Report generation

[bdamele]

Add support to generate a report, at least in XML/XSLT format.

[t1gor]

Any updates on report functionality?

[stamparm]

@t1gor short answer: no. It's kind of complicated to convert current free-text format to anything "formatted". Sorry, but can't promise anything

[t1gor]

@stamparm, I get it, no problem. Thanks for the update

[tylercamp]

We're looking to ingest results from sqlmap into Code Dx, but lack of a common report format is the current major blocker for us. We did find a blog post for importing results into DefectDojo with some small source tweaks: https://xavi.blog/integrating-sqlmap-in-ci-cd-with-owasp-defectdojo

Would the linked approach of fetching data from kb.injections be sufficient for a results report? I'm not familiar enough with python or this codebase to assess whether this could potentially skip some injections or if it would lead to missing out on some important/directly-related data.

As in the link above, we're primarily concerned with discovered SQL injections. Metadata such as detected DB type isn't important for our case.

I've commented on this issue since it seems directly related. An injections-only export might also satisfy this issue, since our use-case may be common for others that want a well-formed report.

[stamparm]

@tylercamp looking into "Code Dx" I can see that you have a nice business case. So basically, you are nagging that your business - where FOSS sqlmap is obviously used - is suffering because of lazy developers? Please, forgive me, but this is kind of sad

[stamparm]

@tylercamp If you can imagine the scale of priority from 0 to 10, this has fell to -9000 on my list. This basically means that you can tell your executive manager that lazy open-source developer is kind of pissed off of you even commenting on this issue