Created
May 16, 2014 02:02
-
-
Save bobrich/b5b0d1a76d3c075af9a4 to your computer and use it in GitHub Desktop.
CWE support for netsparker and ntospider importers
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/threadfix-importers/src/main/java/com/denimgroup/threadfix/importer/impl/upload/NTOSpiderChannelImporter.java b/threadfix-importers/src/main/java/com/denimgroup/threadfix/importer/impl/upload/NTOSpiderChannelImporter.java | |
index 1f89618..20a693f 100644 | |
--- a/threadfix-importers/src/main/java/com/denimgroup/threadfix/importer/impl/upload/NTOSpiderChannelImporter.java | |
+++ b/threadfix-importers/src/main/java/com/denimgroup/threadfix/importer/impl/upload/NTOSpiderChannelImporter.java | |
@@ -50,6 +50,7 @@ class NTOSpiderChannelImporter extends AbstractChannelImporter { | |
tagMap.put("attackscore", FindingKey.SEVERITY_CODE); | |
tagMap.put("parametername", FindingKey.PARAMETER); | |
tagMap.put("normalizedurl", FindingKey.PATH); | |
+ tagMap.put("cweid", FindingKey.PATH); | |
} | |
private static final String VULN_TAG = "vuln", SCAN_DATE = "scandate", | |
diff --git a/threadfix-importers/src/main/java/com/denimgroup/threadfix/importer/impl/upload/NetsparkerChannelImporter.java b/threadfix-importers/src/main/java/com/denimgroup/threadfix/importer/impl/upload/NetsparkerChannelImporter.java | |
index 1efddf7..f3188f0 100644 | |
--- a/threadfix-importers/src/main/java/com/denimgroup/threadfix/importer/impl/upload/NetsparkerChannelImporter.java | |
+++ b/threadfix-importers/src/main/java/com/denimgroup/threadfix/importer/impl/upload/NetsparkerChannelImporter.java | |
@@ -65,11 +65,13 @@ class NetsparkerChannelImporter extends AbstractChannelImporter { | |
private Boolean getUrlText = false; | |
private Boolean getParamText = false; | |
private Boolean getSeverityText = false; | |
+ private Boolean getCweText = false; | |
private String currentChannelVulnCode = null; | |
private String currentUrlText = null; | |
private String currentParameter = null; | |
private String currentSeverityCode = null; | |
+ private String currentCwe = null; | |
private String host = null; | |
@@ -96,6 +98,8 @@ class NetsparkerChannelImporter extends AbstractChannelImporter { | |
getParamText = true; | |
} else if ("severity".equals(qName)) { | |
getSeverityText = true; | |
+ } else if ("CWE".equals(qName)) { | |
+ getCweText = true; | |
} else if ("netsparker".equals(qName)) { | |
// date = getCalendarFromString("MM/dd/yyyy hh:mm:ss a", atts.getValue("generated")); | |
date = getCalendar(atts.getValue("generated")); | |
@@ -116,6 +120,9 @@ class NetsparkerChannelImporter extends AbstractChannelImporter { | |
} else if (getParamText) { | |
currentParameter = getBuilderText(); | |
getParamText = false; | |
+ } else if (getCweText) { | |
+ currentCwe = getBuilderText(); | |
+ getParamText = false; | |
} else if (getSeverityText) { | |
currentSeverityCode = getBuilderText(); | |
getSeverityText = false; | |
@@ -139,12 +146,13 @@ class NetsparkerChannelImporter extends AbstractChannelImporter { | |
currentSeverityCode = null; | |
currentParameter = null; | |
currentUrlText = null; | |
+ currentCwe = null; | |
} | |
} | |
public void characters (char ch[], int start, int length) | |
{ | |
- if (getChannelVulnText || getUrlText || getParamText || getSeverityText) { | |
+ if (getChannelVulnText || getUrlText || getParamText || getSeverityText || getCweText) { | |
addTextToBuilder(ch, start, length); | |
} | |
} | |
-- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment