Skip to content

Commit

Permalink
Fixed Qualys bug
Browse files Browse the repository at this point in the history
  • Loading branch information
drakylar committed Jan 4, 2022
1 parent 6814707 commit 0e7a1bd
Showing 1 changed file with 56 additions and 54 deletions.
110 changes: 56 additions & 54 deletions routes/ui/tools.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2721,67 +2721,69 @@ def beautify_output(xml_str):
if form.add_empty_host and not host_id:
host_id = db.insert_host(current_project['id'], ip, current_user['id'], form.hosts_description.data)
ports_list = host.find('services')
for port_obj in ports_list.findAll('cat'):
if 'port' in port_obj.attrs and 'protocol' in port_obj.attrs:
if ports_list:
for port_obj in ports_list.findAll('cat'):
if 'port' in port_obj.attrs and 'protocol' in port_obj.attrs:
if not host_id:
host_id = db.insert_host(current_project['id'], ip, current_user['id'], form.hosts_description.data)

port = int(port_obj.attrs['port'])
is_tcp = int(port_obj.attrs['protocol'] == 'tcp')
service = port_obj.attrs['value']

port_id = db.select_host_port(host_id, port, is_tcp)
if port_id:
port_id = port_id[0]['id']
db.update_port_service(port_id, service)
else:
port_id = db.insert_host_port(host_id, port, is_tcp, service, form.ports_description.data,
current_user['id'], current_project['id'])

issues_list = host.find('vulns')
if issues_list:
for issue_obj in issues_list.findAll('cat'):
if not host_id:
host_id = db.insert_host(current_project['id'], ip, current_user['id'], form.hosts_description.data)
port_num = 0
is_tcp = 1
if 'port' in issue_obj.attrs and 'protocol' in issue_obj.attrs:
port_num = int(issue_obj.attrs['port'])
is_tcp = int(issue_obj.attrs['protocol'] == 'tcp')

port = int(port_obj.attrs['port'])
is_tcp = int(port_obj.attrs['protocol'] == 'tcp')
service = port_obj.attrs['value']

port_id = db.select_host_port(host_id, port, is_tcp)
if port_id:
port_id = port_id[0]['id']
db.update_port_service(port_id, service)
else:
port_id = db.insert_host_port(host_id, port, is_tcp, service, form.ports_description.data,
port_id = db.select_host_port(host_id, port_num, is_tcp)
if not port_id:
port_id = db.insert_host_port(host_id, port_num, is_tcp, 'unknown', form.ports_description.data,
current_user['id'], current_project['id'])
else:
port_id = port_id[0]['id']
cvss = 0
cvss_tmp1 = issue_obj.find('cvss3_base')
cvss_tmp2 = issue_obj.find('cvss3_temporal')
cvss_tmp3 = issue_obj.find('cvss_temporal')
if cvss_tmp1 and cvss_tmp1.text != '-':
cvss = float(cvss_tmp1.text)
elif cvss_tmp2 and cvss_tmp2.text != '-':
cvss = float(cvss_tmp2.text)
elif cvss_tmp3 and cvss_tmp3.text != '-':
cvss = float(cvss_tmp3.text)

issues_list = host.find('vulns')
for issue_obj in issues_list.findAll('cat'):
if not host_id:
host_id = db.insert_host(current_project['id'], ip, current_user['id'], form.hosts_description.data)
port_num = 0
is_tcp = 1
if 'port' in issue_obj.attrs and 'protocol' in issue_obj.attrs:
port_num = int(issue_obj.attrs['port'])
is_tcp = int(issue_obj.attrs['protocol'] == 'tcp')
issue_name = issue_obj.find('title').text
issue_diagnostic = issue_obj.find('diagnosis').text
issue_description = issue_obj.find('consequence').text
issue_solution = beautify_output(issue_obj.find('solution').text)

port_id = db.select_host_port(host_id, port_num, is_tcp)
if not port_id:
port_id = db.insert_host_port(host_id, port_num, is_tcp, 'unknown', form.ports_description.data,
current_user['id'], current_project['id'])
else:
port_id = port_id[0]['id']
cvss = 0
cvss_tmp1 = issue_obj.find('cvss3_base')
cvss_tmp2 = issue_obj.find('cvss3_temporal')
cvss_tmp3 = issue_obj.find('cvss_temporal')
if cvss_tmp1 and cvss_tmp1.text != '-':
cvss = float(cvss_tmp1.text)
elif cvss_tmp2 and cvss_tmp2.text != '-':
cvss = float(cvss_tmp2.text)
elif cvss_tmp3 and cvss_tmp3.text != '-':
cvss = float(cvss_tmp3.text)

issue_name = issue_obj.find('title').text
issue_diagnostic = issue_obj.find('diagnosis').text
issue_description = issue_obj.find('consequence').text
issue_solution = beautify_output(issue_obj.find('solution').text)

# TODO: add PoC
issue_output = issue_obj.find('result')
try:
issue_output = issue_obj.find('result').text
except AttributeError:
issue_output = ''
# TODO: add PoC
issue_output = issue_obj.find('result')
try:
issue_output = issue_obj.find('result').text
except AttributeError:
issue_output = ''

issue_full_description = 'Diagnosis: \n{} \n\nConsequence: \n{}'.format(issue_diagnostic, issue_description)
issue_full_description = beautify_output(issue_full_description)
services = {port_id: ['0']}
issue_id = db.insert_new_issue_no_dublicate(issue_name, issue_full_description, '', cvss, current_user['id'], services, 'need to recheck',
current_project['id'], '', 0, 'custom', issue_solution, '')
issue_full_description = 'Diagnosis: \n{} \n\nConsequence: \n{}'.format(issue_diagnostic, issue_description)
issue_full_description = beautify_output(issue_full_description)
services = {port_id: ['0']}
issue_id = db.insert_new_issue_no_dublicate(issue_name, issue_full_description, '', cvss, current_user['id'], services, 'need to recheck',
current_project['id'], '', 0, 'custom', issue_solution, '')

issues_list = host.find('practices')
if issues_list:
Expand Down

0 comments on commit 0e7a1bd

Please sign in to comment.