forked from DefectDojo/django-DefectDojo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathparser.py
102 lines (89 loc) · 3.72 KB
/
parser.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
__author__ = "jaguasch"
import hashlib
from datetime import datetime
from dojo.models import Finding
class BundlerAuditParser(object):
def get_scan_types(self):
return ["Bundler-Audit Scan"]
def get_label_for_scan_types(self, scan_type):
return "Bundler-Audit Scan"
def get_description_for_scan_types(self, scan_type):
return "'bundler-audit check' output (in plain text)"
def get_findings(self, filename, test):
lines = filename.read()
if isinstance(lines, bytes):
lines = lines.decode("utf-8") # passes in unittests, but would fail in production
dupes = dict()
find_date = datetime.now()
warnings = lines.split("\n\n")
for warning in warnings:
if not warning.startswith("Name"):
continue
advisory_id = None
gem_report_fields = warning.split("\n")
for field in gem_report_fields:
if field.startswith("Name"):
gem_name = field.replace("Name: ", "")
elif field.startswith("Version"):
gem_version = field.replace("Version: ", "")
elif field.startswith("Advisory"):
advisory_id = field.replace("Advisory: ", "")
elif field.startswith("CVE"):
advisory_id = field.replace("CVE: ", "")
elif advisory_id is None and field.startswith("GHSA"):
advisory_id = field.replace("GHSA: ", "")
elif field.startswith("Criticality"):
criticality = field.replace("Criticality: ", "")
if criticality.lower() == "unknown":
sev = "Medium"
else:
sev = criticality
elif field.startswith("URL"):
advisory_url = field.replace("URL: ", "")
elif field.startswith("Title"):
advisory_title = field.replace("Title: ", "")
elif field.startswith("Solution"):
advisory_solution = field.replace("Solution: ", "")
title = (
"Gem "
+ gem_name
+ ": "
+ advisory_title
+ " ["
+ advisory_id
+ "]"
)
findingdetail = (
"Gem **" + gem_name + "** has known security issues:\n"
)
findingdetail += "**Name**: " + gem_name + "\n"
findingdetail += "**Version**: " + gem_version + "\n"
findingdetail += "**Advisory**: " + advisory_id + "\n"
mitigation = advisory_solution
references = advisory_url
fingerprint = (
"bundler-audit" + gem_name + gem_version + advisory_id + sev
)
dupe_key = hashlib.md5(fingerprint.encode("utf-8")).hexdigest()
if dupe_key in dupes:
find = dupes[dupe_key]
else:
dupes[dupe_key] = True
find = Finding(
title=title,
test=test,
description=findingdetail,
severity=sev,
mitigation=mitigation,
references=references,
date=find_date,
static_finding=True,
dynamic_finding=False,
component_name=gem_name,
component_version=gem_version,
cve=advisory_id,
)
if advisory_id:
find.unsaved_vulnerability_ids = [advisory_id]
dupes[dupe_key] = find
return list(dupes.values())