Skip to content

Commit

Permalink
🎉 added hcl appscan parser #8829 (#8858)
Browse files Browse the repository at this point in the history
* 🎉 added hcl appscan parser #8829

* remove unneeded method

* 🐛 fix unittests

* 🐛 fix unittest

* added unittests

* fix documentation according to comment
  • Loading branch information
manuel-sommer authored Nov 3, 2023
1 parent 4dc9664 commit 4aa4280
Show file tree
Hide file tree
Showing 6 changed files with 13,961 additions and 0 deletions.
5 changes: 5 additions & 0 deletions docs/content/en/integrations/parsers/file/hcl_appscan.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
title: "HCL Appscan"
toc_hide: true
---
The HCL Appscan has the possibiilty to export the results in PDF, XML and CSV formats within the portal. However, this parser only supports the import of XML generated from HCL Appscan on cloud.
1 change: 1 addition & 0 deletions dojo/tools/hcl_appscan/__init__.py
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
__author__ = "manuel_sommer"
83 changes: 83 additions & 0 deletions dojo/tools/hcl_appscan/parser.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
from xml.dom import NamespaceErr
from defusedxml import ElementTree as ET
from dojo.models import Finding, Endpoint


class HCLAppScanParser(object):
def get_scan_types(self):
return ["HCLAppScan XML"]

def get_label_for_scan_types(self, scan_type):
return scan_type # no custom label for now

def get_description_for_scan_types(self, scan_type):
return "Import XML output of HCL AppScan."

def get_findings(self, file, test):
findings = []
tree = ET.parse(file)
root = tree.getroot()
if "xml-report" not in root.tag:
raise NamespaceErr(
"This doesn't seem to be a valid HCLAppScan xml file."
)
report = root.find("issue-group")
if report is not None:
for finding in report:
description = ""
for item in finding:
match item.tag:
case 'severity':
severity = item.text
case 'cwe':
cwe = item.text
case 'remediation':
remediation = item.text
case 'advisory':
advisory = item.text
case 'issue-type-name':
issuetypename = item.text
description = description + "Issue-Type-Name: " + issuetypename + "\n"
case 'location':
location = item.text
description = description + "Location: " + location + "\n"
case 'domain':
domain = item.text
description = description + "Domain: " + domain + "\n"
case 'element':
element = item.text
description = description + "Element: " + element + "\n"
case 'element-type':
elementtype = item.text
description = description + "ElementType: " + elementtype + "\n"
case 'path':
path = item.text
description = description + "Path: " + path + "\n"
case 'scheme':
scheme = item.text
description = description + "Scheme: " + scheme + "\n"
case 'host':
host = item.text
description = description + "Host: " + host + "\n"
case 'port':
port = item.text
description = description + "Port: " + port + "\n"
case 'asoc-issue-id':
asocissueid = item.text
finding = Finding(
title=str(issuetypename + "_" + domain + "_" + path),
description=description,
severity=severity,
cwe=cwe,
mitigation="Remediation: " + remediation + "\nAdvisory: " + advisory,
dynamic_finding=True,
static_finding=False,
unique_id_from_tool=asocissueid
)
findings.append(finding)
finding.unsaved_endpoints = list()
endpoint = Endpoint(host=host, port=port)
finding.unsaved_endpoints.append(endpoint)
return findings
else:
return findings
Loading

0 comments on commit 4aa4280

Please sign in to comment.