-
Notifications
You must be signed in to change notification settings - Fork 1.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* ✨ add burp dastardly * fix author names * fix unittest * add docs
- Loading branch information
1 parent
89cefc7
commit 1436db2
Showing
14 changed files
with
773 additions
and
9 deletions.
There are no files selected for viewing
11 changes: 11 additions & 0 deletions
11
docs/content/en/integrations/parsers/file/burp_dastardly.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| --- | ||
| title: "Burp Dastardly" | ||
| toc_hide: true | ||
| --- | ||
| ### File Types | ||
| DefectDojo parser accepts Burp Dastardly Scans as an XML output. | ||
|
|
||
| Dastardly is a free, lightweight web application security scanner for your CI/CD pipeline. It is designed specifically for web developers, and checks your application for seven security issues that are likely to interest you during software development. Dastardly is based on the same scanner as Burp Suite (Burp Scanner). | ||
|
|
||
| ### Sample Scan Data | ||
| Sample Burp Dastardly scans can be found [here](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/burp_dastardly). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| __author__ = "manuel-sommer" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| import logging | ||
| from defusedxml import ElementTree as etree | ||
| from dojo.models import Finding | ||
|
|
||
| logger = logging.getLogger(__name__) | ||
|
|
||
|
|
||
| class BurpDastardlyParser(object): | ||
|
|
||
| def get_scan_types(self): | ||
| return ["Burp Dastardly Scan"] | ||
|
|
||
| def get_label_for_scan_types(self, scan_type): | ||
| return "Burp Dastardly Scan" | ||
|
|
||
| def get_description_for_scan_types(self, scan_type): | ||
| return ( | ||
| "Import Burp Dastardly XML files." | ||
| ) | ||
|
|
||
| def get_findings(self, xml_output, test): | ||
| tree = etree.parse(xml_output, etree.XMLParser()) | ||
| return self.get_items(tree, test) | ||
|
|
||
| def get_items(self, tree, test): | ||
| items = list() | ||
| for node in tree.findall("testsuite"): | ||
| if int(node.attrib["failures"]) != 0: | ||
| name = node.attrib["name"] | ||
| testcase = node.findall("testcase") | ||
| for case in testcase: | ||
| for fail in case.findall("failure"): | ||
| title = fail.attrib["message"] | ||
| severity = fail.attrib["type"] | ||
| description = fail.text | ||
| finding = Finding( | ||
| title=title, | ||
| url=name, | ||
| test=test, | ||
| severity=severity, | ||
| description=description, | ||
| false_p=False, | ||
| duplicate=False, | ||
| out_of_scope=False, | ||
| mitigated=None, | ||
| dynamic_finding=True, | ||
| ) | ||
| items.append(finding) | ||
| return items |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| __author__ = "manuel_sommer" | ||
| __author__ = "manuel-sommer" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| __author__ = "manuel_sommer" | ||
| __author__ = "manuel-sommer" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| __author__ = "manuel_sommer" | ||
| __author__ = "manuel-sommer" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| __author__ = "manuel_sommer" | ||
| __author__ = "manuel-sommer" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| __author__ = "manuel_sommer" | ||
| __author__ = "manuel-sommer" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| __author__ = "manuel_sommer" | ||
| __author__ = "manuel-sommer" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| __author__ = "manuel_sommer" | ||
| __author__ = "manuel-sommer" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| __author__ = "manuel_sommer" | ||
| __author__ = "manuel-sommer" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| __author__ = "manuel_sommer" | ||
| __author__ = "manuel-sommer" |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| from os import path | ||
|
|
||
| from ..dojo_test_case import DojoTestCase | ||
| from dojo.models import Test | ||
| from dojo.tools.burp_dastardly.parser import BurpDastardlyParser | ||
|
|
||
|
|
||
| class TestBurpParser(DojoTestCase): | ||
|
|
||
| def test_burp_dastardly_multiple_findings(self): | ||
| with open(path.join(path.dirname(__file__), "../scans/burp_dastardly/many_findings.xml")) as test_file: | ||
| parser = BurpDastardlyParser() | ||
| findings = parser.get_findings(test_file, Test()) | ||
| for finding in findings: | ||
| for endpoint in finding.unsaved_endpoints: | ||
| endpoint.clean() | ||
| self.assertEqual(4, len(findings)) |