DeforaNetworks/pentext
DeforaNetworks/pentext
3
0
Fork 0
Code Releases Activity

Merge branch 'master' of https://github.com/radicallyopensecurity/pentext

Browse Source
This commit is contained in:
skyanth 2020-04-06 10:47:28 +02:00
commit d876ec38f0
4 changed files with 136 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
chatops/bash/handler_build
View File

@ -16,7 +16,7 @@
# (at your option) any later version.
VERSION=0.11
VERSION=0.12
DOCBUILDER=/usr/local/bin/docbuilder.py
TEMPLOC=$(mktemp -d)
@ -33,24 +33,25 @@ BRANCH=master
# Set the default PDF name based on the target name
TARGETPDF="target/$TARGET-latest.pdf"
# Read optional arguments
# Reading positional parms is a bit ugly, shifting parms or getopt would be nicer
if [[ ! -z $3 ]]; then
if [[ ! $3 == -* ]]; then
NAMESPACE=$3
else
PARMS=$3
PARAMS=$3
fi
fi
if [[ ! -z $4 ]]; then
if [[ ! $3 == -* ]]; then
BRANCH=$4
else
PARMS="$PARMS $4"
PARAMS="$PARAMS $4"
fi
fi
if [[ $# -ge 5 ]]; then
shift 4
PARMS="$PARMS $@"
PARAMS="$PARAMS $@"
fi
trap cleanup EXIT QUIT
@ -100,14 +101,17 @@ build() {
fi
pushd source &>/dev/null
backwards_compatible
TARGETFO="target/${TARGET}.fo"
if ([[ $TARGET == "quote" ]] || [[ $TARGET == "offerte" ]]); then
TARGETPDF="target/quote_${REPO/off-/}.pdf"
elif [[ $TARGET == "report" ]]; then
TARGETPDF="target/report_${REPO/pen-/}.pdf"
TARGETHTML="target/report_${REPO/pen-/}.html"
TARGETMD="target/report_${REPO/pen-/}.md"
fi
$DOCBUILDER -c -i $TARGET.xml -o ../$TARGETPDF -x ../xslt/generate_$TARGET.xsl $PARMS
$DOCBUILDER -c -i $TARGET.xml -f ../$TARGETFO -o ../$TARGETPDF -x ../xslt/generate_$TARGET.xsl $PARAMS $NOPRINT
if [[ $? -ne 0 ]]; then
echo "[-] Sorry, failed to parse $TARGET. Use \`builder $TARGET $REPO $NAMESPACE $BRANCH -v\` for more information."
echo "[-] Sorry, failed to parse $TARGET. Use \`build $TARGET $REPO $NAMESPACE $BRANCH -v\` for more information."
exit 1
fi
popd &>/dev/null
@ -115,10 +119,23 @@ build() {
echo "[-] hmmm... failed to build PDF file (could not find $TARGETPDF)"
exit 1
fi
if [ $TARGET == "report" ]; then
java -jar /usr/local/bin/saxon/saxon9he.jar -s:source/$TARGET.xml -o:$TARGETHTML -xsl:xslt/generate_html_$TARGET.xsl -xi
if [ ! -f $TARGETHTML ]; then
echo "[-] Note: failed to build HTML file (could not find $TARGETHTML)"
else
pandoc $TARGETHTML -t markdown_strict -o $TARGETMD
if [ ! -f $TARGETMD ]; then
echo "[-] Note: failed to build markdown file (could not find $TARGETMD)"
fi
fi
fi
}
add_to_repo() {
git add $TARGETPDF
git add $TARGETHTML &>/dev/null
git add $TARGETMD &>/dev/null
git add target/waiver_?*.pdf &>/dev/null
git add target/execsummary.pdf &>/dev/null
git commit -q -m "$TARGETPDF proudly manufactured using ChatOps" &>/dev/null
@ -130,5 +147,14 @@ echo "builder v$VERSION - Rocking your world, one build at a time..."
clone_repo
build
add_to_repo
echo "[+] listo! Check out $GITWEB/$NAMESPACE/$REPO/raw/$BRANCH/$TARGETPDF"
echo " [+] Get PDF: $GITWEB/$NAMESPACE/$REPO/raw/$BRANCH/$TARGETPDF"
if [[ -f target/execsummary.pdf ]]; then
echo " [+] Get exec summary PDF: $GITWEB/$NAMESPACE/$REPO/raw/$BRANCH/target/execsummary.pdf"
fi
if [[ $TARGET == "report" && -f $TARGETHTML ]]; then
echo " [+] Download HTML: $GITWEB/$NAMESPACE/$REPO/raw/$BRANCH/$TARGETHTML"
fi
if [[ $TARGET == "report" && -f $TARGETMD ]]; then
echo " [+] Quick look (rendered MarkDown): $GITWEB/$NAMESPACE/$REPO/blob/$BRANCH/$TARGETMD"
fi
exit 0

