func exportScanResult(w http.ResponseWriter, r *http.Request) {
m := parseQueryString(r.RequestURI)
_, ok := m["scan"]
if !ok {
return
}
// create a new buffer
b := &bytes.Buffer{}
wr := csv.NewWriter(b)
scan := db.GetScanData(m["scan"])
// insert some format stuff to make the cvs looking better
wr.Write([]string{" "})
wr.Write([]string{" ", "Project:", scan["name"]})
wr.Write([]string{" ", "Scan:", scan["date"]})
wr.Write([]string{" "})
wr.Write([]string{" ", "Findings in this scan", " ", " ", " ", " States: 0 new / 1 false-positiv / 2 solved"})
wr.Write([]string{" "})
wr.Write([]string{" "})
wr.Write([]string{" ", "CATEGORY", "PLUGIN", "SEVERITY", "STATE", "URL", "COMMENT", "DESCRIPTION"})
// first run get results by scan
vulns := db.GetVulnerabilities(m["scan"], "0")
// second run get results by project
//vulns := db.GetVulnerabilities("0", scan["id"])
// TODO build external function
//generateScanResult(vulns)
//generateScanResult(vulns)
categories := db.GetCategories()
plugins := db.GetPlugins()
severities := db.GetSeveritiesById()
for _, catRow := range categories {
wr.Write([]string{" ", catRow["name"]})
for _, pluginRow := range plugins {
if pluginRow["cat"] == catRow["id"] {
wr.Write([]string{" ", " ", pluginRow["name"], " "})
for _, vulnRow := range vulns {
if vulnRow["plugin"] == pluginRow["id"] {
wr.Write([]string{" ", " ", pluginRow["name"], severities[vulnRow["sev"]], vulnRow["state"], vulnRow["url"], vulnRow["comment"], vulnRow["desc"]})
}
}
}
}
}
wr.Flush()
w.Header().Set("Content-Type", "text/csv")
w.Header().Set("Content-Disposition", "attachment;filename=report.csv")
w.Write(b.Bytes())
}
func parseXML(path string) bool {
var cat, check string
// is the path to the xml file correct?
xmli, err := os.Open(path)
checkErr(err)
defer xmli.Close()
project := getProject(path)
scan := getScan(project)
plugins := db.GetPlugins()
categories := db.GetCategories()
severities := db.GetSeverities()
dc := xml.NewDecoder(xmli)
// first we read and update the categories and the plugis
for {
v, _ := dc.Token()
if v == nil {
break
}
switch r := v.(type) {
case xml.StartElement:
_, ok := categories[r.Name.Local]
if ok {
// we found a categoriy
cat = r.Name.Local
fmt.Printf("Found category %s. Cat ID: %s Start reading plugins\n ", cat, categories[cat]["id"])
}
if r.Name.Local == "plugin" {
var pn plugin
dc.DecodeElement(&pn, &r)
_, ok := plugins[pn.Name]
if ok {
// plugin already known
fmt.Printf("Found already known plugin: %s. Doing nothing\n ", pn.Name)
} else {
// unknown plugin.
fmt.Printf("Found not known plugin: %s. Insert it into the database. Categorie is %s (ID:%s)\n ", pn.Name, cat, categories[cat]["id"])
id := db.PluginInsert(categories[cat]["id"], pn.Name)
fmt.Printf("Plugin inserted. ID: %v\n ", id)
check = "reload"
}
}
if r.Name.Local == "vulnerability" {
// we reach the vuln part of the xml so we are finishred with the categories and plugins
// exit the function and restart it to parsing just the the vulnerabilities
if check == "reload" {
return false
}
var vn vuln
dc.DecodeElement(&vn, &r)
db.VulnerabilityInsert(vn.URL, vn.Description, severities[vn.Severity], plugins[vn.Plugin]["id"], plugins[vn.Plugin]["cat"], project, scan)
}
}
}
fmt.Println("vulnerabilities done. Exiting now")
return true
}