Sha256: bbbd17c5d36279c450911ae158d4b9eb8d7193dc4f0fea8acef26abe19cee7cf
Contents?: true
Size: 1.96 KB
Versions: 22
Compression:
Stored size: 1.96 KB
Contents
module Dradis::Plugins::Zap
class Importer < Dradis::Plugins::Upload::Importer
# The framework will call this function if the user selects this plugin from
# the dropdown list and uploads a file.
# @returns true if the operation was successful, false otherwise
def import(params={})
file_content = File.read( params.fetch(:file) )
logger.info{'Parsing ZAP output file...'}
@doc = Nokogiri::XML( file_content )
logger.info{'Done.'}
if @doc.xpath('/OWASPZAPReport/site').empty?
error = "No scan results were detected in the uploaded file (/OWASPZAPReport/site). Ensure you uploaded an ZAP XML report."
logger.fatal{ error }
content_service.create_note text: error
return false
end
@doc.xpath('/OWASPZAPReport/site').each do |xml_site|
process_site(xml_site)
end
return true
end # /import
private
attr_accessor :site_node
def process_site(xml_site)
host = xml_site[:host]
name = xml_site[:name]
self.site_node = content_service.create_node(label: host, type: :host)
logger.info{ "\tSite name: #{name}" }
xml_site.xpath('./alerts/alertitem').each do |xml_alert_item|
process_alert_item(xml_alert_item)
end
end
def process_alert_item(xml_alert_item)
plugin_id = xml_alert_item.at_xpath('./pluginid').text()
logger.info{ "\t\t => Creating new issue (plugin_id: #{plugin_id})" }
issue_text = template_service.process_template(template: 'issue', data: xml_alert_item)
issue = content_service.create_issue(text: issue_text, id: plugin_id)
xml_alert_item.xpath('./instances/instance').each do |xml_instance|
logger.info{ "\t\t => Creating new evidence" }
evidence_content = template_service.process_template(template: 'evidence', data: xml_instance)
content_service.create_evidence(issue: issue, node: site_node, content: evidence_content)
end
end
end
end
Version data entries
22 entries across 22 versions & 1 rubygems