51
chatops/python/docbuilder.py
View File

@ -233,43 +233,20 @@ def main():
format(options['output'], exception.strerror), result)
result = to_fo(options)
if result:
if OFFERTE in options['xslt']: # an offerte can generate multiple fo's
report_output = options['output']
verboseprint('generating separate waivers detected')
output_dir = os.path.dirname(options['output'])
fop_dir = os.path.dirname(options['fop'])
try:
for fop in [os.path.splitext(x)[0] for x in
os.listdir(fop_dir) if x.endswith('fo')]:
if WAIVER in fop:
options['output'] = output_dir + os.sep + fop + '.pdf'
else:
options['output'] = report_output
options['fop'] = fop_dir + os.sep + fop + '.fo'
result = to_pdf(options) and result
except OSError as exception:
print_exit('[-] ERR: {0}'.format(exception.strerror),
exception.errno)
if options['execsummary']: # we're generating a summary as well as a report
report_output = options['output']
verboseprint('generating additional executive summary')
output_dir = os.path.dirname(options['output'])
fop_dir = os.path.dirname(options['fop'])
try:
for fop in [os.path.splitext(x)[0] for x in
os.listdir(fop_dir) if x.endswith('fo')]:
if EXECSUMMARY in fop:
options['output'] = output_dir + os.sep + fop + '.pdf'
else:
options['output'] = report_output
options['fop'] = fop_dir + os.sep + fop + '.fo'
result = to_pdf(options) and result
except OSError as exception:
print_exit('[-] ERR: {0}'.format(exception.strerror),
exception.errno)
else:
result = to_pdf(options)
output_dir = os.path.dirname(options['output'])
fop_dir = os.path.dirname(options['fop'])
remaining_fo = [os.path.splitext(x)[0] for x in os.listdir(fop_dir) if x.endswith('fo') and not 'offerte' in x and not 'report' in x]
result = to_pdf(options)
if len(remaining_fo) > 0:
print('[+] Generating additional .fo files...')
try:
for fo in remaining_fo:
options['output'] = output_dir + os.sep + fo + '.pdf'
options['fop'] = fop_dir + os.sep + fo + '.fo'
result = to_pdf(options) and result
except OSError as exception:
print_exit('[-] ERR: {0}'.format(exception.strerror),
exception.errno)
else:
print_exit('[-] Unsuccessful (error {0})'.format(result), result)
sys.exit(not result)

9
xml/Makefile
View File

@ -8,6 +8,7 @@ MV = mv -f
RM = rm -f
UNZIP = unzip
WGET = wget
XSLTPROC= xsltproc --nonet --xinclude
all: $(TARGETS)
@ -35,4 +36,10 @@ clean:
distclean: clean
$(RM) -- $(TARGETS)
.PHONY: clean distclean
export-csv: sample-report/source/report.xml
@$(XSLTPROC) "xslt/findings2csv.xsl" "sample-report/source/report.xml"
export-json: sample-report/source/report.xml
@$(XSLTPROC) "xslt/findings2json.xsl" "sample-report/source/report.xml"
.PHONY: clean distclean export-csv export-json

