chg: [zap] Changed results tu call alerts api instead of core.jsonreport

Signed-off-by: Romain Kieffer <[email protected]>
NC3-LU · Jul 31, 2024 · eb85af6 · eb85af6
1 parent 54b72da
commit eb85af6
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 12 deletions.
diff --git a/testing/templates/zap_report.html b/testing/templates/zap_report.html
@@ -4,19 +4,24 @@
     {% for alert in alerts %}
       <div class="row">
         <div class="col-lg-12 fs-1 fw-bold">
-          {% if alert.riskcode == "3" %}
+          {% if alert.risk == "High" %}
             <span class="background-icon mb-3" style="background-color: var(--redColor); font-size: 18px; vertical-align: middle">HIGH</span>
-          {% elif alert.riskcode == "2" %}
+          {% elif alert.risk == "Medium" %}
             <span class="background-icon mb-3" style="background-color: var(--gradeBPlus); font-size: 18px; vertical-align: middle">MEDIUM</span>
-          {% elif alert.riskcode == "1" %}
+          {% elif alert.risk == "Low" %}
             <span class="background-icon mb-3" style="background-color: var(--gradeB); font-size: 18px; vertical-align: middle">LOW</span>
-          {% elif alert.riskcode == "0" %}
+          {% elif alert.risk == "Informational" %}
             <span class="background-icon mb-3" style="background-color: var(--grey); font-size: 18px; vertical-align: middle">INFO</span>
           {% endif %}
           {{ alert.alert }}
         </div>
+        <h3>Description:</h3>
         <div class="col-lg-12 fs-4">
-          {{ alert.desc }}
+          {{ alert.description }}
+        </div>
+        <h3>Solution:</h3>
+        <div class="col-lg-12 fs-4">
+          {{ alert.solution }}
         </div>
         <br>
       </div>

diff --git a/testing/views.py b/testing/views.py
@@ -136,9 +136,11 @@ def zap_test(request):
             return redirect("signup")
         target = request.POST["target"]
         api_key = settings.ZAP_API_KEY
-        json_report, html_report = zap_scan(target, api_key)
+        # json_report, html_report = zap_scan(target, api_key)
+        # context = json_report['site'][0]
+        alerts = zap_scan(target, api_key)
+        context = {'alerts': alerts}
         nb_tests += 1
-        context = json_report['site'][0]
         response = render(request, "check_zap.html", context)
 
         try:

diff --git a/testing/zap.py b/testing/zap.py
@@ -77,9 +77,23 @@ def zap_scan(target, api_key):
     while int(zap.spider.status(scan_id)) < 100:
         time.sleep(1)
 
-    json_report = zap.core.jsonreport()
+    json_report = core.jsonreport()
     json_report = json.loads(json_report.replace('<p>', '').replace('</p>', ''))
-    html_report = zap.core.htmlreport()
-    xml_report = zap.core.xmlreport()
-    pprint(zap.core.alerts(baseurl=target, start=None, count=None))
-    return json_report, html_report
+    html_report = core.htmlreport()
+    xml_report = core.xmlreport()
+
+    alerts = core.alerts(baseurl=target, start=None, count=None)
+    to_pop = ['alertRef', 'attack', 'cweid', 'evidence', 'id', 'inputVector',
+              'messageId', 'method', 'name', 'other', 'param', 'pluginId', 'reference',
+              'sourceid', 'tags', 'url', 'wascid']
+    for alert in alerts:
+        for key in to_pop:
+            alert.pop(key)
+    seen = []
+    for alert in alerts:
+        if alert not in seen:
+            seen.append(alert)
+    alerts = seen
+
+    return alerts
+    # return json_report, html_report, xml_report