From c0f1f5f8c7baa9bfd25ba5bab3f12fbfe3426526 Mon Sep 17 00:00:00 2001 From: Vahagn Date: Wed, 28 Aug 2024 14:44:11 +0400 Subject: [PATCH] Fix some issues and add limits for scanning --- generate_xlsx_report.py | 37 ++++++++++++++----------------------- scanner.py | 11 +++++++++-- 2 files changed, 23 insertions(+), 25 deletions(-) diff --git a/generate_xlsx_report.py b/generate_xlsx_report.py index 21cce4b..7bd18bc 100644 --- a/generate_xlsx_report.py +++ b/generate_xlsx_report.py @@ -1,13 +1,12 @@ -from dataclasses import dataclass -from typing import List +# generate_xlsx_report.py -import openpyxl -from openpyxl.styles import Font, PatternFill, Alignment +from openpyxl import Workbook +from openpyxl.styles import Font, PatternFill, Alignment, Border, Side from openpyxl.utils import get_column_letter +from typing import List, NamedTuple +import re - -@dataclass -class ScanResult: +class ScanResult(NamedTuple): file_path: str line_number: int title: str @@ -27,12 +26,9 @@ def severity_key(result: ScanResult): def generate_xlsx_report(results: List[ScanResult], output_file: str): - # Sort results by severity - results.sort(key=severity_key) - - wb = openpyxl.Workbook() + wb = Workbook() ws = wb.active - ws.title = "Scan Results" + ws.title = "Security Scan Results" # Define styles header_font = Font(bold=True, color="FFFFFF") @@ -93,17 +89,12 @@ def generate_xlsx_report(results: List[ScanResult], output_file: str): # Save the workbook wb.save(output_file) - -# Example usage if __name__ == "__main__": - # Sample data + # Example usage sample_results = [ - ScanResult("file1.abap", 10, "CheckCrossSiteScripting", "Potential XSS vulnerability", "High"), - ScanResult("file2.abap", 25, "CheckHardcodedCredentials", "Hardcoded password detected", "Critical"), - ScanResult("file1.abap", 50, "CheckOSCommandInjection", "Potential OS command injection", "High"), - ScanResult("file3.abap", 100, "CheckWeakCrypto", "Use of weak cryptographic algorithm", "Medium"), - ScanResult("file4.abap", 75, "CheckInfoDisclosure", "Potential information disclosure", "Low"), + ScanResult("file1.abap", 10, "Potential XSS", "Unsanitized input", "High"), + ScanResult("file2.abap", 25, "SQL Injection", "Dynamic SQL query", "Critical"), + # Add more sample results as needed ] - - generate_xlsx_report(sample_results, "security_scan_report.xlsx") - print("XLSX report generated successfully.") + generate_xlsx_report(sample_results, "sample_security_scan_report.xlsx") + print("Sample report generated: sample_security_scan_report.xlsx") \ No newline at end of file diff --git a/scanner.py b/scanner.py index 734a858..7a0430a 100644 --- a/scanner.py +++ b/scanner.py @@ -27,7 +27,7 @@ def _load_checks(self): checks.append(check_class()) return checks - def scan(self, path: str) -> List[ScanResult]: + def scan(self, path: str, limit: int = 40000) -> List[ScanResult]: results = [] files_to_scan = [] @@ -39,6 +39,13 @@ def scan(self, path: str) -> List[ScanResult]: for file in files: if any(file.endswith(ext) for ext in self.config.get_file_extensions()): files_to_scan.append(os.path.join(root, file)) + if len(files_to_scan) >= limit: + break + if len(files_to_scan) >= limit: + break + + # Limit the number of files to scan + files_to_scan = files_to_scan[:limit] # Scan files with progress bar for file_path in tqdm(files_to_scan, desc="Scanning files", unit="file"): @@ -60,4 +67,4 @@ def _scan_file(self, file_path: str) -> List[ScanResult]: message=result.line_content, severity=check.severity )) - return results + return results \ No newline at end of file