codedx

1.9.6

functions/ConvertFrom-SoapUIToCodeDx.ps1

                                <#

.SYNOPSIS

Converts a SoapUI XML report to a Code Dx report for importing results.

.DESCRIPTION

Used to convert a SoapUI XML report file to a Code Dx XML format so it can be imported.  

.EXAMPLE

ConvertFrom-SoapUIToCodeDx [scan_file_to_process] [target_endpoint] [output_directory]

#>

Function ConvertFrom-SoapUIToCodeDx

{

    [cmdletbinding()]

    param(

        [Parameter(Mandatory=$true)]

        [string]$SourceScanFilepath,

        [Parameter(Mandatory=$true)]

        [string]$TargetEndPoint,

        [Parameter(Mandatory=$true)]

        [string]$OutputDir

    )

    #Setup variables

    $CDate = Get-Date -format "yyyy-MM-dd-HHmmss"

    $OutputFilePath = $OutputDir.Trim("""") + "\SUI2CDX-" + $CDate + ".xml"

    #Enable for Debugging

    #

    #$SourceScanFilepath = "ReadyAPI_sample.xml"

    #$OutputFilePath = "C:\Users\aacuna\Documents\repos\powershell\Code Dx\SUI2CDX-" + $CDate + ".xml"

    $SourceScanFile = $SourceScanFilepath.Trim("""")

    $ToolName = "SoapUI"

    $cwe

    $description

    $location = $TargetEndPoint

    $reportDate

    $mdtags = @("duration","start","end","status")

    $mdname

    $mdvalue

    #Setup Code Dx output doc

    [xml]$doc = New-Object System.Xml.XmlDocument

    $dec = $doc.CreateXmlDeclaration("1.0","UTF-8",$null)

    $updateXML= $doc.AppendChild($dec)

    $reportComment = "SoapUI to Code Dx - Generated $CDate"

    $updateXML= $doc.AppendChild($doc.CreateComment($reportComment))

    $root = $doc.CreateNode("element","report",$null)

    #read source SoapUI file and create custom PSO

    [xml]$SourceScanData = Get-Content -Encoding UTF8 -Raw -Path $SourceScanFile

    #pull report date attributes and reformat for Code Dx file

    $reportDate = $CDate.Substring(0,10)

    #Set Root attributes

    $root.SetAttribute("date",$reportDate)

    $root.SetAttribute("tool",$ToolName)

    #create findings Element

    $fds = $doc.CreateNode("element","findings",$null)

    #Get child nodes of results

    $Results = $SourceScanData.testsuite

    Foreach($testCase in $Results.testcase) {

        $metadata = @{

            "Test Name" = $testCase.name

            "Test Package" = $testCase.package

        }

        Foreach($result in $testCase.error){

            $fd = $doc.CreateNode("element","finding",$null)

            #$cwe = $doc.CreateNode("element","cwe",$null)

            $desc = $doc.CreateNode("element","description",$null)

            $tl = $doc.CreateNode("element","tool",$null)

            $loc = $doc.CreateNode("element","location",$null)

            $md = $doc.CreateNode("element","metadata",$null)

            #Set finding "fd" attributes

            $fd.SetAttribute("severity", "critical")

            $fd.SetAttribute("type","dynamic")

            $fd.SetAttribute("status", "new")

            #Set CWE attributes

            #$cwe.SetAttribute("id", $result.cwe.SubString(4))

            $descText = $result.'#cdata-section'

            if ($descText -eq $null) {

                $descText = $result

            }

            $r = [regex] "\[([^\]]*)\]"

            $match = $r.Match($descText)

            $code = $match.Groups[1].value

            $r = [regex] "\s+took\s+(\d+ ms)"

            $match = $r.Match($descText)

            $duration = $match.Groups[1].value

            $r = [regex] "Request (\d+)\s*-\s*(\w+)\s*-\s*\[([^\]]*)\]"

            $match = $r.Match($descText)

            $reqNo = $match.Groups[1].value

            $status = $match.Groups[2].value

            $queryString = [Net.WebUtility]::HtmlDecode($match.Groups[3].value)

            $r = [regex] "\s+took\s+(\d+ ms)"

            $match = $r.Match($descText)

            $duration = $match.Groups[1].value

            #build location node and attributes

            $loc.SetAttribute("type","url")

            $loc.SetAttribute("path", $location)

            $metadata = @{

                "Test Name" = $testCase.name

                "Test Package" = $testCase.package

                "Request Number" = $reqNo

                "Query String" = $queryString

                "status" = $status

                "duration" = $duration

            }

            #Set Tool attributes

            $tl.SetAttribute("name",$ToolName)

            $tl.SetAttribute("category","Security")

            $tl.SetAttribute("code", $code)

            #Set description attributes

            $desc.SetAttribute("format", "html")

            $desc.InnerText = $descText

            #Capture current vuln object for use later

            $vo = $result

            #Build the Metadata Node

            $metadata.keys | forEach {

                $e = $doc.CreateNode("element","value",$null)

                $e.SetAttribute("key",$_)

                $e.InnerText = $metadata.$_

                $updateXML= $md.AppendChild($e)

            }

            #append remaining children to finding

            #$updateXML= $fd.AppendChild($cwe)

            $updateXML= $fd.AppendChild($tl)

            $updateXML= $fd.AppendChild($loc)

            $updateXML= $fd.AppendChild($desc)

            $updateXML= $fd.AppendChild($md)

            #append finding to findings

            $updateXML= $fds.AppendChild($fd)

        }

    }

    $updateXML= $root.AppendChild($fds)

    $updateXML= $doc.AppendChild($root) | Out-Null

    Write-Host "Outputing file to:  $OutputFilePath"

    $doc.Save($OutputFilePath)

}