diff --git a/ReportToolz/config.php b/ReportToolz/config.php
new file mode 100644
index 0000000..bdd99a0
--- /dev/null
+++ b/ReportToolz/config.php
@@ -0,0 +1,11 @@
+<?php
+// path to vdb
+$vulnDB = "/opt/RossMarks/vdb/";
+// path to scripts repgen, vdp, floss etc..
+$vdbPath = "/opt/RossMarks/DirtyScripts/ReportToolz/";
+
+// repgen templates
+$template = "templates/odt/blank_template_v1.1.odt";
+//$CHECKtemplate = "templates/odt/blank_template_check_v0.4.odt";
+$vulnTemplate = "templates/odt/vuln_template_v0.2.xml";
+?>
\ No newline at end of file
diff --git a/ReportToolz/config.php b/ReportToolz/config.php
new file mode 100644
index 0000000..bdd99a0
--- /dev/null
+++ b/ReportToolz/config.php
@@ -0,0 +1,11 @@
+<?php
+// path to vdb
+$vulnDB = "/opt/RossMarks/vdb/";
+// path to scripts repgen, vdp, floss etc..
+$vdbPath = "/opt/RossMarks/DirtyScripts/ReportToolz/";
+
+// repgen templates
+$template = "templates/odt/blank_template_v1.1.odt";
+//$CHECKtemplate = "templates/odt/blank_template_check_v0.4.odt";
+$vulnTemplate = "templates/odt/vuln_template_v0.2.xml";
+?>
\ No newline at end of file
diff --git a/ReportToolz/floss.php b/ReportToolz/floss.php
new file mode 100755
index 0000000..439bdb7
--- /dev/null
+++ b/ReportToolz/floss.php
@@ -0,0 +1,138 @@
+#!/usr/bin/php
+<?php
+//error_reporting(0);
+include('config.php');
+
+/***
+ * Main program - Don't edit below
+ */
+echo "·▄▄▄▄▄▌ .▄▄ · .▄▄ · \n▐▄▄·██• ▪ ▐█ ▀. ▐█ ▀. \n██▪ ██▪ ▄█▀▄ ▄▀▀▀█▄▄▀▀▀█▄\n██▌.▐█▌▐▌▐█▌.▐▌▐█▄▪▐█▐█▄▪▐█\n▀▀▀ .▀▀▀ ▀█▄▀▪ ▀▀▀▀ ▀▀▀▀ \n";
+
+foreach (glob("classes/*.php") as $filename)
+ include $filename;
+
+$definitions = new \Clapp\CommandLineArgumentDefinition(
+ array(
+ "help|h" => "Shows help message",
+ "path|p=s" => "/path/to/jsons/"
+ )
+);
+
+$filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
+
+if ($filter->getParam('h') === true || $argc < 2) {
+ echo "The JSON prettyfier\n\n";
+ fwrite(STDERR, $definitions->getUsage());
+ exit(0);
+}
+
+if(!file_exists($vulnDB."/floss.csv"))
+ die("[!] floss.csv not found, is config.php correct?\n");
+
+// create the CSV array
+$csv = array();
+$file = fopen($vulnDB."/floss.csv", 'r');
+while (($result = fgetcsv($file)) !== false){
+ $csv[] = $result;
+}
+fclose($file);
+
+// see if doc exists
+if ($filter->getParam("path") == false)
+ die("[-] no path set\n");
+
+// load vdb vulns
+$vdbVulns = getDirContents($vulnDB);
+foreach($vdbVulns as $h => $i){ // remove begining of vdb path (keeps clean)
+ $vdbVulns[$h] = str_replace($vulnDB, "", $i);
+}
+echo "VDB: ".sizeof($vdbVulns).", ";
+
+// get all vulns
+$vuln = array();
+$files = glob($filter->getParam("path")."*.json");
+foreach($files as $finding){
+ $vuln[]['orig'] = str_replace(".json", "", str_replace($filter->getParam("path"), "", $finding));
