| |
---|
| | $ob= simplexml_load_string($xmlfile); |
---|
| | $json = json_encode($ob); |
---|
| | $configData = json_decode($json, true); |
---|
| | |
---|
| | $resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/"; |
---|
| | //$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/"; |
---|
| | |
---|
| | foreach ($configData['report_sections']['section']['subsection'] as $key => $value) { |
---|
| | # code... |
---|
| | //echo $value['title']."\n"; |
---|
| | //print_r($value); |
---|
| | foreach($value['finding'] as $key2 => $value2){ |
---|
| | if($filter->getParam('no-save') === true){ |
---|
| | echo "[+] issue: ".$value2['@attributes']['title']."\n"; |
---|
| | }else{ |
---|
| | echo "[+] creating json for: ".$value2['@attributes']['title']."\n"; |
---|
| | } |
---|
| | $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) ); |
---|
| | if( isset($configData['report_sections']['section'][0]['subsection'][0]['@attributes']['title'])){ |
---|
| | // multiple headings |
---|
| | foreach( $configData['report_sections']['section'] as $key1 => $val1 ){ |
---|
| | //echo $key1." - ".$val1."\n"; |
---|
| | foreach ($val1['subsection'] as $key => $value) { |
---|
| | if(isset($value['finding'] )){ |
---|
| | foreach($value['finding'] as $key2 => $value2){ |
---|
| | if(isset($value2['@attributes']['title']) && isset($value2['summary_description'])){ |
---|
| | if($filter->getParam('no-save') === true){ |
---|
| | echo "[+] issue: ".$value2['@attributes']['title']."\n"; |
---|
| | }else{ |
---|
| | echo "[+] creating json for: ".$value2['@attributes']['title']."\n"; |
---|
| | } |
---|
| | $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) ); |
---|
| | |
---|
| | if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){ |
---|
| | $cvss3_score = $value2['cvss']; |
---|
| | $cvss3_vector = $value2['cvss_vector']; |
---|
| | }else{ |
---|
| | $cvss3_score = ""; |
---|
| | $cvss3_vector = ""; |
---|
| | } |
---|
| | if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){ |
---|
| | $cvss3_score = $value2['cvss']; |
---|
| | $cvss3_vector = $value2['cvss_vector']; |
---|
| | }else{ |
---|
| | $cvss3_score = ""; |
---|
| | $cvss3_vector = ""; |
---|
| | } |
---|
| | |
---|
| | $techD = ""; |
---|
| | foreach ($value2['section'] as $key => $value) { |
---|
| | # code... |
---|
| | $techD .= @base64_decode($value)."\n"; |
---|
| | } |
---|
| | $cvssS = (isset($value2['cvss']))? $value2['cvss'] : ""; |
---|
| | $techD = ""; |
---|
| | foreach ($value2['section'] as $key => $value) { |
---|
| | # code... |
---|
| | $techD .= @base64_decode($value)."\n"; |
---|
| | } |
---|
| | $cvssS = (isset($value2['cvss']))? $value2['cvss'] : ""; |
---|
| | |
---|
| | $sev = $value2['severity']; |
---|
| | $sev = str_replace("serious", "Serious", $sev); |
---|
| | $sev = str_replace("high", "High", $sev); |
---|
| | $sev = str_replace("medium", "Medium", $sev); |
---|
| | $sev = str_replace("low", "Low", $sev); |
---|
| | $sev = str_replace("info", "Informational", $sev); |
---|
| | $sev = $value2['severity']; |
---|
| | $sev = str_replace("serious", "Serious", $sev); |
---|
| | $sev = str_replace("high", "High", $sev); |
---|
| | $sev = str_replace("medium", "Medium", $sev); |
---|
| | $sev = str_replace("low", "Low", $sev); |
---|
| | $sev = str_replace("info", "Informational", $sev); |
---|
| | |
---|
| | $jsonFile = '{ |
---|
| | "title":'.json_encode($value2['@attributes']['title']).', |
---|
| | "category":"", |
---|
| | "remediation":'.json_encode(base64_decode($value2['remediation'])).', |
---|
| | "cvss_score":'.json_encode($cvssS).', |
---|
| | "risk":'.json_encode($sev).', |
---|
| | "impact":"High/Medium/Low", |
---|
| | "description":'.json_encode(base64_decode($value2['summary_description'])).', |
---|
| | "tech_description":'.json_encode($techD).', |
---|
| | "solution":'.json_encode(base64_decode($value2['summary_fix'])).', |
---|
| | "cvss2_score":"", |
---|
| | "cvss2_vector":"", |
---|
| | "cvss3_score":'.json_encode($cvss3_score).', |
