Skip to content
Snippets Groups Projects
Commit 8dfc3a89 authored by Zitnik, Anze's avatar Zitnik, Anze
Browse files

wiser-wcs migrated to pyhton3

parent 86001216
No related branches found
No related tags found
No related merge requests found
**.swp
wiser-wcs-reports/.idea/*
wiser-wcs-reports/env/*
wiser-wcs-reports/example_nmap_output/*
...@@ -14,10 +14,13 @@ COPY install/zap-plugin.patch install/w3af-plugin.patch install/cscan.patch /tmp ...@@ -14,10 +14,13 @@ COPY install/zap-plugin.patch install/w3af-plugin.patch install/cscan.patch /tmp
COPY install/cscan.sh /tmp/install/ COPY install/cscan.sh /tmp/install/
RUN chmod +x /tmp/install/cscan.sh && /tmp/install/cscan.sh RUN chmod +x /tmp/install/cscan.sh && /tmp/install/cscan.sh
COPY wiser-wcs-reports /service/wiser-wcs-reports/
COPY install/wiser-wcs.sh /tmp/install/
RUN chmod +x /tmp/install/wiser-wcs.sh && /tmp/install/wiser-wcs.sh
COPY install/cleanup.sh /tmp/install/ COPY install/cleanup.sh /tmp/install/
RUN chmod +x /tmp/install/cleanup.sh && /tmp/install/cleanup.sh RUN chmod +x /tmp/install/cleanup.sh && /tmp/install/cleanup.sh
COPY wiser-wcs-reports /service/wiser-wcs-reports/
COPY run-cscan.sh configure.py config-example.json /service/ COPY run-cscan.sh configure.py config-example.json /service/
RUN chmod +x /service/run-cscan.sh RUN chmod +x /service/run-cscan.sh
......
VERSION=v1.3.2 VERSION=v1.3.3
SERVICE=vat-genscan SERVICE=vat-genscan
#!/bin/bash
set -e
pip3 install -r /service/wiser-wcs-reports/requirements.txt
...@@ -20,7 +20,7 @@ if [ $RESULT -ne 0 ]; then ...@@ -20,7 +20,7 @@ if [ $RESULT -ne 0 ]; then
fi fi
cd /service/wiser-wcs-reports cd /service/wiser-wcs-reports
python wiser-wcs.py | tail -n 1 > /root/out/genscan-out.json python3 wiser-wcs.py | tail -n 1 > /root/out/genscan-out.json
# outputting the scan result # outputting the scan result
cat /root/out/genscan-out.json cat /root/out/genscan-out.json
......
argparse==1.2.1
simplejson==3.8.0
wsgiref==0.1.2
xml2json==0.1
configparser==4.0.2
xmljson==0.2.0
from xml2json import json2xml, xml2json from xmljson import badgerfish
from xml.etree.ElementTree import fromstring
from os import listdir from os import listdir
from os.path import isfile, join from os.path import isfile, join
import ConfigParser from collections import OrderedDict
import configparser
import json import json
import re import re
...@@ -57,7 +59,7 @@ class WiserVulnerability(IterMixin): ...@@ -57,7 +59,7 @@ class WiserVulnerability(IterMixin):
pass pass
def __str__(self): def __str__(self):
return json.dumps(dict(self)) return json.dumps(self.__dict__)
class WiserReport(IterMixin): class WiserReport(IterMixin):
...@@ -80,16 +82,21 @@ class WiserReport(IterMixin): ...@@ -80,16 +82,21 @@ class WiserReport(IterMixin):
class WiserZapVulnerability(WiserVulnerability): class WiserZapVulnerability(WiserVulnerability):
def __init__(self, alert): def __init__(self, alert):
super().__init__()
self.parse_report(alert) self.parse_report(alert)
@staticmethod
def _pretty(text):
return re.sub('(</?p>)+', '\n', text).strip()
def parse_report(self, alert): def parse_report(self, alert):
self.short_desc = alert['alert']['#text'] self.short_desc = self._pretty(alert['alert']['$'])
self.desc = alert['desc']['#text'] self.desc = self._pretty(alert['desc']['$'])
self.reference = alert['reference']['#text'] self.reference = self._pretty(alert['reference']['$'])
self.risk_level = alert['riskdesc']['#text'] self.risk_level = self._pretty(alert['riskdesc']['$'])
self.solution = alert['solution']['#text'] self.solution = self._pretty(alert['solution']['$'])
if 'wascid' in alert: if 'wascid' in alert:
self.wascid = alert['wascid']['#text'] self.wascid = alert['wascid']['$']
self.source_pentest="OWASP ZAP" self.source_pentest="OWASP ZAP"
self.set_wiser_risk_level() self.set_wiser_risk_level()
...@@ -117,26 +124,26 @@ class WiserZapVulnerability(WiserVulnerability): ...@@ -117,26 +124,26 @@ class WiserZapVulnerability(WiserVulnerability):
class WiserW3afVulnerability(WiserVulnerability): class WiserW3afVulnerability(WiserVulnerability):
def __init__(self, alert): def __init__(self, alert):
super().__init__()
self.parse_report(alert) self.parse_report(alert)
def parse_report(self, alert): def parse_report(self, alert):
self.short_desc = alert['@name'] self.short_desc = alert['@name']
self.desc = alert['description']['#text'] self.desc = alert['description']['$']
if 'references' in alert: if 'references' in alert:
if 'reference' in alert['references']: if 'reference' in alert['references']:
if alert['references']['reference'] is dict: if isinstance(alert['references']['reference'], OrderedDict):
self.reference = alert['references']['reference']['@url'] self.reference = alert['references']['reference']['@url']
if alert['references']['reference'] is list: if alert['references']['reference'] is list:
self.reference = alert['references']['reference'][0]['@url'] self.reference = alert['references']['reference'][0]['@url']
