Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add basic parser for Outpost24 scan format #1750

Merged
merged 9 commits into from Jan 30, 2020
Merged

Add basic parser for Outpost24 scan format #1750

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
5a3d73f
Add basic parser for Outpost24 scan format
jvz Jan 9, 2020
03fff35
Fix flake8 error
jvz Jan 13, 2020
5d3cb0d
Add test type fixture for Outpost24
jvz Jan 13, 2020
2004c77
Add tests for zero and one finding
jvz Jan 13, 2020
cfb366f
Add endpoint support to Outpost24
jvz Jan 13, 2020
ac05024
Fix tests
jvz Jan 14, 2020
81d3f9e
Redact sample files
jvz Jan 22, 2020
9eb602a
Add more metadata
jvz Jan 22, 2020
4e8a244
More redactions
jvz Jan 22, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions dojo/forms.py
View file
Open in desktop
Expand Up @@ -361,6 +361,7 @@ class ImportScanForm(forms.Form):
("Aqua Scan", "Aqua Scan"),
("HackerOne Cases", "HackerOne Cases"),
("Xanitizer Scan", "Xanitizer Scan"),
("Outpost24 Scan", "Outpost24 Scan"),
("Trivy Scan", "Trivy Scan"))

SORTED_SCAN_TYPE_CHOICES = sorted(SCAN_TYPE_CHOICES, key=lambda x: x[1])
Expand Down
1 change: 1 addition & 0 deletions dojo/templates/dojo/import_scan_results.html
View file
Open in desktop
Expand Up @@ -69,6 +69,7 @@ <h3> Add Tests</h3>
<li><b>NPM Audit</b> - NPM Audit Scan output file can be imported in JSON format.</li>
<li><b>IBM AppScan DAST</b> - XML file from IBM App Scanner.</li>
<li><b>Openscap Vulnerability Scan</b> - Import Openscap Vulnerability Scan in XML formats.</li>
<li><b>Outpost24 Scan</b> - Import Outpost24 endpoint vulnerability scan in XML format.</li>
<li><b>OpenVAS CSV</b> - Import OpenVAS Scan in CSV format. Export as CSV Results on OpenVAS.</li>
<li><b>PHP Security Audit v2</b> - Import PHP Security Audit v2 Scan in JSON format.</li>
<li><b>PHP Symfony Security Check</b> - Import results from the PHP Symfony Security Checker by Sensioslabs.</li>
Expand Down
3 changes: 3 additions & 0 deletions dojo/tools/factory.py
View file
Open in desktop
Expand Up @@ -68,6 +68,7 @@
from dojo.tools.h1.parser import HackerOneJSONParser
from dojo.tools.xanitizer.parser import XanitizerXMLParser
from dojo.tools.trivy.parser import TrivyParser
from dojo.tools.outpost24.parser import Outpost24Parser



Expand Down Expand Up @@ -224,6 +225,8 @@ def import_parser_factory(file, test, active, verified, scan_type=None):
parser = XanitizerXMLParser(file, test)
elif scan_type == 'Trivy Scan':
parser = TrivyParser(file, test)
elif scan_type == 'Outpost24 Scan':
parser = Outpost24Parser(file, test)
else:
raise ValueError('Unknown Test Type')

Expand Down
Empty file added dojo/tools/outpost24/__init__.py
View file
Open in desktop
Empty file.
38 changes: 38 additions & 0 deletions dojo/tools/outpost24/parser.py
View file
Open in desktop
@@ -0,0 +1,38 @@
from defusedxml import ElementTree
from dojo.models import Finding


class Outpost24Parser:
def __init__(self, file, test):
tree = ElementTree.parse(file)
# TODO: extract ./hostlist/host entries for endpoints
items = list()
for detail in tree.iterfind('//detaillist/detail'):
title = detail.findtext('name')
#date = detail.findtext('date') # can be used for Finding.date?
cve = detail.findtext('./cve/id')
url = detail.findtext('./referencelist/reference/[type=\'solution\']/../url')
description = detail.findtext('description')
mitigation = detail.findtext('solution')
impact = detail.findtext('information')
numerical_severity = detail.findtext('cvss_v3_score')
if numerical_severity:
score = float(numerical_severity)
if score < 4:
severity = 'Low'
elif score < 7:
severity = 'Medium'
elif score < 9:
severity = 'High'
else:
severity = 'Critical'
items.append(Finding(title=title, test=test, cve=cve, url=url,
description=description,
mitigation=mitigation, impact=impact,
severity=severity,
numerical_severity=numerical_severity))
self._items = items

@property
def items(self):
return self._items