27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
# File 'lib/dradis/plugins/burp/xml/importer.rb', line 27
def import(params = {})
file_content = File.read(params[:file])
if file_content =~ /base64="false"/
error = "Burp input contains HTTP request / response data that hasn't been Base64-encoded.\n"
error << 'Please re-export your scanner results making sure the Base-64 encode option is selected.'
logger.fatal{ error }
content_service.create_note text: error
return false
end
logger.info { 'Parsing Burp Scanner XML output file...' }
doc = Nokogiri::XML(file_content) { |config| config.huge }
logger.info { 'Done.' }
if doc.root.name != 'issues'
error = 'Document doesn\'t seem to be in the Burp Scanner XML format.'
logger.fatal { error }
content_service.create_note text: error
return false
end
@issues = []
@severities = Hash.new(0)
doc.xpath('issues/issue').each do |xml_issue|
issue_id = issue_id_for(xml_issue)
issue_severity = BURP_SEVERITIES.index(xml_issue.at('severity').text)
@severities[issue_id] = issue_severity if issue_severity > @severities[issue_id]
@issues << xml_issue
end
@issues.each { |xml_issue| process_issue(xml_issue) }
logger.info { 'Burp Scanner results successfully imported' }
true
end
|