26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
# File 'lib/dradis/plugins/qualys/was/importer.rb', line 26
def import(params = {})
file_content = File.read(params[:file])
logger.info { 'Parsing Qualys WAS XML output file...' }
doc = Nokogiri::XML(file_content)
logger.info { 'Done.' }
if doc.root.name != 'WAS_SCAN_REPORT'
error = 'Document doesn\'t seem to be in the Qualys WAS XML format.'
logger.fatal { error }
content_service.create_note text: error
return false
end
logger.info { 'Global Summary information' }
xml_global_summary = doc.at_xpath('WAS_SCAN_REPORT/SUMMARY/GLOBAL_SUMMARY')
logger.info { 'Security Risk: ' + xml_global_summary.at_xpath('./SECURITY_RISK').text }
logger.info { 'Vulnerabilities found: ' + xml_global_summary.at_xpath('./VULNERABILITY').text }
xml_webapp =
doc.at_xpath('WAS_SCAN_REPORT/APPENDIX/WEBAPP | WAS_SCAN_REPORT/APPENDIX/WEB_APPLICATION')
process_webapp(xml_webapp)
doc.xpath('WAS_SCAN_REPORT/GLOSSARY/QID_LIST/QID').each do |xml_qid|
process_issue(xml_qid)
end
vulnerability_list =
doc.xpath(
'WAS_SCAN_REPORT/RESULTS/VULNERABILITY_LIST/VULNERABILITY | ' +
'WAS_SCAN_REPORT/RESULTS/WEB_APPLICATION/VULNERABILITY_LIST/VULNERABILITY'
)
vulnerability_list.each do |xml_vulnerability|
process_evidence(xml_vulnerability)
end
true
end
|