references": for ref_vuln in vuln: dat = ref_vuln.attrib for key, values in dat.iteritems(): if key is None: ref_key = "NA" else: ref_key = key if values is None: ref_values = "NA" else: ref_values = values if vuln.tag == "vector": for vec_vuln in vuln: if vec_vuln.tag == 'inputs': for vec_input in vec_vuln: dat = vec_input.attrib for key, values in dat.iteritems(): if key is None: vector_input_key = "NA" else: vector_input_key = key if values is None: vector_input_values = "NA" else: vector_input_values = values if vec_vuln.tag == 'source': for vec_source in vec_vuln: source_dat = vec_source.attrib for key, values in source_dat.iteritems(): if key is None: vector_source_key = "NA" else: vector_source_key = key if values in None: vector_source_values = "NA" else: vector_source_values = values if vuln.tag == "page": for page_body in vuln: if page_body.tag == "body": page_body_dat = page_body.text if page_body_dat is None: page_body_data = "NA" else: page_body_data = page_body_dat for req in vuln: if req.tag == 'request': for req_dat in req: if req_dat.tag == 'url': req_url = req_dat.text if req_url is None: request_url = "NA" else: request_url = req_url if req_dat.tag == 'method': req_method = req_dat.text if req_method is None: request_method = "NA" else: request_method = req_method if req_dat.tag == 'raw': if req_dat.text is None: request_raw = "NA" else: request_raw = req_dat.text if req.tag == 'response': for res_dat in req: if res_dat.tag == 'ip_address': res_ip = res_dat.text if res_ip is None: response_ip = "NA" else: response_ip = res_dat.text if res_dat.tag == 'raw_headers': res_raw_headers = res_dat.text if res_raw_headers is None: response_raw_headers = "NA" else: response_raw_headers = res_dat.text if vuln.tag == "proof": proof = vuln.text if vuln.text is None: proof = "NA" else: proof = vuln.text if severity == "high": vul_col = "important" elif severity == 'medium': vul_col = "warning" elif severity == 'low': vul_col = "info" elif severity == 'informational': vul_col = "info" for extra_data in vuln: for extra_vuln in extra_data.getchildren(): if extra_vuln.tag == "url": if extra_vuln.text is None: url = "NA" else: url = extra_vuln.text if extra_vuln.tag == "action": if extra_vuln.text is None: action = "NA" else: action = extra_vuln.text if extra_vuln.tag == "body": if extra_vuln.text is None: body = "NA" else: body = extra_vuln.text dump_data = arachni_scan_result_db( vuln_id=vuln_id, scan_id=scan_id, vuln_color=vul_col, project_id=project_id, name=name, description=description, remedy_guidance=remedy_guidance, severity=severity, proof=proof, url=url, action=action, body=body, ref_key=ref_key, ref_value=ref_values, vector_input_values=vector_input_values, vector_source_key=vector_source_key, vector_source_values=vector_source_values, page_body_data=page_body_data, request_url=request_url, request_method=request_method, request_raw=request_raw, response_ip=response_ip, response_raw_headers=response_raw_headers, vector_input_key=vector_input_key, false_positive='No') dump_data.save() arachni_all_vul = arachni_scan_result_db.objects.filter( scan_id=scan_id).values('name', 'severity', 'vuln_color').distinct() total_vul = len(arachni_all_vul) total_high = len(arachni_all_vul.filter(severity="high")) total_medium = len(arachni_all_vul.filter(severity="medium")) total_low = len(arachni_all_vul.filter(severity="low")) arachni_scan_db.objects.filter(scan_id=scan_id).update( total_vul=total_vul, high_vul=total_high, medium_vul=total_medium, low_vul=total_low)