-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathmodReportingXml.bas
123 lines (97 loc) · 5.89 KB
/
modReportingXml.bas
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
Attribute VB_Name = "modReportingXml"
Option Explicit
Public Function GenerateXmlReport(ByRef iMatches As Integer, ByRef iResponses As Integer, ByRef iHitlistSize As Integer) As String
Dim cReport As Concat
Set cReport = New Concat
Call ChangeStatusBar("Generate XML Report...")
With cReport
.Concat "<?xml version='1.0' encoding='UTF-8' standalone='yes'?>" & vbCrLf
.Concat "<scan " & _
"application='" & APP_NAME & "' " & _
"agent='" & XmlEncode(req_agent_name) & "' " & _
"noredirects='" & req_agent_noredirect & "' " & _
"auditor='" & GetLocalUsername & "' " & _
"scandate='" & scan_date & "' " & _
"scantime='" & scan_time & "' " & _
"tests='" & tests_count & "' " & _
"testgetexisting='" & scan_test_getexisting & "' " & _
"testgetnonexisting='" & scan_test_getnonexisting & "' " & _
"testgetlong='" & scan_test_getlong & "' " & _
"testheadexisting='" & scan_test_head & "' " & _
"testoptions='" & scan_test_options & "' " & _
"testwrongmethod='" & scan_test_wrongmethod & "' " & _
"testnonexistingmethod='" & scan_test_nonexistingmethod & "' " & _
"testwrongprotocol='" & scan_test_wrongprotocol & "' " & _
"testattack='" & scan_test_attack & "' " & _
"reportdate='" & Date & "' " & _
"reporttime='" & Time & "'>" & vbCrLf
.Concat vbTab & "<server " & _
"host='" & scan_targethost & "' " & _
"port='" & scan_targetport & "' " & _
"ssl='" & scan_targetsecure & "'>" & vbCrLf
If (iMatches = 1) Then
.Concat GenerateHitListXml(frmMain.lsvResults, iHitlistSize)
End If
If (iResponses = 1) Then
.Concat ShowTestCaseXml(APP_TESTNAME_GETEXISTING, response_getexist, scan_test_getexisting, timing_getexist, "GET", req_resource_available, req_protocol_legitimate) & vbCrLf
.Concat ShowTestCaseXml(APP_TESTNAME_GETLONG, response_getlongrequest, scan_test_getlong, timing_getlongrequest, "GET", String$(req_longrequest_length, req_longrequest_char), req_protocol_legitimate) & vbCrLf
.Concat ShowTestCaseXml(APP_TESTNAME_GETNONEXISTING, response_get_nonexistent, scan_test_getnonexisting, timing_get_nonexistent, "GET", req_resource_notavailable, req_protocol_legitimate) & vbCrLf
.Concat ShowTestCaseXml(APP_TESTNAME_HEADEXISTING, response_head, scan_test_head, timing_head, "HEAD", req_resource_available, req_protocol_legitimate) & vbCrLf
.Concat ShowTestCaseXml(APP_TESTNAME_OPTIONS, response_options, scan_test_options, timing_options, "OPTIONS", "/", req_protocol_legitimate) & vbCrLf
.Concat ShowTestCaseXml(APP_TESTNAME_DELETEEXISTING, response_delete, scan_test_wrongmethod, timing_delete, req_method_notallowed, req_resource_available, req_protocol_legitimate) & vbCrLf
.Concat ShowTestCaseXml(APP_TESTNAME_WRONGMETHOD, response_testmethod, scan_test_nonexistingmethod, timing_testmethod, req_method_notexisting, req_resource_available, req_protocol_legitimate) & vbCrLf
.Concat ShowTestCaseXml(APP_TESTNAME_WRONGVERSION, response_protocolversion, scan_test_wrongprotocol, timing_protocolversion, "GET", req_resource_available, req_protocol_wrong) & vbCrLf
.Concat ShowTestCaseXml(APP_TESTNAME_ATTACKREQUEST, response_attackrequest, scan_test_attack, timing_attackrequest, "GET", req_resource_attack, req_protocol_legitimate) & vbCrLf
End If
.Concat vbTab & "</server>" & vbCrLf
.Concat "</scan>" & vbCrLf
GenerateXmlReport = .Value
End With
Call ChangeStatusBarDone
End Function
Public Function ShowTestCaseXml(ByRef sName As String, ByRef sResponse As String, ByRef iEnabled As Integer, ByRef sTiming As Single, ByRef sRequest As String, ByRef sResource As String, ByRef sProtocol As String) As String
Dim cTestcase As Concat
Dim iLength As Integer
Set cTestcase = New Concat
iLength = Len(sResponse)
With cTestcase
.Concat vbTab & vbTab & "<response name='" & sName & "' " & _
"enabled='" & iEnabled & "' " & _
"length='" & iLength & "' " & _
"timing='" & NormalizeTiming(sTiming) & "' " & _
"request='" & XmlEncode(sRequest) & "' " & _
"resource='" & XmlEncode(sResource) & "' " & _
"protocol='" & XmlEncode(sProtocol) & "'>"
.Concat "<![CDATA[" & sResponse & "]]>"
.Concat "</response>"
ShowTestCaseXml = .Value
End With
End Function
Public Function GenerateHitListXml(ByRef lListView As ListView, ByRef iCount As Integer) As String
Dim cResults As Concat
Dim iListItemCount As Integer
Dim i As Integer
Set cResults = New Concat
iListItemCount = lListView.ListItems.Count
If (iListItemCount > iCount) Then
iListItemCount = iCount
End If
For i = 1 To iListItemCount
cResults.Concat vbTab & vbTab & "<match " & _
"name='" & XmlEncode(lListView.ListItems(i).ListSubItems(1).Text) & "' " & _
"hits='" & lListView.ListItems(i).ListSubItems(2).Text & "' " & _
"confidence='" & Round(lListView.ListItems(i).ListSubItems(3).Text, 2) & "' " & _
"position='" & i & "' " & _
"/>" & vbCrLf
Next i
GenerateHitListXml = cResults.Value
End Function
Public Function XmlEncode(ByRef sInput As String) As String
Dim sOutput As String
sOutput = Replace$(sInput, "&", "&", 1, , vbBinaryCompare)
sOutput = Replace$(sOutput, "<", ">", 1, , vbBinaryCompare)
sOutput = Replace$(sOutput, ">", "<", 1, , vbBinaryCompare)
sOutput = Replace$(sOutput, "'", "'", 1, , vbBinaryCompare)
sOutput = Replace$(sOutput, ChrW$(34), """, 1, , vbBinaryCompare)
XmlEncode = sOutput
End Function