Codebase list faraday-plugins / c19a85b faraday_plugins / plugins / repo / appscan_csv / plugin.py
c19a85b

Tree @c19a85b (Download .tar.gz)

plugin.py @c19a85braw · history · blame 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
"""
Faraday Penetration Test IDE
Copyright (C) 2013  Infobyte LLC (http://www.infobytesec.com/)
See the file 'doc/LICENSE' for the license information

"""

from faraday_plugins.plugins.plugin import PluginCSVFormat
from itertools import islice
import csv
from dateutil.parser import parse

__author__ = "Erodriguez"
__copyright__ = "Copyright (c) 2019, Infobyte LLC"
__credits__ = ["Erodriguez"]
__license__ = ""
__version__ = "1.0.0"
__maintainer__ = "Erodriguez"
__email__ = "[email protected]"
__status__ = "Development"


class Appscan_CSV_Plugin(PluginCSVFormat):
    """
    Example plugin to parse Appscan output.
    """

    def __init__(self, *arg, **kwargs):
        super().__init__(*arg, **kwargs)
        self.csv_headers = {'HCL AppScan on Cloud'}
        self.id = "Appscan_CSV"
        self.name = "Appscan CSV Output Plugin"
        self.plugin_version = "0.0.1"
        self.version = "0.0.1"
        self.framework_version = "1.0.1"

    def _parse_filename(self, filename):
        with open(filename) as output:
            self.parseOutputString(islice(output, 15, None))

    def parseOutputString(self, output):
        try:
            reader = csv.DictReader(output)
        except:
            print("Error parser output")
            return None

        for row in reader:
            #Skip Fix Group
            if row["Issue Id"] == "Fix Group Attributes:":
                break
            path = row['Source File']
            if path == "":
                path = row['Location']
            try:
                run_date = parse(row['Date Created'])
            except:
                run_date = None
            name = row["Issue Type Name"]
            references = []
            if row["Cwe"]:
                references.append(f"CWE-{row['Cwe']}")
            if row["Cve"]:
                references.append(row["Cve"])

            data = []
            if row['Security Risk']:
                data.append(f"Security Risk: {row['Security Risk']}")
            desc = [row['Description']]
            if row['Cve']:
                desc.append(f"Cve:  {row['Cve']}")
            if row['Line']:
                desc.append(f"Line:  {row['Line']}")
            if row['Cause']:
                desc.append(f"Cause:  {row['Cause']}")
            if row['Remediation']:
                desc.append(f"Resolution:  {row['Resolution']}")
            if row['Threat Class']:
                desc.append(f"Threat Class:   {row['Threat Class']}")
            if row['Security Risk']:
                desc.append(f"Security Risk:   {row['Security Risk']}")
            if row['Calling Method']:
                desc.append(f"Calling Method:   {row['Calling Method']}")
            if row['Location']:
                desc.append(f"Vulnerability Line:   {row['Location']}")

            h_id = self.createAndAddHost(name=path)
            self.createAndAddVulnToHost(
                h_id,
                name=name,
                desc=" \n".join(desc),
                resolution=row['Remediation'],
                external_id=row['Issue Id'],
                cve=row['Cve'],
                run_date=run_date,
                severity=row["Severity"],
                ref=references,
                data=" \n".join(data)
            )

def createPlugin(*args, **kargs):
    return Appscan_CSV_Plugin(*args, **kargs)