Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PA-7048 Limit number of instances a report can generate #57

Merged
merged 5 commits into from
Nov 29, 2022
Merged

PA-7048 Limit number of instances a report can generate #57

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
121261f
limit instances on reports
SOOS-JAlvarez Nov 16, 2022
513e8e6
modify limits on instances to actual ones.
SOOS-JAlvarez Nov 17, 2022
4bc71f1
report with final values, added command as parameter
SOOS-JAlvarez Nov 22, 2022
ff7eb2a
Removed extra changes
SOOS-JAlvarez Nov 22, 2022
735e16b
nit on hardcoded values
SOOS-JAlvarez Nov 22, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion VERSION.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.0.15
1.0.16
23 changes: 13 additions & 10 deletions main.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,12 +80,13 @@ def __init__(self):
self.zap_options: Optional[str] = None
self.request_cookies: Optional[str] = None
self.request_header: Optional[str] = None
self.integration_name: str = Constants.DEFAULT_INTEGRATION_NAME
self.integration_type: str = Constants.DEFAULT_INTEGRATION_TYPE

# INTENTIONALLY HARDCODED

# Hardcoded values, used for analysis metadata
self.dast_analysis_tool: str = Constants.DEFAULT_DAST_TOOL
self.dast_analysis_tool_version: str = Constants.DEFAULT_DAST_TOOL_VERSION
self.integration_name: str = Constants.DEFAULT_INTEGRATION_NAME
self.integration_type: str = Constants.DEFAULT_INTEGRATION_TYPE

# Auth Options
self.auth_auto: Optional[str] = '0'
Expand Down Expand Up @@ -421,7 +422,7 @@ def __generate_project_details_url__(self, project_id: str) -> str:
soos_project_id=project_id)
return url

def __make_soos_start_analysis_request__(self) -> DASTStartAnalysisResponse:
def __make_soos_start_analysis_request__(self, command: str) -> DASTStartAnalysisResponse:
message: str = "An error has occurred Starting the Analysis"
try:
log("Making request to SOOS")
Expand All @@ -446,6 +447,7 @@ def __make_soos_start_analysis_request__(self) -> DASTStartAnalysisResponse:
appVersion=self.app_version,
toolName=self.dast_analysis_tool,
toolVersion=self.dast_analysis_tool_version,
commandLine=command,
scanMode=self.scan_mode,
commitHash=self.commit_hash,
branch=self.branch_name,
Expand Down Expand Up @@ -980,9 +982,7 @@ def run_analysis(self) -> None:
exit_app(f"The URL {self.target_url} is not available")
return None

log(f"Executing {self.scan_mode} scan")
soos_dast_start_response = self.__make_soos_start_analysis_request__()
# execute test

scan_function = self.scan_mode_map.get(self.scan_mode, None)

if scan_function is None:
Expand All @@ -1000,16 +1000,19 @@ def run_analysis(self) -> None:
os.system("cp -R /zap/reports/traditional-json /root/.ZAP/reports/traditional-json")

command: str = scan_function()

if self.update_addons:
command = f"{command} --updateAddons"

log(f"Executing {self.scan_mode} scan")
soos_dast_start_response = self.__make_soos_start_analysis_request__(command)

self.__make_soos_scan_status_request__(project_id=soos_dast_start_response.project_id,
branch_hash=soos_dast_start_response.branch_hash,
analysis_id=soos_dast_start_response.analysis_id,
status="Running",
status_message=None
)
if self.update_addons:
command = f"{command} --updateAddons"
)

log(f"Command to be executed: {command}", log_level=LogLevel.DEBUG)
os.system(command)
Expand Down
8 changes: 5 additions & 3 deletions reports/traditional-json-headers/report.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,8 @@
"confidence": "[(${alert.confidence})]",
"riskdesc": "[(${helper.legacyEscapeText(helper.getRiskString(alert.risk) + ' (' + helper.getConfidenceString(alert.confidence) + ')', true)})]",
"desc": "[(${helper.legacyEscapeParagraph(alert.description, true)})]",
"instances":[ [#th:block th:each="instance, instState: ${instances}"][#th:block th:if="${! instState.first}"],[/th:block]
"instances":[ [#th:block th:each="instance, instState: ${instances}" th:unless="${ instState.index > 500}"]
[#th:block th:if="${! instState.first}"],[/th:block]
{
"uri": "[(${helper.legacyEscapeText(instance.uri, true)})]",
"method": "[(${helper.legacyEscapeText(instance.method, true)})]",
Expand All @@ -27,9 +28,10 @@
"evidence": "[(${helper.legacyEscapeText(instance.evidence, true)})]",
"request-header": "[(${helper.legacyEscapeText(instance.message.requestHeader, true)})]",
"response-header": "[(${helper.legacyEscapeText(instance.message.responseHeader, true)})]"
}[/th:block]
}
[/th:block]
],
"count": "[(${instances.size})]",
"totalInstanceCount": "[(${instances.size})]",
"solution": "[(${helper.legacyEscapeParagraph(alert.solution, true)})]",
"otherinfo": "[(${helper.legacyEscapeParagraph(alert.otherinfo, true)})]",
"reference": "[(${helper.legacyEscapeParagraph(alert.reference, true)})]",
Expand Down
24 changes: 13 additions & 11 deletions reports/traditional-json/report.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,17 +17,19 @@
"confidence": "[(${alert.confidence})]",
"riskdesc": "[(${helper.legacyEscapeText(helper.getRiskString(alert.risk) + ' (' + helper.getConfidenceString(alert.confidence) + ')', true)})]",
"desc": "[(${helper.legacyEscapeParagraph(alert.description, true)})]",
"instances":[ [#th:block th:each="instance, instState: ${instances}"][#th:block th:if="${! instState.first}"],[/th:block]
{
"uri": "[(${helper.legacyEscapeText(instance.uri, true)})]",
"method": "[(${helper.legacyEscapeText(instance.method, true)})]",
"status-code": [(${instance.message.responseHeader.statusCode})],
"param": "[(${helper.legacyEscapeText(instance.param, true)})]",
"attack": "[(${helper.legacyEscapeText(instance.attack, true)})]",
"evidence": "[(${helper.legacyEscapeText(instance.evidence, true)})]"
}[/th:block]
],
"count": "[(${instances.size})]",
"instances":[ [#th:block th:each="instance, instState: ${instances}" th:unless="${ instState.index > 500}"]
[#th:block th:if="${! instState.first}"],[/th:block]
{
"uri": "[(${helper.legacyEscapeText(instance.uri, true)})]",
"method": "[(${helper.legacyEscapeText(instance.method, true)})]",
"status-code": [(${instance.message.responseHeader.statusCode})],
"param": "[(${helper.legacyEscapeText(instance.param, true)})]",
"attack": "[(${helper.legacyEscapeText(instance.attack, true)})]",
"evidence": "[(${helper.legacyEscapeText(instance.evidence, true)})]",
}
[/th:block]
],
"totalInstanceCount": "[(${instances.size})]",
"solution": "[(${helper.legacyEscapeParagraph(alert.solution, true)})]",
"otherinfo": "[(${helper.legacyEscapeParagraph(alert.otherinfo, true)})]",
"reference": "[(${helper.legacyEscapeParagraph(alert.reference, true)})]",
Expand Down