+}
+
+echo "Vulns: ".sizeof($vuln)."\n";
+
+// check for existing
+foreach($vuln as $key => $finding){
+ foreach($vdbVulns as $issue){
+ $title = substr($issue, strrpos($issue, '/') + 1);
+ if($finding['orig'].".json" == $title){
+ $vuln[$key]['new'] = $issue;
+ //echo $finding['orig']." -> ".$issue."\n"; // DEBUG
+ }
+ }
+}
+
+// check for pattern match in floss.csv
+foreach($csv as $finding){
+ foreach($vuln as $key => $issue){
+ if(fnmatch($finding[0], $issue['orig'])){
+ $vuln[$key]['new'] = $finding[1];
+ //echo $issue['orig']." -> ".$finding[1]."\n"; // DEBUG
+ }
+ }
+}
+
+//print_r($vuln); // DEBUG
+
+$flossFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/flossed";
+if(!file_exists($flossFolder."/")){
+ mkdir($flossFolder."/");
+ echo "[+] created directory $flossFolder/\n";
+}
+$checkFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/to_check";
+if(!file_exists($checkFolder."/")){
+ mkdir($checkFolder."/");
+ echo "[+] created directory $checkFolder/\n";
+}
+
+$flossed = 0;
+$flossArr = array();
+$fp = fopen($filter->getParam("path")."flossed/".date("d-m-Y_H-i-s").".log", "wb");
+foreach($vuln as $key => $finding){
+ if(isset($finding['new'])){
+
+ $content = $finding['orig']." -> ".$finding['new']."\n"; // log changes
+ fwrite($fp,$content);
+
+ rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."flossed/".$finding['orig'].".json");
+ if($finding['new'] != "-del-"){
+ $title = substr($finding['new'], strrpos($finding['new'], '/') + 1);
+ copy($vulnDB.$finding['new'], $filter->getParam("path").$title);
+ $flossArr[] = $finding['new'];
+ }
+ $flossed++;
+ }else{
+ rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."to_check/".$finding['orig'].".json");
+ }
+}
+fclose($fp);
+
+$flossedInto = sizeof(array_unique($flossArr));
+$left = sizeof($vuln)-$flossed;
+echo "Flossed: ".$flossed." -> ".$flossedInto."\n";
+echo "To Check: ".$left."\n";
+echo "________________________________________________
+| |
+|Please (on VDB) either add a rule to floss.csv |
+|or create a new vulnerability for each .json |
+|in /to_check to help the team and make |
+|reporting easier for everyone! |
+|_______________________________________________|\n";
+
+
+function getDirContents($path) {
+ $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));
+
+ $files = array();
+ foreach ($rii as $file)
+ if (!$file->isDir())
+ $files[] = $file->getPathname();
+
+ return $files;
+}
diff --git a/ReportToolz/config.php b/ReportToolz/config.php
new file mode 100644
index 0000000..bdd99a0
--- /dev/null
+++ b/ReportToolz/config.php
@@ -0,0 +1,11 @@
+<?php
+// path to vdb
+$vulnDB = "/opt/RossMarks/vdb/";
+// path to scripts repgen, vdp, floss etc..
