Permalink
Browse files

New ZAP Proxy upload plugin

  • Loading branch information...
etdsoft committed Oct 28, 2011
1 parent 2e1b354 commit 7d7257d53bf9d9283fba00bca139086dccadd4c4
@@ -0,0 +1,12 @@
ZapUpload
=========
The ZAP upload plugin will allow users to upload ZAP Proxy [i] report XML files.
[i]
https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Console use
===========
$ bundle exec thor dradis:upload:zap /path/to/ZAP_report.xml
@@ -0,0 +1,22 @@
require 'rake'
require 'rake/testtask'
require 'rake/rdoctask'
desc 'Default: run unit tests.'
task :default => :test
desc 'Test the zap_upload plugin.'
Rake::TestTask.new(:test) do |t|
t.libs << 'lib'
t.pattern = 'test/**/*_test.rb'
t.verbose = true
end
desc 'Generate documentation for the zap_upload plugin.'
Rake::RDocTask.new(:rdoc) do |rdoc|
rdoc.rdoc_dir = 'rdoc'
rdoc.title = 'ZapUpload'
rdoc.options << '--line-numbers' << '--inline-source'
rdoc.rdoc_files.include('README')
rdoc.rdoc_files.include('lib/**/*.rb')
end
@@ -0,0 +1 @@
require 'zap_upload'
@@ -0,0 +1 @@
# Install hook code here
@@ -0,0 +1,26 @@
class DradisTasks < Thor
class Upload < Thor
namespace "dradis:upload"
desc "zap FILE", "upload ZAP results"
long_desc "This will appear if the user runs 'thor help dradis:upload:zap'"
def zap(file_path)
require 'config/environment'
logger = Logger.new(STDOUT)
logger.level = Logger::DEBUG
unless File.exists?(file_path)
$stderr.puts "** the file [#{file_path}] does not exist"
exit -1
end
ZapUpload.import(
:file => file_path,
:logger => logger)
logger.close
end
end
end
@@ -0,0 +1,20 @@
# ZapUpload
require 'zap_upload/filters'
require 'zap_upload/meta'
module ZapUpload
class Configuration < Core::Configurator
configure :namespace => 'zap_upload'
setting :category, :default => 'ZAP output'
setting :author, :default => 'ZAP plugin'
setting :parent_node, :default => 'plugin.zap'
end
end
# This includes the import plugin module in the dradis import plugin repository
module Plugins
module Upload
include ZapUpload
end
end
@@ -0,0 +1,48 @@
module ZapUpload
private
@@logger=nil
public
# This method will be called by the framework when the user selects your
# plugin from the drop down list of the 'Import from file' dialog
def self.import(params={})
file_content = File.read( params[:file] )
@@logger = params.fetch(:logger, Rails.logger)
# create the parent node early so we can use it to provide feedback on errors
parent = Node.find_or_create_by_label( Configuration.parent_node)
# every note we create will be assigned to this author
author = Configuration.author
# get the note category instance or create it if it does not exist
category = Category.find_or_create_by_name( Configuration.category )
@@logger.info{ 'Parsing ZAP output...' }
doc = Nokogiri::XML(file_content)
@@logger.info{ 'Done.' }
# Add a note to the plugin root folder with the file name and report date
file_name = File.basename(params[:file])
report_date = doc.root.children.first.text
parent.notes.create(
:author => author,
:category => category,
:text => "#[Title]#\nZAP upload: #{file_name}\n\n#[Report_date]##{report_date}")
# Process the report contents
doc.xpath('/report/alertitem').each do |alert|
alert_name = alert.xpath('alert').text
alert_text = alert.elements.collect{ |attribute|
"#[#{attribute.name.capitalize}]#\n#{attribute.text}\n\n"
}.join("\n")
@@logger.info{ "Parsing alert item: #{alert_name}" }
alert_node = parent.children.find_or_create_by_label(alert_name)
alert_node.notes.create(
:author => author,
:category => category,
:text => alert_text)
end
end
end
@@ -0,0 +1,14 @@
module ZapUpload
module Meta
NAME = "ZAP Upload plugin"
EXPECTS = "ZAP Proxy XML reports. Generate through Report > Generate XML Report ..."
# change this to the appropriate version
module VERSION #:nodoc:
MAJOR = 2
MINOR = 9
TINY = 0
STRING = [MAJOR, MINOR, TINY].join('.')
end
end
end
@@ -0,0 +1,16 @@
require 'test/unit'
# require Rails testing framework
require File.dirname(__FILE__) + '/../../../../test/test_helper'
# require this plugin
$:.unshift File.dirname(__FILE__) + '/../lib'
require File.dirname(__FILE__) + '/../init'
class ZapUploadTest < Test::Unit::TestCase
# Replace this with your real tests.
def test_this_plugin
flunk
end
end
@@ -0,0 +1 @@
# Uninstall hook code here

0 comments on commit 7d7257d

Please sign in to comment.