class Glue::DepCheckListener

SAX Like Parser for OWASP DEP CHECK XML.

Public Class Methods

new(task) click to toggle source
# File lib/glue/tasks/owasp-dep-check.rb, line 11
def initialize(task)
  @task = task
  @count = 0
  @sw = ""
  @url = ""
  @desc = ""
  @cwe = ""
  @cvss = ""
  @name = ""
  @fingerprint = ""
end

Public Instance Methods

tag_end(name) click to toggle source
# File lib/glue/tasks/owasp-dep-check.rb, line 38
def tag_end(name)
  case name
  when "name"
    if @text =~ /\D/
      @name = @text
    end
  when "cvssScore"
    @cvss = @text
  when "cwe"
    @cwe = @text
  when "description"
    @desc = @text
  when "vulnerableSoftware"
    @sw = ""
  when "software"
    @sw << ", " << @text
  when "url"
    @url << ", " << @text
  when "vulnerability"
    detail = @sw + "\n"+ @url
    description = @desc + "\n" + @cwe
    @fingerprint = @sw+"-"+@name
    puts "Fingerprint: #{@fingerprint}"
    puts "Vuln: #{@name} CVSS: #{@cvss} Description #{description} Detail #{detail}"
    @task.report @name, description, detail, @cvss, @fingerprint
  end
end
tag_start(name, attrs) click to toggle source
# File lib/glue/tasks/owasp-dep-check.rb, line 23
def tag_start(name, attrs)
  case name
  when "vulnerability"
    @count = @count + 1
    # Glue.debug "Grabbed #{@count} vulns."
    @sw = ""
    @url = ""
    @desc = ""
    @cwe = ""
    @cvss = ""
    @name = ""
    @fingerprint = ""
  end
end
text(text) click to toggle source
# File lib/glue/tasks/owasp-dep-check.rb, line 66
def text(text)
  @text = text
end