zap and burp scanning issue fixed

scanners/scanner_plugin/web_scanner/burp_plugin.py

@@ -169,8 +169,17 @@ def burp_scan_data(self, scan_data):
         :param xml_data:
         :return:
         """
-
-        global name, origin, confidence, caption, type_index, internal_data, serial_number, path, severity, url, request_type, request_datas, response_type, response_datas, was_redirect_followed, issue_description, issue_remediation, issue_reference, issue_vulnerability_classifications
+        severity = ''
+        type_index = ''
+        name = ''
+        path = ''
+        issue_description = ''
+        request_datas = ''
+        response_datas = ''
+        issue_vulnerability_classifications = ''
+        url = ''
+        issue_remediation = ''
+        issue_reference = ''
 
         for data in scan_data:
             for key, value in data["issue"].items():
@@ -240,7 +249,7 @@ def burp_scan_data(self, scan_data):
                 )
                 issue_reference = def_data.reference
 
-            global vul_col
+            vul_col = ''
             if severity == "high":
                 severity = "High"
                 vul_col = "danger"
@@ -262,7 +271,7 @@ def burp_scan_data(self, scan_data):
             duplicate_hash = hashlib.sha256(dup_data.encode("utf-8")).hexdigest()
 
             match_dup = (
-                WebScansDb.objects.filter(dup_hash=duplicate_hash)
+                WebScanResultsDb.objects.filter(dup_hash=duplicate_hash)
                 .values("dup_hash")
                 .distinct()
             )
@@ -275,7 +284,7 @@ def burp_scan_data(self, scan_data):
             else:
                 duplicate_vuln = "None"
 
-            false_p = WebScansDb.objects.filter(false_positive_hash=duplicate_hash)
+            false_p = WebScanResultsDb.objects.filter(false_positive_hash=duplicate_hash)
             fp_lenth_match = len(false_p)
 
             details = (
@@ -285,9 +294,6 @@ def burp_scan_data(self, scan_data):
                 + str("\n\n")
                 + str(response_datas)
                 + str("\n\n")
-                + str("\n\n")
-                + str(issue_description)
-                + str("\n\n")
                 + str(issue_vulnerability_classifications)
             )
             global false_positive

webscanners/burpscanner/urls.py

@@ -22,7 +22,7 @@
 
 urlpatterns = [
     # Burp scans
-    path("burp_launch_scan/", views.BurpScanLaunch, name="burp_launch_scan"),
+    path("burp_launch_scan/", views.BurpScanLaunch.as_view(), name="burp_launch_scan"),
     path("export/", views.export, name="export"),
     path("burp_setting/", views.BurpSetting.as_view(), name="burp_setting"),
 ]

webscanners/burpscanner/views.py

@@ -135,6 +135,14 @@ def post(self, request):
                         references = values
                     if key == "vulnerability_classifications":
                         vulnerability_classifications = values
+            data_dump = burp_issue_definitions(remediation=remediation,
+                                               issue_type_id=issue_type_id,
+                                               description=description,
+                                               reference=references,
+                                               vulnerability_classifications=vulnerability_classifications,
+                                               name=name
+                                               )
+            data_dump.save()
 
             SettingsDb.objects.filter(setting_id=setting_id).update(setting_status=True)
 
@@ -155,6 +163,7 @@ class BurpScanLaunch(APIView):
     permission_classes = (IsAuthenticated, permissions.IsAnalyst)
 
     def post(self, request):
+        user = request.user
         target_url = request.POST.get("url")
         project_id = request.POST.get("project_id")
         target__split = target_url.split(",")
@@ -199,18 +208,18 @@ def export(request):
         if report_type == "csv":
             response = HttpResponse(dataset.csv, content_type="text/csv")
             response["Content-Disposition"] = (
-                'attachment; filename="%s.csv"' % "burp_results"
+                    'attachment; filename="%s.csv"' % "burp_results"
             )
             return response
         if report_type == "json":
             response = HttpResponse(dataset.json, content_type="application/json")
             response["Content-Disposition"] = (
-                'attachment; filename="%s.json"' % "burp_results"
+                    'attachment; filename="%s.json"' % "burp_results"
             )
             return response
         if report_type == "yaml":
             response = HttpResponse(dataset.yaml, content_type="application/x-yaml")
             response["Content-Disposition"] = (
-                'attachment; filename="%s.yaml"' % "burp_results"
+                    'attachment; filename="%s.yaml"' % "burp_results"
             )
             return response

webscanners/zapscanner/views.py

@@ -31,11 +31,15 @@
 from rest_framework.renderers import TemplateHTMLRenderer
 from rest_framework.views import APIView
 from selenium import webdriver
+from notifications.signals import notify
 
 from archerysettings.models import SettingsDb, ZapSettingsDb
 from scanners.scanner_plugin.web_scanner import burp_plugin, zap_plugin
 from user_management import permissions
 from webscanners.models import WebScansDb, cookie_db, excluded_db
+from archerysettings.models import EmailDb, SettingsDb
+from django.core.mail import send_mail
+from django.conf import settings
 
 setting_file = os.getcwd() + "/" + "apidata.json"
 
@@ -45,6 +49,36 @@
 scan_name = None
 
 
+def email_notify(user, subject, message):
+    global to_mail
+    all_email = EmailDb.objects.all()
+    for email in all_email:
+        to_mail = email.recipient_list
+
+    print(to_mail)
+    email_from = settings.EMAIL_HOST_USER
+    recipient_list = [to_mail]
+    try:
+        send_mail(subject, message, email_from, recipient_list)
+    except Exception as e:
+        notify.send(user, recipient=user, verb='Email Settings Not Configured')
+
+
+def email_sch_notify(subject, message):
+    global to_mail
+    all_email = EmailDb.objects.all()
+    for email in all_email:
+        to_mail = email.recipient_list
+
+    print(to_mail)
+    email_from = settings.EMAIL_HOST_USER
+    recipient_list = [to_mail]
+    try:
+        send_mail(subject, message, email_from, recipient_list)
+    except Exception as e:
+        print(e)
+
+
 def launch_zap_scan(target_url, project_id, rescan_id, rescan, scan_id, user):
     """
     The function Launch ZAP Scans.
@@ -151,10 +185,10 @@ def launch_zap_scan(target_url, project_id, rescan_id, rescan, scan_id, user):
 
     subject = "Archery Tool Scan Status - ZAP Scan Completed"
     message = (
-        "ZAP Scanner has completed the scan "
-        "  %s <br> Total: %s <br>High: %s <br>"
-        "Medium: %s <br>Low %s"
-        % (target_url, total_vuln, total_high, total_medium, total_low)
+            "ZAP Scanner has completed the scan "
+            "  %s <br> Total: %s <br>High: %s <br>"
+            "Medium: %s <br>Low %s"
+            % (target_url, total_vuln, total_high, total_medium, total_low)
     )
     email_sch_notify(subject=subject, message=message)
 
@@ -238,10 +272,10 @@ def launch_schudle_zap_scan(target_url, project_id, rescan_id, rescan, scan_id):
 
     subject = "Archery Tool Scan Status - ZAP Scan Completed"
     message = (
-        "ZAP Scanner has completed the scan "
-        "  %s <br> Total: %s <br>High: %s <br>"
-        "Medium: %s <br>Low %s"
-        % (target_url, total_vuln, total_high, total_medium, total_low)
+            "ZAP Scanner has completed the scan "
+            "  %s <br> Total: %s <br>High: %s <br>"
+            "Medium: %s <br>Low %s"
+            % (target_url, total_vuln, total_high, total_medium, total_low)
     )
 
     email_sch_notify(subject=subject, message=message)