+$vdbPath = "/opt/RossMarks/DirtyScripts/ReportToolz/";
+
+// repgen templates
+$template = "templates/odt/blank_template_v1.1.odt";
+//$CHECKtemplate = "templates/odt/blank_template_check_v0.4.odt";
+$vulnTemplate = "templates/odt/vuln_template_v0.2.xml";
+?>
\ No newline at end of file
diff --git a/ReportToolz/floss.php b/ReportToolz/floss.php
new file mode 100755
index 0000000..439bdb7
--- /dev/null
+++ b/ReportToolz/floss.php
@@ -0,0 +1,138 @@
+#!/usr/bin/php
+<?php
+//error_reporting(0);
+include('config.php');
+
+/***
+ * Main program - Don't edit below
+ */
+echo "·▄▄▄▄▄▌ .▄▄ · .▄▄ · \n▐▄▄·██• ▪ ▐█ ▀. ▐█ ▀. \n██▪ ██▪ ▄█▀▄ ▄▀▀▀█▄▄▀▀▀█▄\n██▌.▐█▌▐▌▐█▌.▐▌▐█▄▪▐█▐█▄▪▐█\n▀▀▀ .▀▀▀ ▀█▄▀▪ ▀▀▀▀ ▀▀▀▀ \n";
+
+foreach (glob("classes/*.php") as $filename)
+ include $filename;
+
+$definitions = new \Clapp\CommandLineArgumentDefinition(
+ array(
+ "help|h" => "Shows help message",
+ "path|p=s" => "/path/to/jsons/"
+ )
+);
+
+$filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
+
+if ($filter->getParam('h') === true || $argc < 2) {
+ echo "The JSON prettyfier\n\n";
+ fwrite(STDERR, $definitions->getUsage());
+ exit(0);
+}
+
+if(!file_exists($vulnDB."/floss.csv"))
+ die("[!] floss.csv not found, is config.php correct?\n");
+
+// create the CSV array
+$csv = array();
+$file = fopen($vulnDB."/floss.csv", 'r');
+while (($result = fgetcsv($file)) !== false){
+ $csv[] = $result;
+}
+fclose($file);
+
+// see if doc exists
+if ($filter->getParam("path") == false)
+ die("[-] no path set\n");
+
+// load vdb vulns
+$vdbVulns = getDirContents($vulnDB);
+foreach($vdbVulns as $h => $i){ // remove begining of vdb path (keeps clean)
+ $vdbVulns[$h] = str_replace($vulnDB, "", $i);
+}
+echo "VDB: ".sizeof($vdbVulns).", ";
+
+// get all vulns
+$vuln = array();
+$files = glob($filter->getParam("path")."*.json");
+foreach($files as $finding){
+ $vuln[]['orig'] = str_replace(".json", "", str_replace($filter->getParam("path"), "", $finding));
+}
+
+echo "Vulns: ".sizeof($vuln)."\n";
+
+// check for existing
+foreach($vuln as $key => $finding){
+ foreach($vdbVulns as $issue){
+ $title = substr($issue, strrpos($issue, '/') + 1);
+ if($finding['orig'].".json" == $title){
+ $vuln[$key]['new'] = $issue;
+ //echo $finding['orig']." -> ".$issue."\n"; // DEBUG
+ }
+ }
+}
+
+// check for pattern match in floss.csv
+foreach($csv as $finding){
+ foreach($vuln as $key => $issue){
+ if(fnmatch($finding[0], $issue['orig'])){
+ $vuln[$key]['new'] = $finding[1];
+ //echo $issue['orig']." -> ".$finding[1]."\n"; // DEBUG
+ }
+ }
+}
+
+//print_r($vuln); // DEBUG
+
+$flossFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/flossed";
+if(!file_exists($flossFolder."/")){
+ mkdir($flossFolder."/");
+ echo "[+] created directory $flossFolder/\n";
+}
+$checkFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/to_check";
+if(!file_exists($checkFolder."/")){
+ mkdir($checkFolder."/");
+ echo "[+] created directory $checkFolder/\n";
+}
+
+$flossed = 0;
+$flossArr = array();
+$fp = fopen($filter->getParam("path")."flossed/".date("d-m-Y_H-i-s").".log", "wb");
+foreach($vuln as $key => $finding){
+ if(isset($finding['new'])){
+
+ $content = $finding['orig']." -> ".$finding['new']."\n"; // log changes
+ fwrite($fp,$content);
+
+ rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."flossed/".$finding['orig'].".json");
+ if($finding['new'] != "-del-"){
+ $title = substr($finding['new'], strrpos($finding['new'], '/') + 1);
+ copy($vulnDB.$finding['new'], $filter->getParam("path").$title);
+ $flossArr[] = $finding['new'];
+ }
+ $flossed++;
+ }else{
+ rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."to_check/".$finding['orig'].".json");
+ }
+}
+fclose($fp);
+
+$flossedInto = sizeof(array_unique($flossArr));
+$left = sizeof($vuln)-$flossed;
+echo "Flossed: ".$flossed." -> ".$flossedInto."\n";
+echo "To Check: ".$left."\n";
+echo "________________________________________________
+| |
+|Please (on VDB) either add a rule to floss.csv |
+|or create a new vulnerability for each .json |
+|in /to_check to help the team and make |
+|reporting easier for everyone! |
+|_______________________________________________|\n";
+
+
+function getDirContents($path) {
+ $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));
+
+ $files = array();
+ foreach ($rii as $file)
+ if (!$file->isDir())
+ $files[] = $file->getPathname();
+
+ return $files;
+}
diff --git a/ReportToolz/pt2json.php b/ReportToolz/pt2json.php
index bd8d5e7..8954e6f 100755
--- a/ReportToolz/pt2json.php
+++ b/ReportToolz/pt2json.php
@@ -40,7 +40,7 @@
$json = json_encode($ob);
$configData = json_decode($json, true);
-//$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
+$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
if( isset($configData['report_sections']['section'][0]['subsection'][0]['@attributes']['title'])){
// multiple headings
diff --git a/ReportToolz/config.php b/ReportToolz/config.php
new file mode 100644
index 0000000..bdd99a0
--- /dev/null
+++ b/ReportToolz/config.php
@@ -0,0 +1,11 @@
+<?php
+// path to vdb
+$vulnDB = "/opt/RossMarks/vdb/";
+// path to scripts repgen, vdp, floss etc..
+$vdbPath = "/opt/RossMarks/DirtyScripts/ReportToolz/";
+
+// repgen templates
+$template = "templates/odt/blank_template_v1.1.odt";
+//$CHECKtemplate = "templates/odt/blank_template_check_v0.4.odt";
+$vulnTemplate = "templates/odt/vuln_template_v0.2.xml";
+?>
\ No newline at end of file
diff --git a/ReportToolz/floss.php b/ReportToolz/floss.php
new file mode 100755
index 0000000..439bdb7
--- /dev/null
+++ b/ReportToolz/floss.php
@@ -0,0 +1,138 @@
+#!/usr/bin/php
+<?php
+//error_reporting(0);
+include('config.php');
+
+/***
+ * Main program - Don't edit below
+ */
+echo "·▄▄▄▄▄▌ .▄▄ · .▄▄ · \n▐▄▄·██• ▪ ▐█ ▀. ▐█ ▀. \n██▪ ██▪ ▄█▀▄ ▄▀▀▀█▄▄▀▀▀█▄\n██▌.▐█▌▐▌▐█▌.▐▌▐█▄▪▐█▐█▄▪▐█\n▀▀▀ .▀▀▀ ▀█▄▀▪ ▀▀▀▀ ▀▀▀▀ \n";
+
+foreach (glob("classes/*.php") as $filename)
+ include $filename;
+
+$definitions = new \Clapp\CommandLineArgumentDefinition(
+ array(
+ "help|h" => "Shows help message",
+ "path|p=s" => "/path/to/jsons/"
+ )
+);
+
+$filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
+
+if ($filter->getParam('h') === true || $argc < 2) {
+ echo "The JSON prettyfier\n\n";
+ fwrite(STDERR, $definitions->getUsage());
+ exit(0);
+}
+
+if(!file_exists($vulnDB."/floss.csv"))
+ die("[!] floss.csv not found, is config.php correct?\n");
+
+// create the CSV array
+$csv = array();
+$file = fopen($vulnDB."/floss.csv", 'r');
+while (($result = fgetcsv($file)) !== false){
+ $csv[] = $result;
+}
+fclose($file);
+
+// see if doc exists
+if ($filter->getParam("path") == false)
+ die("[-] no path set\n");
+
+// load vdb vulns
+$vdbVulns = getDirContents($vulnDB);
+foreach($vdbVulns as $h => $i){ // remove begining of vdb path (keeps clean)
+ $vdbVulns[$h] = str_replace($vulnDB, "", $i);
+}
+echo "VDB: ".sizeof($vdbVulns).", ";
+
+// get all vulns
+$vuln = array();
+$files = glob($filter->getParam("path")."*.json");
+foreach($files as $finding){
+ $vuln[]['orig'] = str_replace(".json", "", str_replace($filter->getParam("path"), "", $finding));
+}
+
+echo "Vulns: ".sizeof($vuln)."\n";
+
+// check for existing
