Class: Dradis::Plugins::Veracode::Importer
- Inherits:
-
Upload::Importer
- Object
- Upload::Importer
- Dradis::Plugins::Veracode::Importer
- Includes:
- Formats::Flaw, Formats::Vulnerability
- Defined in:
- lib/dradis/plugins/veracode/importer.rb
Instance Attribute Summary collapse
-
#node ⇒ Object
Returns the value of attribute node.
Class Method Summary collapse
Instance Method Summary collapse
-
#import(params = {}) ⇒ Object
The framework will call this function if the user selects this plugin from the dropdown list and uploads a file.
Instance Attribute Details
#node ⇒ Object
Returns the value of attribute node.
3 4 5 |
# File 'lib/dradis/plugins/veracode/importer.rb', line 3 def node @node end |
Class Method Details
.templates ⇒ Object
8 9 10 |
# File 'lib/dradis/plugins/veracode/importer.rb', line 8 def self.templates { evidence: ['evidence', 'sca_evidence'], issue: ['issue', 'sca_issue'] } end |
Instance Method Details
#import(params = {}) ⇒ Object
The framework will call this function if the user selects this plugin from the dropdown list and uploads a file.
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'lib/dradis/plugins/veracode/importer.rb', line 15 def import(params = {}) file_content = File.read(params[:file]) # Parse the uploaded file into a Ruby Hash logger.info { "Parsing Veracode output from #{ params[:file] }..." } xml = Nokogiri::XML(file_content) logger.info { 'Done.' } # Do a sanity check to confirm the user uploaded the right file # format. if xml.root.name != 'detailedreport' error = 'Document doesn\'t seem to be in the Veracode Detailed Report XML format.' logger.fatal { error } content_service.create_note text: error return false end # create app_name, and parse attributes @node = parse_report_details(xml.root) # parse each severity > category > cwe > staticflaws > flaw xml.root.xpath('xmlns:severity').each do |xml_severity| logger.info { "\t => Severity (level: #{ xml_severity[:level] })" } xml_severity.xpath('./xmlns:category/xmlns:cwe/xmlns:staticflaws/xmlns:flaw').each do |xml_flaw| parse_flaw(xml_flaw) end end # parse each software_composition_analysis > ... > vulnerability xml.root.xpath( 'xmlns:software_composition_analysis/xmlns:vulnerable_components//xmlns:vulnerability' ).each do |xml_vuln| parse_vulnerability(xml_vuln) end end |