Class: Pipeline::DepCheckListener

Inherits:
Object
  • Object
show all
Includes:
StreamListener
Defined in:
lib/pipeline/tasks/owasp-dep-check.rb

Overview

SAX Like Parser for OWASP DEP CHECK XML.

Instance Method Summary collapse

Constructor Details

#initialize(task) ⇒ DepCheckListener

Returns a new instance of DepCheckListener.



11
12
13
14
15
16
17
18
19
20
21
# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 11

def initialize(task)
  @task = task
  @count = 0
  @sw = ""
  @url = ""
  @desc = ""
  @cwe = ""
  @cvss = ""
  @name = ""
  @fingerprint = ""
end

Instance Method Details

#tag_end(name) ⇒ Object



38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 38

def tag_end(name)
  case name
  when "name"
    if @text =~ /\D/
      @name = @text
    end
  when "cvssScore"
    @cvss = @text
  when "cwe"
    @cwe = @text
  when "description"
    @desc = @text
  when "vulnerableSoftware"
    @sw = ""
  when "software"
    @sw << ", " << @text
  when "url"
    @url << ", " << @text
  when "vulnerability"
    detail = @sw + "\n"+ @url
    description = @desc + "\n" + @cwe
    @fingerprint = @sw+"-"+@name
    puts "Fingerprint: #{@fingerprint}"
    puts "Vuln: #{@name} CVSS: #{@cvss} Description #{description} Detail #{detail}"
    @task.report @name, description, detail, @cvss, @fingerprint
  end
end

#tag_start(name, attrs) ⇒ Object



23
24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 23

def tag_start(name, attrs)
  case name
  when "vulnerability"
    @count = @count + 1 
    # Pipeline.debug "Grabbed #{@count} vulns."
    @sw = ""
    @url = ""
    @desc = ""
    @cwe = ""
    @cvss = ""
    @name = ""
    @fingerprint = ""
  end
end

#text(text) ⇒ Object



66
67
68
# File 'lib/pipeline/tasks/owasp-dep-check.rb', line 66

def text(text)
  @text = text
end