+foreach($vuln as $key => $finding){
+ foreach($vdbVulns as $issue){
+ $title = substr($issue, strrpos($issue, '/') + 1);
+ if($finding['orig'].".json" == $title){
+ $vuln[$key]['new'] = $issue;
+ //echo $finding['orig']." -> ".$issue."\n"; // DEBUG
+ }
+ }
+}
+
+// check for pattern match in floss.csv
+foreach($csv as $finding){
+ foreach($vuln as $key => $issue){
+ if(fnmatch($finding[0], $issue['orig'])){
+ $vuln[$key]['new'] = $finding[1];
+ //echo $issue['orig']." -> ".$finding[1]."\n"; // DEBUG
+ }
+ }
+}
+
+//print_r($vuln); // DEBUG
+
+$flossFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/flossed";
+if(!file_exists($flossFolder."/")){
+ mkdir($flossFolder."/");
+ echo "[+] created directory $flossFolder/\n";
+}
+$checkFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/to_check";
+if(!file_exists($checkFolder."/")){
+ mkdir($checkFolder."/");
+ echo "[+] created directory $checkFolder/\n";
+}
+
+$flossed = 0;
+$flossArr = array();
+$fp = fopen($filter->getParam("path")."flossed/".date("d-m-Y_H-i-s").".log", "wb");
+foreach($vuln as $key => $finding){
+ if(isset($finding['new'])){
+
+ $content = $finding['orig']." -> ".$finding['new']."\n"; // log changes
+ fwrite($fp,$content);
+
+ rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."flossed/".$finding['orig'].".json");
+ if($finding['new'] != "-del-"){
+ $title = substr($finding['new'], strrpos($finding['new'], '/') + 1);
+ copy($vulnDB.$finding['new'], $filter->getParam("path").$title);
+ $flossArr[] = $finding['new'];
+ }
+ $flossed++;
+ }else{
+ rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."to_check/".$finding['orig'].".json");
+ }
+}
+fclose($fp);
+
+$flossedInto = sizeof(array_unique($flossArr));
+$left = sizeof($vuln)-$flossed;
+echo "Flossed: ".$flossed." -> ".$flossedInto."\n";
+echo "To Check: ".$left."\n";
+echo "________________________________________________
+| |
+|Please (on VDB) either add a rule to floss.csv |
+|or create a new vulnerability for each .json |
+|in /to_check to help the team and make |
+|reporting easier for everyone! |
+|_______________________________________________|\n";
+
+
+function getDirContents($path) {
+ $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));
+
+ $files = array();
+ foreach ($rii as $file)
+ if (!$file->isDir())
+ $files[] = $file->getPathname();
+
+ return $files;
+}
diff --git a/ReportToolz/pt2json.php b/ReportToolz/pt2json.php
index bd8d5e7..8954e6f 100755
--- a/ReportToolz/pt2json.php
+++ b/ReportToolz/pt2json.php
@@ -40,7 +40,7 @@
$json = json_encode($ob);
$configData = json_decode($json, true);
-//$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
+$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
if( isset($configData['report_sections']['section'][0]['subsection'][0]['@attributes']['title'])){
// multiple headings
diff --git a/ReportToolz/repgen.php b/ReportToolz/repgen.php
index 6e33ea7..29b2049 100755
--- a/ReportToolz/repgen.php
+++ b/ReportToolz/repgen.php
@@ -1,13 +1,7 @@
#!/usr/bin/php
<?php
//error_reporting(0);
-
-/***
- * Configuration options
- */
-$template = "templates/odt/blank_template_v1.1.odt";
-//$CHECKtemplate = "templates/odt/blank_template_check_v0.4.odt";
-$vulnTemplate = "templates/odt/vuln_template_v0.2.xml";
+include('config.php');
/***
* Main program - Don't edit below
diff --git a/ReportToolz/config.php b/ReportToolz/config.php
new file mode 100644
index 0000000..bdd99a0
--- /dev/null
+++ b/ReportToolz/config.php
@@ -0,0 +1,11 @@
+<?php
+// path to vdb
+$vulnDB = "/opt/RossMarks/vdb/";
+// path to scripts repgen, vdp, floss etc..
