Skip to content

Commit 314d417

Browse files
author
Diego Nadares
committed
Merge branch 'tkt_372_security_score_board' into 'dev'
Create new plugin security score card Closes #372 See merge request faradaysec/faraday-plugins!280
2 parents e5d4083 + 26fa505 commit 314d417

4 files changed

Lines changed: 92 additions & 1 deletion

File tree

CHANGELOG/current/372.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
[ADD] Security Score Card Support CSV Plugin. #372

faraday_plugins/plugins/repo/securityscorecard_csv/__init__.py

Whitespace-only changes.
Lines changed: 89 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
"""
2+
Faraday Penetration Test IDE
3+
Copyright (C) 2013 Infobyte LLC (http://www.infobytesec.com/)
4+
See the file 'doc/LICENSE' for the license information
5+
"""
6+
7+
import sys
8+
import io
9+
from faraday_plugins.plugins.plugin import PluginCSVFormat
10+
import csv
11+
12+
13+
__author__ = "Erodriguez"
14+
__copyright__ = "Copyright (c) 2019, Infobyte LLC"
15+
__credits__ = ["Erodriguez"]
16+
__license__ = ""
17+
__version__ = "1.0.0"
18+
__maintainer__ = "Erodriguez"
19+
__email__ = "erodriguez@faradaysec.com"
20+
__status__ = "Development"
21+
22+
23+
class SecScoreCard(PluginCSVFormat):
24+
"""
25+
Example plugin to parse SecScoreBoard_CSV output.
26+
"""
27+
28+
def __init__(self, *arg, **kwargs):
29+
super().__init__(*arg, **kwargs)
30+
self.csv_headers = [{"LABEL"}, {"PROVIDER"}]
31+
self.id = "SecScoreCard_CSV"
32+
self.name = "SecScoreCard_CSV Output Plugin"
33+
self.plugin_version = "0.0.1"
34+
self.version = "0.0.1"
35+
self.framework_version = "1.0.1"
36+
37+
def parseOutputString(self, output):
38+
try:
39+
csv.field_size_limit(sys.maxsize)
40+
print(str(output))
41+
csv_file = io.StringIO(output)
42+
reader = csv.DictReader(csv_file, delimiter=",")
43+
for row in reader:
44+
path = row.get("FINAL URL", "")
45+
if not path:
46+
path = row.get("IP ADDRESS", "")
47+
if not path:
48+
path = row.get("HOSTNAME", "")
49+
if not path:
50+
continue
51+
52+
# Skip if HOSTNAME is empty or not a valid IP
53+
hostname = row.get("HOSTNAME", "")
54+
55+
name = row.get("ISSUE TYPE TITLE", "")
56+
57+
# Handle references
58+
references = []
59+
cve = row.get("CVE", "")
60+
if cve:
61+
references.append(cve)
62+
63+
# Handle description
64+
desc = row.get("DESCRIPTION", "")
65+
66+
# Create host and vulnerability
67+
h_id = self.createAndAddHost(
68+
name=path,
69+
hostnames=hostname,
70+
)
71+
self.createAndAddVulnToHost(
72+
host_id=h_id,
73+
name=name,
74+
desc=desc,
75+
resolution=str(row.get("ISSUE RECOMMENDATION", "")),
76+
external_id=str(row.get("ISSUE ID", "")),
77+
cve=str(cve),
78+
severity=str(row.get("ISSUE TYPE SEVERITY", "")),
79+
ref=references,
80+
data=str(row.get("DATA", "")),
81+
)
82+
83+
except Exception as e:
84+
print(f"Error parsing output: {str(e)}")
85+
return None
86+
87+
88+
def createPlugin(*args, **kargs):
89+
return SecScoreCard(*args, **kargs)

setup.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,8 @@
2020
'tabulate',
2121
'packaging',
2222
'markdown',
23-
'tldextract'
23+
'tldextract',
24+
'pandas'
2425
]
2526

2627

0 commit comments

Comments
 (0)