-
Notifications
You must be signed in to change notification settings - Fork 0
/
rapidast_parser.py
68 lines (54 loc) · 2.42 KB
/
rapidast_parser.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
import os
import argparse
import json
import csv
from datetime import datetime
def check_names(path):
if not os.path.exists(os.path.dirname(path)):
os.makedirs(os.path.dirname(path))
#Based on https://github.com/zaproxy/zaproxy/blob/296801bb838ae1ceca102a6be5b5ed2e8c29e097/src/org/parosproxy/paros/core/scanner/Alert.java#L62-L65
mapping_values = dict([
('0', 'Informational'),
('1', 'Low'),
('2','Medium'),
('3','High')
])
cwe_url = "https://cwe.mitre.org/data/definitions/{{cwe_id}}.html"
zap_url = "https://www.zaproxy.org/docs/alerts/{{alert_id}}/"
file_name = "parsed_results_" + datetime.now().strftime("%Y-%m-%d-%H-%M-%S") + ".csv"
parser = argparse.ArgumentParser(description='Select file to parse.')
parser.add_argument('--file', dest='file',
default="zap-report.json",
help='Select rapidast file result to parse (default: zap-report.json)')
parser.add_argument('--output', dest='output_destination',
default= r"results/" + file_name,
help='Select name of results file (the extension should be csv). If no file is specified, a default parsed_results_<date>.csv file will be used. ')
args = parser.parse_args()
f = open(args.file)
data = json.load(f)
alerts = data['site'][0]['alerts']
parsedalerts = []
for alert in alerts:
risk = mapping_values[alert['riskcode']]
name = alert['name']
description = alert['desc']
solution = alert['solution']
cwe = cwe_url.replace('{{cwe_id}}', alert['cweid'])
instances = alert['instances']
parsed_instances = []
for instance in instances:
parsed_instances.append(instance['uri'])
confidence = mapping_values[alert['confidence']]
zap_alert = zap_url.replace('{{alert_id}}', alert['alertRef'])
parsed_alert = [risk,name,description,solution,cwe,parsed_instances,confidence, zap_alert]
parsedalerts.append(parsed_alert)
parsed_path = os.path.normpath(args.output_destination)
check_names(parsed_path)
with open(parsed_path, 'x', newline='') as file:
writer = csv.writer(file)
information = [data['site'][0]['@name'], "Port = " + data['site'][0]['@port'], "SSL = " + data['site'][0]['@ssl']]
writer.writerow(information)
field = ["Risk", "Name", "Description", "Solution", "CWE", "Affected Instances (Short form)", "Confidence", "Alert information"]
writer.writerow(field)
for elem in parsedalerts:
writer.writerow(elem)