Skip to content

Commit

Permalink
Fix Severity name
Browse files Browse the repository at this point in the history
  • Loading branch information
RedRaysTeam committed Aug 28, 2024
1 parent 1bf7461 commit 85594b3
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 30 deletions.
2 changes: 1 addition & 1 deletion .flake8
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ max-line-length = 120
# E127: Continuation line over-indented for visual indent
# W503: Line break occurred before a binary operator
# E266: Too many leading '#' for block comment
ignore = E501, W291, E128, E126, E127, W503, E266, W605, C901, E303
ignore = E501, W291, E128, E126, E127, W503, E266, W605, C901, E303, E302, E305

# Exclude some directories from checking
exclude =
Expand Down
2 changes: 1 addition & 1 deletion checks/CheckHardcodedIpAddresses.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ class CheckResult:

class CheckHardcodedIpAddresses:
title = "Using hardcoded IP addresses is security-sensitive"
severity = "Minor"
severity = "Low"
vulnerability_type = "Information Disclosure"

def __init__(self):
Expand Down
48 changes: 21 additions & 27 deletions generate_xlsx_report.py
Original file line number Diff line number Diff line change
@@ -1,20 +1,23 @@
from dataclasses import dataclass
from typing import List
# generate_xlsx_report.py

import openpyxl
from openpyxl import Workbook
from openpyxl.styles import Font, PatternFill, Alignment
from openpyxl.utils import get_column_letter
from typing import List, NamedTuple
import re


@dataclass
class ScanResult:
class ScanResult(NamedTuple):
file_path: str
line_number: int
title: str
message: str
severity: str


def sanitize_for_excel(text):
illegal_characters_pattern = re.compile(r'[\000-\010]|[\013-\014]|[\016-\037]')
return illegal_characters_pattern.sub('', str(text))

def severity_key(result: ScanResult):
severity_order = {
"Critical": 1,
Expand All @@ -25,14 +28,10 @@ def severity_key(result: ScanResult):
}
return severity_order.get(result.severity, 6)


def generate_xlsx_report(results: List[ScanResult], output_file: str):
# Sort results by severity
results.sort(key=severity_key)

wb = openpyxl.Workbook()
wb = Workbook()
ws = wb.active
ws.title = "Scan Results"
ws.title = "Security Scan Results"

# Define styles
header_font = Font(bold=True, color="FFFFFF")
Expand All @@ -58,11 +57,11 @@ def generate_xlsx_report(results: List[ScanResult], output_file: str):

# Write data
for row, result in enumerate(results, start=2):
ws.cell(row=row, column=1, value=result.severity).alignment = wrapped_alignment
ws.cell(row=row, column=1, value=sanitize_for_excel(result.severity)).alignment = wrapped_alignment
ws.cell(row=row, column=2, value=result.title).alignment = wrapped_alignment
ws.cell(row=row, column=3, value=result.file_path).alignment = wrapped_alignment
ws.cell(row=row, column=4, value=result.line_number).alignment = wrapped_alignment
ws.cell(row=row, column=5, value=result.message).alignment = wrapped_alignment
ws.cell(row=row, column=3, value=sanitize_for_excel(result.file_path)).alignment = wrapped_alignment
ws.cell(row=row, column=4, value=sanitize_for_excel(result.line_number)).alignment = wrapped_alignment
ws.cell(row=row, column=5, value=sanitize_for_excel(result.message)).alignment = wrapped_alignment

# Apply color to severity cell
severity_cell = ws.cell(row=row, column=1)
Expand Down Expand Up @@ -93,17 +92,12 @@ def generate_xlsx_report(results: List[ScanResult], output_file: str):
# Save the workbook
wb.save(output_file)


# Example usage
if __name__ == "__main__":
# Sample data
# Example usage
sample_results = [
ScanResult("file1.abap", 10, "CheckCrossSiteScripting", "Potential XSS vulnerability", "High"),
ScanResult("file2.abap", 25, "CheckHardcodedCredentials", "Hardcoded password detected", "Critical"),
ScanResult("file1.abap", 50, "CheckOSCommandInjection", "Potential OS command injection", "High"),
ScanResult("file3.abap", 100, "CheckWeakCrypto", "Use of weak cryptographic algorithm", "Medium"),
ScanResult("file4.abap", 75, "CheckInfoDisclosure", "Potential information disclosure", "Low"),
ScanResult("file1.abap", 10, "Potential XSS", "Unsanitized input", "High"),
ScanResult("file2.abap", 25, "SQL Injection", "Dynamic SQL query", "Critical"),
# Add more sample results as needed
]

generate_xlsx_report(sample_results, "security_scan_report.xlsx")
print("XLSX report generated successfully.")
generate_xlsx_report(sample_results, "sample_security_scan_report.xlsx")
print("Sample report generated: sample_security_scan_report.xlsx")
9 changes: 8 additions & 1 deletion scanner.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ def _load_checks(self):
checks.append(check_class())
return checks

def scan(self, path: str) -> List[ScanResult]:
def scan(self, path: str, limit: int = 40000) -> List[ScanResult]:
results = []
files_to_scan = []

Expand All @@ -39,6 +39,13 @@ def scan(self, path: str) -> List[ScanResult]:
for file in files:
if any(file.endswith(ext) for ext in self.config.get_file_extensions()):
files_to_scan.append(os.path.join(root, file))
if len(files_to_scan) >= limit:
break
if len(files_to_scan) >= limit:
break

# Limit the number of files to scan
files_to_scan = files_to_scan[:limit]

# Scan files with progress bar
for file_path in tqdm(files_to_scan, desc="Scanning files", unit="file"):
Expand Down

0 comments on commit 85594b3

Please sign in to comment.