+$vdbPath = "/opt/RossMarks/DirtyScripts/ReportToolz/";
+
+// repgen templates
+$template = "templates/odt/blank_template_v1.1.odt";
+//$CHECKtemplate = "templates/odt/blank_template_check_v0.4.odt";
+$vulnTemplate = "templates/odt/vuln_template_v0.2.xml";
+?>
\ No newline at end of file
diff --git a/ReportToolz/floss.php b/ReportToolz/floss.php
new file mode 100755
index 0000000..439bdb7
--- /dev/null
+++ b/ReportToolz/floss.php
@@ -0,0 +1,138 @@
+#!/usr/bin/php
+<?php
+//error_reporting(0);
+include('config.php');
+
+/***
+ * Main program - Don't edit below
+ */
+echo "·▄▄▄▄▄▌ .▄▄ · .▄▄ · \n▐▄▄·██• ▪ ▐█ ▀. ▐█ ▀. \n██▪ ██▪ ▄█▀▄ ▄▀▀▀█▄▄▀▀▀█▄\n██▌.▐█▌▐▌▐█▌.▐▌▐█▄▪▐█▐█▄▪▐█\n▀▀▀ .▀▀▀ ▀█▄▀▪ ▀▀▀▀ ▀▀▀▀ \n";
+
+foreach (glob("classes/*.php") as $filename)
+ include $filename;
+
+$definitions = new \Clapp\CommandLineArgumentDefinition(
+ array(
+ "help|h" => "Shows help message",
+ "path|p=s" => "/path/to/jsons/"
+ )
+);
+
+$filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
+
+if ($filter->getParam('h') === true || $argc < 2) {
+ echo "The JSON prettyfier\n\n";
+ fwrite(STDERR, $definitions->getUsage());
+ exit(0);
+}
+
+if(!file_exists($vulnDB."/floss.csv"))
+ die("[!] floss.csv not found, is config.php correct?\n");
+
+// create the CSV array
+$csv = array();
+$file = fopen($vulnDB."/floss.csv", 'r');
+while (($result = fgetcsv($file)) !== false){
+ $csv[] = $result;
+}
+fclose($file);
+
+// see if doc exists
+if ($filter->getParam("path") == false)
+ die("[-] no path set\n");
+
+// load vdb vulns
+$vdbVulns = getDirContents($vulnDB);
+foreach($vdbVulns as $h => $i){ // remove begining of vdb path (keeps clean)
+ $vdbVulns[$h] = str_replace($vulnDB, "", $i);
+}
+echo "VDB: ".sizeof($vdbVulns).", ";
+
+// get all vulns
+$vuln = array();
+$files = glob($filter->getParam("path")."*.json");
+foreach($files as $finding){
+ $vuln[]['orig'] = str_replace(".json", "", str_replace($filter->getParam("path"), "", $finding));
+}
+
+echo "Vulns: ".sizeof($vuln)."\n";
+
+// check for existing
+foreach($vuln as $key => $finding){
+ foreach($vdbVulns as $issue){
+ $title = substr($issue, strrpos($issue, '/') + 1);
+ if($finding['orig'].".json" == $title){
+ $vuln[$key]['new'] = $issue;
+ //echo $finding['orig']." -> ".$issue."\n"; // DEBUG
+ }
+ }
+}
+
+// check for pattern match in floss.csv
+foreach($csv as $finding){
+ foreach($vuln as $key => $issue){
+ if(fnmatch($finding[0], $issue['orig'])){
+ $vuln[$key]['new'] = $finding[1];
+ //echo $issue['orig']." -> ".$finding[1]."\n"; // DEBUG
+ }
+ }
+}
+
+//print_r($vuln); // DEBUG
+
+$flossFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/flossed";
+if(!file_exists($flossFolder."/")){
+ mkdir($flossFolder."/");
+ echo "[+] created directory $flossFolder/\n";
+}
+$checkFolder = substr($filter->getParam("path"), 0, strrpos( $filter->getParam("path"), '/') )."/to_check";
+if(!file_exists($checkFolder."/")){
+ mkdir($checkFolder."/");
+ echo "[+] created directory $checkFolder/\n";
+}
+
+$flossed = 0;
+$flossArr = array();
+$fp = fopen($filter->getParam("path")."flossed/".date("d-m-Y_H-i-s").".log", "wb");
+foreach($vuln as $key => $finding){
+ if(isset($finding['new'])){
+
+ $content = $finding['orig']." -> ".$finding['new']."\n"; // log changes
+ fwrite($fp,$content);
+
+ rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."flossed/".$finding['orig'].".json");
+ if($finding['new'] != "-del-"){
+ $title = substr($finding['new'], strrpos($finding['new'], '/') + 1);
+ copy($vulnDB.$finding['new'], $filter->getParam("path").$title);
+ $flossArr[] = $finding['new'];
+ }
+ $flossed++;
+ }else{
+ rename($filter->getParam("path").$finding['orig'].".json",$filter->getParam("path")."to_check/".$finding['orig'].".json");
+ }
+}
+fclose($fp);
+
+$flossedInto = sizeof(array_unique($flossArr));
+$left = sizeof($vuln)-$flossed;
+echo "Flossed: ".$flossed." -> ".$flossedInto."\n";
+echo "To Check: ".$left."\n";
+echo "________________________________________________
+| |
+|Please (on VDB) either add a rule to floss.csv |
+|or create a new vulnerability for each .json |
+|in /to_check to help the team and make |
+|reporting easier for everyone! |
+|_______________________________________________|\n";
+
+
+function getDirContents($path) {
+ $rii = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path));
+
+ $files = array();
+ foreach ($rii as $file)
+ if (!$file->isDir())
+ $files[] = $file->getPathname();
+
+ return $files;
+}
diff --git a/ReportToolz/pt2json.php b/ReportToolz/pt2json.php
index bd8d5e7..8954e6f 100755
--- a/ReportToolz/pt2json.php
+++ b/ReportToolz/pt2json.php
@@ -40,7 +40,7 @@
$json = json_encode($ob);
$configData = json_decode($json, true);
-//$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
+$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
if( isset($configData['report_sections']['section'][0]['subsection'][0]['@attributes']['title'])){
// multiple headings
diff --git a/ReportToolz/repgen.php b/ReportToolz/repgen.php
index 6e33ea7..29b2049 100755
--- a/ReportToolz/repgen.php
+++ b/ReportToolz/repgen.php
@@ -1,13 +1,7 @@
#!/usr/bin/php
<?php
//error_reporting(0);
-
-/***
- * Configuration options
- */
-$template = "templates/odt/blank_template_v1.1.odt";
-//$CHECKtemplate = "templates/odt/blank_template_check_v0.4.odt";
-$vulnTemplate = "templates/odt/vuln_template_v0.2.xml";
+include('config.php');
/***
* Main program - Don't edit below
diff --git a/ReportToolz/vdb.php b/ReportToolz/vdb.php
index fb5a3ca..a913547 100755
--- a/ReportToolz/vdb.php
+++ b/ReportToolz/vdb.php
@@ -1,12 +1,7 @@
#!/usr/bin/php
<?php
//error_reporting(0);
-
-/***
- * Configuration options
- */
-$vulnDB = "/opt/RossMarks/vdb/";
-$vdbPath = "/opt/RossMarks/DirtyScripts/ReportToolz/";
+include('config.php');
/***
* Main program - Don't edit below