---|
| | "cvss3_vector":'.json_encode($cvss3_vector).', |
---|
| | "owasp":"", |
---|
| | "tags":'.json_encode(base64_decode($value2['vuln_tags'])).', |
---|
| | "to_check":"checked"}'; |
---|
| | $jsonFile = '{ |
---|
| | "title":'.json_encode($value2['@attributes']['title']).', |
---|
| | "category":"", |
---|
| | "remediation":'.json_encode(base64_decode($value2['remediation'])).', |
---|
| | "cvss_score":'.json_encode($cvssS).', |
---|
| | "risk":'.json_encode($sev).', |
---|
| | "impact":"High/Medium/Low", |
---|
| | "description":'.json_encode(base64_decode($value2['summary_description'])).', |
---|
| | "tech_description":'.json_encode($techD).', |
---|
| | "solution":'.json_encode(base64_decode($value2['summary_fix'])).', |
---|
| | "cvss2_score":"", |
---|
| | "cvss2_vector":"", |
---|
| | "cvss3_score":'.json_encode($cvss3_score).', |
---|
| | "cvss3_vector":'.json_encode($cvss3_vector).', |
---|
| | "owasp":"", |
---|
| | "tags":'.json_encode(base64_decode($value2['vuln_tags'])).', |
---|
| | "to_check":"checked"}'; |
---|
| | |
---|
| | if($filter->getParam('no-save') === false){ |
---|
| | file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile); |
---|
| | if($filter->getParam('no-save') === false){ |
---|
| | file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile); |
---|
| | } |
---|
| | } |
---|
| | } |
---|
| | } |
---|
| | |
---|
| | } |
---|
| | } |
---|
| | |
---|
| | // single heading |
---|
| | }else{ |
---|
| | foreach ($configData['report_sections']['section']['subsection'] as $key => $value) { |
---|
| | # code... |
---|
| | //echo $value['title']."\n"; |
---|
| | //print_r($value); |
---|
| | foreach($value['finding'] as $key2 => $value2){ |
---|
| | |
---|
| | if($filter->getParam('no-save') === true){ |
---|
| | echo "[+] issue: ".$value2['@attributes']['title']."\n"; |
---|
| | }else{ |
---|
| | echo "[+] creating json for: ".$value2['@attributes']['title']."\n"; |
---|
| | } |
---|
| | $vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( $value2['@attributes']['title']) ); |
---|
| | |
---|
| | if(isset($value2['cvss_vector']) && @strpos($value2['cvss_vector'], 'CVSS:3.0') === 0 ){ |
---|
| | $cvss3_score = $value2['cvss']; |
---|
| | $cvss3_vector = $value2['cvss_vector']; |
---|
| | }else{ |
---|
| | $cvss3_score = ""; |
---|
| | $cvss3_vector = ""; |
---|
| | } |
---|
| | |
---|
| | $techD = ""; |
---|
| | foreach ($value2['section'] as $key => $value) { |
---|
| | # code... |
---|
| | $techD .= @base64_decode($value)."\n"; |
---|
| | } |
---|
| | $cvssS = (isset($value2['cvss']))? $value2['cvss'] : ""; |
---|
| | |
---|
| | $sev = $value2['severity']; |
---|
| | $sev = str_replace("serious", "Serious", $sev); |
---|
| | $sev = str_replace("high", "High", $sev); |
---|
| | $sev = str_replace("medium", "Medium", $sev); |
---|
| | $sev = str_replace("low", "Low", $sev); |
---|
| | $sev = str_replace("info", "Informational", $sev); |
---|
| | |
---|
| | $jsonFile = '{ |
---|
| | "title":'.json_encode($value2['@attributes']['title']).', |
---|
| | "category":"", |
---|
| | "remediation":'.json_encode(base64_decode($value2['remediation'])).', |
---|
| | "cvss_score":'.json_encode($cvssS).', |
---|
| | "risk":'.json_encode($sev).', |
---|
| | "impact":"High/Medium/Low", |
---|
| | "description":'.json_encode(base64_decode($value2['summary_description'])).', |
---|
| | "tech_description":'.json_encode($techD).', |
---|
| | "solution":'.json_encode(base64_decode($value2['summary_fix'])).', |
---|
| | "cvss2_score":"", |
---|
| | "cvss2_vector":"", |
---|
| | "cvss3_score":'.json_encode($cvss3_score).', |
---|
| | "cvss3_vector":'.json_encode($cvss3_vector).', |
---|
| | "owasp":"", |
---|
| | "tags":'.json_encode(base64_decode($value2['vuln_tags'])).', |
---|
| | "to_check":"checked"}'; |
---|
| | |
---|
| | if($filter->getParam('no-save') === false){ |
---|
| | file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile); |
---|
| | } |
---|
| | } |
---|
| | |
---|
| | } |
---|
| | } |
---|
| | |