81
xml/xslt/findings2json.xsl Normal file
View File

@ -0,0 +1,81 @@
<?xml version="1.0"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="text"/>
<xsl:template name="string-replace">
<xsl:param name="string"/>
<xsl:param name="replace"/>
<xsl:param name="by"/>
<xsl:choose>
<xsl:when test="contains($string, $replace)">
<xsl:value-of select="substring-before($string, $replace)"/>
<xsl:value-of select="$by"/>
<xsl:call-template name="string-replace">
<xsl:with-param name="string" select="substring-after($string, $replace)"/>
<xsl:with-param name="replace" select="$replace"/>
<xsl:with-param name="by" select="$by"/>
</xsl:call-template>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="$string"/>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template name="value-escape">
<xsl:param name="value"/>
<xsl:variable name="replace1">"</xsl:variable>
<xsl:variable name="by1">\"</xsl:variable>
<xsl:variable name="replace2"><xsl:text>
</xsl:text></xsl:variable>
<xsl:variable name="by2">\n</xsl:variable>
<xsl:choose>
<xsl:when test="contains($value, $replace1)">
<xsl:value-of select="substring-before($value, $replace1)"/>
<xsl:value-of select="$by1"/>
<xsl:call-template name="string-replace">
<xsl:with-param name="value" select="substring-after($value, $replace1)"/>
<xsl:with-param name="replace" select="$replace1"/>
<xsl:with-param name="by" select="$by1"/>
</xsl:call-template>
</xsl:when>
<xsl:otherwise>
<xsl:choose>
<xsl:when test="contains($value, $replace2)">
<xsl:value-of select="substring-before($value, $replace2)"/>
<xsl:value-of select="$by2"/>
<xsl:call-template name="string-replace">
<xsl:with-param name="value" select="substring-after($value, $replace2)"/>
<xsl:with-param name="replace" select="$replace2"/>
<xsl:with-param name="by" select="$by2"/>
</xsl:call-template>
</xsl:when>
<xsl:otherwise>
<xsl:value-of select="$value"/>
</xsl:otherwise>
</xsl:choose>
</xsl:otherwise>
</xsl:choose>
</xsl:template>
<xsl:template match="/pentest_report">{
"projects": [
"key": "&lt;KEY&gt;",
"issues": [
<xsl:apply-templates select="//finding"/> ]
]
}
</xsl:template>
<!-- finding -->
<xsl:template match="finding"> {
"status": "To Do",
"reporter": "ROS",
"externalId": "<xsl:value-of select="concat(/pentest_report/@findingCode,'-',string(format-number(position(),'000')))"/>",
"issueType": "<xsl:value-of select="@type"/>",
"priority": "<xsl:value-of select="@threatLevel"/>",
"summary": "<xsl:call-template name="value-escape"><xsl:with-param name="value" select="description"/></xsl:call-template>",
"description": "<xsl:call-template name="value-escape"><xsl:with-param name="value" select="description"/></xsl:call-template>\n\n\nTechnical description:\n\n<xsl:call-template name="value-escape"><xsl:with-param name="value" select="technicaldescription"/></xsl:call-template>\n\n\nImpact:\n\n<xsl:call-template name="value-escape"><xsl:with-param name="value" select="impact"/></xsl:call-template>\n\n\nRecommendation:\n\n<xsl:choose><xsl:when test="string-length(recommendation/ul) &gt; 0"><xsl:for-each select="recommendation/ul/li"> * <xsl:call-template name="value-escape"><xsl:with-param name="value" select="."/></xsl:call-template>\n</xsl:for-each></xsl:when><xsl:otherwise><xsl:call-template name="value-escape"><xsl:with-param name="value" select="recommendation"/></xsl:call-template></xsl:otherwise></xsl:choose>"
},
</xsl:template>
</xsl:stylesheet>