Whitesource Importer

dojo/fixtures/test_type.json

@@ -366,5 +366,13 @@
 		},
 		"model": "dojo.test_type",
 		"pk": 143
-	}
+	},
+	{
+		"fields": {
+      "name": "Whitesource Scan"
+    },
+    "model": "dojo.test_type",
+	"pk": 144
+}
+
 ]

dojo/forms.py

@@ -298,7 +298,8 @@ class ImportScanForm(forms.Form):
                          ("Wapiti Scan", "Wapiti Scan"),
                          ("Immuniweb Scan", "Immuniweb Scan"),
                          ("Sonatype Application Scan", "Sonatype Application Scan"),
-                         ("Cobalt.io Scan", "Cobalt.io Scan"))
+                         ("Cobalt.io Scan", "Cobalt.io Scan"),
+                         ("Whitesource Scan", "Whitesource Scan"))
 
     SORTED_SCAN_TYPE_CHOICES = sorted(SCAN_TYPE_CHOICES, key=lambda x: x[1])
     scan_date = forms.DateTimeField(

dojo/templates/dojo/import_scan_results.html

@@ -77,6 +77,7 @@ <h3> Add Tests</h3>
 	<li><b>Visual Code Grepper (VCG)</b> - VCG output can be imported in CSV or Xml formats.</li>
 	<li><b>Veracode Detailed XML Report</b></li>
 	<li><b>Wapiti Scan</b> - Import XML report.</li>
+	<li><b>Whitesource Scan</b> - Import JSON report</li>
 	<li><b>Immuniweb Scan</b> - XML Scan Result File from Imuniweb Scan.</li>
 	<li><b>Zed Attack Proxy</b> - ZAP XML report format.</li>
     </ul>

dojo/tools/factory.py

@@ -51,6 +51,7 @@
 from dojo.tools.immuniweb.parser import ImmuniwebXMLParser
 from dojo.tools.wapiti.parser import WapitiXMLParser
 from dojo.tools.cobalt.parser import CobaltCSVParser
+from dojo.tools.whitesource.parser import WhitesourceJSONParser
 
 __author__ = 'Jay Paz'
 
@@ -168,6 +169,8 @@ def import_parser_factory(file, test, active, verified, scan_type=None):
         parser = WapitiXMLParser(file, test)
     elif scan_type == 'Cobalt.io Scan':
         parser = CobaltCSVParser(file, test)
+    elif scan_type == 'Whitesource Scan':
+        parser = WhitesourceJSONParser(file, test)
     else:
         raise ValueError('Unknown Test Type')
 

dojo/tools/whitesource/parser.py

@@ -0,0 +1,60 @@
+import hashlib
+import json
+from dojo.models import Finding
+
+__author__ = 'dr3dd589'
+
+
+class WhitesourceJSONParser(object):
+    def __init__(self, file, test):
+        self.dupes = dict()
+        self.items = ()
+        if file is None:
+            return
+
+        content = json.load(file)
+        if "vulnerabilities" in content:
+            tree_node = content['vulnerabilities']
+            for node in tree_node:
+                title = node['name'] + " | " + node['project']
+                severity = node['severity'].lower().capitalize()
+                description = "**Description** : " + node['description'] + "\n\n" + \
+                            "**Library Name** : " + node['library']['name'] + "\n\n" + \
+                            "**Library Filename** : " + node['library']['filename'] + "\n\n" + \
+                            "**Library Description** : " + node['library']['description'] + "\n\n" + \
+                            "**Library Type** : " + node['library']['type'] + "\n"
+                try:
+                    mitigation = "**fixResolution** : " + node['topFix']['fixResolution'] + "\n" + \
+                                "**Message** : " + node['topFix']['message'] + "\n"
+                except:
+                    mitigation = "N/A"
+
+                if "CVE" in node['type']:
+                    cve = node['name']
+                else:
+                    cve = None
+
+                dupe_key = hashlib.md5(description.encode('utf-8') + title.encode('utf-8')).hexdigest()
+
+                if dupe_key in self.dupes:
+                    finding = self.dupes[dupe_key]
+                    if finding.description:
+                        finding.description = finding.description
+                    self.dupes[dupe_key] = finding
+                else:
+                    self.dupes[dupe_key] = True
+
+                    finding = Finding(title=title,
+                                    test=test,
+                                    active=False,
+                                    verified=False,
+                                    description=description,
+                                    severity=severity,
+                                    cve=cve,
+                                    mitigation=mitigation,
+                                    numerical_severity=Finding.get_numerical_severity(
+                                        severity),
+                                    dynamic_finding=True)
+                    self.dupes[dupe_key] = finding
+
+            self.items = self.dupes.values()