self.risk_level = alert['@severity'] self.risk_level = alert['@severity']
if 'long-description' in alert: if 'long-description' in alert:
self.solution = alert['long-description']['#text'] self.solution = alert['long-description']['$']
if '@id' in alert: if '@id' in alert:
if 'references' in alert: if 'references' in alert:
if 'reference' in alert['references']: if 'reference' in alert['references']:
if '@title' in alert['references']['reference']: if '@title' in alert['references']['reference']:
if alert['references']['reference']['@title'] == 'WASC': if alert['references']['reference']['@title'] == 'WASC':
#self.wascid = alert['@id']
self.wascid = re.sub('[\[\]]', '', alert['@id']) self.wascid = re.sub('[\[\]]', '', alert['@id'])
self.source_pentest="W3af" self.source_pentest="W3af"
self.set_wiser_risk_level() self.set_wiser_risk_level()
...@@ -155,6 +162,7 @@ class WiserW3afVulnerability(WiserVulnerability): ...@@ -155,6 +162,7 @@ class WiserW3afVulnerability(WiserVulnerability):
class WiserZapReport(WiserReport): class WiserZapReport(WiserReport):
def __init__(self, report): def __init__(self, report):
super().__init__()
self.parse_report(report) self.parse_report(report)
def parse_report(self, report_dict): def parse_report(self, report_dict):
...@@ -164,7 +172,6 @@ class WiserZapReport(WiserReport): ...@@ -164,7 +172,6 @@ class WiserZapReport(WiserReport):
:return: :return:
""" """
self.report = list() self.report = list()
print report_dict
if 'site' in report_dict: if 'site' in report_dict:
if 'alerts' in report_dict['site'] and report_dict['site']['alerts'] is not None: if 'alerts' in report_dict['site'] and report_dict['site']['alerts'] is not None:
if 'alertitem' in report_dict['site']['alerts']: if 'alertitem' in report_dict['site']['alerts']:
...@@ -181,6 +188,7 @@ class WiserZapReport(WiserReport): ...@@ -181,6 +188,7 @@ class WiserZapReport(WiserReport):
class WiserW3afReport(WiserReport): class WiserW3afReport(WiserReport):
def __init__(self, report): def __init__(self, report):
super().__init__()
self.parse_report(report) self.parse_report(report)
def parse_report(self, report_dict): def parse_report(self, report_dict):
...@@ -208,7 +216,7 @@ def parse_config_file(filename): ...@@ -208,7 +216,7 @@ def parse_config_file(filename):
:param filename: the config file :param filename: the config file
:return: :return:
""" """
config = ConfigParser.ConfigParser() config = configparser.ConfigParser()
config.read(filename) config.read(filename)
return config return config
...@@ -219,16 +227,12 @@ def reports_json(dir): ...@@ -219,16 +227,12 @@ def reports_json(dir):
:param dir: :param dir:
:return: :return:
""" """
options = Options
setattr(options, 'pretty', False)
strip_ns = 0
strip = 0
onlyfiles = [f for f in listdir(dir) if isfile(join(dir,f))] onlyfiles = [f for f in listdir(dir) if isfile(join(dir,f))]
reports = dict() reports = dict()
for f in onlyfiles: for f in onlyfiles:
inputstream = open(join(dir,f)) inputstream = open(join(dir,f))
input = inputstream.read() input = inputstream.read()
out = xml2json(input, options, strip_ns, strip) out = badgerfish.data(fromstring(input))
reports[f] = out reports[f] = out
return reports return reports
...@@ -240,7 +244,7 @@ def list_vulnerabilities(reports): ...@@ -240,7 +244,7 @@ def list_vulnerabilities(reports):
""" """
vulnerabilities = list() vulnerabilities = list()
for report in reports.values(): for report in reports.values():
report_dict = json.loads(report) report_dict = report
if "OWASPZAPReport" in report_dict: if "OWASPZAPReport" in report_dict:
vulnerabilities.extend(WiserZapReport(report_dict['OWASPZAPReport']).get_report()) vulnerabilities.extend(WiserZapReport(report_dict['OWASPZAPReport']).get_report())
if "w3af-run" in report_dict: if "w3af-run" in report_dict:
...@@ -249,14 +253,14 @@ def list_vulnerabilities(reports): ...@@ -249,14 +253,14 @@ def list_vulnerabilities(reports):
if __name__ == "__main__": if __name__ == "__main__":
config = parse_config_file('wiser-wcs.cfg') config = parse_config_file('wiser-wcs.cfg')
reports = reports_json(config._sections['cscan_config']['cscan_output']) reports = reports_json(config['cscan_config']['cscan_output'])
print "printing vulnerabilities: " print("printing vulnerabilities: ")
vulnerabilities = list_vulnerabilities(reports) vulnerabilities = list_vulnerabilities(reports)
vulnerabilities_list = list() vulnerabilities_list = list()
for vulnerability in vulnerabilities: for vulnerability in vulnerabilities:
print vulnerability print(vulnerability)
vulnerabilities_list.append(vulnerability.__dict__) vulnerabilities_list.append(vulnerability.__dict__)
vulnerabilities_json = json.dumps({ "reports": vulnerabilities_list}) vulnerabilities_json = json.dumps({ "reports": vulnerabilities_list})
print "printing vulnerabilities JSON: " print("printing vulnerabilities JSON: ")
print vulnerabilities_json print(vulnerabilities_json)
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment