-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.ts
116 lines (95 loc) · 3.46 KB
/
index.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
interface RequestResponse {
request: string;
response: string;
responseRedirected: boolean;
}
interface Issue {
serialNumber?: string;
type?: string;
host?: string;
path?: string;
location?: string;
severity?: string;
confidence?: string;
issueBackground?: string;
remediationBackground?: string;
vulnerabilityClassifications?: string;
issueDetail?: string;
references?: string;
requestresponse?: RequestResponse[];
}
function findChildNode(nodes: Node[], property: string): Node {
return nodes.find((childNode: Node) => childNode.nodeName === property);
}
function getTextContent(nodes: Node[], property: string): string | undefined {
return findChildNode(nodes, property)?.textContent;
}
function parseRequestResponse(nodes: Node[], isBase64Encoded: boolean): RequestResponse[] {
const requestResponseNodes = nodes.filter(
(childNode: Node) => childNode.nodeName === "requestresponse"
);
const requestResponse = [];
for (const node of requestResponseNodes) {
const childNodes: Node[] = [...node.childNodes];
const responseRequestObject: RequestResponse = {
request: getTextContent(childNodes, "request"),
response: getTextContent(childNodes, "response"),
responseRedirected: getTextContent(childNodes, "responseRedirected") === "true"
};
if (isBase64Encoded) {
responseRequestObject.request = atob(responseRequestObject.request);
if (responseRequestObject.response) {
responseRequestObject.response = atob(responseRequestObject.response);
}
}
requestResponse.push(responseRequestObject);
}
return requestResponse;
}
function createIssueObject(node: ChildNode, isBase64Encoded: boolean): Issue {
const childNodes: Node[] = [...node.childNodes];
const issueObject: Issue = {
serialNumber: getTextContent(childNodes, "serialNumber"),
type: getTextContent(childNodes, "type"),
host: getTextContent(childNodes, "host"),
path: getTextContent(childNodes, "path"),
location: getTextContent(childNodes, "location"),
severity: getTextContent(childNodes, "severity"),
confidence: getTextContent(childNodes, "confidence"),
issueBackground: getTextContent(childNodes, "issueBackground"),
remediationBackground: getTextContent(childNodes, "remediationBackground"),
vulnerabilityClassifications: getTextContent(childNodes, "vulnerabilityClassifications"),
issueDetail: getTextContent(childNodes, "issueDetail"),
references: getTextContent(childNodes, "references"),
requestresponse: parseRequestResponse(childNodes, isBase64Encoded)
};
return issueObject;
}
/**
* Parses burp xml output to a javascript object
*
* @param xml string
*
* @returns Issue[]
*/
export function BurpParser(xml: string, decodeBase64 = true): Issue[] {
// eslint-disable-next-line no-undef
const parser: DOMParser = new DOMParser();
const parsed: Document = parser.parseFromString(xml, "application/xml");
const isBase64Encoded =
parsed
.getElementsByTagName("requestresponse")[0]
.getElementsByTagName("request")[0]
.getAttribute("base64") === "true" && decodeBase64;
// Get right issues node
const issuesNode: Node = Array.from(parsed.childNodes).find(
(node) => node.nodeName === "issues" && node.nodeType === 1
);
const output: Issue[] = [];
// issue nodes
for (const node of issuesNode.childNodes) {
if (node.nodeName !== "issue") continue;
output.push(createIssueObject(node, isBase64Encoded));
}
return output;
}